SSL Law Firm Websites: LawLytics Official Position On Security Certificates

by Sep 13, 2017

Author:  Dan Jaffe, Attorney and LawLytics CEO
Read Time:
 10 minutes
Relevant For: All lawyers with websites
Urgency Level: High
Key Points: Google will release a Chrome browser update in October 2017 that will make upgrading to a secure (SSL) website imperative for all law firms. If you’re a LawLytics Member, we have you covered. Simply let us know you’re ready for us to upgrade your site by calling us at 800-713-0161 or submitting a support ticket.


When we founded LawLytics in 2011, we set out to create a service that would give attorneys everything they needed to start, grow and build a dominating law firm website without wasting time and money. We wanted to empower attorneys to use our service to add predictable revenue to their businesses without proportionally scaling up their marketing overhead. To do this we knew we needed to build a system that would combine the economics of a stable cloud infrastructure at scale with a level of service that ensured that none of our members would ever get left behind. And we wanted to position our membership so that, when new features become essential to successful online marketing, we would be able add them and benefit all of our members without charging additional for each new feature.

We knew our system and service would need to adapt at the speed at which the internet evolves. That’s really fast. We knew that, for LawLytics to become the dominant law firm website system, we would have to add strategic features as dictated by market forces, of which Google is the most powerful. So we built a system that allows us to continuously innovate and add features and improvements across all of our members’ websites without charging them a penny more.

Our promise to keep our members’ websites up to date:

We stand behind our promise that our members’ law firm website technology will never be out of date. And we take our responsibility seriously to determine product and service directions that will objectively benefit the attorneys who trust us to stay on the cutting edge of marketing technology so that they can focus on practicing law.

There are many red herrings in online legal marketing. Some legal marketing companies aggressively sell things that don’t impact lawyers’ businesses. While we can’t know their thoughts, we suspect that they do it to create a sense of urgency to sell things. Their actions muddy the waters for their clients about what works and what doesn’t. This, unfortunately, condemns their clients to continue to spend more money because they never know what works and what does.

When we started LawLytics, Derek and I made a deliberate choice to never do that. We made the decision that LawLytics would stand in contrast to that which, unfortunately, seemed to be the legal marketing industry’s status quo. We believe in our core value of only selling things that work and that add measurable value. That core value had served us, and our members, well. There are actually two components to that core value. The first is what we sell, and the second is when we sell it. As the internet evolves, some things that once added value no longer will. And, things that didn’t previously add value become valuable.

For example, there is a graveyard of things that, many years ago, provided SEO value to law firms. Some of those things are now harmless but ineffective, and some of them are actually counterproductive. See our guide to law firm search engine optimization for a detailed primer. Other things, such as SSL, did not add value for attorneys in the past, but will in the very near future. Or, rather, the absence of SSL will take value away as early as October of 2017.

Several times each year we roll out new features or major performance updates, and every month we roll out incremental improvements that enhance the performance of all of our members’ websites. That means that every member that joined us in the past now has a better product than they did when they first joined. It also means that the law firms that join LawLytics today will benefit not only from our past innovation, but will instantly benefit from all future improvements as well.

Because we are continuously innovating on a system that hundreds of law firms depend on for their daily business, and that is responsible for producing hundreds of millions of dollars each year for our members, we need to be highly disciplined in our selection and prioritization of features. We know that, as the nucleus of their marketing infrastructure, LawLytics is our members’ business life-blood. We take that responsibility seriously.

Therefore, we prioritize the creation and deployment of features that move the needle in the right direction in terms of our member law firms’ revenue. We do the same when we consider features and adjustments that prevent the needle from moving in the wrong direction on our members.

The October 2017 Google Chrome Update:

All this is to preface the main point of this article, which is to discuss, in detail, the October 2017 Google Chrome security update that we have been quietly preparing for. Google has announced their next move, and we are ready. I want to take a moment to explain why now (as opposed to a year ago, or a in year from today) is the time for us to act, and to explain why we chose to focus on other LawLytics improvements in the past. In a nutshell, this is the best window of opportunity for lawyers to upgrade their sites to SSL, and it would be irresponsible not to deploy features that position our members to benefit significantly from Google’s move.

The Initial SSL Announcement Was Misused As A “SEO” Scare Tactic:

A couple of years ago Google announced that having having a security certificate on a website (often referred to as having “SSL” or as having a “HTTPS” website as opposed to a “HTTP” website) would become a minor search engine ranking factor. It would be an insignificant, but specifically mentioned, factor among hundreds of factors ranging from major to minor.

Upon this announcement, many SEO companies immediately started to scare attorneys into paying them for websites with security certificates. The evidence at that time clearly showed that sites without security certificates but that followed a healthy content plan and adhered to Google’s Webmaster Guidelines fared much better with the search engines than sites that merely had security certificates but ignored (or abandoned) the content fundamentals. The evidence showed, and still shows, that security certificates alone did not move the needle in terms of raking, traffic, new client intake, revenue and any other meaningful metric.

Why We Focused On Other Things Instead, And Didn’t Jump On The SSL Bandwagon At That Time:

During that time, our engineering team did not become distracted and stayed focused on things of more immediate importance to our members’ success. We made vast improvements in the stability and responsiveness of our platform, improved site load speed for our members, and forged strong partnerships along with native integrations with companies including Clio and Lexicata. Had we jumped on the security certificate bandwagon back then it would only have been to prevent members who were being tricked by other vendors from leaving us, or for us to capture more business with a feature that, at the time, wouldn’t have added any value for our existing or new members. In other words, focusing on SSL implementation before now could only have benefit us, but would not have moved the needle for our loyal member law firms.

That’s not to say we were unaware of the future importance of providing secure websites to all of our members. We saw the writing on the wall that one day having a security certificate would change from being a meaningless party trick to being a business imperative. We knew that we would be ready when that day arrived, but we wanted to do it right. To us, doing it right meant:

  • Making security certificates (SSL) available to all LawLytics members who wanted them;
  • Eliminating the need for our members to purchase, and continually renew their own security certificates through a 3rd party vendor;
  • Making implementation of SSL an included service that our members would have as an additional benefit of their monthly LawLytics membership fee. In other words, having a secure website would not require an additional expense;
  • Making the process of upgrading to SSL as painless as possible for our member attorneys;
  • Having a solid plan in place so that our member websites, some of which have extremely good positioning with the search engines, don’t suffer long-term effects from switching.

In a nutshell, switching to SSL is something that needs to be done with care, and with a holistic vision of the overall health of the website.

We have taken great care to ensure that the above objectives are well planned, and will be standard features of LawLytics when it matters.

Why Google’s Announcement Matters Now:

On August 17, 2017, Google announced that it’s going to matter very soon. If you monitor your firm’s Google Search Console (not a necessity if you’re a LawLytics member), you likely got one of these messages (and if your vendor is monitoring it for you, they undoubtedly received one):

This announcement means that Google is taking the bold and decisive step of turning SSL websites from a blip on a distant radar to an impending imperative. I would compare the move to when Apple declared that its mobile devices would not support Adobe Flash. At the time Flash was the dominant way of delivering videos and motion graphics on the web. It’s a historical fact that iPhones and iPads hastened the demise of Flash. And the web is arguably a better place because of it.

Why Google Is Doing It Now:

Google’s declaration is a condemnation of non-secure websites that, we believe, is analogous to and on par with Steve Jobs’ condemnation of Flash.

Let’s start with why they are doing it, and then talk about what it is and what it means for law firms.

Google’s business depends on its ability to show advertising to search users, and on search users clicking on ads. But users don’t go to Google to consume ads. They go to Google because Google has, for years, consistently delivered the most relevant and highest quality organic (unpaid) results, leading its users to trusted sites that answer the questions they pose. Without relevant and safe results that users can depend on in the organic search engine results, users would lack any incentive to keep using Google. And, if a user of Google suffers harm from a site that he/she found on Google, that user is less likely to trust Google’s results in the future.

Why SSL Matters To Google:

From Google’s perspective, a security certificate does more than merely encrypting information (which can also add a false sense of privacy). It adds trust. And that trust, though intangible, is highly valuable. This is because it’s easier for individuals and companies to have websites without a security certificate than with one.  Having a security certificate increases the probability, but does not guarantee, that the website is legitimate and will not cause Google’s users harm (in the form of stolen or intercepted information, malware, scams, etc.).

