All website owners, web designers and developers should be creating new websites that are housed on a secure (https) web server. This is very important for modern web development best-practices.
This was not always the case, however, and there are many legacy websites out there on the web that started their existence on a non-secure (http) server. Now more than ever it is important for us web designers and developers to bring these legacy sites over to secure servers.
Let’s dive into some of the reasons why!
Note: the acronym “SSL” means “Secure Socket Layer”.
Some of the main reasons your website needs to be on a secure server:
- Sensitive information will be much safer from hackers when using a secure connection.
- Google has begun penalizing websites that are not secure, potentially hurting their ranking in search engine results pages (SERPS).
- Customers will be more likely to trust your website.
- An SSL certificate helps to confirm your identity.
Let’s go into more detail on each list item:
1. Sensitive information will be much safer from hackers when using a secure connection:
If you are selling anything online and collecting payment information from your customers, it is absolutely critical that your website is hosted on a secure server (your web address/url should begin with “https”).
An SSL certificate will encrypt sensitive data while it makes its way from the customer to your website, database or inbox. Otherwise you are rendering your customers’ personal information vulnerable to be intercepted by hackers, when they click the Submit or Purchase button. If you are selling anything on your website or blog and receiving payments of any kind, your website needs to have an SSL certificate in order to comply with PCI requirements.
It is also very important for ANY type of personal and/or payment information that people are sending through your website be protected. This means – even if you are not selling anything or collecting payment info – any form of personal data that your users submit should be protected.
Do you have even a simple Contact Us form, where the user can give you their name, email and leave a comment or ask a question? The potential is always there for someone to send you their personal, sensitive information through this form. Realistically people could send you any type of data or information via an online form. So don’t take chances – secure your website asap.
Once you get an SSL certificate, the job might not be done yet.
Especially if you have an existing/older website that started out on a non-secure server (the website address begins with “http:”), it might be necessary to force the website and all browsers that connect to it to use its SSL connection. Certain pages, links, images or other digital assets might be still lingering on a non-secure server. In this case it might be necessary to redirect from these non-secure items to their secure counterparts on your new secure server.
This can be accomplished by adding a bit of code to your website’s .htaccess file.
If you have a WordPress website, the process is made easier by installing one of the many plugins out there that will do the work for you.
2. Google has begun to penalize websites that are not secure, hurting their ranking in SERPS (search engine results pages):
In July of 2018 Google started to “penalize” websites that resided on non-secure servers, when viewed on their Chrome browser. This change came after years of hinting and warning web designers and developers well in advance.
This penalty came in the form of a clear “Not secure” warning displayed in the top left of the user’s screen:
I’m not sure about you, but I wouldn’t want users of my website to see that little warning icon up there. Even if there was no or minimal risk in using my website, just the sight of that warning might be enough for users to decide to look elsewhere.
Google goes into a little more detail on what those little symbols mean in this help article: https://support.google.com/chrome/answer/95617?visit_id=637185937963411074-4114027874&p=ui_security_indicator&rd=1
Google made the reason for imposing these measure onto non-secure websites clear: it ultimately serves the user/customer better, if they know they are clicking on and browsing through websites they can trust.
Which leads me to the next item on this list:
3. Customers will trust you and your website more:
Users of your website (and potential users/customers) will be more likely to engage with it and will trust it (and your business) more if they see the padlock and know their personal information is secure. You only have one chance to make a good first impression, and often that chance only lasts seconds.
With so many choices today, combined with information overload, consumers have little patience to linger on websites that are not safe (in their eyes). Don’t give them a reason right off the bat to discard the website or blog that you worked so hard to create – reach out to your web host and get an SSL certificate.
4. Having an SSL Certificate helps confirm your identity:
An SSL certificate acts as a stamp of approval from the Certificate Authority that your web hosts is partnering with. Certificate Authorities are independent, third-party companies that will vet and (hopefully) affirm and certify that you are who you say you are. By issuing you an SSL certificate they are confirming that your website is legitimate as well.
Securing your website doesn’t have to stop with your SSL certificate. There are many additional security measures that can be placed on your web host’s server, and within the back-end of your website itself. For WordPress websites, try one of the excellent security plugins available, such as WordFence or Sucuri.
Website security is just one of the many key, essential ingredients that are MUST for any website. Check out this article for more information on some of the other essential ingredients.
Thank you for visiting our blog and for reading! Please share this article if you’d like. 🙂