Google’s Ranking for HTTPS: What Should You Do?

At the recent Search Marketing Expo in New York, Gary Illyes of Google gave what he said was probably the first, public official discussion of how Google has added website security as a ranking factor when indexing sites. He was part of a panel of industry leaders who supported the idea, through data and examples, that sites with full SSL (https URLs on all pages) will rank better than sites that don’t, all other things considered equal.

Admittedly, Google is still evolving how it considers secure sites, but several important items came from this discussion:

  1. Sites should use secure URLs — https — for all pages and assets (images, javascript) on a site. Google is big on giving web users a secure experience.
  2. Sites using SSL should upgrade their SSL certificates from the less expensive SHA-1 type to SHA-2. The common RapidSSL and other low-cost certificates are generally SHA-1.

What Should You Do?

First, don’t panic. Plan. Get with your webmaster or development team and outline a plan of action to take your site to a fully secure site. Doing this correctly takes a few important steps:

  • Prepare to add 301 redirects for all pages in Google Webmaster Tools, or programmatically in your site’s .htaccess file.
  • Test and test again, to make sure that all assets on your site are being delivered by SSL once you flip the switch. It’s not uncommon for assets from outside sites to not have https URLs.
  • Create a promotional program to let your users know that you site is fully secure, not just during the checkout process.
  • If your site is using a shared SSL (as some of our e-commerce clients are using), then you will need to re-structure your site so that it can have it’s own SSL certificate for the domain (e.g. https://www.yourdomain.com). This may require that you upgrade your hosting to an independent account, apart from a shared hosting account.

Very soon, novusweb will be converting our site to a fully SSL site. It’s not a quick, knee-jerk fix, but with proper planning, converting to a fully secure site doesn’t have to be painful.

We highly suggest, based on the metrics we have seen and the “word from the horse’s mouth,” that you begin the transition to a fully secure web site sooner rather than later.

For more great information on this, see Search Engine Land’s post, “Explainer: How Google’s New SSL / HTTPS Ranking Factor Works.

Leave a Reply