Google announced last week that it rather likes secure sites, and it was going to reward secure sites with a rankings boost. Unsurprisingly, this has gotten webmasters and the seo world in general very worked up.
What Google actually said was:
Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web
The important parts to take from this are:
- It's a lightweight ranking signal affecting less than 1% of global queries
- It carries less weight than creating good content
- They may decide to strengthen it (they are trying to encourage everyone to move towards HTTPS) or they may not
So should you move your site to a secure HTTPS?
- Does your site have any data input forms of any kind, or is it a pure content site? If it's pure content, you're not likely to benefit from any increase in ranking for changing over to HTTPS
- There's additional costs involved in terms of the actual certificate itself, administration costs, implementation and testing. You need to factor these in if planning to switch over
- Google have said that provided you do the switch over in a carefully managed manner, you should have no problems with loss of rankings. They will be publishing a guide to switching over in the next few weeks. In the meantime, the main points include:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out Googles Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
- If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool
- If you are in the process of building a new e-commerce site, consider setting it full to HTTPS. If you have an ecommerce site, where only the checkout is currently secured, you should consider moving it to HTTPS as best practice. That being said, we recommend working with your development and SEO teams to ensure that it is managed in a controlled manner, following Google's guide when it is released.