A couple of weeks ago Google announced that they will be rewarding sites which utilize SSL with higher rankings.
Naturally, SSL was made a mandate by marketing teams across the country.
Moving to a secure connection is a good idea for law firm websites, particularly those which ask users to provide potentially sensitive and confidential legal information.
What’s a bad idea is making the switch before taking the time to fully understand the endeavor on which you are embarking. Establishing that understanding is the purpose of this post.
Google tells us that SSL/HTTPs = Good. But what does it really do?
For a more in-depth understanding of SSL, I highly recommend your spend some time with this post from Tim Nash. Here, I’ll attempt to give you the gist of it.
What is SSL?
From Mr. Nash:
At its heart, [SSL] uses a type of cryptography known as Public Key Cryptography which relies on 2 keys: a public and a private key. These keys create a hand shake to then share a symmetrical key for transmitting data. Once a handshake has been made the server and client use the symmetrical key to encode and decode the data.
So how does you browser know about the public key that allows it to receive the second key? Well, it’s in certificates.
Now that we have an idea of how SSL works, let’s have a look at why it’s important:
SSL protects the information that your site’s visitors submit to you via your website.
Law firms rarely actually have clients make financial transactions through their site (and if this were the case, SSL would absolutely be requisite), but they do commonly ask clients and potential clients to provide highly sensitive personal contact and case-related information. SSL makes it far less likely that this information will be “poached” by a hacker.
SSL helps to ensures data integrity
From Google’s Pierre Far:
Only by serving securely can you guarantee that someone is not altering how your content is received by your users. How many times have you accessed a site on an open network or from a hotel and got unexpected ads? This is a very visible manifestation of the issue, but it can be much more subtle.
SSL allows visitors to trust that your content is authentic
More from Pierre:
How can users trust that the site is really the one it says it is? Imagine you’re a content site that gives financial or medical advice. If I operated such a site, I’d really want to tell my readers that the advice they’re reading is genuinely mine and not someone else pretending to be me.
Ok, so now we understand the why of SSL. Now let’s dive into the “should I?” and “how?”.
Should I Move My Site to SSL/HTTPs?
If you are expecting this transition to be a game changer in terms of SEO and your rankings for your primary keywords, you’ll likely be disappointed with the actual results.
The decision to make this transition should be based on the intrinsic value that it provides your website visitors, which includes clients and potential clients.
Again, let’s hear from Tim Nash:
Ignoring the Google announcement, do you do any of the following:
- Collect any personal information, names, addresses, emails, phone numbers, social security etc
- Take payments of any sort (even if the payment itself is taken offsite)
- Login or have an admin area which you do not want others to have access to
- Have information on your site which might cause someone potential danger, for example many countries do not have free speech, or have laws against religious expression etc
If you do any of these things, then you probably should be running your site over SSL as a matter of course.
My advice: law firms should put SSL on the “to-do” list.
Where to Buy Your SSL 2048-bit Key Certificate
You have essentially two options in terms of where to buy your SSL certificate:
- From your web host
- From your domain registrar
We suggest that you purchase the certificate through your domain registrar, because if you choose to switch web hosts in the future, there will be no complicated transition to ensure that your SSL certificate is transferred as well.
Pricing varys greatly for these certificates. There are actually free certificates available from places like StartSSL.com, and on the other end of the spectrum there are those which cost up too $1,000, all depending on how they have been validated.
The price you end up paying will be based on your web host/ domain registrar. In general, be prepared to spend $100/ year or so.
What Does the Process Look Like?
Here is a high level look at the process of making the transition to SSL:
- Buy the SSL certificate from your domain registrar
- Generate a CSR (certificate signing request)
- Once you submit your request you will receive a private key, which will need to be registered with you web host. This private key you will want to keep in a very safe place as the key cannot be retrieved if lost.
- At this point your certificate should be validated, and you can now begin the process of switching to HTTPs, which your domain registrar should provide ample support on.
The major SEO concern with moving to HTTPs is that you’ll be creating two different versions of your website, which means duplicate content. However, this is easily dealt with by simply 301 redirecting the HTTP site to the HTTPs site.
Here are some additional important SEO items to consider:
- HSTS policy. This is the server declaring the HTTPs to redirect all HTTP connections to HTTPs server side. This done so that browsers can determine if the address is secure or not and display them as such. Since this is server side it should be all handled when configuring the SSL with your web host.
- Be sure to register the HTTPs site separately from the HTTP site in Google Webmaster Tools, as it is technically it’s own site.
- Ensure that your server can handle the higher load that SSL causes. Implementing a SSL certificate on a website or domain will create some latency in your page speed. The reason for this latency is that browsers must validate the certificate. This is why many eCommerce websites only use SSL encryption on their check out pages, rather than across the entire site.
- Since moving to an SSL is like moving your current site to a new domain, expect there will be “dancing” in terms of your organic search rankings and traffic.
Making the transition to SSL is a good idea for law firms; I know attorneys who are willing to go as far as to call it an ethical obligation. I recommend that you add this to your webmaster’s “to-do” list. However, do not expect this to be a game-changer in terms of SEO. The real benefits are:
- Your site’s content will be more secure
- The information transferred to you through your site by your clients and potential clients will be more secure
- Your site will not only be more trustworthy, it will appear more trustworthy as well, with the green padlock:
Big thanks to my friend, colleague, and much smarter person than myself, Frank Scharnell, for his help with this post.