SSL stands for Secure Socket Layer and it is an encryption layer used on websites to secure sensitive user data make them safe for browsing. Today, SSLs have been updated and replaced by something called a TLS certificate today, which stands for Transport Layer Security. Nevertheless, most people still use the acronym SSL instead.
For SEO and site ranking, Google bots gather info on each website they crawl and then using their algorithm to index web pages and rank them based on ranking signals. And, because of their importance and benefits for users’ security, cheap SSL certificates have become one of the most important Google ranking signals.
But what exactly are SSLs and how do they actually impact our SEO and website ranking?
What are SSL certificates?
When SSLs are properly configured on the host server – where the domain is hosted – it provides an encryption layer that secures your users’ data. At the same time, it uses an authentication system that checks each user’s identity and allows them to decrypt the data.
In other words, the SSL certificate, when configured properly, ensures safe passage of information between the user and the servers. And we know a site is secure or uses an SSL certificate based on the padlock icon next to the site’s URL in the browser.
An unencrypted website, without an SSL certificate, will have the word ‘not secure’ in the browser URL. Another way to spot if a site uses an SSL is by looking at the URL. If it starts with HTTPS instead of just HTTP, it means that it’s secure.
HTTP as an acronym stands for HyperText Transfer Protocol. Protocol means a set of rules and procedures applied to transfer files on the internet between the client browser and the hosting server and the additional ‘S’ at the end of HTTPS stands for secure, .
Types of SSL certificates
There are three main types of SSL certificates, domain validation, organizational validation, and extended validation. From first to last, the authentification process differs and they are increasingly more expensive.
That means that the certificate authority requires more steps in order to confirm a website’s owner’s identity before they grant an SSL. This will also cost the website owner more, but the level o security is also exponentially higher.
1. Domain validation
This basic SSL certificate type is a very affordable and attractive option for personal sites, like blogs or portfolios, as well as simple promotional websites for small businesses. The authentification process is simple and quick and the SSL is usually granted within the same day.
2. Organizational validation
The second type of SSL certificate is good for all e-commerce sites and sites that collect personal user information. But mostly, Google recommends that government entities, dealing with population-specific data, use this type of encryption.
As expected the authentification process is a lot more strict with this type of SSL, since the CA needs to confirm i.e. the identity of the governmental organization, and usually organization validation SSL certificates become active in 1 to 3 days.
3. Extended validation
As the name suggests, extended validation SSLs are by far the most secure, and the most expensive. However, they also come with the most SEO and user trust perks For example aside from the padlock next to the URL, this SSL also shows the company brand, thus giving a boost not only to trust and credibility but also brand visibility.
Extended validation SSLs are especially recommended for e-commerce sites to protect users’ data and payment information. This is the hardest certificate to get, as the authentification process is the most strict of all. Also, it is the most costly certificate and is issued with 1 to 5 business days.
Why is are SSL certificates necessary?
SSL certificate encryption enables your website’s users to browse and share private information like emails when subscribing to services without fearing data breaches. Or, for example, when users purchase a service or product online with a credit card, the SSL encryption will add an extra layer of security.
All of this is done using special encryptions keys (private and public) so that the information exchanged between the client browser and the hosting servers is secured.
In simple terms, SSL encryption provides a safe authentification process that prevents phishing and other malicious hacking attempts.
Lastly, any type of validation SSL certificate has accurate visual indicators like a green padlock, green bar, or other visible seals that add credibility and validity to the site. So, the SSL certificate serves to reassure customers that they are in safe hands, and they can make purchases with no worries that their data might be in peril.
Google’s response to websites with no SSL certificate
Google is quite serious about having SSL certificates on every site, and does not treat those who do not have a certificate lightly. On the Chrome browser, websites without an SSL certificate have a very visible warning to alert visitors that it is unsafe to carry out any transaction or share sensitive information.
This can affect everything that requires personal data from a user, including your chances of getting newsletter subscribers for example.
But more importantly, for sites that offer services or goods online, refusing to add an SSL certificate to your platform is like committing economic suicide. In fact, not installing an SSL certificate is like jeopardizing one’s chances of ranking tops both directly and indirectly on Google.
