When you go to checkout of an online shop you usually check that your browser has a green padlock, and the more astute of you may have realised that the web address will start “https://” rather than “http://”.
What this means is that the connection between your computer and the server is secure and people can’t ‘listen in’ to get your personal information such as credit card details. Consider it the same as a secure phone line on a spy movie; the data each end may not be secure, but no one can pick up another phone handset and hear what you’re saying.
This is achieved by installing an SSL certificate on the server, and making sure the website ticks a few boxes.
Many SEO (search engine optimisation) companies will tell you that this will also improve your website’s position in search engines… but is this accurate?
Yes it’s true that Google uses this as a ranking signal as they want HTTPS everywhere on the web [1], but they have lots of ranking signals, of which this is just a small one.
This means that, if installed correctly (and we’ll get to this in a minute), it will have a positive benefit. However realistically, if you have a small ‘run of the mill’ website, I wouldn’t expect any ground breaking improvements.
This doesn’t mean that it’s not beneficial though; it’s good practice to keep security higher and, for larger sites, this is likely to be rewarded. Plus of course it will improve the user experience; most people don’t know what the green padlock means only that it’s good, so by having this you are subtly reassuring your users that you are reputable and your site is safe.
However, it’s not all roses, and this is what many web designers and SEO agencies fail to tell you. If it’s not installed correctly it can do more harm than good, let me explain by example. If you have a page http://www.yoursite.com/yourpage.html and a secure equivalent https://www.yoursite.com/yourpage.html, it’s essential that the first redirects to the last, otherwise Google will see two versions of your page and could actually penalise your website for having duplicate content. Furthermore, if you have a secure page which contains an unsecure element such as an image it can display a warning to the user, and not knowing what this means, they can get nervous and go elsewhere.
Also, once you have an SSL certificate it’s not always straight forward to remove it in the future, this is because you’d need to redirect the secure pages to their new non-secure equivalents, but this is difficult on some server setups as the secure pages can’t be loaded in order to initiate the redirect. This means that, on some servers, Google may need to re-index all of your pages.
So, is it worth it?
For larger or more complex sites then most definitely, but for smaller sites, and purely from an SEO perspective, then don’t expect huge results. That being said, this is the way that the Internet is heading, it’s likely it will have more impact in the future, and it’s good for the user experience, and they’re relatively cheap, so we’d recommend it for most websites.
Put it this way, our website isn’t that large or complex, and we have one.
We are Webbed Feet UK, we are website designers with a secure website. If you'd like your website to be secure, please get in touch.
[1] https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html