Welcome to WebmasterWorld Guest from 100.26.182.28

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Google To Give Secure HTTPS Sites A Ranking Boost

     
6:06 am on Aug 7, 2014 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12362
votes: 403


Just announced. Google's official blog post apparently hasn't gone live yet....

Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites
Aug 7, 2014 at 12:45am ET by Barry Schwartz
[searchengineland.com...]

Google has announced... that going HTTPS -- adding a SSL 2048-bit key certificate on your site -- will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a "very lightweight signal" within the overall ranking algorithm.... Google says it has an impact on "fewer than 1% of global queries" but said they "may decide to strengthen" the signal because they want to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

Google has tested this and is reported to like what it sees. As I read the incomplete information currently available, using HTTPS is probably scored as a Panda-like quality signal. Not yet clear about why it should affect some queries and not others.

Two items that jumped out at me, among others, in Google's list of recommendations, that will likely need further discussion....

- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains

I anticipate that this change is going to raise many questions in the community.
12:18 am on Aug 25, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts:5072
votes: 12


Already the three lines of code are ballooning. I was in the computer software testing business for 15 years and nothing struck more fear in me than a programmer saying "it's only a one line change .....".

If they've got URL's hardcoded that far in a file, then they deserve the frustration they get.
1:13 pm on Aug 25, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Feb 3, 2014
posts:1420
votes: 515


Sorry about crashing in here without reading all six pages, but I have a question:

Do you have to have to have URLS listed as https:// in your site map? or does G just probe and find the https on their own? I'm hoping the latter.

I've run SSL for 10 years because the site requires user data entry when they join and login.
4:30 pm on Aug 25, 2014 (gmt 0)

Full Member

5+ Year Member

joined:Apr 26, 2012
posts:328
votes: 8


samwest, unless something has changed recently, Google will find the https:// URLs on its own, even with http:// in the sitemap. Several months ago the site I work on was being listed as https:// in Google. We have it for our checkout, but technically it was enabled for the whole site. It was causing havoc with images being pulled from AWS, so we redirected to http:// .

[edited by: phranque at 3:45 am (utc) on Aug 26, 2014]
[edit reason] unlinked url [/edit]

4:59 am on Aug 26, 2014 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11822
votes: 236


Do you have to have to have URLS listed as https:// in your site map? or does G just probe and find the https on their own? I'm hoping the latter.


http://support.google.com/webmasters/answer/183668 [support.google.com]:
Use consistent syntax for listing your URLs. For instance, if you list your home page URL as http://www.example.com/, your sitemap should not have URLs that begin with http://example.com/


translated for your question, this would read:
... if you list your home page URL as [example.com...] your sitemap should not have URLs that begin with http://www.example.com/
5:59 am on Aug 26, 2014 (gmt 0)

Preferred Member from AU 

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:459
votes: 16


This'll be another craze like site speed.


This was also a joke. Depending on from where they judge speed it will make too much difference. If judged from withing the USA network data transfer rates will be neglible compared to pulling data from outside of the USA. When I performed some tests about 10 years ago researching the location of registration servers, I found that we had to have a server in each continent to keep response times bearable. What I also found was that the reponse times within the USA when compared to networks in other continents was dramatically faster, the difference being like on a home network vs the Internet.

Technology has adavanced but those differences more than likely still exist.

Only a fool would measure site speed from one location.
10:07 am on Aug 26, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


The rumour was, they didn't/don't measure site speed from one location - they measured it from the various users' location.

And you're being foolish if you're not paying a lot of attention to site speed. There's been enough studies done to show that site speed makes a noticeable difference in conversions.

You should be paying close attention to both your data center location and your site design with speed in mind. Having a fast website is a relatively easy thing to do. Not something I would obsess over, but something to do at least a one time audit. From what I've seen, speeding up websites is normally just a matter of 'fixing' a handful of small things. You can get 90% of the way there doing 10% of the work.

