Google recently announced a new factor they are considering when ranking organic search results that every website owner should pay close attention to since it’s VERY rare that Google tells the public these types of algorithmic details.

Here is the official announcement from Google, but all you really need to know is that they are now ranking websites that use HTTPS higher.

What it Means for Website Owners

HTTPS is the protocol that’s used to secure website traffic. When you make a payment online or visit certain websites, you may have noticed that a little padlock icon shows up in the address bar and sometimes it even turns green – these are ways to indicate that the page you are using is secure.

When a webpage is considered “secure,” it means that the data going back and forth between the user’s computer and website is encrypted. A website owner makes areas of their website secure by purchasing, installing, and configuring what’s called a Security Certificate.

Making sure that the submission of financial information like credit card or bank account numbers is secure has been a standard practice for quite some time, but Google is now saying that they want ALL website traffic to be secure and protected, regardless of whether or not they are collecting sensitive information.

This means that even if you use a third party service to accept payments on your behalf, like Pay Pal, Etsy, or something else, you still need to have the rest of your website secured via HTTPS – even if you’re just publishing blog posts. EVERY SINGLE PAGE on your website should have the little padlock icon come up in the address bar and the the web address should begin with “https://” and not “http://” like it probably does now.

How to Make the Change in 3 Steps

There’s a few things that need to be done before you can make your website secure, we’ll look at them one by one.

First, you need to get a digital Security Certificate, which is really just a file that enables the encryption (it’s not a paper certificate). Some good providers to consider are Symantec, Thawte, RapidSSL, or Comodo. Some hosting providers can also provide the certificate so you can check with them too. Knowing what type of certificate you need (single domain, multi-domain, or wildcard) or what is best for your situation should be determined by someone who understands the technical implications of each and what your needs are. However, you should always be certain to use a 2048-bit key certificate.

Next, you will need to install the certificate on your web server. The steps for installation vary depending on the type of certificate, operating system running on your web server, and other factors so we won’t get into those details here. Suffice it to say that unless you’re VERY comfortable working on your web server you probably shouldn’t be the person doing this because a very small mistake can cause a substantial problem. Leave this to the techies.

Finally, you’ll need to make sure you website is configured and updated properly to work with the changes because as mentioned before, once the certificate is installed, your website will no longer use links that begin with “http://”,they will all begin with “https://.” That means that any links you may have had on your site that point to other pages or posts that used the non-secure http url scheme will NO LONGER WORK and users will instead see a Error 404 Page Not Found if they to load that page.

That’s obviously not what you want for your users, but it’s also not what you want for search engines. Left in the above situation, when Google crawls your site it will also receive that error and assume that the page no longer exists (which it doesn’t, the secure version is considered a new page). If this occurs then at BEST your search engine ranking will fall and it’s very likely that your website or pages on your website will be de-indexed completely, which means Google will treat them as if they do not exist and won’t display them to a user.

No bueno.

To prevent that sort of catastrophe, you need to redirect all your links so if the non-secure HTTP version of the page is requested from the web server it’s smart enough to know that it should return the secured HTTPS version.

This should be accomplished by editing the HTACCESS file on your Linux web server and including site wide url redirect to the new secure pages using a 301 status code. The code is below:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]

If that last paragraph and the code after it caused the least bit of confusion, you should NOT be the one doing it because you can very quickly shut down your entire server. (*cough* we does that sort of thing for our clients you know. *cough*)

What if I Don’t Make My Website Secure?

Hey, you can always do nothing, right? What happens if you just ignore it and keep everything the way it is?

It depends. Since most website owners won’t even be aware of this update and will do nothing, if you also do nothing then the net effect on rankings will be zero since you’ll all be equally de-valued.

If some of your competitors make the change and you don’t, then they will simply receive the benefit and you will not. Will that effect your rankings FOR SURE? It depends on how close Google considers you and your competitors in comparison to one another right now. If you are considered significantly better by Google now, then this likely won’t be a strong enough variable to move your rankings one way or the other, but if you’re close to a competitor then it absolutely could (that is EXACTLY what Google is saying in their announcement).

The tricky thing is, you have no way of knowing if not taking action will hurt your site rankings until it’s too late. You do know that it will hurt your site, that is a given, you just don’t know how badly it will be hurt. Since Google also said in the announcement that they will be placing increased importance on the security level of your site in the future, I think it’s a pretty easy call whether you should take some action now while Google is offering a “grace period” of sorts rather than waiting for your site to fall and hope it comes back.

How OUR Clients Can Protect Their Rankings

If you’re a client of ours and you want to make sure your website complies with the updated Google policy and that everything is setup and configured correctly, follow the steps below:

  1. Contact your Account Advisor and tell them, “Make it so!”
  2. Go get a latte and congratulate yourself on completing your portion of the work. We’ll take care of everything else.


Enlightened Owl Digital Logo White - Madison, WI Web Design


100 Commons Rd. Suite 7-104
Dripping Springs, TX 78620