In the past few years, Google has been stressing to webmasters that security is important, and would be considering a ranking factor in their search engine algorithms. The most recent of updates with Google, has been suggesting on adding SSL to your website for your visitors to have a much safer experience surfing your website. While Google has not yet penalized websites for not having SSL, since 2014, Google has actually given websites with SSL a boost in ranking, and it’s become part of the Google Quality Guidelines. So, what does this mean to you? This article will discuss what SSL is, why you need it, and SSL requirements. So to sum it up Google Requires SSL Certificate on your website.
What is SSL, and HTTP versus HTTPS?
SSL is short for Secure Sockets Layer. It’s a nifty piece of technology that gives an encrypted link between the server that a website is on, and your browser. It’s what makes sites have a URL in the browser address bar have HTTPS, instead of HTTP.
In return, this means all data passed between your browser and the website’s server is secure. In regular HTTP, everything seen through the browser, can be easily read by any hacker that happens to get into the connections between your browser and the website you’re surfing. This poses a big security risk because you could be exposing sensitive information, like credit cards, or personal information. With HTTPS, the data is encrypted, making it hard for hackers to decrypt, even if they had broken the connection between the browser and the website.
Why do you need SSL?
For WordPress owners, you need to have a secure website. Having a secure website use to mean just making sure your website’s core WordPress installation, the theme, and all your plugins up-to-date. It also meant you needed to have a security plan in place that includes security plugin as well as hardening your website. However, now you also need SSL.
SSL allows everyone, search engines and your visitors, to know that your site is safe and can be trusted. Your website visitors can trust your website more, because you’re ensuring a safe user experience, and that their sensitive information won’t be stolen.
What are the requirements for SSL?
To have SSL on your website, you have to have an SSL certificate. The SSL certificate contains information like domain name, company name, address, country, certificate’s expiration date, and details about the Certificate authority (the issuer of the certificate.)
Beyond having a SSL certificate, Google suggests that you should choose one that suits your website best.
For some, like bloggers, who don’t need much, and since they aren’t doing anything to collect money through forms, need something basic, like a Domain Valid certificate. For e-commerce websites, or websites doing any type of monetary transactions, . If you’d like to known more about SSL, here is a really great guide on different types of SSL certificates.
However, in the end, Google has a few recommendations and tips in regards to going SSL with your website. Here is a short list:
- Decide what type of SSL certificate you will use, and make sure it comes from a reliable Certificate Authority
- Make sure the SSL certificate uses 2048-bit key
- Make sure all URLs within the website are relative to the domain it is in
- Make sure to use relative URLs for other domains
- Try to avoid noindex robots meta tag.
- Let Google know about the change in Google Search Console that you prefer the HTTPS listing over your HTTP listing
Above all, aside from the SSL certificate, you MUST keep your website clean of malware and such. That means, you need to have a security plan in place for your WordPress website.
Thinking of going green with HTTPS, but you’re not quite code-savvy? WP Fix It can help! We have a WordPress SSL HTTPS Service that will help set your website up with HTTPS.