Security is always at the top list of Google’s priorities. Google often invests greatly to ensure that their services utilize industry-leading security tools. Furthermore, it also strives to ensure that the internet is safer at a wider spectrum. That is, ensuring peoples’ accesses to the website are quite safe. For example, Google has developed great resources to aid webmasters fix and prevent security breaks on the website. In addition, Google made an announcement in August 2014 that it will commence rewarding websites with an HTTPS security designation by ranking them higher in searches.
What is HTTPS?
HTTPS described as Hypertext Transport Protocol Secure, and its main intention is to safeguard the confidentiality and integrity of peoples’ users’ data on the websites they access. This new security measure by Google has been utilized before by most sites of financial institutions. Utilization of HTTPS means that users’ will often be required to enter some of their critical personal information. Thus, HTTPS is utilized to create sites that have a secure way of protecting personal information from insidious scams, hackers, and that website users communicate with the authentic owner of the site. HTTPS will primarily be encrypting the data between the browser and sites, and hence protecting the privacy and the security of everything that people do on the sites. Secure sites utilizing HTTPS will be indicated by “https:// “in browsers’ address bar and a padlock symbol.
Importance of HTTPS
HTTPS improves the security of the websites, which is one of the signals that are ranked by search engines. Search engine optimization, a method for elevating the visibility of the websites, is a very vital resource for digital marketing, in particular for businesses that have a robust online presence. Thus, for better Google’s HTTPS will contribute greatly to ensuring that there is increased search engine traffic as a result of improved security on the websites. Hence, this leads to more online purchases and inquiries.
Google’s updates on HTTPS
This update by Google is a critical update as it goes a long way in beefing security on the sites. Although, it is only about 1% of internet searches will be affected by this Google’s update, it is a huge stride to ensuring there are no scandals related to website security. Google is taking action to embrace security, already its business tools; Calendar, Gmail, Drives, and Docs have gone secure. Other high-ranking tech companies such as Facebook, Yahoo and many other have already moved to a more secure form of browsing. Google’s security improvement is a great opportunity for small and medium businesses to acquire a competitive platform over larger competitors online. Clients will have more confidence in a secure website, and these websites will receive a slight ranking boost from the switch.
Google Webmaster Central Video with John Mueller discussing HTTPS signal.
Go to 29:00 of video to watch the HTTPS topic.
HTTPS security certificates
Hypertext Transport Protocol Secure as opposed to old way communications, which only required simple requests and responses, it requires a process of handshaking before the encrypted data is transferred. This process is meant to; swap private keys which will be utilized to decode and cipher the normal HTTP traffic, make verification that communication is happening to the correct server, and make an agreement on a method of encryption which connection will utilize. The outcome of the handshake process ensures that both computer systems agree on a secret and private key that is to be used for all the communication during that particular session. Furthermore, HTTPS security certificate will be compatible with all web hosts since all the web hosts typically support security certificates. There are also adequate guides for implementation of this security certificate online.
Google’s HTTPS Secure Sockets Layer (SSL) certificates
There are five kinds of certificates that greatly show how much in-depth vetting Google has done on the companies purchasing the HTTPS certificate. Also, there are four certificate options, certificates that decide how the certificate safe-guards traffic on the companies’ domain names.
A free certificate is completely free for individuals by companies such as StartSSL, StartCom among a few others. A free certificate is not available for businesses. This type of certificate is ideal if you are creating a website as a hobby. The biggest disadvantage of this type of certificate is that it can be slow and less reliable because of using fewer resources for their servers.
Shared certificate will link your secure site to your Web host and can be cost effective. For example, your original unsecured website may be https://www.mysite.com, while the secure portion of your site is https://mysecuresite.hostdomain.com. Shared certificates would not be recommended for setting up an e-commerce site. Customers can be dissuaded from purchasing on your site because they expect to see your domain name in the address when shopping. Instead, a shared certificate is recommended for all portions of your website that you may not intend for regular visitors, such as an administration page.
Domain Validation (DV) SSL certificate
DV certificate is the most straightforward SSL certificate for enterprises to move from non-secure to secure websites. They can be given almost immediately because the owner of the domain is verified by consent, usually through email or telephone. This certificate primarily verifies that the applicant has the right to utilize the particular domain name.
Organization Validation (OV) SSL Certificate
OV certificate is responsible for verifying the rights of the organization to trade under the given domain name and also provides the best level of vetting the company’s details. This process ensures the company is legitimate; it is more expensive than a DV certificate, but visitors to the website will not notice any difference unless they look at the padlock icon in the address bar.
Extended Validation (EV) SSL Certificate
This certificate solely verifies the operational, physical and legal existence of the company. It checks the rights of the company to utilize the specified domain name and the company’s details agreement with the official records. EV SSL certificate adds a larger padlock symbol with a green background color in the browser address bar or an organizational badge.
The following are options for setting up HTTPS SSL certificates:
Single domain SSL
Single domain SSL is used to protect a single domain name that purchased by a company. An example of a single domain name is www.myproduct.com.
Multi-domain SSL secures many domains and host names, up to 99, under one primary domain name all under a single IP address. This type of certificate is preferred if the company only has one IP address, but wants to have different domain names. A disadvantage to this kind of certificate is that these domain names will be listed in the SSL certificate, which may not be wanted by the company. With a multi-domain SSL your list of domains may look something like this:
Wildcard SSL secures one domain name which then can contain an unlimited number of subdomains. A big reason this may be preferred is that a company can have many subdomains, leading to massive cost savings. With a wildcard SSL your domains will be as follows:
2048 Bit Key
Websites that currently have a 1024 bit key or older key certificate are recommended by Google to upgrade to the newer 2048 bit key certificate. These keys are currently the standard minimum since January 1, 2014.
Important tips when migrating your website from HTTP to HTTPS
Getting your website prepared for migration can feel overwhelming, but with these tips, this task will be much easier:
- Certificate Installation – The first step will be to purchase or create a Certificate Signing Request, this is an encrypted text file that will contain such information as your domain name, location, organization name, etc. Your host will have detailed instructions on how to fill out the form to obtain this and upload it to your server.
- Updating Site Links – Websites will need to update all their on and off site links by making them protocol neutral. Updating links will ensure that visitors will not get security warnings when trying to enter your new HTTPS website. An example would be to change your web code from <a href=”http://www.domain.com”> to <a href=”//www.domain.com”>. IMPORTANT: If older browsers are part of your target audience, use relative links in our web pages such as <a href=”/your-page.html”> or <a href=”/your-directory/”>.
- Checking your page load times – It is important to make sure page load times are not significantly longer once the switch to HTTPS has been made. Use testing tools like WebPageTest.org to check for load times. If your load time is unusually long, investigate things such as your web code for errors or duplicates.
- Check your certificate and links – Qualys SSL Labs Tool offers a wide variety of tools that can help solve common errors found after setting up an HTTPS website. These tools will check for certificate errors and insecure links among other things.
Advantages of running HTTPS secured sites:
- There isn’t a better default security for any features that are implemented on the website.
- There is improved ranking in search engines.
- HTTPS secured sites mitigate or have resolved all the concerns of the previous SSL.
- There is a seamless transition when redirects are implemented appropriately.
Challenges of running HTTPS secured websites:
- There can be considerable additional network and server load times relating to additional volume of communication required over a secured network connection.
- There is an additional cost relating to maintenance of a secure website.
- Inappropriately implemented SSL certificate can result in many user errors that may discourage users.
In summary, Google’s HTTPS security designation affects only a minimal part of the search algorithm. However, it guarantees the quality and great content, produced and delivered to website users. Thus moving to SSL is a more appropriate thing to do, to secure sites. Google normally handles individual URLs separately; hence great care should be undertaken while re-directing traffic to HTTPS from non-HTTPS version.
Should you have questions about HTTPS or need to hire a qualified team to migrate your site to HTTPS, contact WebWize at 713-416-7111.
Or Contact WebWize At 713-416-7111
Before making a final decision on a Web Design Company, spend a few minutes on the phone with us.
About Glenn Brooks
Glenn Brooks is the founder of WebWize, Inc. WebWize has provided web design, development, hosting, SEO and email services since 1994. Glenn graduated from SWTSU with a degree in Commercial Art and worked in the advertising, marketing, and printing industries for 18 years before starting WebWize.