homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

This 188 message thread spans 7 pages: < < 188 ( 1 [2] 3 4 5 6 7 > >     
Google To Give Secure HTTPS Sites A Ranking Boost
Robert Charlton

 6:06 am on Aug 7, 2014 (gmt 0)

Just announced. Google's official blog post apparently hasn't gone live yet....

Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites
Aug 7, 2014 at 12:45am ET by Barry Schwartz

Google has announced... that going HTTPS -- adding a SSL 2048-bit key certificate on your site -- will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a "very lightweight signal" within the overall ranking algorithm.... Google says it has an impact on "fewer than 1% of global queries" but said they "may decide to strengthen" the signal because they want to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

Google has tested this and is reported to like what it sees. As I read the incomplete information currently available, using HTTPS is probably scored as a Panda-like quality signal. Not yet clear about why it should affect some queries and not others.

Two items that jumped out at me, among others, in Google's list of recommendations, that will likely need further discussion....

- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains

I anticipate that this change is going to raise many questions in the community.


brotherhood of LAN

 8:50 pm on Aug 7, 2014 (gmt 0)

My site is informative only, no login or personal/sensitive information, so why the hell do I need to use SSL?

Since they've mentioned it affects only a subset of results, I wonder if it's dependent on what looks like a sign in form, or a payment form. There certainly doesn't seem much point in making wikipedia use SSL, for instance.

Don't you also have to have a dedicated ip for a certificate?

I'm not 100% sure on this, but I believe you can have more than one site on one IP, but there's some technical caveats. In either event you would hope so, as the IPv4 space is depleted enough as it is. Edit: [en.wikipedia.org...]


 10:08 pm on Aug 7, 2014 (gmt 0)

Just think about G's announcement for a minute - it's a total wind up folks and don't let them lead you down the road of converting your site to https. At first I thought it was April 1st when I read this.

If I'm searching for an article on mending the brakes on a corvette or cooking a biryani or planting a money puzzle tree or the causes of heart disease are G really telling me that in any way an https cert will influence their results. If they are ... well Bing is going to love that big time.

It's a case of feed the masses a tiny bit of information and watch the feeding frenzy. Forget it.

Robert Charlton

 10:30 pm on Aug 7, 2014 (gmt 0)

I'm thinking that this is in part an attempt to use SEO as a lever to clear out a lot of unsecure software and hardware that's floating around the web.

While Google's initiative for 2048-bit key certificates preceded the Heartbleed bug [webmasterworld.com...] ...many of the lessons taught by Heartbleed persist in the form of old certificates that were never cancelled, and vulnerabilities that persist in legacy devices that connect to the web. By pushing 2048-bit certificates, Google may be forcing an overall upgrade to 2048, which would be a very good thing.

My amateur view of this makes me think that this indirectly involves the security of many mobile devices, eg, connecting to anybody's site. The only way to clean up much of the garbage undetected after Heartbleed may be simply to force many pieces of old hardware and vulnerable security certificates into obsolescence.

I don't want to swerve this discussion into that security discussion, but I'm in part trying to answer one of the questions I posted above.


 11:35 pm on Aug 7, 2014 (gmt 0)

Does it need to be on every page or just have it on one?


 12:30 am on Aug 8, 2014 (gmt 0)

Many shared hosting providers refuse to give a dedicated IP (and in result SSL) to non-commercial websites, ie. to websites that don't have a payment form / shopping cart.


 12:58 am on Aug 8, 2014 (gmt 0)

(Then I for one would find a new host)


 1:41 am on Aug 8, 2014 (gmt 0)

I suspect this is actually done not to protect the user, but to combat web spam. Make the site more expensive to run, and it becomes more difficult to set up multiple spam sites. However, they are hurting sites like mine by doing this. There is absolutely NO REASON for my purely informational site to be https.


 6:47 am on Aug 8, 2014 (gmt 0)

Why do they keep doing stuff like this? I read this today and immediately thought of issues happening during the 'conversion' process... namely lots of 301's that will take time to be 'picked up' by G as well as temporary dupe content. Google themselves have stated http and https are two things even though the page is the same.

