Google SSL Ranking Factor – the Why, What, and How

Google SSL Ranking

Yesterday, Google officially announced that sites with SSL (https) would get a bump in rankings. Multiple news sites ran it like it had to be done tomorrow. All manner of developer forums lit up with folks asking how to do it. And a few of us, said “not so fast!” The media circus on this will be going for at least another year. Here’s a follow up on yesterday’s post with more info and things to consider before you make this move to HTTPS.

A Cautionary Tale

Here’s my original post on this topic, advising that folks should take a moment to consider the bigger picture.

SSL as a Google Ranking Signal – What You Need to Know Now

In it mentioned several caveats without explanation. Most of them can be fixed, but require either research or more investment.

What I was mainly wanting to address in that post, and in a hurry, were the folks having a knee jerk reaction and leaping before looking by just getting an SSL certificate and changing all of their permalinks over from http to https and then having to fix all of the issues I mentioned after the fact.

A minute of planning is worth an hour of troubleshooting.

Today I want to go more in-depth about what’s really going on, and give you some resources to help you make a good decision for your site and avoid expensive pitfalls.

Is HTTPS More Secure?

Yes, but… It’s an encrypted connection. It makes trading info back and forth between a site and a visitor safe from middle man attacks.

Let’s have an example of that. You’ve heard of computer hacks where someone can record all of your keystrokes? That’s a middle man attack.

Sites that take transactions, like credit cards, have to use the highest level of SSL certificate to ensure that the information they are being given by the visitor remains private.

And that’s also why a lot of site owners use services like PayPal. Let them worry about the security. That’s also smart.

The Other Side of HTTPS

Security goes both ways. If a visitor wants to download a file from your site, if it’s over an HTTPS connection, there are no middle man hacks.

But, that does not guarantee the file is free from malicious code. It could still infect your computer, or other device you’re downloading it to.

So, is it worth having an SSL certificate for folks to get a PDF from you?

Hasn’t been so far. But that may change. More on that in a moment.

Does it make reading your blog post safer? Not really.

You’re still going to start hearing more about why your blog-only site needs SSL anyway. In fact, you’re going to hear 100s of opinions about this from all manner of “experts” for at least another year. And all of those opinions are not going to be in agreement. In fact, they will be from one end of the spectrum to the other.

Google’s Looking Out for Google

Here’s a quote that got overlooked in yesterday’s announcement from Google.

“We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.”

So, it makes sense that Google wants you to just stay secure the whole time you’re connecting with them. That ensures there are no middle man attacks when you jump between their products.

Follow the Money

Think about it. Google makes money from the premium version of Google Apps. And those products are specifically geared to appeal to businesses with teams that want to get rid of the expense of buying Microsoft Office products.

To encourage folks to store everything in the cloud, including spreadsheets, emails, and other documents that may contain sensitive information, security has to be a top priority for Google.

Rise in Middle Man Attacks

We are in the midst of the highest sustained bot attack in history, and it’s still growing.

For the last several months, I’ve been encouraging folks to shut of XML-RPC completely on their site.

For the last several weeks I’ve been encouraging folks to shut down unsecured FTP accounts and ensure that they are retrieving their email via an encrypted connection.

Middle man attacks are on the rise.

Jumping from encrypted site to encrypted site as you surf the web and then grab email from an encrypted source and then go to an encrypted file storage, like Google Drive, helps keep you secure.

And that’s one of the reasons some folks have been screaming for years that all sites should be encrypted as https from the get go.

Google makes things like authorship, publishership, and now encryption a ranking factor to drive adoption.

Who Has to Have SSL Already

Any site that is taking transactions, like e-comm stores and payment gateways, are required to have an SSL certificate.

And some folks think those are the only types of sites that will ever need them. While true, that may be changing due to the middle man attacks and other factors.

The Caveats

If you made your site secure from the onset, good for you! You’re ahead of the game already. And now you get brownie points and a pat on the head from Google too.

If your site is not on https already, here’s more of what you need to consider.

Do it Because it’s Right For You

First, don’t make this change because of the ranking factor bump alone.

The original release from Google stated that it is a minor ranking factor, and that the might at some point give it more weight. If you read other reports from major news services, they make it sound like it’s a mandate from Google and factors big in ranking. Not so.

Permalinks

Changing permalinks is no small thing, whether it’s to https or just another permalink structure.

First, you have to change all the links on your site, including pages, posts, uploads, css, javascript, everything.

Until you can get all of that done, and maybe even after, you have to set up redirects. (There are a LOT of varying opinions on this.) That can be accomplished a lot of ways, perhaps one of the best is via the .htaccess file. And then change your URLs in Settings > General. (There are a LOT of varying opinions on this too.)

Then, refresh your XML and HTML sitemaps. Then submit the new sitemap to Google Webmaster Tools. Your old permalinks will still show up in SERPs until Google finishes indexing to show the new ones. And if someone clicks one of those links, they will be redirected to the new page.

A redirect means that there are more requests. Most performance graders don’t like too many redirects.

And redirects take more time to deliver the page. It may a super small time, but it’s there. Depends on your server and database, and a whole host of other factors.

After a while, Google will have re-indexed all of your pages and visitors will have updated their bookmarks and it will not be much of a factor. But that does take time.

(More on redirects from Yoast in a moment.)

SSL Speed

Google is encouraging folks to use the TLS (Transport Layer Security) way of delivering encrypted pages.

Here’s what they said in their announcement.

“In the coming weeks, we’ll publish detailed best practices (we’ll add a link to it from here) to make TLS adoption easier, and to avoid common mistakes.” (emphasis added)

For a long time, establishing a connection over an encrypted channel caused a speed issue. Only with advancements in tech, hardware, and faster ISP has that improved.

Even so, you need to help it out a bit.

SPDY  is an open-source protocol has been developed that offers better data compression, among other things, thus faster delivery.

To give you a relatable example, when .mp3 compression came along, music downloads stopped taking forever and sites like iTunes boomed. Same with the compression types used over the years by YouTube. Now it’s so good, and base ISP and wi-fi speeds are so fast, that they can deliver HD video quality.

The bottom line is that you have to make sure you have the proper compression available so that your new https pages don’t take a performance nose dive and lose ranking.

Costs

The prices for SSL certificates are all over the place.

And, there are different types of certificates.

One type is Shared, and this is the most common type that hosts offer for free. It’s “shared” because it is a blanket certificate, and not just for you. It is also the least secure of them.

This is the type of SSL certificate that everyone went scampering after when Facebook required content for gated pages to be encrypted.

More on costs in the next sections.

Integrating with Other Services

You may need to either get a static IP address for your site, which is an extra cost at some hosts. Or, check to see if your host supports Server Name Indication.

If you’re using a CDN like CloudFlare, the free version does not accept SSL encrypted sites. You have to get at least the $20/mo plan for that. And Amazon CloudFront CDN is even higher, to the tune of $600/mo for some setups (so I’m told, trying to verify this)

UPDATE: CloudFlare just announced they would make SSL available for free accounts beginning in mid October!
Read Google Now Factoring HTTPS Support Into Ranking; CloudFlare On Track to Make it Free and Easy

Code Breaking

Some existing code on your site may not play so well with SSL.

Joost de Valk (Yoast) has a nice post about moving his site to SSL back in April, shortly after Matt Cutts announced he would “love to make it part of the ranking algorithm.”

Here’s what he said about internal links and redirects:

“All of your internal links should start to use https, not just to pages, but for images, JavaScript, CSS, etc. This means going through your theme with a fine comb and cleaning all of those up. Of course you can have your web server redirect http to https (more on that below), but not having to do the redirect is a lot cheaper.”

Yoast mentions many other implementations and integrations that he made to make the site run fast and smooth with SSL. You’ll want to at least scan that post, even if you don’t fully understand all of the tech, just to see what it takes to make SSL work well on a converted site.

More Conversations

As mentioned already, you’re going to see a plethora of posts on this topic for another year as the conversation about online security escalates.

And, you’re going to see opinions from both sides, in the middle, and every place in between. It’s almost as divisive as talking religion at dinner. Folks hold these opinions with passion, whether they know what they’re talking about or not. And yes, even highly regarded experts have been known to be wrong on occasion.

Plus, there are lots of designers, developers, coders, security and web specialists who are drooling right now. All they see are the $$$$ of folks who will hire them to get their sites converted. They will NEVER tell you it’s not a good idea for your site. They will also never tell you the color bright orange isn’t a good background either. They are going to deliver what you pay them to deliver. Knowing what and why is up to you.

Do What’s Right For You

You’ll have to make up your own mind about what’s best for your site. At this time, I will not be converting BlogAid to SSL. That’s not to say that I won’t build a new client site from the ground up without it, though. That’s different.

I’ll keep you posted as I consider more data coming in about security, and Google’s motives, including how much this is going to line their pockets and those of their shareholders.

I can tell you now that I won’t be chasing the bump in rankings for this. It’s not a good enough reason for my site or my niche. I’ll let you know if that changes.

I’ll also be periodically updating this post as news is released, or security changes happen. If you see something out of date, please let me know. It’s changing rapidly.

Share on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on FacebookShare on TumblrShare on RedditBuffer this pageShare on StumbleUpon

SSL as a Google Ranking Signal – What You Need to Know Now

Google SSL and HTTPS Cheese

We all want secure sites. A big part of my business is helping folks do that. But, the new SSL ranking factor is NOT something you want to jump into lightly. In fact, you need to seriously consider the bigger picture before you make any changes this drastic to your site. Read on for what you need to know before you do anything.

UPDATE: Take a more in-depth look with my follow up post
Google SSL Ranking Factor – the Why, What, and How

[Read more...]

Share on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on FacebookShare on TumblrShare on RedditBuffer this pageShare on StumbleUpon

Noindex Hide Page from Google and Sitemaps

The WordPress SEO plugin has 5 settings that make it super easy to keep special site pages out of search. for example, special sales pages or membership pages. They can be hidden from both your HTML and XML sitemaps. See how to do it in this quick video tutorial.


This is same kind of SEO info I teach in my 1-on-1 training classes.
And there are plenty more videos just like this
in the full BlogAid Video Tutorial Library.


Share on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on FacebookShare on TumblrShare on RedditBuffer this pageShare on StumbleUpon

Upgrade to Google Universal Analytics

Google Universal Analytics Logo

Google Analytics will soon be known as Universal Analytics. There are two steps to upgrade. Plus, there are several ways to connect analytics to your website. This is not something you want to put off, as Google will eventually deprecate the old analytics code. I’ll show you a quick way to check your analytics account and site code, as well as do updates to your site. [Read more...]

Share on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on FacebookShare on TumblrShare on RedditBuffer this pageShare on StumbleUpon

Google Penalizes Authorship Markup Abuse

Schema markup for authorship – it’s time for you to get serious about adding the proper tags to your site or face a Google penalty. Google now considers any page tagged with authorship code as rich snippet spam. There is a simple way for you to get right with Google. And I’ll show you how in this quick video.

The full transcript is below the video.


See the full BlogAid Video Tutorial Library


[Read more...]

Share on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on FacebookShare on TumblrShare on RedditBuffer this pageShare on StumbleUpon

Microdata Essentials – Practical Examples You Can Use Now

Microdata RevolutionAdding microdata to your site’s content is a super way to make it stand out in search results. The most basic microdata properties can be added globally by your theme. But, you’ll want to get more specific than that for high-profile content on your site, such as your About page, events that you’re hosting like webinars, and products that you offer and/or review.

There are tools and tips galore to help you do that. There are even plugins for it. I’ll be covering several of those tools and plugins in detail in later posts.

But to pick the right tool for you, and get the most out of it, you’ll first want to know what you can do with microdata. So, in this post I want to help you understand the inner workings of microdata.

I know you’ll be as fired up as I am about all that you can do with it. I suggest you get a notepad handy to jot down all the ideas this is going to give you!

Here we go.

[Read more...]

Share on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on FacebookShare on TumblrShare on RedditBuffer this pageShare on StumbleUpon