I'd certainly worry more about site speed (and probably SSL) before I bothered with a lot of other things like 'fresh' content.
10:52 pm on Aug 26, 2014 (gmt 0)

Full Member

5+ Year Member

joined:Apr 26, 2012
posts:328
votes: 8


By the way, I agree with phranque that you should have the site as https:// in the sitemap, but Google will index any https:// site on its own, even if the sitemap says otherwise and even if you don't have a single internal or external link going to that version of the URL.
1:11 am on Aug 27, 2014 (gmt 0)

Preferred Member from AU 

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:459
votes: 16


The rumour was... they measured it from the various users' location


Only a rumour and most unreliable (line connection, connection speed, peak hour, congestion, server load, etc). Besides, which browser or service is reporting back about everything I download, when and via which proxy because I sure want to make sure that I never use them again.
1:42 am on Aug 27, 2014 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12362
votes: 403


site speed

As I've understood it, initially Google was just looking for "outliers", sites way slower than the statistical norm, measured (I assume) under comparable conditions.

Early in the days of Panda, I did see a bunch of those. You could watch the images on some pages load while you ate lunch... and what's amazing is many site owners saw nothing wrong with that. Many had never viewed their site performance online... only seen it locally.

On some sites, half the nav links and resources on the page were old urls that led to 301 redirects. An occasional page didn't even load. You find far fewer of those now via Google search, and that was Google's intention.

Google will likely continue to use outliers as the basis for identifying substandard performance, and mobile sites that are faster and easier to use will likely be winners if they are used frequently in mobile situations. I don't think that Google is using any one metric, btw. Bing is very likely to be making similar adjustments, all the time.
9:52 pm on Aug 29, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


It's been 3-4 days since I redirected my site to an EV SSL cert.

No hiccups in traffic that I've noticed, up or down. I monitor sales rather than traffic anyway, and no real change there.

Google is now however lising my site with 'https://' in front of the URL. Non https sites just get www, my site gets [www....]

There's actually two of my competitors (large name brands, you've seen their tv commercials) already doing this, never noticed the https before. So if I haven't noticed it, I don't imagine it makes much difference to consumers. My wife had no idea what the green padlock was as well.

So far, it's about what I expected. Right now it's not much more than an opportunity/excuse to review site best practices.
9:59 am on Sept 5, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 7, 2009
posts: 61
votes: 0


Do you know if I can use different certificates on different subdomains?
I'd like an EV SSL certificate on www and maybe a cheap wildcard on subdomains (forum, blog and CDN subdomains).
Does it make sense?
1:57 pm on Sept 11, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 7, 2003
posts:804
votes: 121


Unfortunately for us, since migrating to https last week, we have witnessed a total collapse in referrals from Google.
Hopefully it's only a blip...
2:54 pm on Sept 11, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


Glitterball, have someone externally check your website and all the pages. I bet something's gone wrong with the redirect.

And then check every link on your site to make sure you don't have any http:. And check your images, make sure they're all https: too, and so on.

My conversion went smooth. Google's indexed pretty much all the pages and is showing them in the serps as https with no noticeable loss in rankings or traffic. (No real increase either).
4:37 pm on Sept 11, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member editorialguy is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 28, 2013
posts:3464
votes: 777


I moved our secondary site to https: a few weeks ago, and my experience has been similar to wheel's. No problems at all, with a slight (and probably coincidental) increase in Google traffic.

(Fortunately, the site mostly uses relative internal links, so I didn't have to change many links from http: to https:.)
5:32 am on Sept 12, 2014 (gmt 0)

New User

5+ Year Member

joined:Oct 11, 2013
posts: 39
votes: 5


I moved fairly small site (3000 visits/day) to https almost 4 weeks ago. My notes on that:

* 1-2 week traffic from G was shaky a bit, noticeable decrease in AdSense CTR/CPC/RPM too (I'd say -30%-40% or so);
* 3-4 week traffic from G increased slightly and seems stable now. AdSense is back to normal too;
* wasn't able to spot any visible changes on the SERPs.
3:06 pm on Sept 12, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 7, 2003
posts:804
votes: 121


Glitterball, have someone externally check your website and all the pages. I bet something's gone wrong with the redirect.

