Wednesday, April 6, 2016

Google Ranks Secure Sites Higher


Recently Google announced that they have begun giving preference to sites that use the HTTPS protocol – this is the secure version of the more common, HTTP. Google is doing this because the process of obtaining the security certificate to use HTTPS (an SSL Certificate, more on that later) involves some research and vetting of the company / person applying for it. (Although maybe it's because, secretly they invest in companies that supply the certs – where are all the conspiracy theorists*??)

This HTTP / HTTPS / SSL stuff might be causing some confusion. So, here is something that will help … at least I hope it helps.

HTTP and HTTPS, What are They?

HTTP stands for Hypertext Transfer Protocol. It handles the formatting and transmission of data between the Web server and your browser. HTTPS is a secure version of HTTP – that's what the “S” means. This version of HTTP encrypts the data moving between your browser and the server.

What is SSL

SSL stands for Secure Socket Layer. This is a protocol that creates a unique key and uses it to encrypt and 'de-encrypt' information being sent between two computers. The encryption code is shared between only the sending and receiving machines, making it very hard for a third party (machine) to figure out what is being sent back and forth. This is why websites that gather and send payment information often implement SSL. (In some states, the use of SSL is required for sites that collect credit/debit card info, Social Security Numbers, or child information).

An SSL Certificate is a digital signature that says, “this owner and/or domain have been checked out.” Installing an SSL Certificate on your website is what gives you the “S” in HTTPS. Note that the HTTPS protocol can be forced on a website without a valid SSL Certificate. But, the major browsers will popup a nice big warning letting you know they can not verify the security. If you really trust the site, you can bypass this warning. But make sure you really trust it before entering any personal info!!

Getting a Certificate

You can purchase a Certificate directly from a company like Network Solutions, DigiCert or RapidSSL. But, I highly recommend that you ask your developer or hosting company for help. They may charge a little to get everything set up. But, this charge will be less painful than trying to get this all together yourself! Also, many hosting companies offer a service with includes the purchase of the certificate, installation of the certificate on your domain, and the changes that are required to go from the HTTP to the HTTPS protocol.

There are three different types of SSL Certificates. They involve different levels of research/investigation into your business and domain (none are intrusive and this research takes place behind the scenes, except for a few emails you might receive).

First is the Extended Validation Certificate. It checks the right of the applicant to use the domain that will be protected and the certifying company conducts a thorough and detailed vetting of the organization represented by the site.

Next is the Organization Validation Certificate. The authorizing company will check the right of the applicant to use the specific domain name and will also check into the organization represented by the domain or the company that owns the domain. This check is not as thorough as the check for the Extended Validation Certificate.

Finally, there is the Domain Validation Certificate. With this type of certificate, the applicant is checked to make sure they have the right to use the domain covered by the certificate.

All this information is available to your visitor / buyer when they click on the Secure Site Seal. **I highly recommend that you have your developer put this seal and link (provided by the authorization company) on your site in prominent locations, such as the home page, cart and checkout pages, or form pages that collect personal information or information about children.** If you are on a site where you are asked for any of this kind of information, you may want to click on the seal to see what kind of certificate the domain has.

Why So Many Different Prices?

Prices can very greatly for SSL Certificates. Factors effecting price:
  • the issuing company for the certificate.
  • what level of compensation you want if the data is stolen during transmission.
  • what the certification covers – a single domain, the domain and its sub-domains, or multiple domains.
  • the number of years you purchase the certificate for (most certification companies now allow you to purchase for multiple years).

Another things that may increase the price is the cost charged by your developer / host provider to install the certificate for you. If working with your developer / host provider, I recommend you ask for an itemized list including the cost of the certificate type, plus the cost of the 'add on' features, and the cost of their services and assistance.

Some Final Notes

Watch your site - when your certificate is installed and takes effect, there may be links to other pages, sites and images that are broken. Also, make sure your developer / host company sets up your site to automatically go to HTTPS even if someone types or uses a link that still has the HTTP protocol specified.

It is worth remembering that with the cost of an SSL Certificate, you are not only providing assurance to your visitors, you are protecting yourself / your business, and you are helping your Google search rankings!

It is my hope that this post helps you understand HTTPS and SSL. If you have questions, please feel free to comment here or ask questions on Facebook, Google+, LinkedIn, Twitter, or any other social media site you came here from.  You may also ask questions using the contact form on our website.

*This line is a joke, please no comments about it.

No comments:

Post a Comment