A secure website (https://) isn’t just about being “hacked”. A secure website builds trust with your visitors and helps improve your overall SEO score.
What is Website Security?
For the purposes of the PS365 website audit, when we talk about your website being secure, what we’re really talking about is adding an SSL Certificate to your website. By adding this certificate to your website, you are verifying that you are who you say you are and that you’ve established a secure connection between your web site and the visitors web browser.
When you properly add an SSL Certificate to your website, the web address shows up as https://yourdomain.com instead of http://yourdomain.com.
Why is an SSL Certificate Important?
There are many reasons to have an SSL certificate installed on your website. A properly installed certificate will not only allow you to encrypt sensitive data (e.g., phone numbers, credit card numbers, etc) but they also provide liability protection for your company in case of a data breach (this varies depending on the SSL certificate that you purchase).
As a service-based industry, the two most important reasons for having an SSL certificate installed on your website are:
- Building customer trust in the site: properly installed SSL certificates will show either a green “LOCK” icon or will turn the entire address bar green when you visit a secure page (depending on certificate and browser)
- Boosting your site’s Google ranking: the presence of an SSL certificate makes customers feel more secure, search engines give a page rank advantage to sites running SSL certificates.
How to Fix It
If your site has not passed the PS365 SECURITY test, the solution is easy – install a secure certificate.
There are several types of SSL certificates that you can choose to install.
Option 1: Single Domain Certificate
These certificates can be used on a single website.
Option 2: Multi-Domain Certificates
Multi-domain certificates are used for larger brands that have multiple domains in their control.
Option 3: Wildcard Certificate
Wildcard SSL certificates are used to secure an unlimited number of websites that are subdomains of the domain name listed on the certificate.
For most service-based small businesses – we recommend going with an inexpensive SSL certificate from either GoDaddy or Namecheap.
We personally use the PositiveSSL, Domain Validation Certificate. Last time we renewed the certificate, the cost was less than $10/yr from Namecheap.com.
Other Factors to Consider.
SSL certificates are relatively low-cost. The costs come primarily from the installation of the certificate. This is due to the install needing to be done at the server level, which requires additional processing and a certain level of technical skill.
The overall process for securing a website is:
- urchase the SSL certificate
- Configure the certificate and install on web server
- Change all links on website to use https:// instead of http://
- Create 301 redirects to redirect all http:// pages to https:// (this helps to maintain SEO score)
- Test, test, test! Here is a great link for testing the status of your SSL (https://decoder.link/sslchecker/)
If you have any questions about Website Security please post them in our Facebook Group here so that we can share the answers with the community
If you’d like help in securing your website, our web development partner Black Dog Studios provides secure web hosting starting at $29.95/mo. Click here for more info.