SSL and SEO - how higher security can benefit your website

SSL and SEO – how higher security can benefit your website’s ranking

In a recent blog post, Google talked about a top priority – security.

This a high consideration for Google; it has already worked on its own services – relying on industry-pioneering security systems such as strong HTTPS encryption in its Search, Drive and Gmail services. But for Google it doesn’t stop there – its algorithms are designed to improve internet security holistically. This means that one of the most recent algorithm changes is to recognise HTTPS as a ‘ranking signal’, meaning that webmasters who’ve implemented secure encrypted connection systems will experience a slight benefit in their search engine rankings with Google.

How much, or little, will HTTPS help your SEO?

Google wants to encourage people to move to HTTPS and the way they’re rating HTTPS is designed to do exactly that – encourage the move. The current position is that sites that have HTTPS will be given slightly more weighting than others, and the actual range effect is slightly under 1% of all Google queries worldwide – that’s really quite a slender benefit, so is it worth doing?


Yes, for two reasons:


  • The first is that this is just the beginning of the weighting process, and the algorithms are constantly tweaked to reward those sites that meet algorithm standards. This means that – sooner or later – Google will probably start to penalise those sites that don’t have HTTPS rather than rewarding those that do. Being ahead of that game protects your site ranking and means you don’t have to get into costly, and time-consuming, fire-fighting work to restore lost ranking.


  • The second is that Google shouldn’t be the only reason you build high-quality security into your online presence. A recent Forbes research project* discovered that ‘Executives today face a bewildering array of digital marketing technologies… alongside well-conceived and executed data privacy and security strategies …concepts such as omni-channel and analytics which add to the complexity’. As a result, many companies fail to benefit from all that their online and digital facilities have to offer, and also fail to protect their customers and clients from risk. If heartbleed** hit your radar, then you know that the short term vulnerability of any site or system to attack is only the tip of the iceberg. Beneath the water, the huge looming danger of the rest of the iceberg is substantial – (a) there is its effect on business reputation, (b) its tendency to turn the once vulnerable into attack targets in the future and (c) the loss of confidence experienced by customers, clients, partners and even employees which can lead to hæmorrhaging of orders, profits and even key staff.


What is HTTPS and why does it matter?


HTTPS stands for Hypertext Transfer Protocol Secure and rather than being a system, it’s a protocol which sits on top of the previous TLS (Transport Layer Security) to increase security.

SSL is the Secure Sockets Layer – it’s a cryptographic system that uses two keys to encrypt data that the user (client, customer, buyer) inputs into the website. It matters because it protects the website user, and it’s significant because users can easily recognise if they are SSL protected by seeing the digital SSL certification which appears as a padlock on the site or as https in the address bar.

What does that mean for a website owner? Easy to answer. Bit keys have been increasing in length (ie strength) fairly exponentially, as computing power does the same. the currently claim is that 1024-bit keys are potentially crackable (although the resources required are not easily mobilisable – probably requiring 400 computers working full time for around a year) but 2048-bit keys will be sufficient security until the 2030s – an investment that any website owner can undertake with some certainty that it will prove to be a lasting contribution to business safety.


Investing in HTTPS – how to do it

There’s very little problem with the idea of switching from HTTP to HTTPS, but the practical implications are relatively demanding. There’s a series of steps that Google recommends taking to ensure you don’t have any traffic loss during or after the transition.


A. Certification is key to ensuring you get the current benefit, and avoid any future rankings loss. There are several forms of certification and while they all need to be 2048-bit key, you need to decide what form of certification is best for you.


Digital certification uses trusted third parties to back up the claim of a website, individual or other digital entity to be who it clams to be. This is because certification offers four forms of guarantee –


–    authenticity (using the certification asserts the identity of the user),

–    verification (only the certified user can make that assertion),

–    integrity (any attempt to alter the website/email etc will register as tampering unless carried out by the certified user), and

–    security (encryption of information is possible and any attempt to break encryption will register with user/certificate owner).


It’s important to decide what form of certification will work for you: single, multi-domain or wild card and expert support is vital to that decision. The security certificates for your organisation are obtained as a part of enabling HTTPS. Ask your SEO consultant how to proceed and because certificates are usually only valid for 12 months, make sure you keep them up to date!


B. Make sure you haven’t blocked your HTTPS site from crawling using robots.txt. Ensure you haven’t used the noindex robots meta tag as both these will inhibit your search engine ranking.


C. Check your security level and configuration with one of the many tools available, before, during and after migration to HTTPS, and be certain you’re using a web server that has HSTS (HTTP Strict Transport Security) enabled – this instructs browsers to automatically request pages using HTTPS, even though the enquiry entered into the search bar starts HTTP – in other words it keeps your customers safe even if they don’t know what HTTPS is, or how to use it. In addition, it instructs Google to return secure URLS when it reports research results – this means that Google chooses HTTPS rather than HTTP when listing your website, once again keeping users safe.


D. Focus on avoiding inconsistent linking from HTTPS to HTTP URLS on your website – it’s easily done and requires constant vigilance! This means every image, CSS, JavaScript etc requires an HTTPS internal link. This can lead to inconsistent loading of your site and also delays in certain objects appearing. Oddly enough, this is one of the things that makes users doubt a site – it’s not logical but we trust smooth and swift sites over ones that have glitches and hitches in their loading – it’s just human nature to think this way so don’t disadvantage your site by failing to set up HTTPS properly. It’s no good having a safer site if people perceive it as less safe!


E. Consider OCSP stapling for your site. This is where you, as the SSL certificate hold, query the OCSP at a regular interval, receiving in return a signed, time-stamped OCSP response stating that you have TLS/SSL. Then, whenever any website visitor arrives at your site, they get this response ‘stapled’to their site connection. This means that your visitors don’t have to query the OCSP server themselves and that can save you money as well as speeding their access to the website.

There is a third reason, your visitors won’t have their browsing history revealed to any third party the way they would if they queried the OCSP server themselves – as people increasing request ‘do not track’online behaviour, providing OCSP stapling may prove to be a long-term strategy with surprising benefits. A website expert is best placed to determine whether OCSP stapling will benefit you.

    Follow us


From the blog

    • What is Google Rankbrain
    • On 26 October 2015, Google confirmed a piece of news about their search results processing system. Google admitted to using artificial intelligence to monitor its search results. This is what...
    • Read more

Latest Tweets


Βασ. Όλγας, Θεσσαλονίκη
Τηλ:2315 310 667