Google SSL(2)

It’s very rare that you get an admission from Google that any one thing will affect your search engine rankings positively. Usually the company’s advice is along the lines of “just do some really good stuff and y’know, we’ll see”. Of course, for SEO companies this is problematic because they say they help you increase your rankings but they can’t give you a blueprint for doing it; there’s no step-by-step rules endorsed by Google that they can point you to.


There are apparently 200 factors that Google takes into account when ranking your site, most of which the company has never specifically confirmed or denied. It’s really just a list of things that people have found works. It’s not very scientific, so for Google to come straight out and say something *does* work is rare.

However, what they’ve now said is that secure websites (i.e. those with a secure connection using a valid SSL certificate) will get better rankings.

This is, on the face of it, a fairly good move. There will be arguments against it, but let’s cover the good points first and then we can get all negative later.

The Good

Secure sites are a pretty good idea. What they do is ensure that the data between your browser and the server where the website is hosted is encrypted. Some might wonder why this is even necessary, but think about this; every time you fill out a form on the web and type in some data, that data is being sent to a web server somewhere.

If the connection isn’t encrypted then that information is sent in plain text. Not normally a problem, but this means that the text can be read by nefarious types and, therefore, copied. Probably not an issue in most instances, but any data that could be used to identify you could also be used against you.

What’s more collecting this data is pretty easy to do. There is software available that will monitor networks (for example in a cafe with wireless access), pick up on transmitted data and store all the plain text it finds. This data could include passwords, your address, your usernames and other personally sensitive information.

Most websites that store important data do indeed encrypt it properly, especially when taking payment information so that’s fairly safe, but others might not.

By securing the transmission of data between the browser and the website, you’re making it almost impossible for anyone to use that data. I say “almost” impossible because in theory, it’s absolutely not possible for anyone to decrypt the data, but technology is horribly complex and when you say something is impossible you usually find a bunch of people trying to prove you wrong. But it’s difficult enough that it’s become the standard way of securing connections.

Google has therefore decided that these sites are safer for everyone and by having a security certificate you’re proving to them that you take your customer’s data seriously. As a result, they’ll reward you with better rankings.

The Bad

Yet more cost. Actually adding a security certificate to your site isn’t exactly trivial. You don’t just buy one from Staples and upload it. They have to be issued and they have to be installed properly – and that has to be done by your web host (ideally), so it’s going to cost you around £100 to get it done.

It’s also yet another thing that small businesses, run by people who aren’t really web savvy have got to worry about. It’s bad enough having to deal with all the other technical difficulties of running a website – having to do this as well is just adding to the work.

There’s also the speed issues. SSL requires more processing to work. A non-encrypted site simply has to pass the data straight to the person requesting it. On SSL it’s all got to be encrypted and then the browser has to decrypt it, which takes time. Not much time, but slower computers may struggle and on the web server side, there’s likely to be some delays too (especially on shared servers that host lots of sites). I imagine the processor overhead of all that could mean some hosting companies having to consider upgrading.

There’s also the problem that with such an announcement there will be people out there wanting to take advantage of a new “business opportunity” to offer advice and support for a hefty fee.

So should it be done?

Google’s made its announcement and actually, it’s a fairly good move. Cyber attacks are on the increase, they’re in the news all the time and our data is becoming more valuable to good as well as bad people. Any attempt to try to protect us is a good one in my view.

Google has also said that it’s not making the changes just yet but is giving people time to install their certificates so it will bring the changes in gradually.

So the upshot is, yes, you should do this and you should do it by talking to your hosting company first and foremost. The rewards will be a more trustworthy website and maybe, just maybe, a little boost to the rankings from our friend Google.