Google cares about security. That’s good. They put a high priority on protecting users and all searches in Google are encrypted. But the websites you land on after clicking in Google might not be.
A few weeks ago, Google announced that they are now using the security of a website as a ranking factor. In other words, secure websites will rank higher. Google likes sites that have https:// more than sites with http://.
Google likes that little ‘s.’
The reaction from marketers was almost instant. Our phones started ringing with people asking if they should be secure. In other words, should they have an “SSL certificate” installed. Certificates aren’t free so the cost should be weighed against the benefit.
We hope this post answers questions and will help you make an informed decision about security for your site.
Yes, but probably not much and probably not for you. Google described HTTPS has a “very lightweight” signal affecting very few searches. Here’s the actual quote:
For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web. – Google
If your goal is search engine rankings, then HTTPS might be a tiny benefit today and then grow into a very small benefit over time. – Orbit
There are so many other, bigger factors in search engine rankings. You should have no expectation of ranking, with or without a certificate, unless you focus on the things that make a big difference.
Keyphrase Research: This post gives step-by-step instructions for aligning pages with phrases.
Understanding Links: This post includes a 3-minute video that explains how links equate to credibility in search engines.
SEO Best Practices: This post includes best practices for optimizing your title tags, meta descriptions, header tags, etc…
If you don’t do these things well, you have bigger problems and you really shouldn’t be worrying about security as a ranking factor.
Yes. A security certificate offers some amount of protection for your visitors. But this isn’t relevant to everyone.
If you have an ecommerce site or a site with a login feature, you already have a secure site.
If there is no ecommerce or login features on your site (it includes only marketing content) then you don’t need a secure site.
But the reason you’re thinking about certificates is about marketing right? Is there a marketing benefit to the website security aside from SEO? Yes, because of the “trust seal.”
A trust seal is any graphic, third-party endorsement on a website. Security certificate logos are trust seals but so are association memberships, the BBB logo, and awards. Trust seals leverage the psychology of social proof. It’s powerful stuff.
For sites with more than one trust seal, we like to put them in a “trust box.” We find that the footer is a good place to add this. It doesn’t need to be very prominent because it’s supportive content, not the main message. Here’s an example of the trust box in the footer of the Nitel website.
This trust box includes many of the awards they’ve won. You can imagine how this builds confidence with visitors.
The goal of adding trust seals is to build confidence and increase the percentage of visitors who take action. The right seal in the right place can help keep visitors moving. This is especially important for ecommerce sites.
No. Although the levels of encryption for security certificates is generally the same (256-bit encryption) the amount of confidence that comes from the sale is not the same. Some trust seals are trusted more than others.
Here’s a study from Baymard on trust seals for commerce.
Although it isn’t a big technical challenge to add a security certificate to the server and the trust seal to a website, there are cost and time implications. It must be done carefully, and like anything, it requires testing. This is especially true for sites that use 3rd party services.
You: The paperwork of purchasing the security certificate.
Programmer: Installing the certificate on the server.
Designer: Adding the trust seal to the website.
Hosting Company: Issue a unique IP address to your website.
That last bullet is interesting. There is a finite number of IP addresses on the internet and there may be a cost associated with getting you your very own. If you don’t have a dedicated server for your website already (most don’t), it may be necessary to get one.
If nothing else, this announcement from Google is causing a “run on the IP banks,” creating more demand for IP addresses. It’s also caused a spike in sales for companies that sell SSL certificates. Companies in this business like Verisign seem to be doing well since Google’s statement about HTTPS.
Here are some other predictions from our Web Director, Barrett Lombardo:
Google’s announcement (which I see this as a passive-aggressive edict) will incentivize SSLs for everyone.
Unique IPs will become more expensive.
This will start a period of SSL disparity on the internet.
Hosting and DNS providers to make IPv6 the new standard.
And once all companies in an industry have SSL, it’s back to an even playing field, and the indicator is moot.
SSL security does not protect your site from DDoS (“denial of service”) attacks.
SSL security may make your website slower. Encryption/decryption requires server resources.
Basically, it’s crazy to think that http or https would be a major ranking factor. There are hundreds of other factors that are stronger indications of relevance. Need an example? Wikipedia is not a secure website and they are dominant in search results.
But if you don’t mind spending the money, make sure to get the secondary benefit: the confidence that comes with the trust seals.