Hot off the press yesterday, Google Webmaster Central blog put up this post all about HTTPS now being a legitimate ranking signal. For roughly 99% of all queries, Google says that this won’t affect site rankings, but for the seemingly small 1% it will make a difference.
Doesn’t sound so big, right? But imagine you’re a small business that runs a very basic site, or a big company that have never had HTTPS implemented on site. All of a sudden your site might be viewed as an untrustworthy one by Google, and that will result in your rankings dripping down and down with you left scratching your head.
So why has this happened? The idea behind it is quite simple. If you’re on Google, using Gmail, working in Drive, or for some reason happen to be on Google+, the engine wants you there through a safe connection. If you’re safe and sound then there’s nothing to worry about when using the site, right? But what if you’re searching and end up on a site that isn’t secure in the eyes of Google? It might be legitimately fine and have nothing wrong, but the lack of HTTPS and relevant security certificate could suddenly have a knock on effect for its performance on a SERP.
It is a very easy way for Google to help separate out ‘low quality’ sites much quicker. Sites for instance that don’t have the time or money to invest in making this change and are more than likely spammy (example: type in any new movie+ dvdrip in to Google) won’t be putting up much of a fight. Spam sites are far less likely to have a security certificate anyway.
This makes for great news if you’re running a network of sites that prides itself on providing high quality content through a secure connection, but really bad news if you’re a small local business with a website set up years ago by that family member who ‘knows’ about computers and doesn’t understand the difference. Luckily for them though, Yahoo Answers is HTTPS so they can always still find the most ridiculous answers to their questions on the first page.
If you’re worried about this change ,the first point of action will of course will be to ask yourself if your site actually is HTTPS and has a certificate present. You can do just that on sites like SSL Shopper and Why No Padlock easily enough.
If your site doesn’t you’ll have to go searching out the right certificate for your site, with your main options being ‘single, multi-domain, or wildcard’. This is easy enough if you know how to make sure all content on your site is fetched through HTTPS. If you don’t, seek out help from a webmaster as you’ll be going upstream without a paddle in a river of protocols and access files.
There are a few things you can do now to make sure you site will definitely not be affected by this news. Google has said you should check to make sure the following are in place:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
The overall goal for Googal (a Goalgle?) is to make the internet a safer and more secure place to use, even beyond their borders. If it thinks separating the wheat from the chaff starts with a simple padlock on your site, then maybe it’s time to find a good locksmith.