When Google recently announced that their search engine special sauce now includes “HTTPS as a ranking signal,” anyone interested in search rankings and SEO should have been paying attention.
HTTPS, Hypertext Transfer Protocol Secure, encrypts data traveling between webservers and users’ browsers, making it secure from hackers and others tracking users, particularly in open networks. HTTPS is supported by all major browsers. What’s more, it’s already the default for Google sites – Gmail has been using it since 2011--and though experts recommend the protocol, only about 25% of websites employ it.
Basically, if you care about ranking results, you’ll want your website to connect with users via HTTPS. To help you respond to this important development, we spoke with Paul Hill of the security firm SystemExperts Corporation, and boiled down what you need to know into these pointers:
• Heavy-Weight Rankings, Not Heavy-Duty Work:
HTTPS is fairly straightforward, not too costly, and a good idea anyway which is why Google is pushing it. All reasons to strongly consider it even though Google isn’t yet ranking it as heavily as some other signals.
• Easy to Implement:
All popular web server software can support HTTPS. You will need to install an X.509 certificate and make a few changes to the web server’s configuration.
• X.509 Certificate?
You get one from a Certificate Authority (CA). They all have expiration dates, so you want one that lasts a year or get one that’s good for two years or more to save money. They can range from $30 to $850. A “wildcard” certificate can cover your subdomains. Some certificates require more rigorous validation. Unless your site provides online banking or a similar service, save your money and base your selection on price, reputation and browser compatibility. While there are free certificates out there, using one can actually hurt your rankings and cause user experience problems so we don’t recommend them.
• How to Get a Certificate:
If your website is hosted by a commercial hosting service like Hostgator or Bluehost, you can buy the certificate through them. They can generally set up the certificate in your account for you, saving you time and trouble. If you host your website yourself, then you’ll need to contact a Certificate Authority. The CAs shown here are well-recognized, and the page shows what browsers will recognize the certificate.
• Nearly Unnoticeable Impact on Load Times and Performance:
While encrypting traffic affects page load times and overall performance of your website on people’s browsers, the technology has progressed to the point where it’s virtually unnoticeable. When Google Gmail switched to using HTTPS, the average impact was less than 1% of CPU load, less than 10 KB of memory per connection, and less than 2% of network overhead.
• Compatible with Browsers and Platforms:
The vast majority of browsers and devices in use today are compatible with secure traffic. Any user that would have trouble accessing your site via HTTPS would also have trouble with online banking or shopping.
• If You Need More Information:
If you are technical and ambitious, the National Institute of Technical Standards publishes NIST Special Publication 800-52r1, titled "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations". If you’d like personalized advice in a more “digestible” form, then feel free to contact me at firstname.lastname@example.org.
Hans Riemer is the President of Market Vantage, LLC,
a partner of Nurture Marketing. To learn more about incorporating
use of HTPPS into your SEO strategy, or for general questions about improving search rankings and site visibility, contact him at
978-482-0130 X100, email@example.com
Nurture Marketing: Marketing that Matters