HTTPS: How to Increase Search Engines’ and People’s Trust

Jun 20, 2017 by Anna Koneva, Ecwid Team
HTTPS: How to Increase Search Engines’ and People’s Trust
Posted Jun 20, 2017 by Anna Koneva, Ecwid Team

When customers buy something from your store, they share their private data — name, email, credit card details — with you. As a merchant, you want to keep this vulnerable data secure from hackers, scammers, and data thieves. That is crucial for building trust with your audience.

You can and should protect your customer data and increase the trust in your business with HTTPS protocol and an SSL certificate. Not only can those tools improve security and increase your trustworthiness, they can also help your store rank better in search engines.

If you sell online with Ecwid, you’ll be pleased to know that your customer data is already protected. Yet, using an SSL certificate can have a few additional benefits.

In this post, we’ll show you how the HTTPS protocol and SSL certificates work, and how you can get them for your website.

Understanding SSL Certificates and the HTTPS Protocol

On the internet, all data is transferred from device to device according to certain rules or protocols.

For websites, this protocol is called HyperText Transfer Protocol (HTTP). It transfers the data that your customers enter on your website to the server that hosts your website, and then it helps to send the response to the browser. For example, the user presses a button and a new page opens, or they fill in the email registration form and see the confirmation of a successful registration.

The problem with HTTP is that it doesn’t protect any data that’s transferred from browsers to servers. Any data going through HTTP is essentially “naked”.

A good analogy is to think of two students passing notes across a classroom. Any of their classmates can read, copy, or even replace the note. It’s the same with your customer data: a villain can steal credit card details and money from it.

That’s why a new protocol was created for protecting data: HTTPS (HyperText Transfer Protocol Secure). With HTTPS, all data transfers between a user and a web server are encrypted. This encryption is so complex that it is nearly impossible to hack and use the data.

In order to use the HTTPS protocol, your site first needs an SSL (Secure Socket Layer) certificate.

An SSL certificate is essentially a key for encrypting data. It protects data on three levels:

  1. Data encryption. Hackers won’t be able to see what information a user entered on the site or to track user actions on a page. Think of it as a note written with a cipher — it can only be read by someone who knows the key.
  2. Data integrity. Hackers can’t replace or distort the transmitted data. Further, without knowing the key, it is impossible to write, edit, or manipulate the data, just like in a ciphered note situation.
  3. Authentication. SSL ensures that a user is on a trusted site and not on a hacker’s page. If just two participants know the key, they are sure to know from whom they received the note. A stranger cannot pass their own note and get the information by cheating.

You can see if a site is protected by an SSL certificate via the HTTPS protocol in the URL address. Most browsers indicate it visually in the form of a lock icon:

HTTPS lock icon

SSL certificates are distributed by special organizations — certification centers.

Who Should Use SSL (and Why)

SSL is required for sites where users were entering sensitive information — such as credit card details. E-commerce stores that do not want to lose their customers have been using the HTTPS protocol for a while already.

But often, online stores only protect registration and checkout pages with SSL, because those are the only places where their customers share personal data. The rest of the website often works on the insecure HTTP.

Today, HTTPS is a must for every web page. There’s a number of reasons for it.

Browsers flag unprotected sites

Chrome and Firefox, two of the most popular browsers in the world, visually mark sites that don’t use SSL.

Insecure Http

For now, only a gray information icon is visible. But in the future, browsers plan to change the security indicator to a red triangle for pages on HTTP. Your customers are used to seeing this as a “warning” indicator.

Consequently, not using SSL can make people afraid of buying from your website.

Using SSL improves rankings

Back in 2014, Google announced that it would consider using SSL as a ranking signal. This meant that sites using SSL would get a boost in search engine traffic.

Payment service requirements

A growing number of payment services have HTTPS as a requirement for working with them. For example, Apple Pay works only with HTTPS.

It increases trust

“Concerns over payment security” is one of the top 10 reasons for shopping cart abandonment. When you add an SSL certificate to your store, you visually communicate to users that their payment data are safe.

Secure sign on HTTPS websites

More trust, of course, equals more sales.

If you want your customers to easily find your store in search engines and trust you more easily, don’t put off switching to HTTPS.

How to Get an SSL Certificate and Switch to HTTPS

To switch to HTTPS, you first need to buy and install an SSL certificate on the website. This process can be either simple or more complex for some stores, depending on the kind of site you have.

1. You’re using an Ecwid Starter Site

Anyone who has registered with Ecwid gets a website with a built-in online store. This site is completely free for all users.

You might know this as the Ecwid Starter Site.

If you use this site, then you already have an SSL certificate by default. An online store on an Ecwid Starter Site conforms to the international standards for secure data transmission.

Try it right now — head over to your Starter Site and look closely at the address bar in the browser. You will see a green lock icon with the message “Secure” next to the URL. Rest assured that your online store is secure.

Secure sign

Do you want to link your Starter Site to your custom domain (so that it redirects to mysite.com and not mysite.ecwid.com)?

You get a free SSL certificate for this action as well. Just follow these steps:

  1. Login to your Ecwid store, then go to Settings → Starter Site and click on the “Change Address” button.
  2. Click on the “Use your domain” field and follow the instructions that appear on-screen.

Starter Site Settings

2. You’ve added Ecwid on your own website

You can set up an Ecwid store on any site and be cool with customer data security. For example, this can be a WordPress blog, an Adobe Muse website, or your own static HTML page.

In case you’ve taken this route, you don’t need to worry about the safety of your customers’ data at all. Since the data is transferred via our highly protected servers, all the data is kept and processed on Ecwid’s own SSL-protected servers.

If you added Ecwid to your own website that doesn’t have an SSL certificate, your customers will not see the secure “lock” icon anywhere except during checkout, which they might find frustrating.

Here are a few ways you can buy and use SSL certificates for different website builders:

Wix: You can use an SSL certificate for free with Wix. You’ll have to first enable this certificate by going into the settings, then following the instructions.

Weebly: you can automatically add an SSL certificate to your Weebly site.

Joomla, WordPress, Drupal: you’ll need to buy an SSL certificate from your domain registrar or a hosting provider and install it on your website using the instructions (you’ll probably need a developer):

Self-built websites: buy an SSL certificate from your hosting provider/domain and install it yourselves or with the help of your IT guy.

Follow the instructions below to learn about the different types of SSL certificates and where to buy them.

Types of SSL certificates

Essentially, there are 3 types of certificates. They differ in speed of issuance and the extent of the seller’s inspections.

1. Certificates With Domain Validation (DV)

The simplest option. Once you buy a DV SSL certificate, you’ll get a link to verify the domain ownership on your listed email address.

DV is issued almost instantly. It is also the cheapest option, with some sellers even offering it for free.

2. Certificates With Organization Validation (OV)

To get an OV SSL certificate, you need to confirm the existence of your corporation or LLC, by giving the certificate-issuing authority the necessary documents.

An OV SSL certificate can take 1-3 days to get. This certificate always needs to be paid for.

3. Certificate With Extended Validation (EV)

An EV certificate can be recognized by the name of the company on a green background near the website address. You might have seen them on financial websites:

PayPal SSL Certificate

Before an EV SSL can be issued, the certifying authority carries out a thorough check. It can take 3-10 days, and even more, to get an EV certificate.

This certificate is best suited for banks and payment systems.

DV, OV, EV – regardless of what kind of SSL certificate you choose, understand that they all protect your data the same way. This is why you can use the cheapest option — a basic SSL with domain verification — without worrying about your security. You’ll need to renew your SSL certificate regularly — if the certificate is not renewed next year, not only do you lose your protection, but the site might not even open for most users.

An SSL certificate will cost around $50/year. Some providers sell more expensive variants, but you should avoid overspending. The basic data security offered remains the same, regardless of whether you buy a $50 or a $150 SSL.

Although some providers offer free SSL certificates, they are severely “watered down” variants without any benefits. You should not buy the first one you see.

