There may be a new requirement for webmasters in the world of 2014 and beyond: mandatory SSL-certified websites.
While, not exactly mandatory. But if you want to rank well in Google, then you’ll probably going to need to encrypt your website.
Let’s back up a sec: Google hosted an event called “HTTPS Everywhere“. During the event they mentioned that whether a website is SSL-encrypted is now part of Google’s ranking algorithm. It’s a “weak signal”, they said, but only because they wanted to give webmasters some time to start adding these certificates before they strengthened the “SSL ranking signal”.
I’m sure you fellow webmasters have tons of questions. We can answer as many as we can:
- What is an SSL Certificate? – The “SSL” stands for “secure-socket layer”. The certificate essentially creates an added layer of encryption between your website and the visitor. This ensures that no one is eavesdropping on your interactions on a website (i.e. copying your credit card information or passwords). Previously only online commerce sites and websites where people entered passwords were advised to add an SSL certificate. Now it seems that every website should get one.
- Why is Google doing this? – One theory out there is that Google wants to stamp out the NSA’s ability to spy on people. Since SSL only stops one type of cyber-crime (surveillance), Now, what’s Google’s motive here? Will the NSA be forced to pay for Google’s information once the surveillance racket dies away? It’s basically impossible to really know the real answer. And for us webmasters on the ground floor, it doesn’t matter.
- How much of a ranking boost will I get? – Right now, it’s a weak signal among over 200 other signals that Google uses. So it’s not going to make you jump to the first page when you languishing on page 8. It can help in a tiebreaker situation, where your website is tied with another website that does not have HTTPS. But the signal is going to strengthen over time. And when that happens (which will likely be without warning), your website will unexpectedly start rising. Isn’t that a cool feeling?
In other words you should get HTTPS because it will future-proof your website.
- How Much Does an SSL Certificate Cost? – The cost varies widely based on the what kind and where you buy it from. Since GoDaddy’s the biggest domain registrar, we checked them and found that a standard SSL costs $49.99/year. That’s pretty steep. But a quick Google search found some coupon codes to knock 30% off that price. Namecheap has a coupon for Comodo SSL for $4.99/year, which is really good as well.
- Are There Free SSL Certificates? Yes, but buyer beware. The OpenSSL “Heartbleed Bug” became such a problem mostly because the free, open-source software wasn’t maintained. StartSSL has a great reputation. But you’ll also need to know what type of server your website is hosted on: (i.e. Apache). Also if your website is hosted on a shared web server, then most web hosts have strict policies about adding SSL encryption to their servers. They are likely just trying to make sure you buy their products, but make sure your web allows 3rd party SSL certificates before trying to install one.