Modern SEO: The Google Ranking Factor HTTPS and Let’s Encrypt
From time to time, Google implements new ranking factors. In the year 2014, Google announced the encryption of websites with an HTTPS certificate as a ranking factor. Many websites have since switched to HTTPS, and can confirm first advantages in the ranking. Yes, it is already possible to measure gains in the ranking. The switch to the new protocol surely is complicated in many cases, however, the step should still be taken, to not get left behind by the competition. The project Let's Encrypt eases the switch by providing free certificates for Google's ranking factor HTTPS.
Ranking Factor HTTPS
Google wants to see fast and at the same time secure websites. That's why the company decided to include the encryption of websites via HTTPS in the ranking. Of course it will take a while until webmasters can measure big advantages due to the switch. At the moment, Google wants to give the webmasters plenty of time to switch, which is why they implemented the encryption as a light ranking signal for now. However, advantages can already be measured, especially for strong brands and online shops. By now, the difference in SEO visibility of HTTPS websites in comparison to unencrypted sites is statistically significant. Differences of up to 5 percent visibility in the search results are currently possible .What's HTTPS?
HTTPS is a communication protocol for data transfer on the internet. The difference to HTTP is in the encrypted and bugproof transfer of data via SSL/TLS, an encryption protocol. This means, that HTTPS provides your website's users a safe way of communication between them and your website. The data exchanged cannot easily be read on its way to and from the site. Info: HTTPS = HTTP + SSL/TLS Without encryption, all transfered data on the internet could be looked into, and could be manipulated by third parties using a man in the middle attack. However, when an HTTPS certificate is used to encrypt the data, any communication with the website is safe and cannot be attacked. Of course, this brings up the question why owners of a simple blog are practically forced to switch to HTTPS. The compulsion will come, no doubt. At the moment, HTTPS is only a light ranking factor, but in the near future Google will change this factor's significance. In spite of everything, it's still not clear why blogs and news websites should switch. It only makes sense, when a lot of sensitive customer information needs to be transferred. An online shop would be a fitting example here. Yet, Google will force a conversion for all websites, as everyone wants to have a good ranking. No website wants to see direct competition above them in the search results only because they have already converted to HTTPS.The Tagging of a Connection Encrypted via HTTPS in the Web Browser
A website encrypted using HTTPS can be recognized in the browser rather easily. The lock symbol and the written HTTPS protocol are the indicators.Convert to HTTPS For Free Using Let's Encrypt
The web service Let's Encrypt promises certificates for everyone, and entirely for free at that. The project is, among others, sponsored by Mozilla, Facebook, and Cisco. The service, which is currently in an open beta stage, wants to provide HTTPS certificates for free to anyone who demands one. Every webmaster can create his own certificate for his domain, as long as the server meets the technological requirements. Let's Encrypt doesn't settle with just giving out free certificates, but aims to automate the process, so that the certificates, which are currently only valid for 90 days, renew themselves. At the moment, the process needs to be pushed forward manually. This is best done via Cronjob or command line orders. It's planned to lower the timespan of validity to 30 days. For that to work, certificates should renew themselves. This way, the project is supposed to be able to react faster to compromised or improper certificates. Those that want one of these free certificates need to make preparations on their servers. A Let's Encrypt client from the Github repo needs to be installed. The client requires Python 2.6 or 2.7, support for 3.0 is supposedly coming as well. The Let's Encrypt client currently only runs on servers with Debian version 8.0 or newer, including all Debian derivatives, and Ubuntu from version 12.04 and up. Other operating systems are not supported yet. Here are some first impressions of the HTTPS for anyone (German language).Google's Ranking Factor HTTPS: Conclusion
Sooner or later, you won't be able to avoid an HTTPS certificate. Google will surely change the significance of this ranking factor soon. If you have knowledge on server administration, you'll be able to secure a free certificate from Let's Encrypt fast and easily. This way, you don't need to spend money on certificates. HTTPS clearly is the future. Webmasters shouldn't be afraid to switch. WordPress users even see further advantages, as the CMS itself makes sure that old HTTP URLs are redirected to the new ones with HTTPS certificate.Related Links:
- Google Webmaster Headquarters Blog: HTTPS as a Ranking Signal
- The Let’s Encrypt Project
- The Let's Encrypt Documentation
- Sistrix: HTTPS Ranking Factor Update (German)
- Searchmetrics Blog: HTTPS Encryption: How Does TLS/SSL Affect the Rankings?
- Computer Base: First Experiences With the HTTPS for Everyone (German)
- wpmudev: Adding Free SSL Certificates to WordPress with Let’s Encrypt
- Guide to Let's Encrypt: Free TLS Certificates for Everyone