Watch people make the change and see their rankings disappear due to the above until the crawler realizes what happened. That may take awhile and your rankings may not come back.


 10:18 am on Aug 8, 2014 (gmt 0)

Since they've mentioned it affects only a subset of results, I wonder if it's dependent on what looks like a sign in form, or a payment form. There certainly doesn't seem much point in making wikipedia use SSL, for instance.

It looks like they want everyone on it...

"For now it's only a very lightweight signal - affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS," Google's Zineb Ait Bahajji and Gary Illyes said in the blog post.

"But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."



 10:40 am on Aug 8, 2014 (gmt 0)

Wouldn't the change from http to https distroy all ranking data for this site? It's treated like a new site or am i wrong?

John Mueller in April 2013:


 10:43 am on Aug 8, 2014 (gmt 0)

Yidaki it wont make any difference as long as you correctly handle the transition! You will lose all of your social counter data unless facebook/twitter make changes to recognise http/https as the same site. (Possible if everyone starts to switch?)

This reminds me of how Google helped push the web to go mobile with the promise of better rankings for the mobile friendly websites.

Shame they don't reward coding standards still, just my opinion!

[edited by: CaptainSalad2 at 10:49 am (utc) on Aug 8, 2014]


 10:46 am on Aug 8, 2014 (gmt 0)

Why i should i change my site from HTTP to HTTPS, Just for Google give small amount of benefits in ranking?

And there is no Guarantee will Google will boost your ranking.

What we loss, if we move from HTTP to HTTPS;
1. Current Ranking.
2. Current Traffic.
3. All back links.

Can any one explain me?


 11:16 am on Aug 8, 2014 (gmt 0)

...and of course, if everyone does it, a rising tide raises all ships, we'll be back where we were with a hole (of varying sizes) in our pockets.


 12:18 pm on Aug 8, 2014 (gmt 0)

If you redirect properly, you shouldn't lose any more than you would if you went from www to non-www. I moved two client sites to all-https in January, and they were fully recovered within two weeks.

(Not saying it isn't a nuisance and a PITA, but that it can be done without tanking your ranking)


 12:32 pm on Aug 8, 2014 (gmt 0)

we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web

this was predictable starting with GA's "(not provided)" rise in october, 2011.

interesting coincidence that W3C just published a first working draft (written by a couple of guys from Google) of a new Referrer Policy:
http://www.w3.org/TR/2014/WD-referrer-policy-20140807/ [w3.org]


 12:57 pm on Aug 8, 2014 (gmt 0)

spammers buy private whois. spammers now buy https.



 1:34 pm on Aug 8, 2014 (gmt 0)

Yes, this has been on the cards for a while - so not really surprised to see it arrive.

Not rushing to implement in the next few days though - we'll let Google issue their further guidance first, and let things settle down a bit.

Might take the opportunity to move and re-name some pages at the same time - if we're doing a 301 on every page anyway - it's a good time to make changes like that.

If you were writing a news story about this, your headline could read "99% of Google search queries will be unaffected by HTTPS ranking boost."

I'd be careful about taking those query numbers too seriously: Didn't Google say that Panda only affected 6% of queries? So 94% not affected then. And we all know that the industry hardly noticed the affect of Panda...


 1:38 pm on Aug 8, 2014 (gmt 0)

So I asked my webhost about Google's announcement and their response was:

A really good question which has taken everyone by surprise.

Its to early for us to draw on costs as you need a static separate IP for each SSL. Given IPs are in short demand anyway, this is going to be more than just a SSL problem. We are aware though of these new claims by Google and already working to have an answer available.

Has Google fully thought this through?


 1:53 pm on Aug 8, 2014 (gmt 0)

Just one quick look for a price of a 2048 certificate
3 Years $139 per year
1 year $175


 2:20 pm on Aug 8, 2014 (gmt 0)

I found certs with 2048 bit keys for $9/year and $5/year for five years.


