Google prioritises secure sites

Google have announced they will begin prioritising secure websites in their search results pages, so awarding a higher placement to those company sites that take steps to secure their site from hackers.  Encryption for example (protection for data so only authorised users can access it).  Sites with https (‘s’ for secure) currently make up around 56% of websites.


Google’s desire is to encourage all website owners to switch from HTTP to HTTPS.  The ultimate aim is to provide safety on the web, protect users privacy and ensure sites and users are not compromised.  People using Google Search, Gmail and Google Drive for example will automatically have a secure connection to Google.  For the future however, Google will strive for all websites accessed through their search pages to also be secure, increasing safety on the internet as a whole.
If Google are now using https as a ranking signal, should we be worried about a fall in rankings if our sites are not secure?
Simple answer – no, not at this stage:
“For now it’s only a very lightweight signal – affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content – while we give webmasters time to switch to HTTPS,” Google’s Zineb Ait Bahajji and Gary Illyes say in a recent blog post.
Overtime, they may decide to strengthen the algorithm once webmasters begin to adopt https as default.  In the meantime, Google are providing help to website owners/developers to prevent and resolve any possible security issues on their site.
Google explain in this (quite technical) video why they are calling for “https everywhere” – in a nutshell, they call for all communications to be secured as default.  In short, Google discuss 3 main considerations:
  1. Authentication – are you really talking to who they claim to be (i.e. the right server)
  2. Data Integrity – has anyone tampered with the data? (ensure it’s not changed or modified whilst in transit between servers)
  3. Encryption – Can anyone see my conversation? (protect communications from eavesdroppers)
Google see all three as equally critical and warn if you use unprotected wifi connections in public places for example, passive attackers could listen in and collect data.
Google mention in blogs they plan to provide best practices for websites soon, to make adding encryption easier for companies.  For companies already using https, this link helps you check the security level and performance.
Clunk-click every trip – a lock symbol in your browser window keeps data safe.