SSL encryption was made a ranking factor in Google over two years ago. Nonetheless, the security protocol is mainly used by shop operators and security experts.
Previously, most website operators were probably deterred by the high cost and complexity associated with switching to SSL. This problem was however solved through the introduction of the "Let’s Encrypt" initiative by the Internet Research Group, which consists of major technology players such as the Mozilla Foundation, Google, and Facebook. The initiative aims to make SSL an Internet standard and hence guarantee a secure network for everyone.
Starting at the end of 2015, "Let’s Encrypt" has made it possible to easily and freely setup SSL on websites. As a website operator, now would be a good time to consider encrypting your website. You should however take into account the various SEO challenges that result from the SSL encryption.
What is SSL?
SSL stands for Secure Sockets Layer and is a cryptographic protocol for secure data transmission over the Internet. One occasionally also talks of TLS (Transport Layer Security). TLS is the successor protocol of SSL and hence the current encryption standard. However, both are commonly still referred to as SSL.
When was SSL first introduced?
The first SSL version, SSL 1.0, was introduced in 1994 by Netscape Communications. This was shortly after the launch of the Mosaic web browser that became very popular. SSL 1.0 was quickly replaced with version 2.0 (1995) and 3.0 (1996) due to its significant security loopholes. Version 3.0 was however much more secure and managed to establish itself and get approved as a standard by the IETF (see RFC 6101).
What is an SSL certificate?
In order to use SSL, you need a certificate that contains the so-called key or public key. This key is given by a small number of trusted certification authorities (CAs). CAs must first check the identity of the server and domain operator before issuing a certificate. The most common CAs include VeriSign, Thawte, and Symantec.
Figure 1: List of CAs that are trusted by the current version of Firefox
If an encrypted connection is requested when trying to establish a connection to a website, the respective server first responds with a certificate. This enables the requesting host to check the identity of the server through the CA. If verification is successful, you get an encrypted connection. This then enables secure data transmission between the server and browser such that the data can no longer be accessed by third parties – just like with credit card numbers and PINs.
Whenever you visit "HTTPS://www.amazon.com/", Amazon first sends back its public key. Your browser verifies if the corresponding CA is trustworthy (Amazon currently uses Symantec) and then transmits the key. Next, Symantec checks if the key matches the one specified for amazon.de and, if successful, proceeds to establish a connection between your browser and amazon.de.
The URL of an encrypted website always starts with HTTPS. Everything else depends on the type of browser you use. One of the most common symbols for a secure connection is a locked padlock on a green background that is displayed on most common browsers e.g., Firefox, Safari, and Google Chrome.
Figure 2: The green padlock and the HTTPs protocol name symbolize a secure connection
Google officially listed SSL encryption as one of its ranking factors in summer 2014. This was a rather unusual step for Google since the company rarely publishes information about its ranking criteria. According to Google, this is meant to promote web security – which also explains the company’s commitment to "Let’s Encrypt". Studies show that switching from HTTP to HTTPs actually helps improve your ranking significantly.
Nevertheless, SSL encryption is anything else but standard. Even large websites still avoid secured connections. Thus, a secure connection is still a chance for you to get one step ahead of your competitors.
Besides better positioning in the SERPs, the trust gained through SSL is another major advantage of encrypting your website. Users view the encryption as a clear sign of trustworthiness thanks to the green padlock symbol and URL. According to experts, the increased trust leads to a much lower bounce rate and hence even better rankings.
SSL, which is aimed at protecting data, also provides you with key data for the optimization of your website. When a user switches to an unencrypted webpage from an SSL encrypted page, information about the referrer is not saved and the visit is recorded in web analytics tools (e.g., Google Analytics) as a direct page view. In case of a redirect from an encrypted page to another encrypted page, information about the referrer is not lost and your data quality is higher.
In his article from December 2014, Rajiv Pant, CTO of the New York Times, called for all news sites to switch to SSL/TLS. Very little has happened to date, not even with the New York Times. Why?
Probably because the marketing departments of major publishers take reference no. 10528 in the Google AdSense FAQs seriously. This in fact warns that under certain conditions, "you will actually raise less income through advertisements on your HTTPs webpages than on your HTTP pages."
And this is absolutely true – reports show that income generated per 1000 banner impressions (RPM) often drops by 15 to 35 percent after you switch to SSL/TSL.
The explanation is hereby quite simple: The browser only considers an encrypted webpage as truly secure if all its external resources, such as banner ads, are also loaded via secure connections. If this is not the case, the browser displays a small warning instead of the green padlock. AdServer or Publisher, both of which do not provide their advertisement material through HTTPs, can therefore not be used for advertisements on HTTPs webpages. The resulting lower number of bidders therefore means less competition and hence a drop in the RPM (revenue per 1000 impressions).
Figure 3: Less bidders and hence a drop in the RPM (Source: checkdomain.de)
Although SSL certificates are now available at no cost, the security is not exactly free. Encryption and decryption of data requires computing power on both the webserver and at the client. For modern servers and devices, this is rarely a problem. However, you might experience performance problems if you are using an older server.
Note: The "handshake" between the server and client takes approximately three times longer for an encrypted connection. This leads to delays in page loading and increases the TTFB that is extremely important for Google.
This also has an adverse effect on caching. For instance, ISP caching of frequently accessed content by the Internet service provider is omitted completely.
Although hosting providers have made the configuration of SSL certificates extremely easy, you still have a lot to do in order to encrypt your website. For example, you must make sure the new version of your website still adheres to the SEO rules, change all internal links to HTTPs, and avoid duplicate content by using well-structured redirects.
There are several crucial points that you must consider to ensure the changeover complies with the SEO rules. One of the most important is the Google Search Console (previously known as Google Webmaster Tools). Here, it is crucial that you also add the new HTTPS version of your website immediately after the encryption.
There are many reasons why you should encrypt your website with SSL/TLS. Higher user trust, a chance to better rankings, and much better data security are just but a few of the strongest arguments. It is only operators of advertising websites who currently do not benefit from SSL. For such, it could be advisable to wait a little longer and keep an eye on the major websites such as news portals. If these encrypt their pages, it should symbolize that most AdServer HTTPs are now functional. A trend in this direction is already apparent.
Published on 06/13/2016 by Torge Kahl.
Torge Kahl is responsible for marketing at checkdomain GmbH, a leading provider of domains and web hosting in Germany, based in Lübeck. He also founded Die Stadtgärtner (The City Gardeners), through which he is able to pursue his online passion in his spare time.Become a guest author »
Get more traffic and customers by optimizing your website, content and search performance. What are you waiting for?Register for free