In one of my recent posts, I wrote about how using HTTPS is, while essential for many sites, one of those things which can cause a couple of problems if it isn’t implemented properly. In the meantime, Google has officially announced that it will be using HTTPS as a ranking signal - offering priority to sites with HTTPs versions.
We already know there’s about 200 ranking factors, but this is one of the few which Google is actually open about. A large chunk of ranking factors we all have to make informed guesses on, which is probably why this HTTPS ranking factor has been dominating SEO blogs and forums for the last couple of days, even though it isn’t that exciting.
One thing I have noticed is that if a HTTPS page isn’t canonicalised in the right fashion, it can outrank the original page anyway – even before this announcement was made. Of course this is a duplicate content issue, but perhaps it was a hint that Google might actively start offering preference to secure pages?
So now what? Canonicalise every page on a site to its HTTPS version to get the edge on ranking?
WordPress SEO wizard Yoast announced he’d be changing his site entirely to HTTPS way back in February. His reasoning back then was to retain all the referr data for Bing. And, rather than deal with the issues which WordPress brings up when you try to maintain both HTTP and HTTPS pages, change the entire site to the secure version.
In a blog post later on in the year, he did touch upon whether the secure version of the site had been a ranking factor or not – but concluded that an SSL does on the whole look much more trustworthy than a non-trustworthy site.
The internet has changed rapidly since then, as it often does. There’s much more of an emphasis on security, and with all sorts of passwords being harvested by hackers, big companies don’t want the litigation of losing that kind of classified data. Remember when it was all kicking off about Heartbleed?
Interestingly, according to Google Trends, the issue of HTTPS was a big thing for webmasters around the time of Heartbleed, as seen below. However, there hasn’t been much of a spike since the ranking factor was introduced.
So sites which aren’t focused entirely on SEO (like news sites) are reporting using words like ‘rewards’, ‘higher search value’ about the ranking potential for HTTPS sites. However, the reality is that Google itself has announced that the impact will be of one of the lower importance ranking factors.
It’s just not neccesary to add encryption to all websites. Sites like this seokitty, which don’t need any kind of login data, don’t really need a secure server. It also costs money for an SSL certificate – upwards of about £230 for the first year of a normal site like this one. A drop in the ocean for a big company, but not really worth it for blogs and small sites. It costs six times as much as the hosting, in my case.
SSL also makes your site a little bit slower, given that information needs to be encryted and then decrypted. So if you have a big site on a small hosting plan and decide to go HTTPS, you’re going to face the risk of lots of crashes.
Will a HTTPS site stop my site from being hacked?
When you get an SSL certificate, it stops information input by your users being intercepted. That doesn’t mean that it stops your site from being hacked.
There are so many ways in which your site could become vulerable, and since SSL only deals with communication links, it doesn’t stop your site being comprimised if there’s some kind of weakness there.
However, as aforementioned, there is a great deal of value in giving customers a sense of security when entering personal details. Any page requesting details which doesn’t have that little padlock in the URL is going to get bounced by any web-savvy user.
The Daily Mail recently reported on the ease of which personal user internet connections can be hacked, just by the use of a cat. Take the sensationaism with a pinch of salt; it is the Daily Mail, after all.
But it does beg the question just how far does internet security go? Is it just down to the website in question, or does it extend right down to the kind of internet connection the user has?