SSL certificates are issued by “trust centers”. Some of the more popular trust centers are:

  • Comodo
  • Symantec
  • Digicert
  • Geotrust

You can buy certificates issued by these centers from domain registrars, hosting websites, and SSL resellers. In addition, there are also free certificates.

Below, we’ll help you understand the options better.

1. Buy an SSL certificate from domain registrar or hosting service

Most domain registrars and hosting services sell SSL certificates as well. In some cases, the registrar might even issue a free certificate as a gift or purchase.

Buying from a domain registrar or a hosting service works great since it makes it easy to switch from HTTP to HTTPS.

Here are some popular options:

If your domain registrar or web host also offers SSL certificates, we recommend buying one from them, even if it is slightly more expensive. This will save you hours when it comes time to install the certificate and switch to HTTPS.

2. Get a free SSL certificate

If your web host/registrar does not sell SSL certificates or if your budget is limited, you can opt for a free certificate. Free certificates come in only one flavor — Domain Validation (DV). That is enough to protect the data.

We recommend the following services:

Cloudflare

Cloudflare offers free SSL certificates with up to 15 years of subscription. Apart from data protection, it has other benefits like basic protection from DDoS attacks and the automatic speeding up of your website.

There are disadvantages as well:

  • It works only in new browsers. If your customers use older browsers (older than Internet Explorer 11, Firefox 2, Opera 8, Google Chrome v5.0.342.0, Safari 2.1, Mobile Safari for iOS 4.0, Android 3.0 (Honeycomb), Windows Phone 7), they won’t see “https” on your website.
  • One general certificate protects several sites at the same time. Though, it will protect your website just like an individual one.
  • Cloudflare will ask you to use their own server data and your website traffic will be going through the Cloudflare servers, which may cause a decrease in loading speed (though not necessarily).

These drawbacks are not critical, and in general, Cloudflare is optimal for those who are not ready to spend money on an SSL certificate but want to start protecting their customer data. If you choose between remaining on HTTP or getting an SSL certificate from Cloudflare, we recommend you to choose the second option.

To get an SSL certificate from Cloudflare, sign up and follow the instructions.

Let’s Encrypt

This is a free service without Cloudflare’s cons, but it has its own limitations.

Let’s Encrypt offers certificates for three months only, so you’ll have to set up automatic renewal, which will require access to your website’s server settings (available on VPS hostings like Amazon AWS, Linode, Digital Ocean). That means you’ll likely need a system administrator.

There are two options for getting an SSL certificate from Let’s Encrypt:

  1. Manually on letsencrypt.org via the “Manual mode” section
  2. Semi-automatically or automatically (depending on your online store’s server software) via Certbot.

3. Buy an SSL certificate from a reseller

If you don’t want to spend time on adjusting a Let’s Encrypt certificate and don’t feel like using Cloudflare, you can buy an SSL certificate from one of the resellers:

Choose any reseller you like, and remember that there’s not much sense in buying the most expensive option since they will all protect your website just fine.

How to Not Lose Traffic When You Switch to HTTPS

When you switch from HTTP to HTTPS, the site address changes for search robots (from http://yoursite.com → https://yoursite.com). This can negatively affect your rankings in search engines.

Read Google’s recommendations for maintaining your ranking, and even making it better. We strongly recommend you read them to avoid losing customers if you install an SSL certificate on your own. You can also ask the support team of your site builder if these conditions were met with their HTTP → HTTPS migration.

***

Let’s sum up our recommendations:

  • If you use Ecwid Starter Site, you’re fine: the entire website is on HTTPS.
  • For Wix and Weebly websites, enable your SSL certificate in settings.
  • If you sell on your own website, check with your domain/hosting provider if you have an SSL certificate. If no, request for it.
  • If your domain/hosting provider doesn’t sell SSL certificates, get a free one on  Cloudflare or buy it from a reseller.

If you have any questions about the safety of your Ecwid store, feel free to ask them in the comments to this article.

About The Author
Anna is a content creator at Ecwid. She loves big cities, pasta and Woody Allen's films.

Stay up to date!

Get free e-commerce tips, news and inspiring ideas delivered directly to your inbox

Also read