Recently, Google made an official announcement that they would be making a change to their ranking algorithm to favor pages with HTTPS encryption over those without it. While they described the change as “lightweight,” initially affecting less than one percent of all search queries, it’s an important change to note because it could signal an intensifying pattern of changes to come.
If your site currently does not feature HTTPS/SSL encryption, or if you aren’t sure what that means, keep reading. It’s a perfect time to learn the benefits of upgrading your site’s security. If your site is already fully encrypted, you can sit back and enjoy the benefits of a significant—if initially lightweight—ranking boost.
You should be familiar with the http:// and https:// prefixes that signal the start of a URL. HTTP stands for “Hyper Text Transfer Protocol,” while HTTPS stands for “Hyper Text Transfer Protocol Secure.” Without getting into too much detail, HTTP and HTTPS are both means of data transference between two locations.
The “S” that distinguishes the two protocols is what is important here. An HTTPS connection uses a digital Secure Sockets Layer (SSL) Certificate to mask, or encrypt the user’s session. Seeing an “S” at the beginning of a URL is an indication to the user that they are on a secure site that is using SSL encryption (Firefox and Chrome also display a lock as an additional symbol of security). This SSL encryption works by hiding the data that is normally transferred between the website host and the Internet browser, preventing any interception of that data from outside sources. As a possibly oversimplified explanation, think of SSL encryption as a curtain that obscures an outsider’s vision while you change your clothes.
So far, only about small percentage of websites are using this encryption. Up until now, it wasn’t vital for every site. Websites that exchange vital information about a user, such as e-commerce platforms and banks, have always used HTTPS encryption as a standard, but less intrusive sites, like simple blogs, have found that level of encryption unnecessary.
Google doesn’t always like revealing the details of its algorithm changes, in an effort to reduce the number of people who might take advantage of the change to favor their personal ranks. But in this case, they’ve been surprisingly open. On August 6, 2014, Google openly disclosed that they were testing and implementing an algorithm feature that uses HTTPS as a ranking signal. As mentioned above, this ranking signal will only affect about one percent of search queries—so other factors, like high-quality content, will still take precedent.
So why is Google making this change? In short, they want to make the Internet a more secure place for the common user. They’re essentially setting a new web standard. By rolling out a change that only affects a small number of queries, Google is giving webmasters time to make the upgrade at their own pace.
Google is a straightforward practitioner of its own philosophy. In recent months, they’ve already taken efforts to spruce up the security of their own products. Anybody using the basic Google search engine, their Gmail account, their Google+ account , or really anything associated with Google, can rest assured knowing their connection is secure. Google has also taken measures to help website owners who have had their sites hacked. Google’s intentions are to make every website follow a similar “HTTPS by default” practice.
This is the tricky part. HTTPS is already extremely important for certain websites—as a general rule, anything dealing with money or personal information should have an SSL Certificate to protect their users. But in most cases, it’s a little more difficult to determine whether HTTPS is a necessity.
One thing is certain: Google knows what they’re talking about. In most cases, we tend to agree with them on whatever new policies they come up with (and even if we don’t, we pretend to for fear of getting penalized). If Google has decided that HTTPS is an important feature for all websites, then it’s true, and that means HTTPS is important for your website. While SSL encryption may not directly influence the majority of your visitors, and may have no bearing on your search rankings for the time being, if Google thinks it’s important for you to have—it’s going to be, sooner or later.
So which is it—sooner or later? One percent is a pretty small number. The chances of getting penalized for not having an SSL Certificate are so low that they’re practically negligible. If you’re the proactive type, or if you’re building a new website and you want to stay ahead of the curve, definitely opt for an SSL Certificate as soon as you can. The same goes if you’re a large-scale operation, if for no other reason than to demonstrate you’re on top of the latest web trends. However, if you run a small- to medium-sized site without an immediate need for protecting user data and you don’t feel like making the upgrade right now, don’t sweat it.
Let’s say you’re ready to make the migration to HTTPS. If you don’t know what you’re doing, don’t worry. You’re not alone.
Fortunately, making the switch is relatively easy. If you don’t know whether or not you have SSL encryption, visit your website. If you see an “https” instead of an “http” in the URL bar, you’re already set for that page. If not, it’s time to make the upgrade.
The easiest way to get an SSL Certificate is to purchase one (usually from your domain registrar). While every site is unique, you can get a feel for your needs with these basic tips:
HTTPS/SSL encryption is not a straightforward issue with an identical solution for everyone. Since the algorithm update is only affecting one percent of search queries, it’s highly likely that your site will be unaffected in the short term. In addition, some sites handle more consumer data than others, creating a gray area for when you need to update.
However, this change is a representation of Google’s resolve to help make the web more secure. And since Google calls the shots in the digital world, it’s a good idea to get on their side as soon as possible. In short, don’t lose sleep over your short-term choice in the matter—no matter what you decide—but do keep Google’s stance on encryption in mind in the months and years to come.