Webinar Transcript

Joe:    Thanks for joining us for today’s webinar. Today’s webinar is going to cover website security and SEO. Google has made a recent announcement about how SSL certificates affect SEO so we’re going to cover that, and also, just the basics of what is SSL and how you can apply it to your website. With me today is Vince Lynch from the SSL store. He’s going to give you a rundown of everything you need to know about SSL. Take it away Vince.
Vince:    Hey everyone. Today, we’re going to be talking about SSL, SEO and Google’s recent announcement that using SSL encryption improves your search ranking. We have a couple slides here. We’re going to go over the Google announcement, what SSL is if you’re unfamiliar, and how you get SSL, and then go a little more into depth about how the Google announcement works and how you’re going to get that search result ranking boost. Then we’re going to go do a little extra reading if you need to go more in depth.
The first thing is Google recently made an announcement that if you use SSL, you will get a search ranking boost in your search results on Google. SSL also is called HTTPS encryption, so just so that’s clear we’re going to switch back and forth in the terms as we go through. When they made the announcement, they said it’s only going to be a lightweight signal for now. Right now, when you get an SSL certificate and you start using it, you’re just going to get a small boost, but you are going to get that boost, and they’re keeping it small for now because they want to give webmasters time to transition smoothly and work out the kinks.
Google, obviously since this is a new search that Google is doing, they also need time to perfect their formula stuff like that. When they did a test adjustment earlier this year, they saw improvements in the search results’ quality, so they know that favoring encryption is something that improves the results, and that’s better for the end user. This is definitely something you’re going to stick with. Google has been making a big move in the last few years to encourage encryption and to push people towards it, so I personally believe that this is going to become a bigger and bigger search result ranking boost for you. It’s only going to get better from here if you’re using SSL.
The first thing to go over is: What is SSL? SSL stands for secure sockets layer. That’s a protocol that works between your client’s browser and your web server to encrypt their data. It’s a digital file. Its goes in your server just think like an image file or an HTML file does. Once it’s on there, it’s going to work between that browser and that web server automatically to start encrypting their data.
Think about when you go to a site like Amazon.com or Facebook or your banking site. When you log in, you don’t want to send over your password, your credit card number, your address, stuff like that just plain text. You want to encrypt it, and SSL is going to help you do that, so that the only person who can read your information that you’ve sent over is that web server that you’re sending the information to. No hackers or anyone else can get to it. That’s obviously important both for the end user and for the person owning the web server. They don’t want their customers’ information to get leaked, and I certainly don’t want someone else to end up with my credit card number or anything like that.
How can you tell if a site has SSL? There’s a bunch of indicators. The easiest one to look for is the green padlock icon. That’s right next in the address bar. In all major browsers, there’s going to be some form in this green padlock icon and that indicates that there is a secure session. You also see on this screenshot HTTPS. That also indicates that you’re using SSL. The only way to get HTTPS encryption is with an SSL certificate. That’s the easiest way to see. You might be able to see a Trust logo. These are optional, so it’s up to the web server owner to present these. These come with all SSL certificates. You get basically that vendor’s logo to display.
You’re going to see some big names on here. Norton, powered by Symantec is the biggest name in SSL. They’re the biggest vendor. Obviously, that’s a name that everyone knows. If you’ve been using a computer at all since the ‘90s, you’ve probably heard of the Norton name or the Symantec name. Some of these names are pretty big, and some of these logos you definitely do want to display once you’ve gotten SSL from that provider. GeoTrust and Comodo are also really big names in SSL. These are logos that as a website developer you definitely want to display on your login page or on your checkout page because when customers see this, they’re going to go oh, you know what I recognize this name. It means something to me that Norton or GeoTrust or et cetera has secured this page, and that this website has the backing of that company.
Then another trust indicator is the green address bar. This is only enabled on premium certificates called Extended Validation or EV certificates. This is going to be the absolute best visual indicator. As you can see, compared to that other screenshot it just had the padlock icon. You get a huge green visual indicator that your site is secure. It shows the name of your company, and as well as the locality, and that’s also standardized across all browsers. All of these things we’ve talked about so far are standard. The SSL industry works together with the web browser developers to make sure that this is not something that you need a plug-in for or anything like that. This is enabled by default on all computers. Even on mobile, on your iPhone, on your Android phone, you’ll be seeing the green padlock, the green address bar and HTPPS when you’re using a secured SSL connection.
Who needs SSL? Traditionally, the idea was that you only needed it if you were an ecommerce site or something like that. Nowadays, it’s important for everybody because there’s things the hackers can do, even with nonessential information. These are called site attacks that let them maybe hack your site or do something to figure out the identity of a customer. It’s important to be encrypting everything that a customer is doing on your site from the moment they get there to the moment they leave.
If you are an ecommerce site or any site storing user information, it’s definitely essential to have an SSL. You don’t want customers to just be sending over their information plain text that puts you and them at risk and that’s legal liability if anything happens. You definitely want one if you’re selling anything or collecting user information. Also, if you’re just a blog and informational site something like that, you also want to get one. First of all, that’s going to help you take advantage of this new Google rankings boost. If you’re doing other stuff for your SEO, this is another really easy guaranteed boost, and something that you can do. It’s not too expensive either. You can get certificates for less than $50 a year. It’s definitely an affordable and great way to help your SEO rankings, and also just to drive your customers with encryption which is becoming more and more important for a lot of people.
How do you get an SSL certificate? You can go on Google, and just Google anything, SSL provider, SSL certificates, and you’ll see tons of listings. My company is a value-added reseller. We provide support, and knowledge base configuration checkers, and also great tools that especially if it’s the first time you’re getting an SSL certificate, a lot of things that helps make sure it’s quick and easy. There’s tons of other providers out there. When you do go and get one, the nice thing is you know that you’re going to get encryption, and you know you’re getting validation because all providers give you that.
It is fairly technical to get one, to install it and set it up right. If you don’t know terms like FTP or a who-is listing or your web server operating system, then you might want to pass this off to someone else in your company or get a contracted developer or IT person to help you out with this because you definitely don’t want to configure this wrong. To go a little bit more into exactly how this Google ranking works, if you’re familiar with SEO, stuff like that, this ranking is applied page by page. You need to be using SSL on every page of your site to take full advantage of this. If you’re just using it on the login page or the checkout page, you’re only going to get the boost for that page. In a lot of cases, Google might not even crawl your checkout page, so you definitely want to enable it server-wide.
When you do that, that’s called Always on SSL, also called HTTPS Everywhere. That’s the name Google has for their campaign. You set this up really easy when you’re configuring your SSL certificate. You don’t need to get a special certificate or pay more or anything like that to use it everywhere. It’s just a configuration manner. As soon as you do get that SSL certificate up and Google indexes those new versions of your page, the HTTPS versions, then you get that ranking. If you’re using Google webmaster tools, and you check the index pages, through webmaster tools, you’ll be able to see exactly when that ranking is applied.
If you are a webmaster tools guru, HTTPS is viewed as a separate site for Google, so when you do make this transition, you’ll want to make sure that Google understands that this is your new site, that you’ve moved over so that they can redirect all of your search ranking and all of that relevant data that they’ve already collected to that new version of your site. If you have been in the IT industry for a while, you might have heard in the past that SSL is bad for your site, that it makes it slow, that there’s compatibility issues. That’s totally not true anymore. At this point, the SSL industry works very closely with the browsers. There’s more or less full compatibility.
You don’t have to worry about someone not having support or anything like that. It doesn’t slow your site down. With modern computers and network speeds, the overhead of encrypting and decrypting information is basically negligible even on mobile. You don’t have to worry about that. When Google made their announcement, they gave you some tips on how to make the switch to HTTPS effectively. We’re going to go over a couple of them. The first one is they, in their announcement said use a 2048-bit certificate.
