Modern browsers generally do not allow connections to non-secure SSL (Secure Sockets Layer) websites. This is a big problem for search engine optimization (SEO) and ensuring your websites are secure using best practices.
Non-secure SSL connections are vulnerable to security threats and can be easily intercepted by malicious actors.
As far back as 2014, Google made it clear that the presence of SSL and HTTPS on websites was a ranking factor for its search ranking algorithms.
In 2018, Google began marking all non-secure HTTP (Hypertext Transfer Protocol) websites as “Not Secure” in the URL bar of Google Chrome. This means that if a website does not have an SSL certificate, it will be flagged as non-secure, and visitors will be warned that their connection is not private and could be intercepted by hackers.
In September 2018, Google Chrome began warning users before connecting to a site without SSL certificates. Today, most modern web browsers, including Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge, require that websites use HTTPS (Hypertext Transfer Protocol Secure) instead of HTTP.
HTTPS is a secure version of HTTP that encrypts data sent between a website and a user’s browser. The primary goal is to make intercepting and stealing sensitive information harder for hackers.
While it is still possible to access non-secure SSL websites by explicitly allowing insecure connections in your browser’s settings, most users will not visit unsecured websites.
An HTTP is a clear ranking signal to search engines that the website owners do not update information or, worse yet, do not care about the safety of visitors. All search ranking algorithms pay attention when you’re not paying attention.
At this point, SSL certificates are necessary for any website that wants to perform well in search engine results pages (SERPs). When we complete an SEO Audit for our clients, having all components of your website under SSL is basic table stakes.
Internet security has always been considered in search rankings. When multiple websites compete for the same search terms, a site without an SSL certificate or expired certificate will always lose out to updated and secure websites.
The presence of HTTPS might be a ranking signal, or the absence of it might result in a penalty. Either way, HTTPS websites are here to stay.
What Is an SSL Certificate?
A Secure Sockets Layer certificate is a digital authentication for your website that can encrypt sensitive information sent between your website and a user’s browser. It’s an important part of any existing website or upcoming website development launch.
SSL certs ensure the privacy and security of sensitive data, such as passwords, credit card numbers, and other personal information a user submits to the website.
You may ask why I should have SSL encryption if I’m not an e-commerce business and collecting credit card information. Privacy is privacy in the eyes of Google, and security is their top priority.
Think of an SSL certificate like a padlock. When an SSL certificate is installed, it encrypts all data sent between the website and the user’s browser using a complex algorithm that makes it extremely difficult for hackers to intercept. This helps to protect users from identity theft, fraud, and other online security threats.
Contact forms should be considered private even if your website does not collect financial data from users.
SSL certificates are issued by certificate authorities (CAs) and bind your domain name, company name, and location — thus keeping potential hackers from stealing any private information from a web server.
Google Chrome will see the SSL certificate and show browser users this little padlock icon in the URL bar:
The certificate also includes a public key, used to encrypt data sent to the website, and a private key, used to decrypt the data once the website receives it. This will also change your transfer protocol from HTTP to HTTPS and, most often, display the padlock icon.
That’s what Google is looking for–HTTPS websites–and it won’t tell potential website visitors to reconsider visiting your site.
SSL certs come in different types and levels of validation, with more extensive validation requiring more rigorous verification of the website’s identity and ownership. Higher-level SSL certs typically provide more extensive security features and are used for websites that handle highly sensitive information, such as financial transactions or medical records. Many of these sites have moved beyond just SSL certification and offer users a 2-factor authentication process.
What Is the Secure Website Impact on Search Traffic?
We already touched on if your site doesn’t have an SSL certificate, a web visitor will see a warning similar to this:
If they click “Back to Safety” they never hit your website, and you never get credit for that traffic. But there’s more bad news when it comes to search engine optimization and user experience.
Since 2014, Google’s Webmaster Guideline has publicly told SEO professionals that HTTPS in front of your domain is a key factor in organic search SEO rankings. Again if your website is not secure and operating under the best SEO practices, then a search engine will not reward you in search rankings.
What are the Different Types of SSL Certificates?
Not all SSL certs are the same. It’s important to understand the difference to know which is best for your website.
- Domain Validation Certificates: The most basic SSL certificate, a DV certificate, is used to verify that a domain name is owned by the requester.
- Organization Validation Certificate: This certificate requires additional information about your organization, like a physical address, contact information, and proof of existence.
- Extended Validation Certificate: Also known as an EV certificate, this type of SSL requires the most information and is used to verify the legitimacy of an organization.
- Wildcard SSL Certificate: This is a certificate that can be used to establish a secure connection on multiple subdomains on a single domain.
SSLs are issued by Certificate authorities like Symantec, Comodo, and DigiCert. These organizations specialize in authenticating a website owner’s identity and ensuring that the data sent between the website and its visitors are encrypted.
Does an SSL Certificate Expire?
SSL certs are not permanent and must be renewed periodically to maintain the security of the website. An SSL certificate is normally issued for one to two years, depending on the certificate authorities (CAs). If an SSL certificate expires, your website will no longer have a secure connection, and visitors may see warnings that the website is not secure or that their connection is not private.
It is essential to renew SSL certs before they expire to ensure the continued security of the website. Most CAs will send renewal reminders to the website owner or administrator before the certificate expires, but at Valve+Meter, we encourage website owners to set their own reminders and act proactively.
The renewed certificate will need to be installed on your website’s server. As these certificates have become commonplace, some website hosting providers offer automated certificate renewal services to simplify the process.
It is important to ensure that your certificates are configured correctly and that the website uses the most up-to-date encryption protocols. This can help to prevent security vulnerabilities and keep the website secure.
HTTPS and SSL Statistics
- The use of HTTPS is growing rapidly. In 2017, the use of HTTPS increased by 23%. In 2018, it increased by 27%. And in 2019, it increased by 31%.
- The use of HTTPS is not just limited to large websites. In fact, the use of HTTPS is also growing rapidly among small and medium-sized businesses. In 2017, only 36% of small and medium-sized businesses used HTTPS. In 2018, that number increased to 44%. And in 2019, it increased to 52%.
- There are many benefits to using HTTPS. HTTPS provides a secure connection between a website and a user’s browser. This means that user data is protected from eavesdropping and tampering.
- HTTPS can also help to improve search engine rankings. Google has said that it will give preference to websites that use HTTPS.
- HTTPS can also help to increase website traffic. Studies have shown that users are more likely to visit websites that use HTTPS.
- HTTPS is becoming the standard for secure websites. More and more websites are moving to HTTPS, and this trend is only going to continue in the future.
- If you don’t use HTTPS, you’re putting your users at risk. HTTPS provides a secure connection between a website and a user’s browser. This means that user data is protected from eavesdropping and tampering. If you don’t use HTTPS, you’re putting your users at risk.
- HTTPS is easy to set up. There are many free and easy-to-use tools available to help you set up HTTPS on your website.
- There’s no reason not to use HTTPS. HTTPS is free, easy to set up, and provides a secure connection for your users. There’s no reason not to use it.
Are Secure Websites Protected From Hackers?
As criminals work hard to break through security, even SSL has had incidents of data breaches.
In 2014, a critical security vulnerability called Heartbleed was discovered in OpenSSL, the most widely used SSL/TLS library. This vulnerability allowed hackers to steal sensitive information, such as passwords and private keys, from websites that were using OpenSSL to encrypt their data.
In 2017, another critical security vulnerability called Cloudbleed was discovered in the content delivery network (CDN) provider Cloudflare. This vulnerability exposed passwords and private messages from millions of websites that were using Cloudflare’s services.
Your certificate should not assume complete security and you should work to protect site users against hackers. Small business owners can use a number of third party plugins so you do not need to collect or store personal information like credit card details and private information of your customers.
Common HTTPS and SSL SEO Issues
Several common issues can arise when implementing HTTPS and SSL on your website:
- Mixed Content: This occurs when a secure page (HTTPS) contains insecure elements (HTTP), such as images, scripts, or stylesheets.
- Internal Links: Broken or incorrect internal links can negatively impact user experience and SEO.
- Redirects: Failing to redirect HTTP URLs to HTTPS can lead to duplicate content and indexing issues.
- Canonicalization: Incorrect canonical tags may cause search engines to index the wrong version of your website.
- Expired SSL Certificates: An expired SSL certificate will show your site as insecure, negatively affecting user trust and SEO.
How To Detect HTTPS And SSL Issues
To detect HTTPS and SSL issues, use a combination of tools and manual checks:
- SSL Server Test: Tools like Qualys SSL Labs can test your SSL configuration and identify potential issues.
- Website Crawlers: Crawlers like Screaming Frog can help identify mixed content, internal link issues, and canonicalization problems.
- Google Search Console: Use Google Search Console to detect indexing, crawl, and security issues.
How To Fix Mixed Content Issues
To fix mixed content issues:
- Identify insecure elements on your pages using website crawlers or browser developer tools.
- Update URLs for insecure elements to HTTPS.
- If third-party resources are causing mixed content issues, consider finding alternative secure resources or hosting the content on your server.
How To Update Internal Links
To update internal links:
- Use a website crawler to identify and list all internal HTTP links.
- Replace HTTP links with their HTTPS counterparts.
- Ensure all newly added content uses HTTPS links by default.
How To Redirect HTTP To HTTPS
To redirect HTTP URLs to HTTPS:
- Implement a 301 redirect for all HTTP URLs, ensuring that users and search engines are redirected to the secure HTTPS version.
- Use server configurations like .htaccess (Apache) or web.config (IIS) to implement site-wide HTTP to HTTPS redirects.
- Test redirects to ensure proper implementation.
How To Resolve Canonicalization Issues
To resolve canonicalization issues:
- Ensure all canonical tags use the correct HTTPS version of your website.
- Update your sitemap to include only HTTPS URLs.
- Configure your Content Management System (CMS) to use HTTPS URLs for canonical tags automatically.
How To Manage And Renew SSL Certificates
To renew SSL certificates:
- Monitor your SSL certificate’s expiration date and set reminders to avoid expiration.
- Purchase and install a new SSL certificate from a trusted Certificate Authority (CA) before the current one expires.
- Verify the new SSL certificate’s installation and ensure there are no issues.
Why SEO Performance is Key to Growth
SEO is a zero-sum game for marketers. For you to win, someone else has to lose.
If you want to show up in Google search results and you haven’t adopted SSL or taken the time to implement HTTPS on every single page of your website, you’re losing.
Having an SSL certificate and the associated “HTTPS” language in your URL is crucial for data security and your search engine strategy. It promises the user that you have a secure connection and provides a key ranking signal to Google and other search engines that your website is safe to browse.
There are a variety of different types of digital certificates available that provide varying layers of validation and security and give your users a feeling of safety while on your website.
SEO experts at Valve+Meter encourage our clients to embrace the best practices across the internet. For SEO purposes, you want your content to stand out for the right reasons.
When search engines crawl your site, the SSL certificate is just one basic layer of SEO rankings. If you haven’t made the shift to HTTPS yet, Valve+Meter can help. Contact us today for a free analysis of your entire website.
The only way to grow your business is to shine a light on your digital marketing. Search engine results are the best way to put your brand in front of new prospects.