HTTPS as a Ranking Signal
So chances are that you’ve heard Google has confirmed HTTPS as a ranking signal, and you want to know what that means and where does that leave your business?
“For now it is only a very lightweight signal – affecting fewer than 1 percent of global queries, and carrying less weight than other signals such as high-quality content – while they give webmasters time to switch to HTTPS. But over time, Google may decide to strengthen it, because they would like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the Web.”
– Google spokesperson
Basically, Google want to reward the websites that care about the security of its users. They just want to make the internet a safer place to hang out and buy stuff. They have stated that, for now, it will only be used as a lightweight signal – but have added that this may only be a grace period whilst webmasters make the switch to HTTPS.
Google’s HTTPS algorithm is a completely separate live/real-time algorithm on its own; nothing to do with Pandas or Penguins. The algorithm is not side-wide and works on a URL by URL basis. So to completely satisfy Google’s algorithmic preference toward HTTPS websites, it would have to be applied to all URLs within the website. Otherwise only the HTTPS pages will receive the (minor) ranking boost.
What is HTTPS?
HTTPS, also known as HTTP Secure, is a secure communications protocol. It is used to ensure users’ privacy/security while visiting a website. HTTP stands for HyperText Transfer Protocol. To make the communications secure over the network, you can layer it on top of the SSL (Secure Socket Layer) and essentially that’s what HTTPS is.
Do I need an SSL certificate?
Technically you don’t need an SSL certificate to have a secure website, but the SSL certificate will validate the “identity” of the website.
HTTPS Pros and Cons:
Pros:
Allows users to trust your website, and boost your brand’s image as a trustworthy source.
▬
As more and more websites obediently make the switch over to HTTPS to make Google happy, that in itself will undoubtedly create a snowball effect with even more websites going the same way – just because everyone else is, and internet users will start to recognise that “good websites” prefix their URL with HTTPS. So even if you don’t notice any increase in traffic after having moved to HTTPS, it’s quite possible that you may enjoy an increase in conversions instead.
▬
If you have an eCommerce website, you should absolutely offer your users a secure way to complete transactions. In fact, some internet users will refuse to buy anything from an online merchant that doesn’t encrypt their transactional data. Before, websites using third party payment systems such as PayPal could get away with not having an SSL certificate so long as their customers didn’t have to actually enter any credit card information on the site itself, but now many users will look out for the SSL certificate regardless, as the padlock icon in the address bar has become a symbol of trust.
▬
Securing your website using HTTPS protects against man-in-the-middle attacks and other forms of unauthorised eavesdropping and tampering.
▬
Online businesses that handle cardholder information can use this website security as a way to comply with the PCI DSS (Payment Card Industry Data Security Standard).
▬
Cons:
SSL certificates cost money; they have to be renewed and maintained. Though some businesses may regard it as a low cost and SSL certificate price ranges tend to vary, the cost may be quite high for a non-profit website.
▬
Each SSL certificate requires its own private IP address, so depending on your website’s existing hosting and whether it’s shared or not, you may need to upgrade to a dedicated IP address.
▬
With the pressure to switch over to HTTPs, to those with little to no experience in server configuration the process may be a little complex and they may face Search Engine Optimisation issues. Without incorrect canonicalisation of URLs there will exist two versions of the website, the HTTP version and the HTTPS version, which is a big no-no in SEO and will cause duplicate content issues. All HTTP URLs will also have to be 301’d (permanently redirected) to the HTTPS URLs, so that all links across the internet will still pass authority to the website, and that users who click on the link on those other websites will still be directed to the HTTPS version of the website. It also means that people visiting the website directly via the address bar (e.g. typing into the address bar website.com instead of https://www.website.com) will be redirected to the appropriate URL. Any absolute links you have used within your website (http://website.com/page.html instead of /page.html) will also need to be edited to the HTTPS URL if you are not using URLs relative to the root path in the server config file. Though the links will still redirect to the HTTPS version, if you set the redirects up properly, it will certainly slow down the website.
▬
SSL can slow down a website due to it having to “do more”. If you opt for site-wide SSL, as Google would prefer, encrypting and decrypting every little bit of onsite information (not just sensitive data, but the web page text, images, code, everything) for your visitors requires a little bit of extra server processing power. Not only is a slow website bad for user experience, but Google do not take too kindly to slow websites because it serves a bad user experience. This may affect your search rankings.
▬
The Future of HTTPS for SEO
I don’t believe at this stage that it’s an absolute necessity for all websites to go over to HTTPS if the website doesn’t require it. However, in future, if your website doesn’t use HTTPS and Google identifies your website as an online store or a website that may contain sensitive user information, then I can imagine that this could certainly affect your website’s quality in the eyes of Google – and it may in future even have a serious effect on your rankings. But, of course, that’s all just speculation.
Google are pushing The Electronic Frontier Foundation’s HTTP Everywhere movement. HTTPS Everywhere is a free browser extension to automatically make websites use HTTPS where possible. The movement has inspired Google to prioritise security across all websites to protect user data and have even stated themselves recently: “We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!”
▬ ▬ ▬ ▬ ▬ ▬ ▬ ▬ ▬
Is your business’ website on shared hosting? Want to make the switch to HTTPS?
On Silkstream Hosting, we can help you get set up with your SSL certificate!
Contact us to discuss your website hosting!
Great blog Ria, we always look for SSL certificates with different prices. But before choosing one, check company’s reputation, price and ensure to other features for a good deal.