Do I need HTTPS for SEO?
This year you may have noticed some changes in the way that your browser displays web addresses. In Google Chrome especially your website security status is becoming really obvious to your website visitors.
Historically HTTPS has usually only been implemented for E-Commerce sites to protect credit card details, addresses etc. but Google being Google has moved the bar once more.
Now wait for the kicker:
Google is now using HTTPS as a ranking factor. Yep, it’s true there is now another thing to add to the list of must do’s to your website to get or maintain your Google rank?
If you know anything about SEO you will know that there are 100’s of things Google looks at to decide where to rank your website from technical code level aspects to writing great content and having good traffic. So now there is another thing to add to the list, but do you need it?
How important is it?
Also, Google is rolling out in their browser clear indications of when a website is not implementing HTTPS. This will clearly lead your users to see “non-secure” on your website, already leaving a bad taste! With google heading this path, it will only be a matter of time, if not already, that the other major browsers follow suit.
But Amy what the hell is HTTPS anyway?
It’s pretty complicated so I am going to keep it brief and on a need to know basis.
HTTP = Hypertext Transfer Protocol
HTTPS = Hypertext Transfer Protocol Secure
Basically, it’s the protocol which data is sent between your browser and the website. With HTTPS the ’S’ stands for secure, which means all data sent between the browser and website are encrypted. This encryption means even if someone was to steal your data that would also need to know how to decrypt your data That if someone was snooping on your traffic between your computer and the website, they would only see gibberish; as opposed to non-encrypted where everything you said is open for the world to read. Consider you are using wifi and someone is monitoring it, a simple scenario like your favourite coffee shop. If you sign in to a website that doesn’t use HTTPS, then everyone else on that wifi can see in clear what your password was. HTTPS encryption is very difficult to decrypt without access to that particular encryption key.
Most E-commerce stores now use third party apps like PayPal and Eway which means that your credit card details are shared with a reputable third party rather than with the actual business itself.
Back to HTTPS and how important is it?
At this point, it’s not crucial, it’s just one thing in a list of many things Google is looking for when ranking your site. However, Google is very passionate about security so I would assume that HTTPS will become much more important and eventually all websites will require it.
At this point nothing is forcing you to adhere to the strong security standards the web vendors are trying to enforce, except if you’re doing payments etc; then you have legal requirements. Though there is no compelling reason NOT TO. It will only provide benefits and help improve the web for everyone else, leading the example to a privacy first internet.
So how do you get HTTPS?
You will need an SSL certificate (p.s TLS/SSL is the protocol that HTTPS uses). The SSL certificate will need to be installed on your site in order for it to use HTTPS.
Geek Speak: SSL is the predecessor to TLS. TLS has proven to be much more secure and when you buy an “SSL” certificate, most of the time you are buying a TLS certificate. The name SSL is just too commonly used to forget it. Like calling a tablet an iPad, even when it runs Android.
The easiest way to do this unless you have had very good technical skill is to buy one through a website hosting company and ask them to implement it. This also provides the benefit of having your browser auto-detect the certificate and not require the user to approve it. If you use your own certificate, users will have to validate it when they first visit your site. A promising solution backed by many major companies is LetsEncrypt which is trying to make SSL/TLS free to the world, though implementing this will require more in-depth technical skills.
You have the types of certificates to chose from and obviously the more you spend the more protection you get. Along with this extra protection, some companies offer higher insurance levels if your certificate is compromised and data leaked, ranging in the millions of dollars.
If you have a large e-commerce store or a site where you are collecting very private information then you need to go top level security. This SSL certificate is called Extended Validation.
However smaller sites or sites that do not request private or sensitive data can stick with a domain validation (cheapest) or Organisation Validation which also includes authentication.
- Potential Google ranking improvement
- Security (always important)
- User Experience