Google made an announcement in a Webmaster Central Blog post that says using encryption throughout a website is now a ranking factor. You heard that correctly. Google wants to see Secure Sockets Layer encryption used throughout a web site. Encryption is no longer something reserved for use with e-commerce sites on pages where sensitive personal information, such as credit card info, is entered.
Apparently, Google has some serious concerns about the level of hacking on the web. While Google’s change in direction is widely being misreported as something that will boost a site’s rankings, that is not what Google said. They said, “For now it’s only a very lightweight signal–affecting fewer than 1% of global queries.” At this point, it may have a very small influence on rank positions while other factors–such as the quality of the content–have much more influence.
We strongly suspect that there will be a lot of push-back on this idea. While adding an SSL certificate to a web site is not difficult to do, the conversion of a complete site to use the HTTPS protocol, rather than the standard HTTP protocol can be time consuming and problematic.
Here are some of the issues we see:
- Google recommends a 2048 bit certificate, which is military grade encryption. That may be available through some SSL vendors, but probably not all at this time.
- For every commercial site, there is an annual cost involved with purchasing the certificate. Many hosting companies will only install SSL certificates purchased from them at sometimes outrageous prices. Some hosting companies offer a certificate with the purchase of a hosting plan, but we have not seen too many that meet Google’s expectations for the level of encryption. We found that GoDaddy’s SSL Certificate offering does meet the 2048 bit specification, but the lowest priced certificate costs $69.99 per year per website. That is much higher than the $10 to $30 estimate cited by Google reps. That basically doubles the cost of GoDaddy’s lowest priced hosting.
- Every internal link to pages and images within a website must reflect the HTTPS protocol. No exceptions. This is a major conversion for large sites with fully specified, hard-coded URLs. If you have used the WordPress Media Library to insert images, every link for every object you’ve inserted will have to be manually changed. If you don;t do this, your browser will give you warning messages about insecure objects.
- When doing a conversion from a standard HTTP protocol site to an encrypted HTTPS site, every URL must be redirected with a 301 redirect. While at one time a 301 redirect could be used to change the URL for a page without affecting the site’s rankings, 301 redirects no longer work that way. Redirects no longer pass the same “link juice” that they once did, which means a temporary or permanent reduction in rank for each page could occur. Unless Google has made some recent adjustments to the way they deal with redirects, any boost a page was given from links pointed to that page will be reduced.
- Google recommends the use of canonical tags within the head section of each page so that spiders know what the correct URL should look like.
It is clear that most site owners are not tech-savvy enough to do this on their own, so there will be expenses involved with hiring someone to convert their website.
This idea stemmed from a recent presentation given by Pierre Far and Ilya Grigorik at Google’s I/O Developer’s Conference. There were plenty of skeptics in the tech-savvy crowd–and for good reason. While SSL encryption can solve issues with the interception of passwords and other data while users are logging into a website, encrypting every website on the Internet appears to be an extreme idea fraught with implementation problems. Pierre and Ilya do a pretty good job of covering many of the main concerns in the video, but they make it sound like it is much easier to convert a site–especially a large site–than the reality dictates.
At this point it seems like a solution to a problem that does not yet exist, but perhaps Google knows something that most of the rest of us do not. At this point, we plan to wait and see how the dust settles once the word gets around about this. If you are planning to build a new website it is worth considering because the implementation for a new site is much easier.