Why is Google Promoting SSL Certificates?

SSL Certificates have been a key part of E-Commerce solutions since they first were created.  Encrypting data has been extremely important for anything that calls for secure information. But suddenly, your web host is suggesting an SSL Certificate for your Search Engine Optimization (SEO). Why would Google care about an SSL Certificate on something that contains no secure information?

On August 5, 2014, the New York Times reported: "A mysterious Russian crime gang has amassed the largest ever cache of stolen website passwords – over a billion – which were swiped, one way or another, from poorly secured user databases, it's claimed." (original article: http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=0). The gang in question accomplished this by hacking websites using a well known technique called an SQL Injection. This tactic finds vulnerability in websites containing MySQL databases and injects codes into the site or database to access information stored in the website. Shortly after this, Google (who has always been an advocate of SSL Certificates in regard to security), started broadcasting that they will give a minor SEO boost to sites who have an SSL Certificate as it is one of the best ways to prevent SQL Injections.

So, the big question is: Should you rush out immediately and get an SSL Certificate?

Not necessarily. While Google is giving a small boost for SSL Certificates, it is small compared to the ranking achieved through normal white-hat techniques. If you're just doing it for the SEO benefit, the answer should be no. Here's some simple questions that will help you decide:

  • What kind of information does your website provide? Is it information that could be devastating in the wrong hands?
  • Do you have a database website?
  • Do you have a secure log-in area?
  • Do you have a back-end or Content Management System?

If you say  yes to any of these questions, you may want to consider an SSL Certificate. Otherwise, you probably will be ok without one.

So how do you keep your site safe?

Checking your site for vulnerabilities and fixing them regularly is the best way to keep your site safe. If you also choose to purchase an SSL Certificate, Google suggest the following:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible

Having an SSL Certificate can never hurt your site, but it is an investment and you need to make sure that you communicate properly to Google about the change in domain structure (http vs. https). It requires monitoring of your analytics to ensure that your site has successfully transferred to the new secure domain without harming your current ranking.

Tell us what you think: Do you feel the SEO benefit is worth the price of an SSL Certificate?