Ecommerce websites have always made up the majority of websites using SSL to protect their customers’ data. Today, that protection is being adopted by many non-ecommerce website owners, even bloggers.
SSL encrypts the data customers enter on a website, like credit card information and personal details. Google also ranks SSL enabled websites higher in the search results, making SSL an essential component of search engine optimization.
Without SSL your flow of traffic is at risk
SSL certificates have been branded as a method for securing credit card information, so visitors aren’t usually concerned about their presence if they aren’t making a purchase. Today, encrypted HTTPS connections serve as a symbol of trust, indicating to visitors that a website is secure, even if they don’t know the extent of what that means.
Most visitors won’t notice if you don’t use HTTPS connections on your website; they’re not trained to look for it. However, if a visitor were to be given an indication that your website isn’t secure, they’d probably bounce.
Until recently, it was difficult for users to distinguish a website using SSL from any other. Google changed that when they updated Chrome to inform users of the security status of a website. To the left of the address bar, Chrome now displays a lock with the word “secure” for every website using HTTPS. An SSL-enabled website is identified by the URL beginning with HTTPS rather than HTTP.
For now, Chrome displays a neutral information icon for non-HTTPS URLs. When clicked, a tooltip appears letting the user know the page is not secure and they shouldn’t enter any passcodes or credit card information because hackers could steal it. Future browser updates will display these sites as “not secure.”
This update alone has the power to dissuade visitors from continuing to browse your website. Not everyone knows an “unsecure” website poses no danger to them unless they fill out a form or log into an account. When visitors see that “not secure” notification, fear will cause them to bounce.
Google is big on security, and SSL isn’t the only way Chrome users learn which sites they can trust. Many users use the Web of Trust add-on to identify a site’s community ratings and reviews. People want to feel safe browsing the web, and you should do what you can to earn their trust.
SSL is now a search ranking factor
Another important distinction about SSL is that Google ranks HTTPS sites higher than those without SSL encryption. Although using SSL alone isn’t enough to boost your ranking from #5 to #4, it does give more weight in the background which would give you an advantage over another equally ranked site.
The details of how it works are vital for experienced webmasters to understand. For example, you can’t use Google’s change of address tool to move from HTTP to HTTPS – yet. To give Google the signal that your indexed HTTP pages are now HTTPS, you need to use 301 redirects.
Perception is everything
If you’re not selling any products, collecting email addresses, or otherwise asking visitors to enter information into a web or login form, you don’t technically need SSL. Visitors, on the other hand, will be easily scared by notices telling them the website they’re visiting isn’t secure. If you decide to collect data in the future, it will be harder to migrate to HTTPS, so it’s better to make the switch now.
In the future, Google might start placing symbols next to search results to tell users if a website is secure before they click. If that happens, non-secure sites will see a drop in bounce rates but will also see a significant decline in organic traffic.
Many popular webhosts have been giving out complimentary SSL certificates for their clients because they know the Chrome browser update is going to hit them hard. That’s surprising since the certificates were once a source of add-on revenue for hosting companies, but it seems they’d rather keep their customers happy.
Migrate to HTTPS and avoid losing traffic
SSL and TSL certificates can be obtained for free from sources like Let’s Encrypt. When you make the migration, be aware that you’ll need to go through all of your webpages and change your links to reflect HTTPS.
Redirect the HTTP version of your website to HTTPS. If you have too many links to change, this will cover you until you’re done. Using a redirect also ensures your links on sites you don’t control will lead people to the secure version of your site.