For the real low-down on how SSL now affects your search engine rankings, we went to the pros to find out more. This post is from the experts over at DigiCert.
On August 6, Google announced that they are now giving ranking boosts to sites secured with SSL. This initiative, called HTTPS everywhere or “Always-On” SSL/HTTPS, has been pushed as a security best practice for years by standards bodies. Many large companies have already implemented it, including Microsoft, Google, Facebook, and Twitter.
Google believes that enabling Always-On HTTPS is critical to online security and data privacy. Because of this, they are rewarding websites that use 2048-bit SSL encryption with an extra boost in search engine rankings.
For now, using SSL is considered to be a lightweight ranking signal with respect to Google’s organic search algorithm. However, Google has said they will increase its influence on rankings once webmasters have had enough time to migrate their sites to HTTPS.
What Is SSL/HTTPS?
HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of the Hyper Text Transfer Protocol (HTTP). When a user connects to a website through HTTPS, their session is encrypted with a digital SSL Certificate. Users can tell if they are securely connected to a Website by looking at the URL. If the URL begins with https:// instead of http://, the page is secure.
When a user is securely connected to a website with an SSL Certificate, all of the data passed back and forth between the user and the website is secure and encrypted. Currently, SSL Certificates are mainly used on pages that handle sensitive data, like login pages, shopping carts, or other forms with personal information. This causes users to bounce back and forth between HTTP and HTTPS sessions.
By having SSL on all web pages of your site, users’ sessions are secured the entire time they are on your site—protecting any and all data that they transfer.
Is Using SSL Recommended for All Websites?
Websites that integrate 2048-bit encryption provide a safer online experience to their customers. This additional security increases user confidence and leads to improved site engagement and conversion rates. The fact that Google now rewards HTTPS webpages with a search engine ranking boost should tell you just how important online security is.
As is the case with every other SEO ranking factor, the first wave of websites who follow Google’s recommendation and migrate to “HTTPS everywhere” should receive the best long-term results.
That said, there will be a few situations where migrating a specific URL/webpage to HTTPS isn’t possible. To achieve the best results and avoid potential complications from switching to HTTPS, work with your marketing/development teams and an SSL Certificate Authority to develop an appropriate migration strategy.
What Kind of Certificate Should I Get?
There are a few different kinds of SSL Certificates, and though they all provide the same level of encryption, not all SSL Certificates are the same. Different types of certificates were designed for different use cases, and you don’t want to spend money on a certificate that you don’t need. Below is an explanation of the basic certificate types and what scenarios they are best for.
Single-Name SSL Certificate
Single-name SSL Certificates are perfect for small businesses, blogs, and personal websites. They secure a single domain (www.example.com) and a single server.
EV Single-Name SSL Certificate
Extended validation (EV) SSL Certificates are the same as a single-name SSL Certificate, but require a higher level of validation. Because of this higher level of validation, browsers show EV-only visual cues to let users know that you’ve passed a more rigorous validation process. These cues include the green address bar and lock icon. Because EV certificates are proven to increase conversion rates, improve engagement metrics, and elevate brand reputation, they are perfect for companies looking for more than just encryption from their certificate.
Wildcard certificates are great for large websites or companies that need to secure multiple subdomains (www.example.com, login.example.com, shop.example.com). Rather than buying a single-name SSL Certificate for each subdomain, you can purchase a single Wildcard certificate to secure your entire website.
Multi-domain/SAN certificates are perfect for service providers, SEO companies, or companies that need to secure multiple domains (www.example.com, www.example123.com, www.example456.com). Rather than buying a single-name or Wildcard certificate for each website, you can purchase a multi-domain certificate to secure all of your websites.
EV Multi Domain/SAN Certificate
Extended validation (EV) multi-domain/SAN certificates are the same as a multi-domain/SAN certificate, but require a higher level of validation. This higher level of validation enables EV-only visual indicators to show users you’ve passed a more rigorous validation process. These cues include a green address bar with a padlock in your browser.
How to Migrate to SSL
When you’re ready to move your site to HTTPS, you will need to do the following things:
- Decide what kind of certificate you need (see above)
- Purchase an SSL Certificate from a trusted Certificate Authority
- Install the certificate on your server
- Migrate your site to HTTPS (see this guide from Google)
Keep the following best practices in mind when migrating your site and check out this best practices page from Google. Also note that the ranking boost only applies to pages that have SSL enabled. You need to make sure your whole site (all URLs and files) are moved over the HTTPS to gain the boost.
- Don’t rush the migration – carefully redirect traffic from the HTTP version of your site to the new HTTPS version
- Use relative URLs for resources that are on the same secure domain
- Use protocol-relative URLs for all other domains
- Look into HSTS (HTTP Strict Transport Security)
- Don’t block your HTTPS site from being crawled using robots.txt
- Allow your pages to be indexed by search engines where possible and avoid the noindex robots meta tag
Always On SSL Is the Future of Web Security
Always On SSL isn’t just interesting because of how it affects the future of SEO. The move to HTTPS everywhere is a positive step forward in personal privacy and online data security, and it’s exciting to see large companies like Google incentivizing security best practices like enabling site-wide SSL. Companies that enable SSL help move the entire Internet toward HTTPS everywhere, reducing the risk of going online and increasing user trust in ecommerce.
About the Author:
Meggie Woodfield is the Content Manager at DigiCert, a leading Certificate Authority. With her background in information development and software project management, she brings a technical perspective to DigiCert’s content team.