Google Announce HTTPS as a Ranking Signal
On the 6th August 2014 Google announced that it would now be using https as a ranking signal, rewarding sites that have an active SSL Certificate securing a users browser connection site wide. The official announcement was made on Google’s Official Web Master Central blog on BlogSpot. The full article can be read here: http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html.
Initially Google say that https is a marginal ranking signal, effecting around 1% of global search queries. Google also say that this has been tested as part of the algorithm for the last few months and will now strengthen as a ranking signal over the coming year to give site owners time to get an SSL in place.
The reason for rolling this out is to make the web a safer place, encouraging web sites to move from http to https. Google want to ensure that sites being served in their results are not comprimised and are secure for web users to access, reducing hacks and malware infections as detailed in this Web Master Help article: https://www.google.com/webmasters/hacked/. Google do mention in the post that high quality content is still a much stronger ranking signal and piece to the overall ranking algorithm, but I would suspect https would be as stronger element as this due to being mentioned in the post.
Google also discussed https everywhere at the recent Google I/O conference in June, so the change should have been on the SEO industries radar. See the full https everywhere keynote on YouTube here: https://www.youtube.com/watch?v=cBhZ6S0PFCY.
Site Wide HTTPS Help
Google have now released official details in their Web Master Tools Help regarding the specific requirements for https here: https://support.google.com/webmasters/answer/6073543. There are also details of what to do regarding moving your site from http to https as your sites URL structure will change when switching: https://support.google.com/webmasters/answer/6033049.
The tips for site wide https or TLS adoption are summarised below.
- Choose the right SSL Certificate for your site(s): Single Domain SSL, Multi Domain SSL, Wildcard SSL Certificate.
- Use a 2048-bit key SSL Certificate.
- Ensure URL’s to resources and links within your markup are relative (for self hosted resources such as css, images, internal links etc.).
- Use protocol relative URLs for external resources that your site uses (such as Google Fonts).
- Ensure that relevant 301 redirects are in place as your URL’s are changed from http to https.
- Ensure elements such as canonical tags have been changed to reflect the new https URL’s.
- Don’t block your https in your robots.txt file.
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
- Regenerate sitemaps (sitemap.xml) and ensure that all URL’s reflect the new https address and re-submit these in your Google & Bing Web Master Tools accounts.
The following tool from Qualys SSL Labs can help you test your current certificate to see if it reaches the relevant, requirements above: https://www.ssllabs.com/ssltest/.
If you would like to learn more about enabling https in WordPress, my previous post discusses some options: https://www.mathewporter.co.uk/enable-https-on-wordpress-admin-and-login/. As mentioned in this post, the simplest way to enable https site wide in WordPress once you have an SSL installed on your server, is to install and enable the NertWorks ‘Site Wide SSL for WordPress’ plugin.