Revenge of Black Hat SEO: What is the Bait & Switch Technique?Read Story
Security has always been a top priority for Google, be it for their company and services, or for users. The company invests a lot to ensure they are using industry-leading security, such as having strong HTTPS encryption by default.
By the look of things, that commitment to security is only seen to get stronger, as the tech giant is now sending notifications to some webmasters about their security certificate settings.
As first posted by @MediaWyse on Twitter, Google is now sending notifications about the mismatch between a site’s SSL (Secure Sockets Layer) /TSL (Transport Layer Security) certificate and its domain name.
“Google has detected that the current SSL/TLS certificate used on [domain] does not include [domain] domain name,” read part of the email.
“This means that your web site is not perceived as secure by some browsers.”
“As a result, many web browsers will block users accessing your site by displaying a security warning message. This is done to protect users browsing behavior from being intercepted by a third party, which can happen on sites that are not secure,” it continued.
Google Webmaster Trends Analyst Zineb Ait Bahajji confirmed that Google is indeed sending these notifications, saying they are now “…letting users know about issues with their TLS certs.”
We can expect to see more of these SSL/TLS warnings from the search giant. We can also expect they would be stricter when it comes to the ranking boost for HTTPS sites.
HTTPS errors currently do not affect the possibility of a site getting an HTTPS ranking boost. The email notification is interesting, though, as it tells us two things: 1) Google wants you to know if there are issues with your site’s SSL/TSL certificates, and 2) They know about it.
This could mean Google will update their HTTPS algorithm soon to not give a ranking boost to pages/sites with SSL/TSL problems. Apart from the mismatch of the site’s security certificates and domain name, SSL/TSL issues that now have warnings include those with expired, invalid, wrong date or incorrect settings.
When Google first said HTTPS would be a ranking signal, many webmasters jumped on the opportunity and switched to HTTPS, given that it was basically a free ranking boost.
Google did say that, for now, it’s a signal that does not carry a lot of weight—affecting less than 1% of global queries. High-quality content is still at the top. Webmaster Trends Analyst Gary Illyes further explained that HTTPS acts more as a tie-breaker in the search engine results pages if and when two websites have the same rankings.
Moz sort of supports this claim with its 2015 Search Engine Ranking Factors Study. One of the findings explain that while page length, hreflang use, international targeting, and total number of links show moderate association with Google rankings, HTTPS has a “very low positive correlation.”
The debate is still on among pundits whether HTTPS should be a ranking factor. In October 2014, Bing almost laughed at the idea that sites using HTTPS will get a ranking boost. Google, however, feels otherwise.
In support of Google’s position, even the White House thinks HTTPS should be the standard for all publicly-available government websites.
For their part, Google did say that over time, they may decide to strengthen the impact of HTTPS in search rankings. This is to encourage all webmasters and site owners to switch from HTTP to HTTPS to keep everyone safe online.
Ranking boost or not, it’s always best to err on the side of caution and make your sites more secure. If your site is already using HTTPS, you can test its settings and security level with the Qualys SSL Lab Tool.
SEOs once again might want to start thinking about switching their sites to secure again, as many stopped working on it once it became known the boost for secure sites was fairly miniscule.
For more information on how you can boost your site’s security and performance, simply get in touch with us. Our partners are more than happy to answer your queries.