• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

https secure connections

Jump to latest Follow Reply
Ben_Adler12

Ben_Adler12

Hanging Paper
Feb 28, 2017
66
23
First Name
Ben
#1
Last edited:
#2
@BenAdler

While all ranking factors are important, this is a tiny percentage factor also "For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high quality content" on the other hand we continue to have several issues on the systems integrations between non secure tools/content in the site.

The industry will move sooner or later to the new standard, but don't do it before its ready on a wider scheme just because Google said its a ranking factor. How your lot attendant washes the cars this week has more impact on your sales than this.
 
#3
@BenAdler

I'm all for HTTPS but right now it's a very tiny ranking factor. Basically if two sites are identical in every single other way possible (which rarely happens) Google would break the ranking tie if one of the sites had https and the other didn't. Here's a good article on it:
http://searchengineland.com/googles...-ties-between-two-equal-search-results-230691

It can also actually cause SEO issues if not done properly (biggest mistake: not 301 redirecting the non https domain to https). So it's not something that should be done by just anyone. Here's a good checklist on migrating from http to https:
http://searchengineland.com/http-https-seos-guide-securing-website-246940

What's a much bigger deal than the minute SEO boost though is Google's plan to eventually label all HTTP sites with a red warning icon in the Chrome URL bar. There's no timeline on when exactly it will happen but Google has indicated that is the plan. I'm going to bet over 75% of dealer websites will not be migrated over to https when this happens due to the slowness of certain OEM website providers and will cause another huge panic with dealers like "mobilegeddon" did back in April 2015.

https.png
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
 
#4
Now that we have Let's Encrypt (https://letsencrypt.org/) you'll see alot more SSL stuff happening much easier I predict.
There's no longer certificate costs, painful installations, etc. There's simple configurations and installations.

There are still some sloppy limitations that require DevOps people to do their job right - by default 1 SSL certificate per IP address is a limitation that causes issues for "out of the box" setups. We've been playing with adding SSL certificates to all sites by default and we ran into some of the issues yago spoke of (insecure iframes, chat codes, etc). Modern browsers will throw warnings if the page is secure but elements on the page (iframes and chat) are not secure for some reason. The warning looks far worse than not having SSL at all.
 
#5
There is one potential benefit of buying a "name brand" ssl certificate over a free / off-brand one - increase in conversion rate.

Users would most likely trust a site with a Norton Secured badge much more than one with a Let's Encrypt badge even though there may be no technical security advantage.

We're paying $1,500 a year for a Symantec Norton SSL certificate, I'm hoping it will lead to a large enough increase in conversions to justify the cost. We'll find out soon enough :)

ssl.JPG
 
#7
reverson said:
We're paying $1,500 a year for a Symantec Norton SSL certificate, I'm hoping it will lead to a large enough increase in conversions to justify the cost. We'll find out soon enough :)
Click to expand...

That's a hefty price tag based on the assumption that consumers/clients know the difference.
I don't think it's common knowledge at this time and I would be hard pressed to believe it makes a significant difference.
That said, I've got no data to back it up, I just know that anytime we use an SSL certificate no one has ever questioned the source, strength, provider, etc. They're becoming the norm though, just a matter of time.

As for using Symantec, if anything they're now one of the least favoured :(
https://arstechnica.com/security/20...e-woodshed-for-mis-issuing-30000-https-certs/
Google is saying Chrome is going to mark their certs as distrusted.
 
#8
craigh said:
That's a hefty price tag based on the assumption that consumers/clients know the difference.
I don't think it's common knowledge at this time and I would be hard pressed to believe it makes a significant difference.
That said, I've got no data to back it up, I just know that anytime we use an SSL certificate no one has ever questioned the source, strength, provider, etc. They're becoming the norm though, just a matter of time.

As for using Symantec, if anything they're now one of the least favoured :(
https://arstechnica.com/security/20...e-woodshed-for-mis-issuing-30000-https-certs/
Google is saying Chrome is going to mark their certs as distrusted.
Click to expand...
Yeah if you're not going to promote the well recognized Norton brand name / logo on your website like we are than I would say it's definitely not worth the added cost. That would be the case especially for just a single point local dealer but this is for a large nationwide chain with 1 single website so we have economy of scale and a lot more visitors so a slight increase in conversion rate can result in big dividends.

That article is crazy though! Symantec is still promoting the benefits of buying their EV certificate, wonder if they will remove that now.
 
#10
HTTPS is free. Every dealership website should be on HTTPS. It's very easy for your provider to update you to HTTPS. If customers are sending private information through your website, you should be using HTTPS - no exceptions, regardless of SEO or conversion benefits.
 
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu