homepage Welcome to WebmasterWorld Guest from 54.225.57.156
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

This 188 message thread spans 7 pages: < < 188 ( 1 2 3 [4] 5 6 7 > >     
Google To Give Secure HTTPS Sites A Ranking Boost
Robert Charlton




msg:4693630
 6:06 am on Aug 7, 2014 (gmt 0)

Just announced. Google's official blog post apparently hasn't gone live yet....

Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites
Aug 7, 2014 at 12:45am ET by Barry Schwartz
[searchengineland.com...]

Google has announced... that going HTTPS -- adding a SSL 2048-bit key certificate on your site -- will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a "very lightweight signal" within the overall ranking algorithm.... Google says it has an impact on "fewer than 1% of global queries" but said they "may decide to strengthen" the signal because they want to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

Google has tested this and is reported to like what it sees. As I read the incomplete information currently available, using HTTPS is probably scored as a Panda-like quality signal. Not yet clear about why it should affect some queries and not others.

Two items that jumped out at me, among others, in Google's list of recommendations, that will likely need further discussion....

- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains

I anticipate that this change is going to raise many questions in the community.

 

iThink




msg:4694828
 12:45 pm on Aug 12, 2014 (gmt 0)

I wonder if this has ANYTHING to do with fighting spam? Surely spammers wont buy certificates for their churn and burn sites?


There are a few providers giving free trials of SSL certs for 90 days. For most churn-and-burn sites 90 days is good enough time period to start and then if the site survives in SERPs beyond 90 days, one can always upgrade to a paid cert for 1 year or more. So churn-and-burn crowd may not be losing their sleep over this move.

Assuming fighting spam is the real motive behind this move, I suspect people using cheapest SSL certs that do only the domain validation may not benefit much. More expensive SSL certs that do organization validation may help in rankings for the obvious reasons. But google has not clarified what kind of certs they would like people to use.

So I'm tempted to wait for more details to emerge in near future or should I just get cracking and buy a bunch of cheap SSL certs? That is the dilemma.

graeme_p




msg:4694843
 2:02 pm on Aug 12, 2014 (gmt 0)

@JD_Toims: OK, its should have been "who" not "you". Particularly bad typo even for me. Getting to the point, I disagreed with three of your eight points. I think two do not matter (nofollow links and disavow files, because they only affect search engines), one I rather like (making ads a bit less obtrusive). The other two are, I agree, valid.

I was a Joeant editor for a short while: I gave up when the rejected a link to the Berkshire Hathaway web site (Warren Buffet's company) as "low quality"!

Directories of web sites are dead and useless, their last gasp was for SEO.

Getting back on topic, I think the consensus here is that we should wait and see? Superclown2 is quite right: there will be a lot of people trying to sell IP addresses and certificates on the back of this. Lets not panic: it will become cheaper (in another six months most of us will be happy to use SNI), and it will becomes clearer which sites are significantly affected by it.

Selen




msg:4694856
 2:55 pm on Aug 12, 2014 (gmt 0)

Someone told me that if website WHOIS info has @gmail.com account associated with domain it could be a negative signal because spammers also use @gmail.com accounts to send spam. So webmasters using cheap or free email accounts may be at risk because spammers work on the same platform. But I don't know whom to believe any more..

EditorialGuy




msg:4694857
 3:01 pm on Aug 12, 2014 (gmt 0)

Too much panic, too many conspiracy theories.

Google has said that HTTPS is be a "lightweight" ranking factor, at least for now, and it will affect fewer than 99% of search queries. So, if you're uncomfortable with the idea of migrating to HTTPS or you're skeptical of its benefits (whether to you or to users), why get your thong in a twist? Wait until there's a greater incentive, until it's easier to do, and/or until Google has more to say on the topic.

jrs79




msg:4694876
 4:26 pm on Aug 12, 2014 (gmt 0)

Directories of web sites are dead and useless, their last gasp was for SEO.


Tell that to ThomasNet.

jay5r




msg:4694877
 4:26 pm on Aug 12, 2014 (gmt 0)

There are a few providers giving free trials of SSL certs for 90 days. For most churn-and-burn sites 90 days is good enough time period to start and then if the site survives in SERPs beyond 90 days, one can always upgrade to a paid cert for 1 year or more. So churn-and-burn crowd may not be losing their sleep over this move.


Yes, but those cheap certs require a dedicated IP or using SNI/TLS which doesn't have full browser compatibility.

Assuming fighting spam is the real motive behind this move, I suspect people using cheapest SSL certs that do only the domain validation may not benefit much. More expensive SSL certs that do organization validation may help in rankings for the obvious reasons. But google has not clarified what kind of certs they would like people to use.


Personally I think NSA snooping is what triggered a lot of this. They probably realized that the simplest way to stop the NSA was to promote SSL Everywhere. Then they realized that SSL sites were higher in trust, so they've made it a ranking signal. Which supports the SSL Everywhere initiative. I think I heard somewhere that they may bring keyword data back for sites with SSL. Which would also support the SSL Everywhere initiative.

But realize, browsers (and hence Google) can't tell the difference between a domain validated (DV) cert and an organizationally validated (OV) cert. Apparently there is now something that distinguishes them, but it's relatively new and not fully implemented/supported. You can really only tell the difference with an EV cert. So an OV cert probably won't be any better with Google than a DV cert. Google has said nothing to encourage EV certs. Until they do, I'm just getting DV certs. Interestingly, of the major social media sites Twitter seems to be the only one with an EV cert. Google is using DV/OV - so I can't see them requiring something that they can't be bothered to use themselves.

superclown2




msg:4694912
 7:12 pm on Aug 12, 2014 (gmt 0)

Google has said nothing to encourage EV certs.


Looking at the big brands in my vertical, here in the UK, hardly any of them use EVSSL. The major selling point that the certificate providers claim is that the green bar encourages users to trust the site but the overwhelming majority of people over here haven't a clue what SSL is, let alone what a green bar signifies. Waste of money in most cases IMO, unless you are running a financial site with savvy visitors.

wheel




msg:4694941
 9:44 pm on Aug 12, 2014 (gmt 0)

But realize, browsers (and hence Google) can't tell the difference between a domain validated (DV) cert and an organizationally validated (OV) cert. Apparently there is now something that distinguishes them, but it's relatively new and not fully implemented/supported. You can really only tell the difference with an EV cert. So an OV cert probably won't be any better with Google than a DV cert. Google has said nothing to encourage EV certs. Until they do, I'm just getting DV certs. Interestingly, of the major social media sites Twitter seems to be the only one with an EV cert. Google is using DV/OV - so I can't see them requiring something that they can't be bothered to use themselves.

As you're aware, there's a difference between a regular cert and an EV cert.

The EV cert is different for two reasons. First, authentication requires an independent org (the people that issue the certs) to do the work required to actually validate the existence of your business. Secondly, the url bar turns green.

The url bar turning green is simply for visitors. One can debate how much difference that makes, but it must make some difference to some visitors.

From Google's perspective, and all their focus on local seo and verifying business identities, it seems like an EV cert should make a difference - it further independently validates the location and existence of the business. Does it? Who knows - but given that it's arguably 'good for visitors' and seems to fit well with Google's quest for independent verification of one's identity, it's a small chance.

The EV certs are like a couple hundred bucks. Any 'serious' business earning any amount of income shouldn't be held back by the difference between the two costs. It's a couple hundred bucks, no downside, potential upside, so roll the dice and spend the money.

I used to have a non-ev cert years ago. Let it lapse because 'who cares?'. But I'm installing an EV certificate as we speak. It's Google nonsense, but looks enough like something a typical business might do that I'm prepared to do it anyway.

wheel




msg:4694942
 9:48 pm on Aug 12, 2014 (gmt 0)

Oh, I forgot to speculate further - the EV cert indicates your town/state. No reason Google couldn't use that to verify your location and plus size your rankings as a result. They could probably use those certs instead of the postcards they mail out.

Again, Google's push to SSL certs is bogus for consumer purposes. Still, I think they may be thinking about other stuff in the future - so start preparing.

brotherhood of LAN




msg:4694952
 10:23 pm on Aug 12, 2014 (gmt 0)

Good point wheel, worth remembering before making hasty decisions to switch.

jay5r




msg:4694998
 2:21 am on Aug 13, 2014 (gmt 0)

The url bar turning green is simply for visitors. One can debate how much difference that makes, but it must make some difference to some visitors.


I did some investigation before buying some EC certs the other day. Turns out people may actually feel less secure with EV certs in cases where the business name doesn't match exactly with the domain name. They see a mismatch and think something is wrong.