I thought that was actually a bit confusing because when you’re buying a certificate, you don’t have to worry about that. All certificates are going to be now required to use a 2048-bit private key. When you’re buying your certificate, and filling out your order, and getting that issued certificate at the end of the process, you’ll know it’s 2048-bit. You don’t have to worry about that. You don’t have to look for anything special. Any certificate you buy from a well-known certificate authority will meet that requirement.
Another tip Google gave is to avoid absolute links. This is really important for your development team to take a look at because if you’re specifying an HTTP protocol in any of your links in your site that’s going to cause issues if you’ve moved your site over to HTTPS only. You can see in this screenshot, in that first example, that’s a script that would be blocked if you were enforcing HTTPS through your server because when your server tries to load your own script that’s not through HTTPS, it’s going to say no, I can’t do that. I have to use SSL.
You just want to make sure that when you’re working with your development team in your IT department that they’ve checked, they made sure they haven’t hardcoded any of these old links in. Google gives a great suggestion to use relative URLs, both for the protocol and the link location. Google has a bunch of tips and more detail on how you can do it. In this next tip actually, they have this article called Move a Site with URL Changes. This is a huge checklist that goes through every single step that a webmaster can possibly need to make when you’re doing a transition from HTTP to HTTPS.
If you’re making this change for the first time, you definitely want to check this article out. It will go over exactly how to avoid absolute links. It will go over how to set up other things like HSTS, which will help Google. Just make sure they index those HTTPS pages faster. There’s a ton of tips in there. It’s definitely a great resource to check out if you want to make sure you’re doing everything exactly by Google’s recommendations. If you want to see that original announcement Google made where they announced that SSL and HTTPS will now boost your SEO rankings, you can check that out at bit.ly/sslseo. That will bring you right to their announcement and as well as the rest of the tips they gave with how to make that smooth transition.
Joe:    Great Vince. We really appreciate the information, good solid information on SSL there. One question I would like to ask you is: Could you expand on the difference between validating a basic certificate and a more premium certificate, like one of the EV certificates you discussed?
Vince:    Yeah, totally. There’s different levels of certificates. Three’s three validation levels. The basic is called a DV. That stands for domain validated. That means that the only thing that they’re checking when you apply for a certificate is that you do indeed own that website. The sslstore.com really is yours. They do that really simply through an email verification, like you’re signing up for Facebook or a web forum or something like that. At the other end of the scale, the top level of validation is called EV. It stands for extended validation. That’s going to be a full check of your business.
This is only for actual legally registered companies. All of the big companies use it. We use it. Attracta uses it, Twitter, Amazon, Facebook stuff like that. That’s going to get you that full green address bar that we showed you in the picture earlier. When you apply for one of those, the vendor that you’re working with, such as Symantec will check with your registered agency such as … In Florida, it’s the Florida Secretary of State, to see that you actually are that company, and that you’re legally registered, all your paperwork is in order. They help to guide you through this, send you emails let you know what you need to do. We actually have a great guide over our site on how to go through that EV process smoothly.
It is a lot more work than the DV, but it’s also standardized so it’s totally easy to figure out. If you’re a big company or a high-value ecommerce site, you definitely do want to get that green address bar. It’s worth the effort, and there are studies that also show that it definitely does improve customer trust, and that customers recognize that green address bar. It improves conversion rate, reduces bounce times stuff like that. We think it’s a great certificate, and a great feature and great value.
Joe:    Excellent. Great information there. At Attracta, we have partnered with the SSL store. We are offering SSL certificates. We’re trying to be a little bit more full-service, help you get them implemented on your site and stuff like that. There’s plenty of vendors out there if you’re looking for SSL certificates. We appreciate you joining us today. Hopefully, this information has been useful. I’d like to thank Vince Lynch for joining me today. Have a great afternoon.