Even prior to the Heartbleed Bug of early 2014, protection online was becoming a growing concern for web users. As such, Google has initiated a process to make the Internet more secure as a whole. After a trial process that called for ‘HTTPS everywhere’ on Google sites/services back in June 2014, Google later announced on the 6th of August, it is beginning to use HTTPS as a ranking signal within SERPs.
What is HTTPS?
Hypertext Transfer Protocol Secure (HTTPS) was designed to facilitate secure communication over a computer network and is commonly used by banking, investment and e-commerce websites, which require login and transfer of sensitive or personal information. Many websites currently use standard HTTP protocol whereby any data transferred is potentially open to web hackers; however, HTTPS make use of the Transport Layer Security (TLS) to encrypt all data transferred as an additional security measure.
Google reward HTTPS everywhere
Currently, Google use HTTPS protocol across all services including search, Gmail and the Google Drive ensuring web users are provided with a secure connection. Taking into consideration the authority of Google in the industry, it is expected many websites will upgrade from HTTP to HTTPS with the incentive of a boost in rank in Google search results, just as we witnessed when Google announced their preference for responsive websites.
Google plans and future predictions
Google has stated that the new addition to it’s search engine algorithm should only affect around 1% of online searches and both quality content and relevance to the search query will remain the most important ingredients in displaying search results. However, as websites begin the transition to HTTPS, Google has stated it could soon become a much larger part of the ranking algorithm as they seek to make the Internet more secure. Many critics have adopted the view that as online advertising generates a lot of revenue for Google; it would want to increase security in a bid to instil user confidence when providing personal data over a computer network. However, regardless of this view, this addition will ultimately protect users and fulfil its objective in making the Internet a safer place for all users.
Additionally, in the future, Google have insinuated that it may begin to flag websites that do not have HTTPS encryption, in order to promote user confidence further. Therefore upgrading to HTTPs may become integral, particularly for e-commerce websites. So it is worthwhile considering that in a highly competitive marketplace, a business that stays on the right side of Google's algorithms will continue to be rewarded.
Best practice and points to consider
Over the coming weeks, Google is set to release some top tips to make migration from HTTP to HTTPS easier. However, until then, whether you already use HTTPS or have yet to upgrade, our best practice guidelines will ensure a smooth transition:
Ensure HTTPS is applied to the entire website and not simply on checkout or login pages as Google will only reward websites where all pages have been made secure. Remember - “HTTPS Everywhere”!
Ensure when upgrading to HTTPS, that your website is still open to crawling using robots.txt. This will allow Google to view the content on your website, index pages and ultimately reward websites where applicable.
Allow search engines to index your website where possible. Top Tip: this could be done if avoiding the ‘no index robots meta tag’.
Finally, if you have already upgraded to HTTPS, you can check the security level and whether it has been implemented correctly using the Qualys Lab tool, which can be found here.
However, a word of warning, in the past HTTPS websites would generally load slower than those with standard HTTP protocol and, if implementing, you should closely monitor load speed as this has a direct impact on ranking position within SERPs.
If you decide on transition to HTTPS, following the best practice tips outlined above, as well as the soon to be released Google guidelines will help you do so.