[theroiteam.com...]

mromero




msg:4695029
 3:24 am on Aug 13, 2014 (gmt 0)

jay5r That is an interesting observation with Chrome. However, clicking on the site information icon does not give encouraging information. For e.g.it says "...does not have public audit records.

wheel




msg:4695162
 11:39 am on Aug 13, 2014 (gmt 0)


I did some investigation before buying some EC certs the other day. Turns out people may actually feel less secure with EV certs in cases where the business name doesn't match exactly with the domain name. They see a mismatch and think something is wrong.

lol. I incorporated under my keyword rich domain name. i.e. keywordkeyword.com, LLC.

So I got that going for me.

These days if you're looking for rankings, you should probably have your main site on your companyname.com anyway. PRomote nike.com, not redsneakers.net.

incrediBILL




msg:4695337
 7:58 pm on Aug 13, 2014 (gmt 0)

If I were Google I'd use secure certs as a method of stopping spam. If you're a valid site, you can get a valid cert.

To that end, I think Google telling us it's just a 'ranking signal' today will encourage the masses of legit sites to get certs. When the volume of sites running HTTPS reaches the tipping point they'll simply push all sites without HTTPS down to the bottom of the index.

Spammers getting sites penalized and dropped all the time or shut down for other reasons would find required certs a real problem to get and maintain.

Eventually someone abusing the web all the time wouldn't be able to get a new cert, out of business, done.

It's a great move as I've advocated required SSL for email for the same reason but people keep playing around with other silly schemes that simply don't work.

SSL all the way baby!

jay5r




msg:4695606
 12:55 pm on Aug 14, 2014 (gmt 0)

When the volume of sites running HTTPS reaches the tipping point they'll simply push all sites without HTTPS down to the bottom of the index.


That may work for the more competitive search terms, but it won't work for things like [Solomon's Pork Pies Akron] - it's unlikely really small business will ever have SSL. Or, if some hosting provider does offer the service of buying an EC cert for each IP/server and then adding/dropping names from the cert as part of their shared hosting plan, then the spammers will just use that service along with the small businesses, and SSL will become a meaningless signal. Or, it will only be a factor when all the names in the cert are owned by the same entity.

But I can see it for search terms that touch on the "your money or your life" concept that Google is so fond of. Ditto for community sites with lots of user input - privacy is a concern on sites like that. (When will Webmaster World migrate to SSL?) Those are types of things that probably make up the 1% of affected search terms. It'll grow, but never to things like [Solomon's Pork Pies Akron].

rish3




msg:4695608
 1:06 pm on Aug 14, 2014 (gmt 0)

but it won't work for things like [Solomon's Pork Pies Akron]


Low organic relevance == more ad clicks.

aristotle




msg:4695632
 2:32 pm on Aug 14, 2014 (gmt 0)

It's really naive for anyone to think that this is going to stop spammers.

petehall




msg:4696086
 6:26 am on Aug 17, 2014 (gmt 0)

@superclown2

Google has stated that there are a plethora of ranking signals, and this will be just one more. Getting an installation just right is not a job for a beginner and an imperfect job can have disastrous consequences as I first found out for myself more than a decade ago.


So why ignore any of them? Surely you're fighting against the wind for no reason?

The major selling point that the certificate providers claim is that the green bar encourages users to trust the site but the overwhelming majority of people over here haven't a clue what SSL is, let alone what a green bar signifies.


Have you any data / research to justify this statement?

Finally, (and this will probably make you laugh as I've singled your comments out) I have transferred a 9 month old site over to SSL and the positions achieved to date have been completely destroyed!

Perhaps it will come back but I'm currently thinking; big mistake.

graeme_p




msg:4696276
 6:13 am on Aug 18, 2014 (gmt 0)

@incrediBill

My worry about sites with SSL getting pushed down is the effect on hobby sites and blogs: they are often what I want when I do a search. What about anonymity for people in countries with less than free speech? Paying for a cert leaves a trail.

Its probably good for e-commerce searches, but not so good for informational ones.

Eventually someone abusing the web all the time wouldn't be able to get a new cert, out of business, done.


Possibly, but there are a LOT of certificate authorities.

It's a great move as I've advocated required SSL for email for the same reason but people keep playing around with other silly schemes that simply don't work.


SSL certainly. Ideally emails should be signed as well: but any transition is going to be difficult, and most people still seem unaware of how little privacy or security email has.

superclown2




msg:4696335
 12:23 pm on Aug 18, 2014 (gmt 0)

Have you any data / research to justify this statement?


Most of the people I have spoken to don't even know that the results at the top are paid ads, even though they are now labelled. I spoke to a load of senior business people earlier this year and most of them didn't know that there were other search engines than Google. It doesn't do to overestimate the knowledge there is out there amongst the non-techies.

I have transferred a 9 month old site over to SSL and the positions achieved to date have been completely destroyed!


Sorry to read that. It does underline, though, the point I made that this should be handled very carefully, if at all.

netmeg




msg:4696336
 12:23 pm on Aug 18, 2014 (gmt 0)

it's unlikely really small business will ever have SSL.


Actually I expect that eventually it'll come by default with webhosting (and maybe hosting goes up a tad to cover it) It'll be the standard.

sangi




msg:4696341
 12:56 pm on Aug 18, 2014 (gmt 0)

While it's been less than 24 hr when I've switched one site to https and it's way to early to make any conclusion I can definitely report some positive movement in terms of referrals from the big G. Quick look also suggests that almost all of more than 400k indexed pages have been re-indexed and now starts with https. Interesting

Tonearm




msg:4696391
 4:44 pm on Aug 18, 2014 (gmt 0)

Does switching an http site to https mean 301 redirecting every valid http request to https?

RedBar




msg:4696398
 5:06 pm on Aug 18, 2014 (gmt 0)

It'll be the standard.


My thought as well and I do not have a problem so long as we all are given plenty of time to implement it, say by Dec 31st 2015?

philgames




msg:4696399
 5:07 pm on Aug 18, 2014 (gmt 0)

THIS IS ABSOLUTELY POINTLESS

EditorialGuy




msg:4696461
 1:57 am on Aug 19, 2014 (gmt 0)

THIS IS ABSOLUTELY POINTLESS


Sure, just like lower-case letters. :-)

Shai




msg:4696529
 11:51 am on Aug 19, 2014 (gmt 0)

Does switching an http site to https mean 301 redirecting every valid http request to https?


Yes.

john14




msg:4696545
 1:19 pm on Aug 19, 2014 (gmt 0)

I think it can have a minor effect on rankings if a site has better SEO factors like complete optimized in terms of on page and off page seo and has quality backlinks but not implemented https then the site can still perform better than those sites having https but missing on page and off page elements

wheel




msg:4696546
 1:19 pm on Aug 19, 2014 (gmt 0)

THIS IS ABSOLUTELY POINTLESS

No it's not.

Google claims they're doing this 'for the children'. If you believe that's a pointless reason, and maybe it is, then look deeper. What potential future benefit does Google derive from SSL? It's an easy ranking signal because it increases barriers to entry on webhosting. And EV certs fix a very big problem for Google - guaranteeing the authenticity of a website. With all the brands ranking, seems like a pretty natural progression to add in 'guaranteed authenticity' as a ranking signal, and maybe a big one.

You should expect the same feature creep we saw with the nofollow tags. This was sold to you as being for your benefit, to make the web a land of unicorns and rainbows, yet now it's an overseer's whip. You'll be getting an EV SSL cert soon enough, or dealing with the consequences.

As to why it's pointless for you as a webmaster, you're taking the wrong approach. The goal is to rank and make money, not argue with Google. Google says get an SSL cert and it'll help your ranking, do it to rank. That's not pointless.

It's one of the easiest and clearest things Google's disclosed in a long, long time.

In fact, they could've left this silent and not told us and just used it as a ranking signal. The fact that they've told us this also tells us something - they want it for more than a ranking signal or they want to strengthen it as a ranking signal. They haven't disclosed the other couple hundred ranking signals, have they.

Tonearm




msg:4696557
 2:32 pm on Aug 19, 2014 (gmt 0)

Does switching an http site to https mean 301 redirecting every valid http request to https?


Yes.


Kind of scary for a site that already ranks well. Should this be done incrementally?

wheel




msg:4696567
 3:19 pm on Aug 19, 2014 (gmt 0)

Kind of scary for a site that already ranks well. Should this be done incrementally?

No, not incrementally. You simply do a full redirect in apache for any page lookup on port 80 over to the new IP on port 443, same address. It's like a half dozen lines in apache.

Hypothetically it shouldn't make any difference because you're only changing the protocol used to transmit the page. you're not changing the page address or the content. So it shouldn't impact your rankings unless Google specifically makes it so - and I don't know why they would.

This 188 message thread spans 7 pages: < < 188 ( 1 2 3 [4] 5 6 7 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved