SSL feels normal nowadays, I remember when it was initially launched as a ranking factor – everyone scrambling to get their website SSL certification. The old issues used to be getting the SSL certificate onto the website, looking at non-SSL links and assets and updating them accordingly, now I see a lot of errors with the code, either breaking SSL or handling it incorrectly.
Having broken or ineffective encryption on your site can cause some big issues, not just from a ranking perspective but it can also hurt PCI compliance – if you are an online trading website. SSL vulnerabilities can open up issues around hacking too; that can create blind spots whereby data transferring is not encrypted and can be intercepted and nobody wants that. There are robust procedures in place to identify common denominators when it comes to fraud and you don’t want to be at the receiving end of a PCI forensic investigation.
A good starting point is to carry out a site-wide crawl, tools such as SiteBulb and SEMRush provide specific SSL auditing facilities. I see a few trip points here being subdomains set up many years ago, old web pages still internally linking to http:// and non-SSL content not redirecting to https:// – which can cause some issues. You can also rely on Googlebot to see if there are any issues too, this can be seen via Search Console > Settings > Crawl stats.
For the most part, a lot of the fixes revolve around creating a universal redirection from http to https – this is a fallback option. I’ve often created this within the .htaccess file which will globally apply it to the site. I would then advise reducing the number of links on the site to non-http, assessing both on-site code and external links. You can also utilise a CDN such as Cloudflare which will divert all your traffic through to SSL too – providing a layer of protection.
Typically once you set up a SSL certificate on your site and ensure all pages are being served through it; it’s just a case of renewing it each year. You also need to pay attention to how you are linking too; ensuring all links start with HTTPS. As part of SEO hygiene I’d always recommend running robust auditing software on a site once per month or bi-weekly, which will often raise any issues around SSL.
Additional comments around SSL and it’s impact on SEO.
- Typically I don’t see any variation between shared SSL and private ones unless the site is getting a lot of traffic then perhaps reinvesting a private one may help with the professional identity of the company.
- Cloudflare and other CDNs are often an easy way to get free SSL as part of their package, it can also help with installing it as a lot of it is done automatically.
- There are some fantastic plugins which can manage SSL on your behalf; I use Really Simple SSL on this WordPress site and it hasn’t missed a beat to date.
- Domain-level issues tend to revolve not only around SSL certificates but you can also run into some issues with DNS settings and errors – work keeping note in the event you are going through troubleshooting.