In a bid to help make the web a safer place in general, Google announced this week that the availability of HTTPS on a website will influence search rankings. It’s increasingly important to serve your website securely through HTTPS. Wait… HTTP-What? You’re certainly familiar (or you should be) by now with the little “s”, or at least the green lock icon, that’s tagged on to your bank’s URL. This indicates a couple of things to you, the browser: you’re connected to the service provider you expected to be connected to, all of the data you send and receive is private, and it tells your service provider that you are who you say you are. [For a more in-depth look at HTTPS, head on over to my post What is HTTPS and how does it affect my site?]
“How can I get one?” you ask.
Well, the Webmaster Central Blog announcement lists some basic tips to get started providing your website via HTTPS. Google has also published a more extensive article in their Webmaster Tools help documentation. However, before you can get started with even the basic tips, you have to set up your website with the ability to use HTTPS. Now, this is not a terribly complicated process, but there are lots of acronyms and technical jargon to wade through, like HTTPS, SSL, certificates, CA, public and private keys, CSRs, and more. Pile on top of that the dozens of companies who will sell you a certificate, and then simply email your certificate, leaving you to properly install and configure it, and you’re left wondering how you will ever set up your site to meet Google’s new requirements.
Google admits that, “for now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content”. However, the writing is on the wall. Businesses interested in keeping their website finely-tuned for search engine optimization should act sooner rather than later. Google suggests that, “over time, we may decide to strengthen it [the importance of HTTPS in search rankings], because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
The main problem here is that using HTTPS is not something the people decide, the ability to use HTTPS is offered by service providers. Up until now, this primarily included financial institutions, schools, doctor’s offices, online merchants — anyone dealing with obviously private information. Google’s announcement appears to be an effort to promote the widespread acceptance of HTTPS by website owners through attaching ranking value to the availability of a secure website connection.
What can I do as a business owner concerned about search engine ranking?
If you already have a Basic Support plan with Local Fresh Hosting, you’re in luck. It’s a simple matter of submitting a ticket to our service department and we will set up a managed, auto-renewing security certificate. We’ll make all the necessary changes to your WordPress installation to ensure that every page is served to every visitor via HTTPS. This protects you, your clients, your search ranking, and makes the web a safer place for everyone. If you’re subscribed to our Premium Support plan with Local Fresh Hosting, we have a great introductory offer and a special renewal rate while you remain on our Premium Support plan. Head on over to our WordPress Support page at LocalFresh.net for more information and to sign up.
A little history
Way back at the birth of the “modern” web in 1997, people were hardly aware that internet security even existed, let alone what it meant to them, to web companies, to hackers and to governments. Fast forward 25 years to 2014, where it seems that a new security-related story is surfacing every day: stories like the Target data breach, the NSA wiretapping scandal, the Heartbleed security vulnerability, and identity theft running rampant around the world. Security these days is (and really always has been) IMPORTANT.
We’re not just talking about making sure that your password isn’t “pass12345”, or that you don’t give out your social security number to someone who calls claiming to be from your bank — that’s so 2008. These days we’re worried about hackers “sniffing” our web traffic or, even worse, impersonating a website that we implicitly trust. By snooping on your web comings-and-goings, malicious folks can begin to build a profile of… well, you: What music do you listen to? What stocks are you interested in?
This being said, should you stop using the internet? Is someone snooping your Pandora radio to steal your bank records? Probably not. However, if you imagine the amount of data that can be collected about all the people using all of the internet, all of the time, it’s easy to see why it’s important to somehow obscure this information while it’s in transit, without affecting the quality of the user’s experience.
At this year’s Google I/O, Ilya Grigorik and Pierre Far gave a presentation about web traffic sent over unencrypted channels. Their basic message? An unsecured data source can’t be trusted, the data itself could have been modified, and its contents are not private. The solution? HTTPS. In summary, HTTPS allows people to use the web safely, privately, and in short, just plain better. Seemingly public information has become a black-market commodity and businesses and individuals who have a website are having to rethink what kind of data it is that they expose to the world.