Early August Google announced on the Webmaster Central Blog that they where using SSL/HTTPS encryption as a ranking signal in their search algorithm. For now, they say, it is only a lightweight signal affecting fewer than 1% of global queries, and carrying less weight than other signals such as high quality content.
All of a sudden everybody wants to switch to HTTPS to boost their rankings…
By the end of August, we started seeing first analysis and stats like these from Searchmetrics showing that HTTPS does not impact rankings. Some people now say it is too soon to see any changes, other regret making the change in such a rush and others are happy and relieved that their website has not seen any negative impact.
Now let’s have a look at what this SSL/HTTPS actually does and what the reasons for Google might be to use it as ranking signal. While you read through this, you might actually figure it out yourself… We’ll try to keep this as simple as possible, but it is a quite complex topic.
Ok, here we go …
SSL/HTTPS is an internet security protocol originally used by web browsers and web servers to encrypt sensitive information being transferred over the Internet, you know, like your DOB, home address, credit card information, the password to your online banking, just to name a few. Nobody can do anything with encrypted information. This means, even if the transmission from web browser to web server is being intercepted/hacked, your information is just a bunch of meaningless numbers and letters.
The SSL needs to be installed on the web server that is hosting your website. Once installed, the standard HTTP changes to HTTPS. You can also see an activated padlock icon in the address bar showing that the connection is secure. If there is no padlock or it is showing a broken symbol, the website/webpage does not use SSL. Some browsers also turn the address bar from white to green to indicate that SSL is used.
If a company uses an Extended Validation SSL Certificate, … yes there are different ones…,it also displays the website owner’s legally incorporated company name in the address bar. Check out Paypal for example. Pretty cool!
We won’t go into any further technicalities, because from here on, it just gets more complicated. If you would like to get into the needy greedy details, you can find them here: Public Key Certificate
Alright, now where we know what SSL/HTTPS is and how we can recognize if a website uses it, let’s take a look at what is involved in getting one of these certificates.
Once the certificate has been purchased a Certificate Signing Request (CSR) needs to be generated. The CSR has to include your email address, the website’s domain name, your two letter country code, state, city, your name or organization. This information is the key and must be 100% accurate. The certificate authority that has issued your SSL Certificate will request proof of this information. If the information in your SSL Certificate does not match the information in your CSR, the SSL Certificate will not work.
So all of this really complicated stuff is really not just about encrypting information to make the transmission safe, but it is nowadays about proving identity and providing ownership information. And exactly this might be the reason why Google decided to introduce SSL/HTTPS as ranking signal. Providing proof of identity and ownership information makes a website more trustworthy to other web users. Not just because we know sensitive information is being transmitted securely, but also because we can actually identify who we are dealing with.
To finally answer the initial question; yes, your website can benefit from HTTPS, but keep in mind that there are more than 200 other factors that influence your website’s rankings. So if you have terrible content, no brand at all and launched your website 3 weeks ago, please don’t think installing an SSL Certificate will make the difference.