6 Reasons You Need an SSL Certificate

Are you holding out? Do you own a website that hasn’t added an SSL certificate? Are you still on HTTP as opposed to HTTPS? It’s time to change and we’ll tell you why.

SSL stands for Secure Socket Layer and it is the technology that encrypts data when it is sent across the internet from your website. When you add an SSL certificate, your web address changes from http://your-site.com to https://your-site.com.

Here are 6 reasons you need to add an SSL certificate:

1. To protect login credentials
2. To protect any type of eCommerce transaction
3. To meet Google’s requirements for SEO
4. To meet GDPR Article 32 compliance
5. To not be flagged as “Unsecure” in Google Chrome
6. SSL certificates are free

To protect login credentials

You almost certainly have an admin login for your website. You may also have users that login to your site. Your login information is encrypted before transmission when you have an SSL certificate. This is an important level of security in an age where people are hacking into sites.

To protect any type of eCommerce transaction

You know you are doing eCommerce if you are accepting payments on your website. Yes, Amazon and Etsy are the types of companies you think of when you do eCommerce. But if you take any form of online payment for any reason, you are doing eCommerce. You don’t want to send unencrypted credit card information across the internet. So, get an SSL certificate to encrypt the transactions and protect your data.

To meet Google’s requirements for SEO

You want visitors to find your products and services when they enter Google searches. Since that is important to you, you need an SSL certificate. Why? Because it is important to Google.

Gary Illyes is a search analyst for Google and is sent by Google to speak on behalf of Google about SEO. Gary has been very clear that an SSL certificate is an important ranking factor in Google’s algorithm. In February of 2018, I asked Gary if it mattered if it’s a free or paid certificate. He said it doesn’t matter. It’s a simple binary choice in the algorithm. If you have one, then you’re good. If you don’t, then you’re bad.

In 2015, Gary tweeted harsher words for SEO’s that were advising against adding SSL certificates. Look at the tweet below. Where do you think Google stands on the subject?

To meet GDPR Article 32 compliance

You’ve probably heard a lot about the European General Data Protection Regulation (GDPR). You may have even felt the burden of working on GDPR compliance. Even if you’re a non-European company, you need to comply with GDPR if you have European customers. Failing to comply can result in fines starting at €10,000,000 or more. Complaints have already been filed against Google and Facebook that can result in $7 Billion fines. That happened on the first day GDPR went live.

Here is the language from the GDPR Article 32

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

• the pseudonymisation and encryption of personal data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

The first sentence and the second bullet point are where you need to focus. An SSL certificate is a reasonable effort to ensure confidentiality, integrity, and resilience of form data on your website. SSL certificates are state of the art and they are free. It is hard to imagine how you can be GDPR compliant without an SSL certificate.

To not be flagged as “Unsecure” in Google Chrome

If you aren’t using Google Chrome for your browser, that’s ok, but that puts you in the minority. Chrome’s global market share is 60.64%. That makes Chrome important to you and they are making a change that will impact you if you don’t have an SSL certificate on your website.

Currently, Chrome displays a green padlock symbol and the word “Secure” (also in green) when you have an SSL certificate. You can see that below:

But that is changing in 2018. Google is phasing in different changes to the Chrome browser. The first change will remove the padlock and the word “Secure”. From Google’s perspective, most of the world has switched to SSL, so it isn’t necessary to highlight the obvious. But what if you haven’t switched to SSL?

The second change comes in October 2018. Google will start to flag sites as “Unsecure” and paint it in red. Of course, this is only for sites that don’t have SSL certificates. This will glow like a warning beacon to your visitors that tells them they should be worried. Of course, you don’t want your customers worried when they’re on your site. Get an SSL certificate and put everyone’s worries in the past.

SSL certificates are free

Yes, SSL certificates are free. You may even be able to get a free certificate from your hosting provider. If not, then go to www.letsencrypt.org and you can get a free certificate there.

Why wouldn’t you get an SSL certificate? They are free. They’re quick to install and you’ve got the world begging you to do it. Just do it!

A word of caution

Yes, installing the certificate can be quick and straightforward, but there are details that need to be managed if you care about organic search traffic. You want to consult allies4me or another SEO agency before you do this.

Many companies have made a mess of their SEO when they switch to HTTPS. They’ve seen their web traffic drop. Download our Switching to HTTPS SEO Checklist to see the steps you need to follow when making the move. As you probably guessed, it is always cheaper to have a SEO map out the transition path before the fact, than to try to clean up a mess afterward.