Blog.

Article topics

  • All

  • Best Practice

  • Branding

  • Case Study

  • Data privacy

  • Design

  • Email

  • Internet news

  • Logos

  • Marketing

  • Packaging

  • Search

  • Social Media

  • Team

  • WCAG compliance

  • Web Accessibility

  • Web Design

  • Web Security

  • Wordpress help videos

Evidence proves Google prefers https over non-SSL sites

Mark Tomkins
By Mark Tomkins
5th September 2016

Back in August 2014, it was rumoured and then confirmed by their announcement that Google were going to start to take into consideration a website’s SSL status as a ranking indicator.

A bit of background about SSLs and website security

What does that mean? Well, historically the preserve of eCommerce website, the https URL shows that the website’s pages are protected by an SSL (secure sockets layer) certificate. This digital certificate essentially encrypts all the data on the pages and that, when information is passed from one page to another (such as on an enquiry form or order form) it gets encrypted to a level that means the information cannot be read if intercepted.

Typically, when you go to a website that’s protected by an SSL the browser bar will show a padlock symbol, go green at the far-left end and may even show the company’s name in the certificate title, too (usually the more the expensive but nonetheless any more secure SSL-protected websites.

 

Google preferss websites with SSL

 

Why do it? Well, the website owner has a duty of care to protect its users’ data and, in the area of eCommerce, they are contractually obliged by the credit card issuers to have one.

So, what does that mean to the normal website? Good question.

Google’s main and only remit is to deliver good and accurate results when someone searches for something. The better the results, the more likely it is that the user will continue to use Google and therefore Google is able to grow its own advertising revenue through increased users and (as it hopes with its shift over to a more commercial model) more clicks on adverts. You can read more about this shift on our recent article ‘Using Google Adwords new expanded text ads’

Initially, there was a great deal of scepticism as to whether there was any benefit to it and why it should or how affect the search results and with good reason, too.

Within the first 6 months, the rate of page 1 Google search results of websites that were https over non-SSL protected sites increased from 7% to 8%. Hardly a huge change.

A lot of people in the SEO and advertising arena argued that, actually, instead of it being promotion if your website was SSL-protected, Google was actually ‘punishing’ those sites that didn’t have an SSL and demoting them in search results.

However, after the concept of showing to your website users that you cared about their privacy and data, lots of large sites started to adopt the https protocol and switched over to having the entire website protected by an SSL rather than just the shopping cart or login pages. Significant jumps in the adoption of the https protocol, such as Wikipedia moving over, made the concept a practical reality and many more began to follow.

As you’ll see from this graph, originally produced by Dr Pete Myers, a well-respected SEO expert, the migration over to the https protocol has significantly improved and you will see that reflected when you search Google for anything – more and more sites on page 1 of the results will have URLs that begin ‘https:’

 

We’re now seeing 30% (and rising) of all page 1 search results have an https URL.

  •  As a user, you know you have good protection of your details and that the website owner takes that seriously;
  • Google also knows that it can safely deliver people to a website without fear of it being a compromised site or that the user is likely to have a negative experience and (God forbid) get frustrated and go and do something rash, like search using Bing.

 

Practical implications – how do we change over to SSL?

Your host will be the first place to go. They will almost certainly have a range of SSLs for you to choose from and have them install.

There are some practical implications, though.

  • The site will not just automatically start to show in the SSL URL without your web developer making some very small and quick changes (no more than 30 mins to an hour tops). He or she will need to use a file in the space called the .htaccess file. This is a simple file that they’ll pop some code it that says to the web browser to look for the URL with https by redirecting all URLs from the http versions.
  • If you run a WordPress website, there are some good and free plugins out there that you can download and it will handle the installation and switchover to the https protocol for you. If you’re unsure – your first call is to your web developer. Any developer with good skill will know exactly what to do.
  • They are annually renewable and will, depending on the brand and type of SSL (again, your host or web developer will guide you here as to which one is right for you). As a guide, they start around £50 per year but can go up to as much as £1000 for top brand high security SSL. Most small business websites need one that will be about £100 per year.

We recommend that you ask your host or web developer to tie the hosting and SSL into one package for simplicity and cost. We’ve see website’s SSL certificates miss their renewal date even although the host has renewed the hosting package and wonder why the site was down.

 

A final word, or rather, a number – 301s

If your website has been live for a while (anything more than about 3 months) then you’ll need to consider the impact of the URLs changing from http to https. By that, I mean, Google will have cached (remembered) the pages of your website with the ‘http’ and not with the ‘https’ in it. If you did nothing about this you’d have to wait for the Googlebot to revisit your site to recache the pages all over again.

That could take months or years and in the meantime, your search results position will start to plummet.

To avoid this, we recommend you have your web developer write a list of what’s called ‘301s’.

A 301 is essentially a simple bit of script that gets added to a file that sits in your website’s host space and says to Google ‘this page is now here so ignore the old URL’. A 301 is also known as a ‘permanent redirection’. It’s also used by developers to tell Google that a page no longer exists but to go somewhere else on the website instead. This avoids having 404s (missing pages) or as it’s usually labelled ‘page can’t be displayed’ errors – which is a very bad thing and a negative experience which Google punishes website owners if they have too many of them.

 

Here’s a snippet of code to give you an idea of what a 301 file looks like if you’re interested.

# Permanent URL redirect

Redirect 301 /the-team https://www.aubergine262.com/the-team

 

Is it worth it – will my search results and website traffic improve?

In a word, yes. The evidence is now overwhelming that having a website protected by an SSL certificate is better for you than not having one. Of course, Google being Google, that could change one day but the likelihood is that it won’t be any time soon.