SSL Demystified – Why your site needs it and how it can improve your Google Rankings
What is SSL?
An SSL certificate is a bit of cryptography on your web server that provides security for online data transfer.
Once installed on your server, it activates the padlock and the HTTPS protocol (via port 443) and establishes secure connections from a web server to a client or browser. Typically, SSL is used to secure financial and credit card transactions, data transfer and credentials, and more recently is becoming the standard for securing data and privacy whilst browsing of social media platforms to ordering cupcakes online.
Why does my site need an SSL Certificate?
Simple – Google favors data security and privacy!
In fact, so much that Google themselves utilise SSL to protect user data and privacy once they’re signed in.
Here is a statement directly from Google back in August 2014 which highlights its intent:
MOZ began tracking HTTPS uptake vs impact on ranking for 10,000 keywords since the announcement and reported the ratio of first page results with HTTPS has increase from 7% in 2014 to 33 % in 2016.
The conclusion – There is no doubt the Google announcement has spurred an uptake of HTTPS implementation by marketers, and the higher ratios of first page sites with HTTPS compared to second page sites can point to a correlation (and we’re mindful that this could be seen as an over simplification given the myriad of ranking factors involved). However, our own experiments have shown a noticeable impact on rankings (as have hundreds of other specialist SEO experts, including the awesome geeks at AHREFS).
Which SSL Certificate is best for me?
There are several options when it comes to SSL Certificates offered by providers such as DigiCert and Global Sign. Even though they all perform encryption to secure information, not all SSL Certificates are the same.
[accordion title=”Type of SSL Certificates” auto_open=”true”]
[accordion-item title=”Single SSL Certificate: Suitable for Small Businesses, Blogs, and Personal Sites”]
An Single SSL Certificate such as the SSL Plus from Digicert secures one domain, making sure that all information a user accesses on that domain remains totally private and secure from 3rd parties.
[accordion-item title=”Multi-Domain SSL: For Service Providers, Agencies, and Securing Multi-Domains”]
Larger Websites and online service providers often require more than just a single SSL Certificate to secure their Website. They may have multiple Websites, or have several different domains to secure. Service providers often secure customer Websites or run services for businesses and need to secure those portals for their own customers.
Multi-Domain SSL Certificates are the perfect solution for administrators or service providers with multiple Websites that need to be secured.
With a multi-domain SSL Certificate, administrators have the flexibility to customise and match the domain names being secured by quickly adding or removing names as needed. Multi-domain makes it easy to add a large number of client domains onto one certificate, making securing multiple Websites simple and easy. For example, with a multi-domain certificate you could secure:
[accordion-item title=”Wildcard SSL Certificate: For Large Websites or Securing Subdomains”]
A Wildcard certificate is a single-source solution for domain-wide SSL security. With a Wildcard certificate, administrators specify which domain to secure (e.g. *.mysite.com) and then implement a single certificate on their entire Website, regardless of whether they have one or 1000 servers.
Administrators can apply for one certificate and then use it on multiple sub-domains like:
SSL as Part of your SEO Solution…and more
Rankings aside, Green Bar SSL Certificates create customer confidence and is proven to boost conversion rates.
However, getting implementation right is key.
According to AHREFS, the perfect HTTPS implementation should look like this:
The perfect setup for SEO purposes looks like this:
- HTTPS is enabled, meaning you can type in https://www.digitalsquad.co.nz and you’ll see the website
- The other HTTPS URL — in this case https://digitalsquad.co.nz— as well as both HTTP URLs (https://digitalsquad.co.nz and https://www.digitalsquad.co.nz) all redirect to https://www.digitalsquad.co.nz ensuring there is only one canonical version of the content available
- Every redirect leads directly to the canonical version of the content. It redirects
A --> B, not
A --> C --> D --> B
- Every redirect uses the HTTP status codes for permanent redirects (301 ideally instead of temporary redirects (302 or 307)
We perfectly implement this protocol by redirecting everything to https://www.digitalsquad.co.nz.
The following tips from Google also form best practices when switching to HTTPS:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain – this prevents common referencing errors such as “CSS missing”.
- Use protocol relative URLs for all other domains
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexation of your pages by crawlers where possible. Avoid the no index robots meta tag.
- Google has also updated Webmaster Tools to better handle HTTPS sites and the reporting on them.
- Select HTTPS as the preferred version in Webmaster Tools, Search Console and Analytics.
- Test with Tag Manager to see if all tags are working properly.
Need Help with SSL Implementation?
SSL implementation can seem like a daunting task but trust us when we say it pays dividends in both the long and short run.
Arrange a call-back with one of our SEO consultants today and we’ll help you with SSL audit and testing to best practice implementation.