Google made an official announcement that they would be making a change to their ranking algorithm to favor pages with HTTPS encryption over those without it. While they described the change as “lightweight,” initially affecting less than one percent of all search queries, it’s an important change to note because it could signal an intensifying pattern of changes to come.
If your site currently does not feature HTTPS/SSL encryption, or if you aren’t sure what that means, keep reading. It’s a perfect time to learn the benefits of upgrading your site’s security. If your site is already fully encrypted, you can sit back and enjoy the benefits of a significant—if initially lightweight—ranking boost.
You should be familiar with the https:// and https:// prefixes that signal the start of a URL. HTTP stands for “Hyper Text Transfer Protocol,” while HTTPS stands for “Hyper Text Transfer Protocol Secure.” Without getting into too much detail, HTTP and HTTPS are both means of data transference between two locations.
The “S” that distinguishes the two protocols is what is important here. An HTTPS connection uses a digital Secure Sockets Layer (SSL) Certificate to mask, or encrypt the user’s session. Seeing an “S” at the beginning of a URL is an indication to the user that they are on a secure site that is using SSL encryption (Firefox and Chrome also display a lock as an additional symbol of security). This SSL encryption works by hiding the data that is normally transferred between the website host and the Internet browser, preventing any interception of that data from outside sources. As a possibly oversimplified explanation, think of SSL encryption as a curtain that obscures an outsider’s vision while you change your clothes.
So far, only about small percentage of websites are using this encryption. Up until now, it wasn’t vital for every site. Websites that exchange vital information about a user, such as e-commerce platforms and banks, have always used HTTPS encryption as a standard, but less intrusive sites, like simple blogs, have found that level of encryption unnecessary.
HTTPS, a marker of SSL encryption on a webpage, is getting more attention due to a recent announcement by Google that indicates a greater search engine preference toward HTTPS sites. SSL encryption is extremely important for certain sites on the web, and if you haven’t already considered enabling it on your site, it’s time to assess your situation. If you aren’t sure whether your site needs HTTPS, or which pages of your site actually require SSL encryption, this article will point you in the right direction.
HTTPS is distinct from HTTP because of the way data is transferred between a user’s Internet browser and a website’s host. The “S” indicates the presence of an SSL certificate, which is a purchasable add-on that encrypts information that is exchanged between different sources. It is extremely important for user privacy on the Internet, because without encryption, foreign users can view what data is being transmitted and steal it for their own purposes.
In short, HTTPS and the SSL certificates that accompany it, exist in order to protect online users’ privacy by scrambling and masking their data. Sites that handle sensitive information, such as credit card numbers and other personal data, need SSL encryption to make their users feel safe and prevent the risk of a data breach.
HTTPS may be rising in importance, if you read into Google’s announcement that HTTPS is now a ranking signal in their search algorithms. For now, the impact on SEO is relatively minimal—according to the official statement, the change is only going to affect one percent of all search queries. But Google likes to roll things out slowly, and when they make a decision about a new web standard, they tend to stick with that decision.
SSL encryption won’t give you a rank boost right away, at least not a significant one, but Google will likely increase the favoritism it gives to sites with SSL encryption in the coming months and years in an effort to improve user privacy and overall user experience online. Eventually, it’s reasonable to suspect that every site will need SSL encryption to meet Google’s standard, but for now, it’s a secondary priority unless your site already needs SSL encryption.
Google doesn’t always like revealing the details of its algorithm changes, in an effort to reduce the number of people who might take advantage of the change to favor their personal ranks. But in this case, they’ve been surprisingly open. On August 6, 2014, Google openly disclosed that they were testing and implementing an algorithm feature that uses HTTPS as a ranking signal. As mentioned above, this ranking signal will only affect about one percent of search queries—so other factors, like high-quality content, will still take precedent.
So why is Google making this change? In short, they want to make the Internet a more secure place for the common user. They’re essentially setting a new web standard. By rolling out a change that only affects a small number of queries, Google is giving webmasters time to make the upgrade at their own pace.
Google is a straightforward practitioner of its own philosophy. In recent months, they’ve already taken efforts to spruce up the security of their own products. Anybody using the basic Google search engine, their Gmail account, their Google+ account , or really anything associated with Google, can rest assured knowing their connection is secure. Google has also taken measures to help website owners who have had their sites hacked. Google’s intentions are to make every website follow a similar “HTTPS by default” practice.
This is the tricky part. HTTPS is already extremely important for certain websites—as a general rule, anything dealing with money or personal information should have an SSL Certificate to protect their users. But in most cases, it’s a little more difficult to determine whether HTTPS is a necessity.
One thing is certain: Google knows what they’re talking about. In most cases, we tend to agree with them on whatever new policies they come up with (and even if we don’t, we pretend to for fear of getting penalized). If Google has decided that HTTPS is an important feature for all websites, then it’s true, and that means HTTPS is important for your website. While SSL encryption may not directly influence the majority of your visitors, and may have no bearing on your search rankings for the time being, if Google thinks it’s important for you to have—it’s going to be, sooner or later.
