If you value your website’s search results on Google, you will likely want to take some action on your website to keep abreast of updates like this one. Google’s Webmaster Central blog recently announced that they will now be giving a minor boost in search ranking to websites that are secured with 2048-bit SSL.
Prior to this update, adding SSL to your website really only made sense if you’re handling data that should be encrypted (common examples are websites with user login/registration or e-commerce). Many websites that are already SSL adopters also only use encryption on sensitive pages, then forward to HTTPS when necessary. This practice is usually in place to help page load times, since sending everything over HTTPS is slightly more taxing on your page load times (not enough to be noticeable). Browsing information over HTTP without accessing any sensitive data is certainly not unsafe, but making all your pages secure certainly won’t hurt things.
With this announcement, many webmasters (including yours truly), will start adopting SSL only moving forward, which I am sure hosting companies and SSL certification providers won’t mind. While the search ranking boost on Google will only be minor, affecting only 1% of global queries, they did indicate that future updates may strengthen the impact this will have on search results in the future.
Here’s some recommendations from Google’s post for moving over to HTTPS:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
In addition to these tips, I also would like to add a few common issues with moving to HTTPS, and how to solve them:
- If you’re unsure about how to add SSL to your website, your first call should be to your hosting company – unless you’re on unmanaged hosting, they should be able to get it installed for you.
- SSL certificates can be acquired really cheap online (some as low as $10 or less a year). If you’re not handling sensitive data, there’s probably not a good reason to get an expensive one. Just make sure it’s a 2048-bit key. If you are handling data and have some liability, the more expensive certifications are worth the cost, if they provide a suitable warranty. Websites on shared hosting may be only to choose from SSL certificates provided by their hosting service.
- Just installing the SSL certificate is not the only step! Make sure setup permanent re-directs from HTTP to HTTPS. If your website is on a content management system, there may be some plugins or built in functionality to accomplish this task for you.
- Probably the biggest issue after taking all the mentioned steps with making your site secure is from external content, scripts, or images on your website. You may notice some or all pages on your website have a notice over your browser’s security icon stating that there is some unsecure content on the page. Accessing external links through HTTP will cause this, but it’s an easy fix. Just change that link to HTTPS and you’re good to go!
Hopefully securing your site won’t be too painful if you decide to make the change. It’s definitely advisable to do so; clearly Google is serious about making the web more secure, and the other search providers will likely follow their lead.
Update: I just puchased and installed a new SSL certificate for Virgo Web Design! It took me about 15 minutes to install, and only cost $25 (expires in 5 years).