Google confirms security is a top priority – now using HTTPS as a ranking signal
It might not be too much of a surprise as people using Search, Gmail and Google Drive, for example, already have an automatic secure connection to these Google services.
A spokesman at Google said, “Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.
We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.
We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.”
For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.
For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
Google has for the last few month been running tests monitoring sites using secure and encrypted connections and using that as a signal in their search algorithm and report they have seen ‘positive’ results. What ‘positive’ actually means they don’t elaborate on but confirm that is the reason it is being introduced.
They also confirm that, at present, it is only a ‘lightweight’ signal affecting less than 1% of global searches and carries less weight than good high-quality content. That is not set in stone but designed to give webmasters and site owners the opportunity and time to switch to using HTTP and that given time it may well be ‘strengthened’ giving it more weight.
Google confirmed that in the coming weeks they would publish details of best practices to help make the adoption of TLS easier and minimise avoidable mistakes.
In the meantime they list some basic tips to help site owners get started:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Whether you agree with this approach or not the very fact that Google has made this statement probably means that websites using HTTPS in the future are likely to be ranked higher than those ‘not protected’ regardless of quality of the content.
What do you think? Good idea given the increasing threat we are continually told exists on the internet or another imposition by the search giant which might cover up some other motives?