Google has confirmed plans to give higher search rankings to sites that are deemed more secure. In a blog post on Google’s Online Security blog, it announced it will favor websites that are using HTTPS encryption by default and that it will be rolling this out across all its algorithms.
Search Ranking Positives
The blog post by Zineb Ait Bahajji and Gary Illyes, Google webmaster trends analysts, said that initial tests where HTTPS pages were highlight had give positive results so they will gradually increase its importance as a ranking signal in the coming months. The blog reads:
We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
Google is also publishing a list of best practices in the coming weeks to make Transport Layer Security (TLS) adoption easier and to avoid common mistakes. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet.
This enables data/message confidentiality, and enhances message integrity and message authentication.
To get started Google is offering seven tips to make websites more secure:
- Decide on whether you want a single domain, multi-domain or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources on the same secure domain
- Use protocol relative URLs for all others
- Change your website’s address to reflect the new security certificate
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible
Google has been pushing this agenda for some years now. As early as January 2010 it announced default HTTPS access for Gmail. And in 2011, it enabled forward secrecy by default.
In June, the company called for “HTTPS everywhere” on the web and also announced that it is close to releasing new end-to-end encryption standards on Gmail that will effectively stop unwanted and unauthorized access to users’ email.
Encryption is used to digitally scramble data as it passes between a user's device and an online service to prevent others eavesdropping on the information.
It is used by many, but not all, sites that show a little padlock and use a web address beginning HTTPS. The "S" stands for secure. Until now, adoption has been hindered by costs and time to implement.
However, if Google is going to start rewarding companies with better search rankings, its likely a lot more companies are going to come on board.