How SSL certificates affect Google rankings
So we have established so far that SSL certificates affect your conversion rates and can directly impact your sales and your overall online performance. But can they actually affect your Google rankings?
Improved Google ranking
Google already said that adding the Extended Validation SSL certificate gives a moderate improvement to one’s site ranking.
This is because EV SSLs come with a much more efficient security layer. But in general, websites that install any SSL certificate, as Google has stated, will receive preferential treatment, i.e. rank higher as opposed to sites that are not SSL encrypted.
Lower bounce rates and increased conversions
If your users are only looking for information, they might not be bothered r scared away by Google “Not Secure” warning. However, if you ask them for as little as an email address, you will soon find out that not having an SSL will directly contribute to a higher bounce rate.
Simply put, SSL certificates come with security layers that you are aware of, but also with trust badges, such as the padlock or the green URL bar. Seeing these badges will reassure your users that their data is safe with you. In turn, they will be more inclined to keep browsing and eventually convert – whether this means subscribing to a newsletter or buying a good or service.
Naturally, when users stay on your site for long periods of time, actually navigating around, making purchases, and so on, it sends a good signal to Google. Then, as a result of these low bounce rates and high conversion rates, Google also rewards you with extra ranking points.
Boosted User experience leads to better rankings
Relating to the factors above, when users spend quality time on your website, it means that they are enjoying a good user experience. This is also a good signal for Google that tells the search engine you deserve some more extra points.
Eventually, this creates a cycle. The more happy users you have, the more traffic you collect. Then, the more traffic you register, the higher your ranking, and so on.
Badly installed SSL certificates.
Ok so having an SSL certificate is a must. But what happens if we set it up wrong? Well, it can go bad in a few ways.
Google gives priority to the HTTPS version of your site over the HTTP when indexing. However, one should take care when redirecting to an HTTPS. Since the wrong URL redirection status code could lead to a split in backlinks between HTTPS and HTTP.
For instance, let’s say your site has 80 backlinks and you now want to add an SSL certificate but you set it up on only half of your pages. In this case, Google will end up splitting the original 80 backlinks, and assign your HTTP and HTTPS versions 40 backlinks each, which will lower your page ranking.
If the SSL certificate is not configured correctly, both the HTTP and HTTPS will be indexed as separate URLs instead of pointing the former to the latter.
When two URLs with similar content are indexed, it leads to duplicate content. In other words, when the same content appears in two different URLs online, Google will mark one as original and the other as duplicated content. This will cause Google to skip ranking those pages marked as duplicate. And If these should happen to be your certified pages, your rank will suffer.
SSL settup best practices
Some people have experienced a drop in site ranking and even traffic decrease attributed to redirecting their site URL(s) to HTTPS from HTTP. Well, how did Google respond to the claims?
Below are a set of best practices that Google advocates to ensure a smooth transition from HTTP to HTTPs.
- It would be to your advantage to allow indexing most if not all of your site pages.
- Also good to abstain from using no index robot meta tags.
- Find out from your domain host which SSL certificate you want to install with your site. If it is the domain validation SSL certificate, which kind? For instance, domain name hosts have a wildcard,multi-domain, and single plans. The price varies with the single plan being cheaper than the wildcard.
- Check to ensure that your robots.txt does not block the crawling of the HTTPS site.
- Google advocates everyone to use if possible 2048-bit key SSL certificates.
- For resources that co-exist in the same domain hosting server then use relative URLs.
Having an SSL certificate may affect your ranking, but in reality, it never does directly. Instead, it’s much worse. We already know that Google ranks are not everything that drives your business, your users are. And here is where having an SSL is really important.
Your users trust you and your site because of the SSL. Refuse to have it, and they will go to your first competitor in the blink of an eye. And the worst part is that once you lose a user, getting them back is a costly nightmare.
So at the end of the day, what do you think is best – investing in an SSL a maximum of a few hundred dollars a year, or spending thousands getting your users back?