You’ve probably heard of 2048-bit encryption, or seen the HTTPS markup in your address bar indicating that the site has an SSL certificate. Have you wondered “Do I need an SSL certificate on my site?” or “Will an SSL certificate help my Portland SEO in any way?” Using an SSL certificate helps your users know that their information is safe. Using an SSL certificate provides two important things:
- Encryption of sensitive data like credit card numbers and personal information
- Some assurance to your customers that you are trustworthy (the process of getting an SSL certificate can’t guarantee this, but it can make it more likely which is part of the reason why visitors have this perception)
These are very important benefits and, while not all websites require an SSL certificate, it is essential for certain types of sites. To find out if you need an SSL certificate for your site, answer these questions:
Is my site an e-commerce site that collects credit card information?
For most e-commerce sites, you absolutely need an SSL certificate! As an online merchant, it is your responsibility to make sure the information you collect from your customers is protected. This will shield you and your customers by making sure that no one can intercept and misuse their credit card information.
Your customers are providing you with very important and personal information that allows access to their hard earned money. If an identity thief gets access to your customer’s credit card information because you didn’t take the necessary precautions, it can be devastating to you and to your customer. Your customers need to know that you value their security and privacy and are serious about protecting their information. More and more customers are becoming savvy online shoppers and won’t buy from you if you don’t have an SSL certificate installed.
If you accept credit card information and store it in a database so you can process it using an offline POS machine or charge it manually on your merchant account’s website, then you definitely need an SSL certificate to secure the credit card data as it is transferred. You also need to be very careful with the data when it is stored on your servers. Learn more about PCI Compliance and SSL and the requirements of protecting stored credit card information.
Do I use a 3rd party payment processor?
If your e-commerce site forwards your visitors to a 3rd party payment processor (like PayPal) to enter the credit card information then you don’t need an SSL certificate because your website won’t touch the credit card information. Just make sure none of the credit card details get entered when the address bar still shows your domain name. Note that PayPal allows you to accept the credit card information on your site or forward visitors to their site. If you accept the credit card information on your site, you need an SSL certificate.
Do I have a login form?
If your users enter a username and password to login to your site without an SSL certificate, an attacker can easily see their username and password in clear text. This would allow someone else to impersonate your visitor, but it allows for a far more dangerous possibility: Because users often use the same password on many sites (including their bank accounts), an attacker can potentially compromise many other accounts. If you let people store a password with you, you must take responsibility for protecting it, even if the security of your own site isn’t critical.
It is true that most login forms don’t currently use SSL. This means that most login forms are vulnerable. With the number of cheap SSL certificates available, it is becoming more and more worthwhile to secure login forms. If you want to forego the SSL certificate without having to worry about securing the login information, you can also use OpenID, Facebook Connect, or another technology that lets users log in on a another site and return to your site. Learn more about creating a secure login form.
In short, if your website is a collection of pictures of your pet slug “Flash” with a small blog and doesn’t require visitors to log in, you probably don’t need SSL. If you have a login form or send or receive private customer information, then you need SSL. If you run an e-commerce website where people provide you with credit card information directly on your site, you absolutely need SSL.
Google has announced that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost.
Google says this gives websites a small ranking benefit, only counting as a “very lightweight signal” within the overall ranking algorithm. In fact, Google said this carries “less weight than other signals such as high-quality content.” Based on their tests, Google says it has an impact on “fewer than 1% of global queries” but said they “may decide to strengthen” the signal because they want to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
Google also said based on their tests for the past few months, the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results.
As you may remember, at SMX West, Matt Cutts, Google’s head of search spam, said he’d love to make SSL a ranking factor in Google’s algorithm. Well, less than five months after that announcement, and while he is on an extended leave, Google is making it a reality.
Portland SEO Concerns With Going HTTPS
Should you be concerned when switching from your HTTP to HTTPS site for SEO purposes? Not so much. Google has been telling webmasters it is safe to do so for years. But you need to take the proper steps to ensure your traffic doesn’t suffer. That means make sure to communicate to Google that you moved your site from HTTP to HTTPS. Google promises to release more documentation in the future, but for now has provided the following tips
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
- Google has also updated Google Webmaster Tools to better handle HTTPS sites and the reporting on them.
- One last thing: You will want to make sure to track your HTTP to HTTPS migration carefully in your analytics software and within Google Webmaster Tools.