So which is it—sooner or later? One percent is a pretty small number. The chances of getting penalized for not having an SSL Certificate are so low that they’re practically negligible. If you’re the proactive type, or if you’re building a new website and you want to stay ahead of the curve, definitely opt for an SSL Certificate as soon as you can. The same goes if you’re a large-scale operation, if for no other reason than to demonstrate you’re on top of the latest web trends. However, if you run a small- to medium-sized site without an immediate need for protecting user data and you don’t feel like making the upgrade right now, don’t sweat it.
Instead, it’s more worthwhile to focus on the more important elements of search engine optimization: high-quality, regularly posted content, natural backlinking, and social media marketing.
When you purchase an SSL certificate, it’s going to apply to one whole domain. For example, if you operate a site called superduperwebsite.com, your SSL certificate will protect all pages within that domain, such as superduperwebsite.com/blog, superduperwebsite.com/about-us or your ordinary superduperwebsite.com. As such, you won’t need to worry about picking and choosing which pages within your domain the SSL certificate will cover. However, if you operate with subdomains, you’ll either need multiple SSL certificates or one wildcard certificate that can cover multiple domains.
Now, let’s take a look at which types of pages actually require SSL encryption. For now, let’s ignore the new SEO benefits of SSL encryption and focus solely on which web pages require encryption strictly for user protection. If any one page of your site requires SSL encryption for user protection, you should purchase a certificate for the entire domain.
Pages That Collect Personal Information
Any page or popup on your website that collects personal information of any kind requires SSL encryption to protect your users. For example, if part of your website requires a user to input their name, address, and credit card information, you’ll want to encrypt that communication. Almost any type of e-commerce platform will require HTTPS encryption throughout the site for the safety of your users, but the requirement also extends to pages that collect private information for other purposes. If you store this data for future use, it’s imperative that you protect that information on your servers in addition to having HTTPS protection—but that’s a different article.
Pages That Require a Login
If any pages within your site require a login from your users, it’s a good idea to get SSL encryption. Even if you run an online forum that doesn’t require the collection of any personal information other than a username and a password to log in, SSL encryption will protect that information from being intercepted. If a user goes against standard practices and uses the same username and password across the web, they could be vulnerable to identity theft from something as innocuous as an unprotected forum login page.
Pages That Lead to a Third Party Payment Process
If your e-commerce platform doesn’t take any personal information from your users, but instead directs them to a third party payment checkout, such as with PayPal, you don’t necessarily need an SSL certificate, since users’ personal and payment information will be protected by the third party to which you are connecting. However, if you do accept any information before or after making that third party connection, you’ll need an HTTPS upgrade.
Pages Under a Subdomain
As I mentioned above, if you have multiple subdomains within your website, you’ll either need separate SSL certificates or one “wildcard” SSL certificate to serve as a master between your subdomains. If, for instance, you have an e-commerce platform, such as store.superduperwebsite.com that collects personal information and a blog extension at the original superduperwebsite.com that does not collect any such information, it is possible to get an SSL certificate that only covers the e-commerce subdomain. However, for a consistent user experience, you might as well get a certificate that will cover all your subdomains.
Before you get too excited and purchase an SSL certificate for your entire website, take a step back and evaluate your priorities. Are you purchasing an SSL certificate because your site captures some kind of personal information? Good. Are you purchasing an SSL certificate because you think it’s going to give you a huge SEO boost? You might want to reevaluate your decision. If you’re going to invest money in your SEO campaign, you’re going to see far better results with well-written content and organic link building than you would by upgrading your website to feature SSL encryption.
In time, Google’s standard will grow stricter, and you may find upgrading to HTTPS to be a worthwhile investment even if your users never provide any information on your site. For now, the question of SSL comes down to how badly your users need protected and how proactive you want to be.
Let’s say you’re ready to make the migration to HTTPS. If you don’t know what you’re doing, don’t worry. You’re not alone.
Fortunately, making the switch is relatively easy. If you don’t know whether or not you have SSL encryption, visit your website. If you see an “https” instead of an “http” in the URL bar, you’re already set for that page. If not, it’s time to make the upgrade.
The easiest way to get an SSL Certificate is to purchase one (usually from your domain registrar). While every site is unique, you can get a feel for your needs with these basic tips:
HTTPS/SSL encryption is not a straightforward issue with an identical solution for everyone. Since the algorithm update is only affecting one percent of search queries, it’s highly likely that your site will be unaffected in the short term. In addition, some sites handle more consumer data than others, creating a gray area for when you need to update.
However, this change is a representation of Google’s resolve to help make the web more secure. And since Google calls the shots in the digital world, it’s a good idea to get on their side as soon as possible. In short, don’t lose sleep over your short-term choice in the matter—no matter what you decide—but do keep Google’s stance on encryption in mind in the months and years to come.