On the 6th of August Google publicly announced the introduction of HTTPS as a ranking signal, providing webmasters with a real incentive to ensure greater security for their users.
Despite Google’s Matt Cutts identifying website encryption as an important trend for 2014, this update still came as a surprise to many within the SEM industry. Not in the least part because Google explicitly referenced something as a ranking signal – a relatively rare occurrence.
Although the announcement of HTTPS as a ranking signal was relatively out of the blue, Google has long expressed a commitment to making the web a safer place for its users. In recent years it has made great strides in encrypting the majority of its own services, including gmail, Google drive and even the search results themselves – leading to the emergence and rise of the dreaded keyword data “not provided”.
What is HTTPS?
In simple terms HTTPS (Hypertext Transfer Protocol Secure) provides a layer of encryption between a user’s device and a website, preventing private data from being accessible to third parties. This distinguishes it from a regular HTTP connection, where data can be read by every server that it flows through.
The benefits of this are twofold:
Authority – The presence of HTTPS can help reassure users that they are accessing the correct website.
Security – Greater user security through the encryption of private data.
What is SSL?
SSL (Secure Sockets Layer) refers to the type of security technology that creates an encrypted link between two machines – typically the web server and a browser. This link safeguards the information and data passed between the web server and browsers ensuring that it remains private.
How does the algorithm work?
In the week following the announcement of HTTPS, a number of questions have already been posed to Google by individuals keen to better understand how this algorithm works. Google’s John Mueller provided some more information in a recent webmaster hangout, revealing several important details:
The algorithm works at a URL level – Rather than viewing a site in its entirety, this update works at a URL level, meaning that websites using SSL checkouts will not see ranking benefits without changing to site wide implementation.
The update runs independently & in real time – Unlike updates like Panda which refreshes on a monthly basis and Penguin which is manually processed, this algorithm runs in real time and completely independently. This will be well received by many businesses who have been waiting almost 10 months for a Penguin refresh and may have feared that they would have to endure lengthy waiting periods to see any benefit from investing in HTTPS.
Should All Websites Go HTTPS?
In its official announcement, Google made the point of describing HTTPS as a “lightweight signal”, emphasising the greater importance of other factors like high quality content. As such webmasters shouldn’t feel that they have to make this change immediately and should weigh up the potential benefits on a site by site basis.
For businesses that deal with financial or other types of confidential data, implementing HTTPS may be more of a priority because of the more direct relationship between user security, trust and website transactions. Others may not prescribe the same worth to its introduction, in which case, considering it in feature website builds may be a more appropriate reaction.
Within the past week the rush to install HTTPS has already caused issues for a number of websites, including theguardian.com which incorrectly configured its security certificate. This resulted in the website displaying a warning message to users which most likely had a negative impact that far outweighed any potential ranking benefits.
(image credit: sempost)
This example serves as a perfect precautionary tale in its own right and re-emphasises the importance of considering all of the possible issues that can arise from large-scale technical changes.
To help websites avoid common mistakes Google has actually provided a list of basic tips, these are:
- Decide the kind of certificate you need: single, multi-domain or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Websites already using HTTPS can also test their implementation with the Qualys Lab tool.
What are the experts tweeting about HTTPS?
— Dave Naylor (@DaveNaylor) August 7, 2014
have already started getting the “update my link to https” email spams. people in a rush to shift & breaking old links #yuck
— aaron wall (@aaronwall) August 12, 2014
Twitter Outranks Me After HTTPS Migration http://t.co/N2lX4jDS7r
— Barry Schwartz (@rustybrick) August 19, 2014
- HTTPS is now a publicly announced ranking factor, although its importance is relatively minor.
- The decision to implement HTTPS should be made on a site by site basis.
- Care should be taken in implementation to prevent any technical issues that might impact on a websites organic visibility and traffic.