On August 6, Google announced that they are now giving an search engine optimization (SEO) boost to sites secured with SSL. HTTPS everywhere/Always On SSL (AOSSL) is the practice of securing your entire site with SSL, not just pages that handle sensitive information like login or checkout pages. Many large companies have already implemented it, including Microsoft, Google, Facebook, and Twitter.
Though SSL is currently considered a lightweight ranking signal in Google’s organic search algorithm, Google has promised that the weight of SSL’s influence will increase once webmasters have time to migrate their sites to HTTPS. Unlike most of the ranking factors in Google’s ranking algorithm that are vague or difficult to measure, having site-wide SSL is a guaranteed way to make your site rank higher.
Now that Google has added a rank boost for SSL, it makes sense to enable HTTPS site-wide—both for the ranking boost and added privacy for your users. But where do you start?
What is SSL/HTTPS?
First, let’s talk about what SSL/HTTPS is. When you go to a Website in your browser, an https:// or http:// will show up in front of the page URL in the address bar. HTTPS is the secure version of HTTP (Hypertext Transfer Protocol). You can tell that you are securely connected to a Website if the URL begins with https://. When you connect to a Website through https://, your session is encrypted with a digital SSL certificate.
Most websites currently use SSL Certificates to secure pages that handle sensitive data, like login pages and shopping carts. However, by having SSL on all of the pages of your Website your users’ sessions are secure no matter what page they go to. This causes users to bounce back and forth between HTTP and HTTPS sessions.
By having SSL on all web pages of your site, users’ sessions are secured the entire time they are on your site—protecting any and all data that they transfer.
Is Using SSL Recommended for All Websites?
Websites that integrate 2048-bit encryption provide a safer online experience to their customers. This additional security increases user confidence and leads to improved site engagement and conversion rates. The fact that Google now rewards HTTPS webpages with a search engine ranking boost should tell you just how important online security is.
As is the case with every other search engine optimization (SEO) ranking factor, the first wave of websites who follow Google’s recommendation and migrate to “HTTPS everywhere” should receive the best long-term results.
That said, there will be a few situations where migrating a specific URL/webpage to HTTPS isn’t possible. To achieve the best results and avoid potential complications from switching to HTTPS, work with your marketing/development teams and an SSL Certificate Authority to develop an appropriate migration strategy.
Is Using SSL Recommended for All Websites?
There are a few different kinds of SSL Certificates, and though they all provide the same level of encryption, not all SSL Certificates are the same. Different types of certificates were designed for different use cases, and you don’t want to spend money on a certificate that you don’t need. Below is an explanation of the basic certificate types and what scenarios they are best for.
Single name SSL certificate
The single Name SSL certificate is valid only for the hostname specified with the certificate.
For example, if you purchase a certificate for the hostname
secure.example.com, you can’t use it for
example.com. Any attempt to serve these hostnames with the certificate will result in a security warning in most browsers.
The only exception is the root domain, in case you purchase a certificate for the www-hostname, as described below.
EV Single Name SSL Certificate
Extended validation (EV) SSL Certificates are the same as a single-name SSL Certificate, but require a higher level of validation. Because of this higher level of validation, browsers show EV-only visual cues to let users know that you’ve passed a more rigorous validation process. These cues include the green address bar and lock icon. Because EV certificates are proven to increase conversion rates, improve engagement metrics, and elevate brand reputation, they are perfect for companies looking for more than just encryption from their certificate.
The wildcard certificate is valid only at a single level sub-domain. You use the wildcard “
*” symbol to indicate the sub-domain.
For example, if you purchase a wildcard certificate for
*.example.com, you can use it in any example.com first-level subdomain such as
private.example.com. However, you can’t use it for
Multi Domain/SAN Certificate
Multi-domain/SAN certificates are perfect for service providers, SEO companies, or companies that need to secure multiple domains (
www.example456.com). Rather than buying a single-name or Wildcard certificate for each website, you can purchase a multi-domain certificate to secure all of your websites.
EV Multi Domain/SAN Certificate
Extended validation (EV) multi domain/SAN certificates are the same as a multi-domain/SAN certificate, but require a higher level of validation. This higher level of validation enables EV-only visual indicators to show users you’ve passed a more rigorous validation process. These cues include a green address bar with a padlock in your browser.
Implementing Site-Wide SSL
Moving your site to HTTPS involves more than just going out and purchasing an SSL Certificate. There are different steps you should consider depending on your hosting situation and server platform. In general, below is the workflow you should follow when you move to HTTPS:
- Figure out what certificates you already have (if any).
- Decide what kind of certificate you need.
- Create a CSR (Certificate Signing Request).
- Purchase the certificate.
- Install the certificate.
- Migrate your site to HTTPS.
We recommend that you work with your IT team, your hosting company, or a trusted Certificate Authority to complete these steps.
How to Migrate to SSL
When you’re ready to move your site to HTTPS, you will need to do the following things:
- Decide what kind of certificate you need (see above)
- Purchase an SSL Certificate from a trusted Certificate Authority
- Install the certificate on your server
- Migrate your site to HTTPS (see this guide from Google)
Keep the following best practices in mind when migrating your site and check out this best practices page from Google. Also note that the ranking boost only applies to pages that have SSL enabled. You need to make sure your whole site (all URLs and files) are moved over the HTTPS to gain the boost.
- Don’t rush the migration – carefully redirect traffic from the HTTP version of your site to the new HTTPS version
- Use relative URLs for resources that are on the same secure domain
- Use protocol-relative URLs for all other domains
- Look into HSTS (HTTP Strict Transport Security)
- Don’t block your HTTPS site from being crawled using robots.txt
- Allow your pages to be indexed by search engines where possible and avoid the noindex robots meta tag
Always On SSL Is the Future of Web Security
Always On SSL isn’t just interesting because of how it affects the future of SEO. The move to HTTPS everywhere is a positive step forward in personal privacy and online data security, and it’s exciting to see large companies like Google incentivizing security best practices like enabling site-wide SSL. Companies that enable SSL help move the entire Internet toward HTTPS everywhere, reducing the risk of going online and increasing user trust in ecommerce.
Vrush Technology provide Website design and development, Website design, website development, Search Engine optimization, Website Marketing, Email Marketing, eCommerce Solutions, WordPress development in USA.