No Website SSL Equals Search Ranking Decline and Decreased Client Confidence

No-ssl_LI No Website SSL Equals Search Ranking Decline and Decreased Client Confidence

Photo: Headway

If your firm has a website that doesn’t have a secure socket layer (SSL) certificate associated with the domain name, come July your site could face Google’s wrath.

“What wrath?” You might ask.

According to Search Engine Land, “Effective July 2018, Google’s Chrome browser will mark non-HTTPS sites as ‘not secure’.”

Post July 1

What will show up when someone visits your site using Chrome and it doesn’t have an SSL certificate? No matter if a visitor found your site using Google’s search engine, once he/she lands on your domain in Chrome, a broken lock and an exclamation mark will appear next to your URL. A “Site Insecure” notice may also appear.

But, we don’t sell products or goods.

You might think, what does it matter? My firm doesn’t sell products or goods.

It matters because if you have any kind of form on your site, such as a Contact Us or Join Our Mailing list, the site is collecting information from visitors. Without the domain-level SSL, your site is more prone to information theft and is considered less secure than those with an SSL in place.

Nobody visits our site from Chrome.

What if you’ve reviewed your website analytics and notice no traffic or only a small portion of the site’s visitors use Chrome to access it? Or, what if you believe (but are generalizing) that people in the industries your firm serves only use the Internet Explorer, or other browsers?

Are you willing to take the chance of creating a potentially bad or harmful experience for those who do visit using Chrome? Even those who use your site to access a document portal will be impacted by this change.


What you need to take into consideration are these few things:

  1. Every website experience related to your URL is tracked and impacts your search ranking—even if you’re not using Google Analytics. If users have a bad experience, say visiting using Chrome and see the warning and immediately leave your site (e.g., high bounce rate), your search ranking will be downgraded. Additionally, with a downgraded site ranking, if you’re doing online ads, e.g., CPC or PPC, your cost per click will increase due to the downgrade.
  2. Sites listed in Chrome searches without an HTTPS protocol will not show up at the beginning of the search results, even if you have in the past.
  3. Sites not using an SSL, leave the site open to malicious activity, as well as decreased visitor site security.
  4. If you plan to take credit card payments through the site, for example webinar registrations, conference registrations, or donations to a charity you favor, an SSL certificate is a must.

How do you get an SSL certificate applied to your domain, and what type should you get?

Contact your domain host, which could be different than your website host, and speak with them about the SSL certificate options available. Once purchased, you may have to approve or validate the SSL for it to be applied to your website. In some cases, you can get a one-year or multi-year service plan.

There are three, main SSL certificate types.

  • Domain-Validated SSL. This low-assurance certificate may be free. It is often the most-standard certificate issued. Validation is automated and ensures the domain name is registered, plus that an administrator has approved the request. A DNS record is added to the site by a webmaster. This version is most-commonly used on intranets or internal systems only and takes less than sixty minutes to implement.
  • Organization-Validated SSL. This high-assurance certificate requires more information from an agent to verify the account, domain ownership, and organizational information. This level is recommended for businesses and companies. It can take anywhere from a few hours to a few days to implement and is dependent upon how your domain and website hosting are connected. For example, if your website hosting is with one company and the domain hosting is with another, those two companies may need to get involved to complete the process.
  • EV Certificate. The extended-validation certificate requires more rigorous validation. Domain ownership and documentation that the business is a legal entity are required. The other certificate levels do not represent that your website is operated by a legal, verified business. This certificate also takes between a few days to a couple weeks to implement. It is also recommended for ecommerce businesses.

Once an SSL certificate is activated, the website browser bar will display a green padlock next to the domain URL.


Time is on your side if you start the process now. Knowing that implementation could take a few days up to a couple weeks, contacting your domain host before the end of June would be your best action.

How much is it worth for your firm to avoid a search ranking decline, or to have clients leave because your site isn’t secure?

Additional Resources


Disclaimer: This post originally appeared in the CPA Client Bulletin Resource Guide, © 2018 Association of International Certified Professional Accountants. Reprinted by permission.