14 DAY TRIAL // Google puts a high price on online security, something that’s been obvious by several decisions it has taken in recent years, including making HTTPS the default option for its services and encrypting data to, from and within its servers.
To take things a step further, however, Google is also rewarding sites that use HTTPS in search results. Basically, when you do an Internet search, it is more likely to see secure websites at the top.
“We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal,” Zineb Ait Bahajji and Gary Illyes from the Webmaster Trends Analysts team wrote.
The company explains that it’s not only important to have safe websites within the Google universe, but also for Google’s search results to lead to safe websites. At Google I/O, the company called for HTTPS to be brought everywhere on the web, and there’s already been a climb in the number of sites providing this.
The Internet giant has been running tests on the search engine, taking into account whether sites use encrypted connections or not. These signals were mixed up in all other signals the engine uses when it decides how high up a website will land on your search results page.
“For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web,” Google’s engineers wrote, basically telling the world’s webmasters that unencrypted websites are likely to get hit more in the future.
Google promises to publish detailed best practices to make TLS adoption easier and to avoid common mistakes from webmasters that have never handled this.
For instance, Google advises them to decide what type of certificate they need (single, multi-domain, or wildcard) and to use 2048 bit key certificates. It’s also important not to block the HTTPS site from crawling using robots.txt and to allow indexing of their pages by search engines where possible.
The initiative is a good one because it will push for a large change on the Internet. If there’s any company that can push for change for the better and to make webmasters adopt SSL, that’s Google, because everyone wants to receive a good ranking in search results.
On the other hand, not all websites need HTTPS since they don't actually handle personal data, so this is going to make a lot of webmasters working for something that's not a necessity.