Really?? So a secure Web site will rank better in Google than an unsecured site? But I thought we only needed to have a secure site if we were doing online transactions involving credit card info, or if we were requesting certain kinds of info from viewers.
It’s true; Google announced recently that they will start considering whether or not a site is protected with SSL as a ranking signal. They are considering this a very lightweight ranking factor now. It will increase gradually over the coming months and years. They have explained their thinking here and here, among other places.
Why is Google Doing This?
Google has indicated that security is a very big deal to them. They point to being concerned about the security of their own systems, and also to helping ensure the security of sites they return to searchers. That’s where your Web site comes in. It’s important to realize that in the future, not having an SSL secured Web site will adversely affect your search engine rankings within Google. It’s even more important to realize that not having an SSL secured Web site may cause your viewers to see warnings about their privacy possibly being compromised if they view your site. See the example below. Needless to say, this could have a devastating on your site traffic!
When Should You Implement SSL For Your Site?
Since this is a policy decision made by Google, there really is no way to know when it will become a “big” issue with site ranking. Many of the experts we follow feel that the right time frame for this to move from a very new factor that now carries little ranking weight to one that carries very important ranking weight is probably about two years. This does not mean that you should wait for two years or even one year to implement SSL on your site, however! Like other recommendations from Google, all of us that administrate Web sites should start planning for this right now, with the thought of implementing as soon as practicable.
The best time to implement SSL for an entire Web site is when you are:
- Launching a brand new Web site at a brand new domain
- Making a major change to the URL structure on your existing Web site, like a site redesign
- Changing domain names
If your Web site requires any of these actions then you absolutely should be including a change to an SSL secured site along with it. If your Web site does require these changes, then you should probably wait on making the change to SSL for now. However, in that case you should begin planning for making the change to SSL sometime in the next year or so. It should be combined with other large scale changes to your site if possible, because the kinds and scope work required.
So How Do We SSL Secure Our Web Site?
The process of converting your site to an SSL site involves several steps. We will give you the 30,000 foot view here.
First, your Webmaster needs to purchase an SSL certificate for the exact domain that you want secured. He or the Web host then installs the certificate on the Web server, and the browser then is able to verify the identity of the certificate (and therefore the Web site) when connecting. The SSL certificate encrypts the connection between the Web server and a viewer’s Web browser.
SSL certificates come in a variety of types, ranging in price from free to quite expensive. Free certs are issued by the server itself and are “self signed”, meaning there is no way for a viewer to verify the identity of the server, and therefore the Web site. SSL certs with even a very modest cost are issued by a certification authority; the entity from whom the cert is purchased. You are paying for that entity to verify that your domain name is real, that it is registered to you, and therefore can be trusted. Very inexpensive certs, however, are not fully compatible with all browsers. This means that even though you are real and your Web site is trustworthy, your viewers’ browsers may still complain that your site may be untrustworthy. This is totally unsatisfactory in terms of creating trust between you and your viewer.
More expensive “DV” (domain validated) SSL certs also verify your domain name and Web site are who you say they are, but they are also compatible with virtually all browsers, so the chances of your viewers getting trustworthiness warning messages while attempting to view your secure pages are very much reduced.
Another class of SSL certificate is the “OV” (organization validated) cert. When purchasing this cert, the issuer will verify the identity and ownership of the organization owning the domain name, as well as the domain name itself. These certs are more expensive because of this additional validation.
Our opinion, and the opinion of most other experts on this subject is that a DV (domain validated) SSL certificate is perfectly sufficient for the purposes of being seen to Google as a secure site.
Secondly, if your Web site is being converted to a secure site (https://…) from an insecure site (http://…) then you will need to permanently redirect your insecure pages to their secure counterparts. This is normally done by specifying “301 redirects” for each of those pages. More complicated situations may require variations of this. This is something your Webmaster will do for you. It is a process that requires care in order that errors are avoided. There is potential for creating errors that will cause the search engines to stop crawling your site, or to create massive “duplicate content” issues.
Thirdly,your Google & Bing Webmaster Tools accounts, and your Google Analytics accounts need to be reconfigured to refect the changes to HTTPS of your Web pages.
Fourthly, your Web developers will have to pay even closer attention to page download speeds. HTTPS (secure Web browsing) is inherently a bit slower than HTTP (unsecure). That makes download speeds another issue to pay very close attention to, because that also affects Google page ranking.
And there is more, but these are the main points.
We will have more detailed articles on secured Web sites in near future, so please stay tuned.
If you would like our assistance in navigating this new issue of concern for your Web site, please contact us. We have been providing SSL certificates for many of our clients for many years. This is a subject to know very well.