Why website security matters for SEO

Google is keen on promoting the use of secure, encrypted connections by websites, in order to make the Internet safer. Back in 2014, Google announced that HTTPS would become a ranking signal. In other words, whether or not your website uses HTTPS could affect its position in the search results.

 

What is HTTPS?

When you use the Internet, a lot of information is passed between web servers and clients. If this information is passed over a standard HTTP connection (i.e. the URL starts with http://), it is possible for a third, unauthorised party to observe the information passed between your device and the website you are interacting with. Most of this information is unimportant and not of interest. But what if that information is your password, or your credit card number? You would want to be passing that information over a secure, encrypted connection to make sure that no third party is able to view it. HTTPS connections (the URL starts with https://) encrypt data so that an unauthorised party can’t view it. The HTTPS connection also provides authentication to ensure that you are only communicating with the intended website. 

 

Why do I need it?

If your website handles sensitive information, like credit card numbers or other personal information, using HTTPS to secure your connections is an absolute must. Previously, only websites handing sensitive communications were considered to need encrypted connections. However, using HTTPS also protects the integrity of your website. It prevents intruders from tampering with the communications between your website and your users, for example, by injecting ads or other code into pages which could create security vulnerabilities. In addition, an intruder could use a user’s view of your unprotected website to make inferences about their behaviour, or potentially de-anonymise their identities.

Using HTTPS also increases user trust. It protects against man-in-the-middle attacks and proves to users that they are communicating with the intended website. Even if you don’t handle sensitive data, there is an argument for protecting your website and your users by using HTTPS.

 

What are Google doing?

Google is encouraging the use of HTTPS by making it a ranking signal. With all else equal, in theory a website which uses HTTPS will rank higher than one which does not.

Additionally, users using the Chrome browser made by Google will also receive warnings about unsecure content. If your website is not using HTTPS and it has forms for users to fill out (including search boxes!), Chrome will display a “Not Secure” warning in the address bar to alert users. Google plans to intentionally show this warning for all sites not using HTTPS, whether they have forms or not.

 

How does it affect SEO?

Hopefully positively in the long run! Migrating a site from HTTP to HTTPS is considered a change of URL by Google, so it can cause some turbulence in the rankings initially. This should be a short-term fluctuation and will settle down. As HTTPS is a ranking signal, it should have an overall positive effect on rankings, not to mention the other benefits which come from increased user trust. It is important however to track your ranking and traffic data before and after a migration, and to ensure that tools such as Google Search Console are updated, and that is where a professional SEO team may be able to help.