FAQs

Does having a secure website help my Google search engine rankings?

Google is increasingly encouraging website owners to make all websites secure. These changes mean you have a choice whether to accept an improvement in your Google ranking, but that benefit may come at the expense of some of your users possibly experiencing some problems.

What are secure websites?

Firstly, a bit of background. Any website can have an SSL certificate installed to make communications between the user and the website secure. SSL certificates give the user some protection that the site is what it claims to be. Websites secured with SSL certificates are usually identified in your web browser by a padlock symbol and secure web addresses begin with https:// (note the "s") instead of http://. Information you send and receive from a secure website is encrypted, which makes it difficult for anyone else to access it. SSL certificates have, in the past, cost money every year (from about £20 p.a. upwards) and have involved some admin every year to renew them.

"HTTPS everywhere"

There is a current trend towards making ALL websites secure, as a response to continued security issues on the internet. Security is extremely important for websites where users can log in, submit personal information, pay for products/services or control their finances, because users obviously don't want to risk losing login details or financial information. But Google and other big players have been encouraging all websites to switch to secure versions. This could further improve users' privacy by preventing malicious third parties eavesdropping on website activity and makes it harder to set up fake websites imitating real sites.

Google are positioning themselves at the forefront of this move to secure all websites. And they are offering a small boost in search results to websites that are secure.

Free SSL certificates

It is now possible to set up a free SSL certificate for your website. These free SSL certificates are from a fairly new organisation called "Let's Encrypt". They have only become available in 2016 and this is the first time it has been easy and free to set up SSL certificates. But these SSL certificates don't work well in some older browsers - an example would be someone using Internet Explorer 8 on a Windows XP system. Based on statistics from a few of my clients' sites that get higher levels of traffic, I'd estimate the proportion of users that might have problems is currently (September 2016) 1% or less - and this proportion will decline as users upgrade to new software. These users will see a security error, and whilst they could ignore the error and continue to your site, this is unlikely. At some point in the future, when the usage of old browsers and old operating systems has declined even further, you might decide to force all your website traffic onto your secure site.

Google presenting secure pages by default

However, Google has also decided to check whether websites that appear in search results have a secure version. And if there is a secure version, they are beginning to present that in search results instead of the non-secure site - see: https://webmasters.googleblog.com/2015/12/indexing-https-pages-by-default.html. This is something Google are doing on their own initiative, without even consulting website owners, although site owners can choose to stop Google doing this. On the plus side, if Google do present the secure version of your site, this could give you a small boost in search results. But, from that same point, users with old browsers/operating systems may suddenly start to see security errors if they try to access your site from a Google search.

Please note that if users do see security errors as described above, this is simply an incompatibility between their computer system and the SSL certificate. It doesn't necessarily mean that your site is broken or that the SSL certificate has not been set up properly.

Summary

  • there is a current trend towards securing all websites
  • Google is encouraging website owners to make their websites secure by giving secure sites a boost in search results
  • there is now a free and easy way to set up SSL certificates (from Let's Encrypt) for all sites
  • Google has started checking, for all websites, whether a secure version exists and, if so, it is presenting that secure site in search results
  • you can get a boost in search results if you're happy to let Google present the secure version of your site
  • but this comes at a price: a small proportion of your website users may see security errors when they try to visit your website from a Google search

Your options

  1. Do nothing (the default option):
    If you are a hosting client, we will install an SSL certificate for your site. Google will soon present your secure site in search results, and most users will be able to access that. You will get a small boost in search results. A small proportion (probably less than 1% and declining) of your users may experience security errors.
  2. Force all your users onto the secure site:
    You might want to take the initiative and re-direct all your users to your secure site so you can start to benefit immediately from the boost in search results. But if a secure version of your site is not already being presented in Google, this would actually trigger that change; and users of your site with old browsers might suddenly start to see security errors.
  3. Remove the SSL certificate:
    If your customers have complained about problems accessing your site, you might decide to abandon your secure site for now. Bear in mind that you will then miss out on the boost that Google is giving to secure sites in its search results.

Don't hesitate to contact us if you would like to discuss how these changes affect your website or if have any queries about this issue.