Only a few months ago, Matt Cutts, head of Google’s search spam team, voiced the opinion that it would be a good idea if Google would promote the use of the HTTPS site security protocol by offering a ranking incentive to webmasters who adopted it. Sure enough, it’s happened.
Google practices what it preaches
Google has implemented end-to-end HTTPS encryption on its own services for a while now. When you search on Google or sign in to one of its services, you get a secure, encrypted connection to the company’s servers. The problem is, though, a secure connection to Google search won’t help searchers stay safe on its own — not if the sites that they reach through it are insecure themselves.
How HTTPS helps
Using HTTPS end-to-end on your website can give your visitors a more secure experience in two ways. To begin, it enables data encryption between your server and the computer of your visitor. Anyone who wishes to eavesdrop on the connection will not be able to do so. HTTPS is also able to authenticate websites. Duplicitous websites posing as other websites will be tested and rejected.
Motivating webmasters to take security seriously
In an attempt to boost security all across the Internet, in the first week of August 2014, Google came out and left webmasters everywhere a tip on giving their sites a little ranking edge: upgrading their websites with an SSL 2048-bit key certificate would give them a boost on Google.
How Google’s ranking boost works
The new change to Google’s ranking algorithm is intended to help motivate webmasters into introducing HTTPS all over their websites, rather than just on their login page. If your site continues to use regular, unencrypted HTTP, competitors’ sites that do use HTTPS will be placed ahead of you on Google’s search results.
The ranking boost that you get through implementing better security won’t help you beat out all competitors without security, though. Google emphasizes that the ranking signal obtained with security is so lightweight that if an insecure competitor has better quality content than you do, they will still rank higher. Google expects that only about 1% of all queries on the Internet will be affected by this new algorithm change.
A few tips
If you plan to upgrade your website with end-to-end HTTPS, you need to do a good job of it and also carefully track your performance with Google Webmaster Tools and other analytics software. This way, you will be able to tell how much of a difference encryption makes to you.
Google has offered webmasters making the transition to HTTPS encryption a few tips, click HTTPS as a ranking signal to see them. To begin, you should choose the right kind of security certificate (single, wildcard or multi-domain) and employ 2048-bit security. You should use relative URLs for pages on the same domain, and use protocol-relative URLs for other domains. Finally, as you design security into your site, you need to make sure to allow crawling using robots.txt, and stay away from the noindex robots meta-tag.