FAQ: Secure Socket Layers
Secure Socket Layers (SSL) Gator
What is an SSL
What is HTTP vs. HTTPS
Why is encryption important?
Why is the padlock important?
Does an SSL Encrypt the content of my site?
What about the other browsers?
SEO on Not Secure Sites:
What is an SSL?
An easy way to understand an SSL’s function is to imagine you’re cruising a car down the road using a public highway. Now imagine taking a private underground tunnel to your destination with secure check-points at both ends. The hazards of sending your information down the internet superhighway are similar to this scenario, but imagine taking the secured route. No one can see [the data] within the tunnel as it is buried beneath layers of secure coded language that couldn’t be read by anyone outside of the tunnel’s end-points because it’s encrypted.
In short, an SSL is a Secure Socket Layer, which by definition is the standard security technology for establishing an encrypted link between a web server and a browser. An SSL is used to encrypt data that’s being sent between two or more servers (computers). If you are familiar with the Green padlock at the top left of your address bar, or if you have seen web addresses with the “HTTPS” at the beginning like this site does now, you may already be aware of the signs that you are using secure encryption.
Although the green padlock and the “HTTPS” are not the only signs of using a secured website, they are the most upfront and visible. What's most important to remember once Google implements this change, customers are greeted with the "Not Secure" warning, similar to what you see below. Seeing this means fewer visitors will be less likely to enter any information on your site, like making a purchase or even signing up for your email list.
What is HTTP vs. HTTPS?
The difference between HTTP & HTTPS is both minimal and drastic. Both acronyms translate out to “HyperText Transfer Protocol,” but the one containing the “S” adds “Secure” to its translation. The “S” gets added to your URL typically when you attach an SSL certificate (a type of file) to your domain name. Doing this will change the look of your domains' uniform resource locator (URL) so that it goes from a “Not Secured” HTTP portal to the now “Secured” HTTPS portal (or private tunnel.)
Why is encryption important?
Without an SSL Certificate encrypting the data passing between your website and other computers, both parties could be at risk.
You probably wouldn't send a postcard through the mail with your credit card information on it for the same reason people won't put their information on your unsecured website. Since smaller companies are unlikely to have an entire team working on-site security, they are more vulnerable to attacks from bad actors trying to steal any information they can gather. This is why encrypting, or the process of converting data into an unreadable coded language is so important. There are different forms of encryption and different levels of security that vary depending on the type of SSL you have.
SSL Certificates through HostGator give you:
- Encrypted website traffic and data, helping to keep it safe.
- Boosted site credibility via visual indicators like "green padlock."
- Receive a positive impact on your Search Engine rankings.
- CDN, which helps site speed and security.
Why is the padlock important?
In July 2018, the internet power-house Google will unveil a new Chrome Browser version which will, in essence, call out these SSL signifiers when people visit your website. If you do not have an SSL, your website will display in Chrome as “Not Secure” and have many unseen implications throughout Google’s network of products.
If you have an SSL, Your website will show the green padlock, the “HTTPS” protocol, and the “Secure” status when searching through Chrome.
Does an SSL Encrypt the content of my site?
Understandably, it's easy to think that an SSL will also encrypt all of your website's content (text, images, videos, etc.); however, this isn't the case. Although the SSL encrypts the real traffic moving between the content and other computers, you may still have content that cannot be encrypted.
As a result, customers may still receive messages that the page they're viewing contains unsecured content if images or other elements haven't been encrypted.
When you install an SSL certificate to your site, it attempts to encrypt all of the elements on your site's secured pages. If all items on the page cannot be encrypted (such as the content is hosted on an unsecured third-party server) then customers will still be met with an "unsecured content" (see image below) message and, in some browsers, customers may see a broken padlock icon.
What can you do?
Though these identifiers do not mean a failure of your SSL certificate, they can still be problematic to viewers and negatively impact your site's conversions. If an image, video, or URL link refers to an unsecured file hosted on a third-party server outside your website, you’ll need to use a different URL or modify the image link to use the secure "HTTPS" protocol. The content must also be secured where it is at for this to work.
Pro Tip: It's important to remember "one bad apple spoils the whole basket." If the location of the content you are using is unsecured, the simple logic here is that it probably shouldn't be on your website at all. In some cases, it's impossible to make the content you want to use secure, so it's best to consider alternate options.
What about the other browsers?
Requiring new security measures is a practice Google has utilized for many years already. Since 2014, Google has given ranking boosts to people using SSLs and has actively downshifted sites labeled with HTTP pages that collect personal information, such as passwords or credit card details. Likewise, Firefox also began implementing a policy that started to mark form elements on HTTP sites as insecure. Through pop-ups, they warn users that any log-in information could become compromised through the HTTP protocol.
That being said, we cannot speak for what another browser may or may not require, but what’s important to take away is that this change is being implemented in the name of security. There should be no question how important protecting your identity and customers' private information online is in today's climate.
SEO on Not Secure Sites:
What Google’s update means for your SEO:
It’s both a blessing and a curse that one company plays such an impactful role in what gets done on the internet. After all, when Google says “Jump,” relevant websites respond promptly with “How high, Mr.Google?”
Even though there are many other search engines out there that you can use to find anything on the internet, the fact that we have Google to set the bar means there is at least some form of consistency in a world of ambiguity.
Likewise, for those users who choose not to follow Google's lead, there are some hindrances to be aware of, which we will touch on briefly in this article.
As you learn more about how SSL certificates transmit data securely, you should begin to understand why Google requires sites to have an SSL certificate.
Google is working to make websites safer and is prepared to lower the rankings in their search based solely on if a site has an SSL certificate or not.
So what do I do? (How to get started?):
To find out what might need to be done in regards to adding an SSL to your website, check out: Free Secure Socket Layers.