Google recently announced that they will be starting to use HTTPS as a ranking signal in its search algorithms. Historically Google’s algorithm has taken into account many factors to determine what is shown in its search results, including inbound links, keywords and quality of content, but this is the first time that security has been used as a factor.
What are secure websites?
Secure websites transfer data over HTTPS (Hypertext Transfer Protocol Secure) as opposed to HTTP (Hypertext Transfer Protocol). Data sent over HTTPS is encrypted between the web browser and the web server hosting the website. This means the traffic between the two is more secure as it is not in ‘plain text’ and very difficult to decrypt if intercepted.
Originally, HTTPS was used for areas of websites where additional security was required, for example, when taking payments or doing online banking. More recently, some companies have decided to use HTTPS across their entire sites.
Why are Google doing this?
This is part of Google’s wider program for HTTPS across the web. Google feels that secure sites help make the internet a safer place. Many large sites have already moved towards secure sites. Websites such as Gov.uk, Facebook, Yahoo and Gmail are all run on HTTPS.
How do I make my website secure?
In simple terms, in order to secure your site you require a SSL (Secure Sockets Layer) certificate which contains verification of the ownership of the domain. The certificate incorporates a key, which enables data to be encrypted and transferred securely. The certificate expires annually and has to be renewed. SSL certificates vary in cost but you can expect to pay between £25 and £75 per annum, depending on where you buy your certificate. Certificates are usually bought through web hosting companies reselling on behalf of certificate authorities, the organisations that are responsible for issuing digital certificates recognised by your web browser.
What are the issues with secure websites?
There are a number of potential issues with securing your website using HTTPS. Without proper planning it’s possible to negatively affect your current search rankings or even make your website invisible to search engines! In addition there is the annual cost of the certificate and its installation on the web server. Finally there is the issue of compatibility with your current web hosting. Many web hosting companies offer shared hosting to keep the costs low. But limitations with the setup of shared hosting can mean that it is not possible to add many secure certificates to one server as each certificate requires a unique IP address. Put simply, this could be that you need to move your web hosting before you can secure your website.
So do I need to make my website secure?
Currently Google are only using security as what they call a ‘lightweight’ signal, which is taken into account on less than 1% of all searches. At the moment it carries much less weight than other signals such as quality of content, for instance. However, Google have stated that they will strengthen this signal over time, and that they encourage all website owners to start planning to switch.
We don’t think it is essential to move to a secure site right away as the time and cost involved currently outweighs the benefits. Google also has a nasty habit of changing its mind about things, as was recently demonstrated by Google removing authorship from search results. Meanwhile we will continue to monitor Google’s progress in favouring secure sites. To receive updates from us on this and other subjects sign up to our newsletter (see subscribe box on this page) or follow @Cognique on Twitter.
Need more advice about this or another website matter? Get in touch today.
Leave a comment