Editor’s note: This post was originally posted on October 17, 2016 and updated on July 23, 2018.
Many people think securing a website with SSL (SSL encryption) is necessary only if they’re selling products or services via their website and collecting credit card or payment information. What many website owners do not realize is that SSL encryption has other very important benefits for small business owners.
To understand the benefits of having an SSL certificate installed for your website, it helps to understand what SSL is and actually does.
What exactly is SSL encryption?
SSL, which stands for Secure Sockets Layer, is an encryption technology that creates a secure connection between your website’s server and your website visitor’s web browser. This allows for information to be protected during transmission between the two.
When your site is secured you’ll see that little green lock in the left corner of your browser’s location bar, followed by the website URL beginning with HTTPS.
Data that is sent using HTTPS provides three key layers of protection:
- Authentication: Confirms visitors are on the right website, yours, and builds trust.
- Data integrity: Customer data cannot be corrupted or modified.
- Encryption: Visitor activity cannot be intercepted while browsing your website.
Certificate Authorities, Standard & Wildcard SSLs
SSLs are issued by Certificate Authorities (CA), like GoDaddy. CAs are responsible for following predefined procedures for the issuance of SSL certificates. They are audited regularly and are responsible for keeping detailed records about the certificates that are issued.
A standard SSL certificate will secure only one primary domain (known as the common name) For example, you could use a standard SSL to secure www.yourwebsite.com.
If you want to secure one primary domain and all its subdomains — such as forums.yourwebsite.com, store.yourwebsite.com and members.yourwebsite.com — you will need what is called a Wildcard SSL.
Now that we have all that techno-mumbo-jumbo out of the way, it’s easy to see why you would want SSL encryption if you have an eCommerce website to protect your customer’s sensitive data. That just makes sense.
But what if you are not doing any eCommerce on your website?
SSL benefit for your website visitors
“Earn trust, earn trust, earn trust. Then you can worry about the rest.” ~ Seth Godin
Onliners are more sophisticated than they used to be — and more informed. They now know to look for the telltale signs that a website is secured. SSL encryption does just that.
Having an SSL certificate installed on your website not only encrypts your customer’s data transmission on your site, your SSL certificate also confirms you are the legitimate and verified owner of your website.
To obtain an SSL you will have to verify your identity, business and website ownership (depending on the validation level of your SSL):
- You must show that you own the domain name you want to secure. Make sure your domain records are up-to-date and that they match the visible information on your website.
- Documentation (bank statement, sales & use tax permit or utility bill, for example) is required that shows your company name and physical address.(For Extended Validation SSLs).
- Items No. 1 and No. 2 should be an exact match.
SSL benefit to search rankings
We all know want to achieve strong rankings in the SERPS (search engine results pages) — but it isn’t easy. With literally hundreds of different and evolving criteria used in Google’s algorithm, you want to use every available tool to your advantage.
It’s true. In August 2014 Google confirmed that it would start to use HTTPS as a ranking signal. That first article noted that “for now it’s only a very lightweight signal,” but over time Google “may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
On September 8th, 2016 Google announced:
“Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
And on February 8th, 2018 Google announced the change is looming:
“Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’. Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default. “
Encrypting your members’ data will enhance the trustworthiness of your website. Adding SSL encryption will encourage members to join, share and participate more because they will feel safer doing so.
And it’s not just about protecting their login credentials — securing your membership site with an SSL certificate will protect the personal data that they may add to their membership profiles.
You may not “do eCom,” but think about the sensitive information you might request from site members. Medical history? Specific personal contact or geographically precise information?
With identity fraud now a realistic concern, installing an SSL certificate reflects that protecting your site visitors’ and customers’ data transfer is important to you.
SSL benefit to encourage contact
As with membership sites, having an SSL certificate in place to ensure that your contact form transmission is encrypted will encourage site visitors to reach out. This is especially true if you are asking for more detailed, personally identifiable information.
Seeing that HTTPS and green padlock will add to the trust perception and let potential contacts know their submission is protected and that you are not a fly-by-night operation. Certificate Authorities also offer Trust Seals that you can display on your site. In addition to the padlock and HTTPS in your browser location bar, these graphics give website visitors an additional visual indication that you have SSL encryption in place.
The TLTR FAQ Summary
Do websites that don’t require billing address submissions require SSL? Yes
Do I need SSL encryption if I don’t sell online? Yes
Does my blog need SSL? Yes
Do I need SSL for WordPress websites? Yes
Can you have HTTPS without SSL? No
Is an SSL certificate necessary to have HTTPS status? Yes
That list of FAQ’s included a lot of yes responses and this is because SSL is important and the need for SSL is growing daily. Webmasters, bloggers, and shop owners cannot ignore the importance SSL encryption has on their web presence and online success.
Also published on Medium.