Skip to content

Time to go secure

Have you been working on your SEO and hoping to get your website to the top of the search engine?

Google is pushing for HTTPS

On August 6th, 2014, Google tested out using HTTPS as a Ranking Signal. They reported that their test showed positive results when they used encrypted connections as a signal in their ranking algorithm. HTTPS has since become a permanent search ranking signal on Google.

Google stated that the HTTPS is a very lightweight signal that only affects less than 1% of global queries and there has been no reports of ranking changes. So if two sites were the exact same, then the page using HTTPS may rank above the unsecured page. The boost will only be URL specific and not site-wide.

Watch Google’s video on why HTTPS matters: http://bit.ly/1tmM5z5

High quality content on a webpage will still outweigh the HTTPS signal but it looks like Google is pushing for the switch and hinting that the HTTPS signal will become a bigger part of their ranking algorithm in the future.

Even if you are a non-commercial website, it may be wise to switch to a secure server anyway. For one thing, a secure server guarantees that your content cannot be altered, e.g. have unexpected ads added. It also allows your website to look more authentic, an important factor if the content on your website is intended to provide advice, e.g. financial or medical information.

Google may be pushing for HTTPS so that it helps identify site ownership and therefore eliminate spam. It could also be potentially harder for NSA to track the content users are consuming if we browse HTTPS sites.

Migration nightmare?

No, migration to HTTPS doesn’t have to be complicated. It’s relatively easy to purchase the Security Certificate from your web hosting company. But sometimes you may experience a 301 error code, which means the redirect from your HTTP domain to your HTTPS is corrupted. This happens when there is a potential for duplicated content and several other technical issues during transition.

To avoid potential problems during migration, site owners should avoid redirect chains, similar to this one:

  1. I click on your website at http://iloveyoyos.com
  2. You redirect me to http://www.iloveyoyos.com
  3. Then you redirect me to https://www.iloveyoyos.com

If you’re building a new site, changing domain names or making a change to your URL structure (e.g. platform changes) then you won’t be experiencing the redirect issues.

It is estimated that we have two years to move to HTTPS before a non-secured website becomes a critical SEO problem. So you can take your time, but we are starting to see warnings generated on websites that tell visitors they are connecting onto a non-secured website:

Example of website warning/Canadian Web Hosting

So for a low annual sum, it may really be worth it to make the move now and avoid these privacy warnings that kill site traffic.

The different kinds of security certificates

These are the different types of secured/non-secured URLs you will come across:

On Google Chrome:

Non-Secured Connection

DV/OV Certificate Valid

EV Certificate Valid

DV/OV Certificate Error (cert invalid)

DV/OV Certificate Error (mixed content)

 

So which one should we choose for our website?

Google won’t factor in the different kinds of certificates into site rankings at this time, but they do affect user trust and conversion rates, so it is good to understand how to choose from the variety of security certificates available.

– Shared Certificates are commonly offered by web hosts. You use their certificate but the security certificate isn’t connected to your domain name. www.iloveyoyos.com will contain your non-secure content while your shopping cart will go on www.iloveyoyos.cartprovider.com. This is less costly but takes away from your brand name and user confidence.

– Free Certificates are sometimes used for personal websites or forums. Companies may offer these free security certificates for specific reasons, e.g. if you are part of qualified Open Source project. These certificates will not be valid for businesses but may be applicable for non-profit projects.

– Domain Validated (DV) Certificates are the most common SSL certificates. It is often used by small businesses and covers a single subdomain, e.g. www.iloveyoyos.com but not iloveyoyos.com. Users to this website will see a security icon by the domain.

– An Organization Validated (OV) Certificate requires both the organization and the domain registry to verify information. The OV certificate will check to make sure the business is legitimate and is therefore more expensive to get than the DV certificate. Users can only tell the difference between the two if they click the padlock icon.

– The Extended Validation (EV) Certificate is the most expensive and hard to get SSL certificate. It requires a business to include domain ownership and organization information, as well as show legal existence in their organization. The EV Certificate takes more time to process and are more expensive. Users of EV certified websites will see a green bar on their browser and likely be more confident in their shopping experience.

Hopefully by now you have learned more about security on websites and how to improve your business online.

Still confused or need help with getting a SSL certificate? Contact Canadian Web Hosting today by emailing sales@canadianwebhosting.com.

 

Sheila W.
@CAWebHosting
@CWHUpdates

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *