HTTPS (Hypertext Transfer Protocol Secure) is a way to make your website secure and protect ‘the integrity and confidentiality of your users’ data’ (Google).
Way back in August 2014, Google announced that changing the security certificate of your website to HTTPS/SSL (also known as ‘HTTP over TLS’, Transport Layer Security) would be used as a ranking signal, albeit a weak one. At the time Google predicted that switching from HTTP to HTTPS would positively impact on less than 1% of global queries.
In fact in a Google webmaster hangout, Google’s John Mueller said that HTTPS is far from a ‘magic bullet’ that would cause an visible change or noticeable SEO benefits, although making your site more secure does make sense in the long-term for user peace of mind.
Although HTTPS is only a very minor ranking signal that won’t make a huge difference to your overall rankings, it’s fair to say that Google will continue to look at ways to improve and prioritise website security. The search engine wants to make sure that the websites people access via Google are secure and what they say they are.
Many webmasters and SEO experts have argued that it is a step too far for every website to use HTTPS because informative websites, for example, are not capturing sensitive information. To date, HTTPS/SSL has been more relevant for ecommerce and banking websites.
When presenting the ‘HTTPS Everywhere’ campaign, Pierre Far from the Google Webmaster team and Ilya Grigorik from the Google Developer team explained why Google believes that every website should be secure.
Their position is that a single search may not reveal much about a person but, cumulatively, the websites we visit, the searches we make, the articles we read and even the music we listen to online can all reveal a great deal about our personalities, our likes and dislikes, our location, belongings, holidays and much more. Google says that its priority is secure searching and protecting the privacy of web users against malicious attacks.
In the HTTPS Everywhere presentation (which is worth a watch if you have a spare 45 minutes), Far and Grigorik explained that switching to an HTTPS certificate helps with:
- Authentication – Is the website visitor on the site they think they’re on?
- Data integrity – Is the data safe when transferred?
- Encryption – Could someone be eavesdropping on the website visitor?
HTTPS stops malicious attackers from impersonating the destination site, tampering with data or listening in.
You can read a full guide on how to secure your website with HTTPS here. Different 2048-bit TLS certificates are available for commercial and non-commercial websites, as well as single host certificates and multi-domain certificates.
The following two articles also provide helpful walkthroughs for moving your website to HTTPS:
In December 2014, the issue of secure browsing came to the forefront of SEO conversations again when Google developers working on the search engine’s Chrome browser proposed warning people their data is at risk every time they visit a website that does not use the HTTPS system (you can read the proposal here). If implemented in 2015 as planned, web users will see a message that the connection they’re about to make to a website ‘provides no data security’ or they may simply see a red cross through the padlock symbol at the start of the web address.
At this point in time only 33% of websites use HTTPS, but if Google does flag up HTTP websites to encourage people to consider whether they are happy to click through to a site that’s not secure, we will probably see a swing towards HTTPS across the board.
This may initially cause confusion for website users who may not understand the difference between HTTP and HTTPS and worry that there is something wrong with a website they have previously used without hesitation. People tend to assume that websites and emails are private but creating an indicator that this isn’t the case will help to challenge that assumption.
Webmasters will face the initial challenge of moving a website over to HTTPS but supporters of Google’s HTTPS Everywhere campaign feel this will be a good thing for the Internet and Internet users in the long-term. Other commentators argue that this is a case of the tail wagging the dog and are urging people not to rush into switching to HTTPS if it doesn’t make sense for your business.
We will certainly be watching this issue with interest and will no doubt cover this topic in the future if and when the changes to Google Chrome are rolled out to all users.
Are you concerned about your website’s security?
Are you thinking about moving your site to HTTPS for website security reasons? Or have you already moved your site? Are you concerned about this being yet another SEO factor? Please let me know in the comments below – I’d love to hear your thoughts.
If you found this post helpful, we’d love it if you could share it – thank you