SSL Demystified – Why your site needs SSL and how it improves Google Rankings
What is SSL?
An SSL certificate is a bit of cryptography on your web server that provides security for online data transfer.
Once installed on your server, it activates the padlock and the HTTPS protocol (via port 443) and establishes secure connections from a web server to a client or browser. Typically, SSL is used to secure financial and credit card transactions, data transfer and credentials, and more. Recently, it has become the standard for securing data and privacy, spanning everything from browsing of social media to making a purchase online.
Why does my site need an SSL Certificate?
Simple – Google favours data security and privacy!
Google put their money where their mouth is when it comes to SSL, using it themselves to protect user data and privacy once you sign in.
Here is a statement directly from Google back in August 2014 which highlights its intent:
MOZ began tracking HTTPS uptake vs impact on ranking for 10,000 keywords since the announcement and reported the ratio of first page results with HTTPS has increased from 7% in 2014 to 33% in 2016.
What we can conclude from this is that Google has inspired an uptake of HTTPS implementation by marketers, and the higher ratios of first page sites with HTTPS compared to second page sites can point to a correlation (and we’re mindful that this could be seen as an over simplification given the myriad of ranking factors involved). However, our own experiments have shown a noticeable impact on rankings (as have hundreds of other specialist SEO experts, including the awesome geeks at AHREFS).
Which SSL Certificate is best for me?
There are numerous options when it comes to SSL Certificates, with some popular providers being DigiCert and Global Sign. Even though they all perform encryption to secure information, not all SSL Certificates are created equal.
[accordion title=”Type of SSL Certificates” auto_open=”true”]
[accordion-item title=”Single SSL Certificate: Suitable for Small Businesses, Blogs, and Personal Sites”]
A Single SSL Certificate such as the SSL Plus from Digicert secures one domain, keeping all information on the domain private and secure from 3rd parties.
[accordion-item title=”Multi-Domain SSL: For Service Providers, Agencies, and Securing Multi-Domains”]
Bigger websites and online service providers will often need more than one SSL Certificate to secure their Website. This might be because they have multiple websites or domains that need securing. Service providers have the added responsibility of securing customer websites or running services that businesses rely on, so there is therefore a greater need for them to secure their portals.
Multi-Domain SSL Certificates are the perfect solution for administrators or service providers with multiple websites that need to be secured.
With a multi-domain SSL Certificate, administrators can customise and match the domain names as they can quickly add or remove names as needed. As the name suggests, a multi-domain SSL Certificate lets you add numerous client domains to one certificate, making it easier than ever to secure multiple sites. For example, with a multi-domain certificate you could secure:
[accordion-item title=”Wildcard SSL Certificate: For Large Websites or Securing Subdomains”]
A Wildcard certificate is a single-source solution for domain-wide SSL security. It enables administrators to specify which domain to secure (e.g. *.mysite.com) and then use the single certificate on their entire Website, regardless of whether they have one or 1000 servers.
Administrators can apply for one certificate and then use it on multiple sub-domains like:
SSL for your SEO and more
Rankings aside, Green Bar SSL Certificates create customer confidence and is proven to boost conversion rates.
However, implementing it correctly is essential.
According to AHREFS, the perfect HTTPS implementation for SEO should look like this:
- HTTPS is enabled, meaning you can type in http://digitalsquad.com.hk and the website will come up
- The other HTTPS URL — in this case http://digitalsquad.com.hk— as well as both HTTP URLs (http://digitalsquad.com.hk and http://digitalsquad.com.hk) all redirect to http://digitalsquad.com.hk ensuring there is only one canonical version of the content available
- Every redirect leads directly to the canonical version of the content. It redirects
A --> B, not
A --> C --> D --> B
- Every redirect uses the HTTP status codes for permanent redirects (301 ideally instead of temporary redirects (302 or 307)
We perfectly implement this protocol by redirecting everything to http://digitalsquad.com.hk.
The following tips provided by Google also shed light on the best practices for HTTPS:
- Choose the right certificate for you: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain – this ensures you won’t encounter any common referencing mistakes like “CSS missing”.
- Use protocol relative URLs for all other domains
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexation of your pages by crawlers where possible. Avoid the no index robots meta tag.
- Select HTTPS as the preferred version in Webmaster Tools, Search Console and Analytics.
- Test with Tag Manager to see if all tags are working properly.
Need Help with SSL Implementation?
SSL implementation can be confusing territory but is well worth the effort as it certainly pays off in both the long and short run.
Arrange a call-back with one of our SEO consultants today at Digital Squad, a digital marketing agency Hong Kong. Let us help you with SSL auditing and testing to best practice implementation. if you’re in the market beyond SSL implementation and want to improve your social media marketing, let’s grab a coffee and chat about how we can scale your business with YouTube advertising, Instagram marketing or any other social media marketing Hong Kong.