And then check every link on your site to make sure you don't have any http:. And check your images, make sure they're all https: too, and so on.

My conversion went smooth. Google's indexed pretty much all the pages and is showing them in the serps as https with no noticeable loss in rankings or traffic. (No real increase either).


Actually, I've been even dumber than that. The migration and redirects are working correctly, however I had been looking at Google Webmaster Tools which was for the http and not the https version - DOH!

Also, noticed that Adsense earnings are down, consistent with sangi's observations - hopefully they will come back in a week or two.
10:40 pm on Sept 13, 2014 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 29, 2005
posts:2112
votes: 122


Actually, I've been even dumber than that


I've done even dumber things than that! I once installed a brand new, untested FX system on what I thought was the "test" machine. No-one told me that the "test" terminal (to which I was meant to have exclusive access) had been reconnected to the live system overnight. That really mucked up that day's trading.

Never believe what appears to be obvious.
12:40 am on Sept 14, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 14, 2011
posts:1045
votes: 132


If I was a cynic I'd say someone at google just invested in secure site cert companies.

Seriously WHY? This change make's no sense at all. All I can think of is they are so desperate for quality signals that they are going down desperate paths.
12:19 pm on Sept 15, 2014 (gmt 0)

Junior Member from IT 

10+ Year Member

joined:Oct 22, 2002
posts:127
votes: 0


This is a very limited experiment but I can say that since running https on a website there has been no traffic tank at all, and no increase in traffic either. However there has been a cost to the client!

It's all a bit false anyway because any webmaster could install a 3rd party piece of code from a company that has Purchased their own SSL to thus ensure their own SSL doesn't get a half-baked SSL logo, and that 3rd party could then load all kinds of c*** into the website, and the little 'ole user wouldn't know any different. In fact they'd think the connection was secure.

Probably this is a good thing long-term because if you've spent any time reading Hacker2600 you'll know internet security is about as strong as your "pa55w0rd" and it will force webmasters to actually look at whether extra codes that might have been forgotten about get used in the future - particularly if those code providers don't have SSL available on their website and it's stopping the webmaster getting implemented properly.

What would be really good is if Google used it's position to do an instruction video on the importance of strong passwords and delivered them to their entire customer base, because https is only as secure as the webmaster is diligent in policing it.
1:00 pm on Sept 15, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


The only thing SSL does is protect information during transmission, after which the information is unencrypted. I believe most data that's hacked is hacked after it's been unencrypted. In fact, I don't recall ever seeing someone hack data in transit. So for real security, SSL is pretty much worthless.

Nevertheless, SSL is generally accepted as being strong security for visitors transmitting personal information. So Google's playing to that, as well as consumer's misconceptions. It's likely even Google believes that SSL is protecting information - their site uses SSL.

Secondly, EV SSL certs pretty much gaurantee both a real proven entity and physical location, confirmed by a second unrelated entity. And in terms of security THAT is a big step forward. Which is why as I've noted already, I would go with an EV SSL cert over a regular cert. Google's not claiming to care about EV vs. non-EV certs yet, but if I was a betting man, I give it 2 years before we actually see a measurable shift towards this, particularly on any sort of ecommerce searches.
2:13 pm on Sept 15, 2014 (gmt 0)

Junior Member from IT 

10+ Year Member

joined:Oct 22, 2002
posts:127
votes: 0


Wheel, you're absolutely right. In fact EV SSL where a cross-cheque is done with issuing server would seem to me something that should have been standard out of the box.

One day I believe Google will also see the value because when I was checking a few months ago their own products don't use EV. ;)
12:04 am on Sept 16, 2014 (gmt 0)

New User

10+ Year Member

joined:May 6, 2003
posts: 8
votes: 0


- Google cares about Sitespeed
- Google cares about SSL
- SSL implementation slows down your site
- Which signal is more valuable, and is there a trade-off here?
5:01 am on Sept 16, 2014 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:June 19, 2005
posts: 369
votes: 18


naicul, SSL will give a very small performance hit. Not too concerning.
7:34 am on Sept 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 19, 2008
posts:1334
votes: 119


Google said this carries “less weight than other signals such as high-quality content.”


