Why you should host your site on https (SSL)

June 21st, 2017 · by Domains Direct · 2 min read

Secure Sockets Layer (SSL) is a cryptographic protocol that provide communications security over a computer network. When your site has an SSL certificate it means that your users can trust that the data being sent between their browser and your server is secure (encrypted.)

Traditionally, only sites with shopping carts or payment processing would be hosted with SSL, but nowadays it is good practice to host your site on SSL, no matter its content.

Typically you register an SSL certificate with your web host, who will install it onto your website for you. There are different levels of encryption and features offered, depending on your requirements, such as having your company name in the address bar, with each being progressively more expensive.

Domains Direct uses a lower-level encryption certificate because our site is mostly just content and there's no sensitive data being transmitted (our management and payment portal are on a different server) whereas someone like a bank would have the highest level possible because security of information is absolutely critical. See the two examples below.

Comparison of two different SSL sites{data-src="/assets/blog/2017-06-21-ssl-sites.png "Comparison of two different SSL sites"}

You'll know a site is hosted on SSL when the URL in your browser's address bar is https instead of http, and it's only when you access a site on https that data transmission is secure.

But security for users is just one aspect of the importance of hosting on SSL. A few years ago Google announced that
https was becoming part of a site's ranking signal.

As Google says in this blog post:

"Security is a top priority for Google ... beyond our own stuff, we're also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure."

"For these reasons, over the past few months we've been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal - affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

On the downside, a SSL-based website will have a very slight drop in performance as data must first be encrypted before being sent to the server, and vice versa, which adds overhead, but overall the tradeoff (which really is negligible) is worth it.

Finally, it's important that if you're choosing to go all-in with an https address that set up a redirect from your non-secure address. You should also advise Google that your primary address has changed via their Webmaster Tools.