Squarespace now secures millions of websites by offering free SSL. Squarespace always applied SSL to checkout pages for increased security, but now your entire site can be a little more secure with the domain-validated (DV) certificates. Are you curious what the new SSL certificates mean for you? What is SSL? Do you need to do anything? Keep reading!
Scroll to the bottom for the most recent SSL/HSTS and Google updates.
What is SSL? Does it matter for SEO?
SSL, or Secure Sockets Layer, and its successor TLS, Transport Layer Security, are technologies that secure the connection between your browser and websites you visit. SSL helps provide reassurance to website visitors with security benefits like privacy, data integrity, and authentication. When a website is secure, the browser displays a lock icon and the URL begins with https://. And according to Google, SSL-secured websites may enjoy a small rankings boost:
"Google uses HTTPS as a positive ranking signal. This signal is one amongst many others, and currently carries less weight than high-quality site content; you should not expect a major SEO advantage for moving to HTTPS in the short term. In the longer term, Google may increase the strength of the HTTPS boost."
Overall, Google is taking active steps to encourage HTTPS connections everywhere for a more secure web:
"In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS."
Who gets SSL on Squarespace?
Every custom domain on Squarespace was automatically issued a certificate, whether it was purchased from Squarespace or another registrar. Going forward, Squarespace says new domains will automatically be issued a certificate within seconds.
Are there any issues with SSL /TLS on Squarespace?
We recommend taking the time to read the Squarespace SSL support article as it discusses potential issues. These can include older browsers not being able to load the HTTPS version of your site and integrated 3rd party content displaying a warning on some sites. And while SSL can slow down page load times, if your site is experiencing slower loading times, start by examining other factors first. For more information on SSL in general and benefits/risks, check out this recent Moz article.
What do you need to do when you make the switch to SSL?
SSL / TLS on Squarespace
Currently, website owners can choose whether they want to use the “secure” (HTTPS) or “insecure” (HTTP) setting for their website, but the Squarespace engineering blog states:
"In the near future, we will be migrating all websites to the Secure setting.”
Squarespace provides instructions on how to enable SSL on your site. Note, the DNS records of your custom domain must be set up properly — this probably isn’t an issue for newer Squarespace sites, but older sites may require DNS updates before implementing SSL.
Other steps to take when implementing SSL / TLS
There are a few other tasks to consider. If you have Google Analytics, update your property settings to reflect the new HTTPS URL. And add the new URL versions (www and non-www) to your Google Search Console (and Bing Webmaster Tools), verify them, submit a sitemap, and request a fetch. Remember to associate Search Console with your updated Analytics property. When making the switch to SSL, remember this information from Google:
"You may experience a temporary fluctuation in site ranking during the move. With any significant change to a site, you may experience ranking fluctuations while Google recrawls and reindexes your site. As a general rule, a medium-sized website can take a few weeks for most pages to move in our index; larger sites can take longer. The speed at which Googlebot and our systems discover and process moved URLs largely depends on the number of URLs and your server speed. Submitting a sitemap can help make the discovery process quicker, and it's fine to move your site in sections."
To speed up the crawling process, share your HTTPS URL in PR or newsworthy campaigns, which can potentially trigger Google to have an extra look at your website.
Your most time-consuming task might be to rewrite hard-coded internal links to point to HTTPS. According to Moz:
“This is superior to pointing to the HTTP version and relying on 301 redirects.”
And along this same line, remember to update valuable external links — start with the ones you control, like social media accounts.
Previously, obtaining and installing SSL certificates was costly and difficult. But Squarespace makes the switch to SSL fairly painless by handling all of the setup details. Thanks to Squarespace your domain will always have a properly configured and up-to-date SSL certificate.
Update: Google's Chrome Update
October 2017: Google’s latest Chrome update (version 62) began flagging websites and webpages that contain a form but don’t have a basic security feature called SSL. ... In Chrome, sites lacking SSL are now marked with the warning “Not Secure” in eye-catching red, right inside the URL bar. Learn more here.
Update: Squarespace offers HSTS
June 2017: When you’re using the Secure SSL setting, you can also enable HSTS Secure for an added layer of security. Enabling HSTS Secure ensures the connection is encrypted and prevents potential attackers from accessing or impersonating your site. ... If you’re using the Secure setting for your site, we recommend keeping HSTS Secure enabled as well. However, you may want to switch to the Insecure setting if your visitors need access over HTTP or your site uses a lot of mixed content.
update: Squarespace SSL/TSL & HTTP/2
January 2017: Squarespace announced that all websites with SSL/TSL enabled will be automatically delivered through the faster HTTP/2 protocol. HTTP/2 is already supported by the most current releases of Chrome, Edge, Internet Explorer, Safari, and Firefox. TLS/SSL needs to be enabled on Squarespace websites to utilize HTTP/2 as there aren’t any browsers that currently support HTTP/2 over an unencrypted connection. Learn more here.
Collaborada arms small businesses with the tools to become great. Learn more.