This makes me listen! Just the fact to set this two things in comparison is something think about SSL. Panda seems more about site issues, site safty and trust then about content.

Second with every signal the add to panda score the other signals will loose steenght in regard of the 100% panda score. So if your site has lack of some new signals this will make your site to have a smaller panda score.
There is no asking about weight of SSL in panda score, there is the question how many lacks is the maximum to break through a treshold.
6:52 pm on Sept 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


>>>>- Google cares about Sitespeed
- Google cares about SSL
- SSL implementation slows down your site
- Which signal is more valuable, and is there a trade-off here?

Today, site speed should win hands down. And it's because of Google. IT's been shown repeatedly that a fast loading site makes a difference in user conversions - that's why you speed it up.

SSL will produce comparatively little no decrease - not enough that it should be a worry. Much more important would be to go through your site and get rid of whitespace in html, optimize images, js and css, tweak apache and mysql, and maybe throw some faster hard drives at it.

The computing power required to encrypt a page using SSL should be not noticeable on a half-assed tweaked website/server. Go run your site through webpagetest.org.
9:35 pm on Sept 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1191
votes: 41


I put an EVSSL cert on a major site a few weeks ago and it fell two places for it's main search term to page 2 last week with no other changes.

At the same time I stripped another page one site to the bones and made it superfast loading. Last week it rose two places for a very useful search term. The problem is that it's no longer the bright, all-singing, all-dancing site it was and conversions have plummeted so earnings have fallen to far less than it achieved before my vandalism. No doubt it will drop in the SERPs again as a result of the much higher bounce rate.

Oh, the many joys of SEO. Still, it's better than working for a living.
9:59 pm on Sept 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


Don't confuse correlation with causation. Maybe you were on track for a larger ranking drop, and the changes saved you from that. Or maybe the changes you made had no impact on the ranking drop.
6:33 am on Sept 17, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 19, 2008
posts:1334
votes: 119


Sc2, i canīt imagine that a SSL certificate will drop your site 2 places. Ist falling donw the drain, nothing will happen or your site will get a boost. But not two places. That sounds like īserps noise.

I have to agree with wheel. All the signs seems to say, loading Speed, coding style ( White spaces, JavaScript compression ... ).
I thought i was fine with my site. And every time i go through my code if can find many, manyy things to do better. Standing still is going backwards! ( and i donīt Support Google now, i think it is the only way to compete with the big guys. )
All the low Content sites i see have one Thing in common: they are of pretty low html. I guess there is not much more than 50 rows of doing.

Back to SSL. I guess this is a sign of Profession. MOst of MFA, linking pages and i do it in the evening after my work webshops will not implement a SSL, because it is too expensive. MOst of this site use Hostings with 1 buck a month for unlimited traffic and 1 GB space. IN most cases a SSL will not be installable on this small accounts. Hence, wheather it is good or not but this makes the web a big step smaller as many Hobby sites will disappear again. Or Google will distinguish between Shopping/hobby/info sites?!
2:16 pm on Sept 17, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member editorialguy is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 28, 2013
posts:3464
votes: 777


Hence, wheather it is good or not but this makes the web a big step smaller as many Hobby sites will disappear again. Or Google will distinguish between Shopping/hobby/info sites?!


I think it's more likely that HTTPS will simply become the default, and hosting services that want to stay in business will offer it to everyone--including hobbyists, personal bloggers, and the like.
3:15 am on Sept 22, 2014 (gmt 0)

New User from AL 

joined:Sept 22, 2014
posts:3
votes: 0


Does anyone know if you need to get the certificates from your current hosting company or can you buy ones from say <a discount registrar> and still use okay? My current host is like Ģ160yr per domain.. :
.

[edited by: Robert_Charlton at 5:06 am (utc) on Sep 22, 2014]
[edit reason] removed specific discount registrar name, per forum Charter [/edit]

This 190 message thread spans 7 pages: 190
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members