So Google’s business interests are better protected with widespread adoption of SSL than without it. But even Google can not succeed on its own. Its financial ecosystem is as dependent on the collective cooperation of individual website owners as individual website owners are dependent on Google. And the collective of individual website owners needs a good reason to go through the pain (and potentially expense) of implementing and maintaining SSL.

Why Google Needs To Do This Carefully:

Google, despite its perceived omnipotence, is not in a position to suddenly demote websites that rank well by virtue of their great content and great user experience simply because they lack a security certificate. If it did that, sites that happened to have security certificates but that contained weaker and less useful information would climb the search rankings to take the place of the informative but insecure sites. That’s likely why Google has kept SSL as a minor ranking factor.

To increase the importance or weight of SSL as a ranking factor that does, at some future time, demote good content on unsecured sites, Google needs to be confident that a critical mass of high-quality websites have implemented SSL. That critical mass would be reached at such time that the overall quality of the search engine results would not perceptively decline in the mind of Google’s user base, and therefore lead to a loss, by Google, of search market share.

Why Google Is Doing It Through Chrome Rather Than By Ranking Factor:

Consequently, the current status of SSL as a minor ranking factor has not provided a sufficient lever to cause a critical mass of website owners to make the switch to SSL. This is because, as a minor ranking factor, lacking SSL has not negatively affected sites that have provided great content and otherwise followed Google’s Webmaster Guidelines. Assuming that Google wants all websites to be secure, it has two main leverage points it could use to get there:

  1. Google could increase the weight that SSL plays in determining rank, but as discussed above, this bold move would cause a decline in the overall relevance of search results (at least temporarily). Trust is an easy thing to lose, and I don’t believe that Google would risk it given how easy it is to switch search engine preferences.
  2. Google could “backdoor” widespread adoption through another very strong point of leverage, the dominant Google Chrome web browser. This is what they are doing. It’s the smarter business choice.

The Dominance Of Google Chrome Browser:

Google Chrome is the dominant web browser. Google has won not only the search wars, but the browser wars as well. Here are the facts:

Google Chrome’s Desktop Dominance:

  • As of July 2017, Chrome enjoyed a 59.57% market share across all desktop operating systems.
  • The next two widely used browsers were Internet Explorer at 16.5% and Firefox at 12.32%. No other browser has more than 6% market share in desktop.

Google Chrome’s Mobile and Tablet Dominance:

  • As of June 2017, Chome enjoyed a 55.55% market share in the mobile and tablet category.
  • Safari for iPhone had a 33.17% market share during the same month.

This is why Google’s option #2, to backdoor widespread adoption through Chrome is not only feasible, it’s brilliant. And Google gave plenty of notice of its plans, so no website provider should be caught unaware and unable to respond.

Google Chrome automatically updates on most computers. Google Chrome users may not realize that they often wake up to a newer and improved version of the software. This is good for users because it keeps them up to date and safe, and it’s good for Google because it can better control uniformity in versioning in its installed user base.

Google’s announcement means that, on some yet-to-be-known date in October 2017, when Version 62 of Google Chrome gets installed, its users will start to see warnings against submitting forms from sites that lack security certificates.

Why Attorneys Need SSL In 2017 (The Answer Is Not SEO…Yet):

If you’re an attorney reading this, you might be wondering why that would matter for your law firm. There are several important reasons that will have a real impact on business, as opposed to the flimsy ranking factor hype that was largely manufactured by salespeople to scare attorneys in the past. Reasons include:

  • First Impressions: Your website is often your potential clients’ first impression of you and your law firm. If they are warned, by a familiar piece of software that they are used to using (Google Chrome) that your website is a security risk, your potential clients may assume that your law firm is not focused on security and confidentiality. When a potential client visits your website for the first time, you have precious seconds to make a good first impression before they hit the back button on their browser. This “I don’t know if I trust them” first impression is not something that any law firm can afford to project.
  • Form Deterrence: It’s a fact that more potential clients will pick up the phone and call your office when they are looking at your website than will fill out an inquiry form. However, forms play an important role by enabling potential clients who are unable to place a call to reach out to you anyways. Forms also enable you to do round-the-clock client intake without providing round-the-clock staffing. Depending on your practice area, your clients may already be hesitant about sending private information over the internet.

The above two reasons alone are reason enough for us to recommend that all LawLytics members take us up on the offer to upgrade them to SSL for free (see details below). Attorneys who don’t upgrade their websites to SSL before the Chrome release this coming October are likely to experience the following:

  • A decrease in time users spend on the site.
  • An increase in bounce rate (users who leave your website immediately).
  • A decrease in form submissions and overall leads, although potentially with a slight increase in call volume (from those who won’t feel comfortable filling out your forms, but who still want to contact your law firm).

The above two reasons don’t take into account the longer term effects of Google’s move. As a result of the Chrome 62 release, we fully expect that that all competent law firm website vendors will be upgrading all of their customers’ websites to SSL. This means that tens of thousands of law firm websites that attorneys are not managing themselves should be converted to SSL very soon. We would expect to see the same in other niche verticals as well. We have already received reports that even bargain self-service website builders are reaching out to their customers to try to sell them SSL as an add-on.

Why Google’s Move Will Eventually Enable It To Increase SSL’s Importance On Rankings:

The net effect of all of this migration is that Google will eventually have their critical mass of quality websites that employ good content strategies, don’t do SEO tricks, and adhere to Google’s Webmaster Guidelines. When this critical mass is reached, Google will then have the option to add weight to SSL as a ranking factor to encourage the stragglers who have not yet upgraded to SSL to do so. If you don’t upgrade to SSL before this happens, that’s when the real problems will begin.

Let’s say you, or your webmaster, are okay with maintaining a site without a security certificate after Chrome 62. If you are okay with risking making a bad first impression and deterring people from filling out forms on your law firm’s website, maybe this update has no immediate downside. But the moment Google decides that it needs to force stragglers to convert to SSL and cranks up SSL’s weight in their ranking algorithm, your site could sink in the search engine results. For most attorneys, especially those who have invested their time or money in creating a well-ranked website, this would represent an immediate downgrade in your law firm’s long-term earning potential.

Why SSL Is The New Table Stakes For Attorney Websites:

I can’t imagine that, at this point, any competent website company would advise any attorney not to upgrade to SSL. I would imagine that all of the big companies will be offering similar no-cost, or low-cost, upgrade options to their customers.

However, it’s important to make sure that, when you’re upgrading to SSL it gets done right. This is true regardless of whether you’re a DIY attorney or you’re paying a marketing agency thousands of dollars a month to host your law firm’s website. At a minimum, the following will need to be verified:

  1. That all elements of the website, on all pages, are secure. This includes any images and videos. Failing to do this can result in a warning that some elements of the page are insecure, which can deter visitors.
  2. That all add-ins are also secure. You’ll want to check that any codes that are embedded in your law firm’s website (from Avvo badges, to Birdeye, to live chat scripts, to analytics tracking scripts, to social media embeds, calculator scripts and many other things) are secure. If they are not, your visitors may also get warnings.
  3. That all non-secure pages are set to redirect to secure pages in a way that the search engines will know to re-index your site using SSL pages as the default.

What Do Law Firms Need To Do?

For attorneys not on LawLytics. If you are a DIY person using free open-source software like WordPress for your law firm’s website and plan on installing your own SSL certificate, it’s important to be aware of the various kinds and levels of security certificates. Most law firms will not require expensive certificates. However, be aware that some of the free security certificates expire frequently and may need to be renewed. If you’re doing your website yourself, make sure you know when your certificate expires. If your webmaster or agency is doing it for you, make sure that you clarify whether they are responsible for renewing your certificate, or whether that responsibility is yours. If it’s yours, mark it on your calendar so you don’t forget.

For LawLytics customers. As a LawLytics member, you will not have to worry about implementing or maintaining your security certificates. We will be doing that for you. We will handle the responsibility of keeping your firms SSL certificate up to date. We’ll also take care of all of the logistics, including routing traffic to SSL only, for you. To get started, we will need you to do one easy thing:

  1. Let us know that you want to upgrade to SSL.

As a LawLytics member, we want to make this as easy as possible for you, and make the transition seamless. If you’re a new LawLytics member and your site is not yet launched, or if you’re a current member in the process of adding additional sites, we will start launching all of our new sites with SSL from day one within the coming weeks. If you want to launch your site before then, that’s okay. We can launch it and add SSL after the fact.

Can LawLytics Help If I’m On Another System?

If you’re not a LawLytics member and have a live website with another platform or vendor, we can help you get SSL implemented rapidly if your vendor is unable do it for you. To accomplish this we would need to:

  1. Do a demo and then start your LawLytics account;
  2. Import your site into the LawLytics system while it’s still live with your current vendor so there’s no downtime;
  3. Launch your site with SSL.

If you’d like to discuss the details schedule a demo to get the ball rolling.

SSL Transition FAQs

What is SSL?
SSL is an encryption protocol that provides secure transmission of information between a browser and a website.
Why should I enable SSL now?

Starting October 2017, Google will begin displaying security warnings on certain pages of your site. Specifically, pages with forms will have a red triangle, as seen below.

Image courtesy of Googleblog.

While the appearance of the new label will have no impact on your website’s functionality, its presence could turn some visitors off, hurting conversions.

Do I have to use SSL?
SSL is optional on our platform, but we highly recommend it.
How do I enable SSL?
Just let us know. We will perform an initial scan of your site to catch potential issues, then we will enable SSL and check for problems. Once the migration is complete, we’ll reach out to you and offer a few suggestions for next steps.
Do I need to buy a security certificate?
No. Not if you’re a LawLytics member. We have you covered.
Do I need to change anything at the registrar level?
No. Not if you’re a LawLytics member. We have you covered.
Are there downsides to enabling SSL?

If your site is currently non-SSL, it may take some time for the search engines to reindex your website to reflect the new pages. During this process, it is possible that rankings may shift upwards or downwards.In our experience, websites that enable SSL notice no permanent adverse effects. However, since we do not control the search engines, we cannot guarantee what the effect will be in any individual case.

What if I’m using Google Search Console?
If you are using Google Search Console, we recommend that you log in and update your site so that the HTTPS version is primary. We also recommend resubmitting the SSL version of your sitemap.
What if I’m doing paid Ads?

If you are doing paid ad such as Google Adwords, Bing Ads, or remarketing through a service like AdRoll, we recommend that you update your ads to point to the new HTTPS version of the target web page after SSL is enabled.If you have a 3rd party vendor managing your ads for you, let them know that your site is now SSL and they should make the switch for you.

What about my social media presence?
We recommend that you update your company social media accounts to point to the HTTPS version of your website. However, doing this is not required nor urgent because your old HTTP pages will be automatically rerouted to the new secure version, so you won’t lose any social media referral traffic.
What about my badges?

If you have badges on your website that utilize code supplied by a vendor (for example, Avvo or BBB badges), the code will have links to resources. It is important that the vendor supply you with secure versions of these codes.Once SSL is enabled on your site, you can check whether any action is needed by visiting one of your pages with the badge. If the browser warns that there are non-secure elements on the page, it’s likely the badge. Request a secure badge from the vendor. Once you receive the badge, our support team can help you replace the old version.

What about chat scripts?
Most chat vendors provide secure scripts already. If they don’t, browsers will warn users that there are non-secure elements on the page. If that happens, request a secure version from your chat vendor and let us know. We’ll help you get it implemented securely.
What about adding new scripts after SSL implementation?
Once your site is served over HTTPS, it’s important to avoid adding scripts and resources that use items that are not served over SSL. If you see a warning on a page of your website that there are insecure elements, let our support team know and we’ll help you secure the page.
What happens to my inbound links when I switch to SSL?
If pages that you don’t control link to your old non-secure pages our system will automatically redirect them to the new version. The redirect is search engine friendly, and will tell the search engines that the secure version is the new “permanent home” for that page.
Should I try to update inbound links from 3rd party sites?
It’s not necessary to do this, and in most cases is not worth the effort.
Do I need to update internal links on my site?

The LawLytics application automatically replaces all the most important links in your site — for example, in your site’s navigation bar — with the new HTTPS versionWe recommend leaving any other internal links within your content alone.

Google used to recommend updating internal links within your site, but that’s no longer necessary. According to Google’s John Muellerno PageRank is lost for 301 redirects from HTTP to HTTPS. In other words, there is zero benefit to updating every last internal link because users are automatically redirected to the correct version of the page.

What if I have previously submitted a disavow file?
If you have previously disavowed links to HTTP, we recommend resubmitting the list of disavowed pages or domains to Google Search Console for the HTTPS version of your site.

LawLytics Newsletter

Get insights, webinar invites and exclusive legal marketing news in your inbox.