 2:27 pm on Aug 8, 2014 (gmt 0)

Just remember, Google isn't saying you have to switch. For now, at least, HTTPS will be a "lightweight" ranking factor that will affect fewer than 1 percent of search queries.

If implementing HTTPS seems to be more trouble than it's worth, then wait until it's easier to do. (Cloudflare is making SSL available to all of its customers by mid-October, for example--even free customers--and it's reasonable to expect that other hosting services, vendors, etc. will follow.)


 2:32 pm on Aug 8, 2014 (gmt 0)

You can get a certificate for 5-7 bucks/year. I installed a certificate for the main domain and the CDN domain after Matt mentioned it.

I don't think it's about certificate sales, and definitely not about trust - they're not requiring an Extended Validation certificate.

If I would switch to https, the websites and businesses I sent traffic wouldn't know it. I didn't care about keyword data, but I need my 'referer power.'


 2:58 pm on Aug 8, 2014 (gmt 0)

For me personally, I am more concerned about losing my ranking. We know 301's take awhile to be crawled/updated... we know dupe content is bad... http and https of the same page are seen as dupe content.

Even if you do everything correctly and have redirects in place immediately after the cert is in place there will be a period of fluctuation time before everything is seen correctly through crawling. I can only assume a dupe content penalty or something else would happen before that occurs and bam there goes your ranking. Maybe it bounces back and maybe it doesn't... either way you are losing traffic.

Another point mentioned above was backlinks. Again, http and https are different so by 301'ing you would not be getting your 'full juice' if I am correct. I believe there was a Cutts video explaining this at one time. Correct me if I am wrong.

I hope they thought these things through and have something in place so that does not occur, but I just don't see that happening.

With that said, yes, I am scared to make the change. Majority of my sites do not need https and those that do have it in place for the necessary pages/domains/areas. Yeah, you can say it is only a minor ranking influence, but the way it was worded surely sounds like they are pushing https hard and more influence will come in the future.

Remember, even though it is 1% that is probably somewhere around 10 million sites affected. Just giving my opinion and I hope I am wrong... not trying to stir anything up. If it goes smooth that would be wonderful, but when is the last time any of these changes went truly smoothly?


 3:23 pm on Aug 8, 2014 (gmt 0)

I've taken a look at some of the top UK sites and how they handle SSL.

They don't have all pages running under https, just the ones where they have forms to be filled in. And this is to be expected, because such a page, if unencrypted, could allow data leakage.

So; not all pages should be switched to https, just those that need it. And those that need it should already have been switched.


 4:04 pm on Aug 8, 2014 (gmt 0)

Purely coincidentally, I switched my main site to HTTPS, (entirely, all pages, including the forum) two or three weeks ago, and I honestly had no idea this announcement was coming. The reason I made the move is because me and a number of my site users live in countries with oppressive and bizarre laws and I want the member only parts of the site end to end encrypted. I've opted to HTTPS the site in it's entirety. To my knowledge, nothing that breaks local laws is hosted on my site, but I want to be 'double insulated' so to speak, as the law in this particular country means I am liable as webmaster for illegal forum posts (Lese Majeste).

I paid for a certificate but I note with interest that there is nothing that I can see in the announcement that states you can't use a self signed certificate. Obviously no one is going to do that if they care about all the traffic they will lose because of the 'invalid' cert warning (that irritates the hell out of me, what's 'invalid' about it, it's valid for me and my users!), but how will Google handle the indexing of sites that DO choose to self sign?

As an aside, I lost about 20 percent of my traffic when moving to HTTPS but I expect that to return, and it could also be due to other factors as I made a number of other changes during the move to HTTPS.


 7:52 pm on Aug 8, 2014 (gmt 0)

From the comments above it appears that G now runs the internet, it's a very, very sad day for freedom. "Jump" they say, and the only real question (in many different guises) being asked is "how high do I jump?".

What possible use is https on an informational website page?


 10:16 pm on Aug 8, 2014 (gmt 0)

What possible use is https on an informational website page?

John Mueller talked about this. You can read what he said in this article:


From the comments above it appears that G now runs the internet, it's a very, very sad day for freedom.

How so? Nobody is being forced to use HTTPS. Most sites won't even bother to use HTTPS until it's something that can be done automatically or nearly automatically (as on CloudFlare).

I suspect that the next generation of site owners and SEOs will wonder what the fuss was about bac in August of 2014. The Web evolves, Web standards evolve, and Web best practices evolve. If you're wedded to the status quo, you're in the wrong business.


 12:17 am on Aug 9, 2014 (gmt 0)

The fact that Google calls ==> pushes ==> obliges webmasters to adopt solutions of any type for getting best results in SERPs is it something that bad/questionable? It'a clear strategy, quite an obvious one for a structure such as Google that is no longer a simple search engine. The Web 2.0 has now penetrated into the Web 3.0 where the processes of co-creation are the basis of a dynamic and shared use of published documents, associated with information and data (metadata) that specify the semantic context in a format suitable for queries and interpretation. Https becomes a necessity, not an imposition, as one moves further still, towards the WebOS, towards the Middleware which will require a massive network of highly intelligent interactions, that is, towards that still very poorly defined hypothesis that's the Web 4.0.

Being this an exceptional opportunity for hosting providers to offer SSL to everybody it's clear. I wonder when Google will launch (or acquire ?) his Hosting Provider services...

I actually don't like anyone telling me how I should dress. But if we are heading towards a new Ice Age, the fact that Google calls ==> pushes ==> obliges people to wear heavy coats if they want access to his restaurant it could partly be a matter of business (and maybe not so hidden) if we happen to see a megastore selling special clothes marked "G" in front of the restaurant. But looking at things with serenity it's basically a way to avoid / prevent that in the restaurant there will be sooner or later frozen people in T-shirt at the tables.

Another side of the story is of course checking whether the use of this heavy coat, pardon, widespread Https, will actually be managed in a consistent manner (not involving irrational PR falls dropping pages previously well positioned for certain keywords - but from a first analysis it looks like it's not happening; do expect however some "oddities" - not being too complex - but I don't think so, while as a SEO I see a reason to gear up with attractive new offers to customers - not being too expensive - and maybe it will be just a little, but when it will become a popular standard it won't be more expensive / punitive - in short, we will at least have stuff to discuss for a long time now).


 12:58 am on Aug 9, 2014 (gmt 0)

I stromgly doubt that will cause more than a small percentage of existing websites to be switched to https. Most owners of small websites will never even hear about this, and even most of those that do hear about it, like me, won't make the switch.

On the other hand, there probably will be a slow gradual switchover to https, as old sites slowly die and new ones appear, but it will take many years, and would happen anyway regardless of this announcement.


 3:06 am on Aug 9, 2014 (gmt 0)

there probably will be a slow gradual switchover to https, as old sites slowly die and new ones appear, but it will take many years, and would happen anyway regardless of this announcement.

The announcement will help, though, by creating demand for user-friendly HTTPS services.

Instead of getting angry because Google is encouraging HTTPS by making it a "lightweight" ranking factor, site owners who are aware of the announcement should be counting their blessings. Google is offering an opportunity for anyone who is willing to seize it. If you implement HTTPS and your competitor doesn't, you'll have a competitive advantage in Google's search rankings.

brotherhood of LAN

 3:27 am on Aug 9, 2014 (gmt 0)


I don't see anyone getting angry, bemused maybe... but it's the same old chestnut of whether we want to play the ranking game or not.

>Google says jump and we say how high

Hehe... true isn't it.

FWIW, I've already noticed a well-known CDN-type service that is providing free SSL in the coming months. Anyone behind those kind of gateways would only need SSL enabled between the client and the gateway which wouldn't require any further action on your own server.

This 188 message thread spans 7 pages: < < 188 ( 1 [2] 3 4 5 6 7 > >
Global Options:
 top home search open messages active posts  

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved