Blog

Google Announces SSL as Ranking Signal

encryption-02

While Google has yet to reveal the exact formula it uses to rank websites (and it probably won’t), it recently revealed a new factor or “signal” used in its ranking algorithm. According to a blog post published by the Mountain View company, websites that use Secure Socket Layer (SSL) 2048-bit key certificate encryption will receive a slight boost to their ranking.

Does this mean you’ll automatically jump into the first or second spot for your target keyword by adding SSL encryption to your website? Probably not, but it’s still one more signal that Google uses to determine where and how a website should rank. Google notes that SSL encryption holds less weight than other signals, such as high-quality content, and that based on internal testing, it should impact less than 1% of global search queries.

Some SEO experts have previously theorized about Google using SSL encryption as a ranking factor, but this is the first time we official confirmation about its use.

Now for the million dollar question: why is Google adding SSL encryption as a ranking signal? This certainly isn’t a shocking move to industry analysts who’ve followed Google over the past decade. The search engine giant has gradually rolled out encryption throughout all of its services, including Search, Gmail, and Drive, and has adamantly expressed the need for greater all-around security over the Internet.

Last year, it announced that all searches made through google.com would be encrypted using SSL technology. This created some commotion among webmasters and Internet marketers, as encrypted searches do not pass keyword referral data. The good news is that webmasters can still view keyword data using authorized third-party tools, as well harvesting keyword data through Google Adwords.

Of course, another possible reason why Google is now using encryption as a ranking factor is because it improves the quality of its search results. While there are always exceptions to this rule, most low-quality/spam sites do not use SSL encryption; therefore, giving encrypted sites a ranking boost should improve the quality of user searches.

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.”

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites,” wrote Google on its Webmaster Central blog.

What The Heck Is SSL Encryption?

Secure Socket Layer (SSL) is an encryption protocol used to create a secure environment between a host and client. It’s identified by the https prefixed in your web browser. By adding SSL encryption, there’s a significantly lower risk of nefarious individuals or hackers prying into a website’s data.

Here’s a brief explanation of how SSL encryption works:

  1. A person attempts to visit a secure website (identified by the https prefix in the web browser).
  2. The website’s server sends a public key in a certificate to the person’s web browser.
  3. The web browser checks the server’s certificate to ensure it was issued by an trusted party, and that the certificate is in fact still valid.
  4. Using the public key, the web browser encrypts a random key and sends it back to the server along with the encrypted URL.
  5. The website’s server sends the html document (AKA the website) and encrypted data back to the web browser.
  6. The web browser is then able to decrypt the encrypted data using the key, at which point the visitor can access and read the website.

That may sound like a lot work, but the SSL “handshake” between the client and host happens in the blink of an eye.

Do I Need SSL Encryption on My Website?

If you run an e-commerce website or any other site that processes customer payments, then yes, you should install and set up SSL encryption. Protecting your customers’ data is your responsibility, and SSL encryption will help significantly. On the other hand, if you use PayPal or some other off-site third-party payment processor, then you don’t necessarily need encryption.

With Google now using SSL encryption as a ranking factor, though, adding it to your site can’t hurt. The only potential disadvantage is the increased cost.

Is SSL Foil-Proof?

Unfortunately, there’s no security software or technology that’s completely foil-proof. Any software or service that suggests otherwise is lying.

Earlier this year, one of the largest and most detrimental vulnerabilities was discovered in the open-source encryption cryptography library OpenSSL. Affecting upwards of 17% of all secure web servers (500,000+), the aptly named Heartbleed bug created fake pulses, or beats, to trick encrypted servers into giving it memory access. While the vulnerability has since been fixed in a OpenSSL update, it shows that there’s no such thing as foil-proof security technology.