The choice is yours, but yes, we highly recommend that you do purchase what is known as an SSL Certificate (Secure Socket Layer) for your website. Used on the internet as security protocol, you’ll recognise one by its display on the browser as either a padlock icon and/or a green bar.
SSL used to be more commonly associated with protecting sensitive data on transactional sites i.e. shopping sites but is used more widely now and since Google is using HTTPS as a ranking signal, it makes sense for you to consider having one deployed on your site.
So what is an SSL certificate? It’s a form of validation by a trusted authority that says you are who you say you are. A Certificate Authority will do the validation after purchase of the certificate and enables you to give your website visitors peace of mind that their sensitive data is being protected.
Here’s the technical bit: SSL enables the encryption of data sent from a web browser to the web server and without it means that you’re open to anyone obtaining that data as it leaves the browser on its way to the server. It makes it that much harder for anyone to decipher that data since a public key on the browser will encrypt it whilst the server (using a private key) will decode the information. Processing power is kept to a minimum by the creation of a symmetric key between the two on first contact.
There are various forms of certificates with degrees of vetting and we can offer guidance as to the best one for your website – the likelihood is that you will only need a Standard SSL (an Extended Validation is more expensive, more suited to an eCommerce site whilst the process between browser and server is no different). Once deployed on your site, the connection to the website is then made via https://www.domain.com which instructs the server to establish a secure connection. On deployment you can be sure that the traffic is secure.
Google is vocal about strong HTTPS encryption. On its own webmaster central blog page, HTTPS as a ranking signal it boasts that anyone using Search, Gmail or Google Drive has a secure connection to Google automatically. It wants ‘HTTPS everywhere’ so to that end it now considers those sites which have encryption to be ranked higher than those that don’t. The rolling out of this began last August and Google has stated that HTTPS may gain more weight as the search engine giant endeavours to do its bit to keep everyone safe on the web.