Site not secure? Google confirms it will punish you with lower search rank


An interesting post appeared yesterday in the official Google Online Security and Webmaster Central blogs which confirms that in an effort to "make the Internet safer" it has been testing a system which looks at "whether sites use secure, encrypted connections as a signal in our search ranking algorithms." This follows calls for HTTPS everywhere at the recent Google I/O a few months back.

Google says is has seen positive results, and is now actually using HTTPS as a ranking signal albeit a "very lightweight" one which only impacts <1% of queries. Nonetheless, the intention is now clear that this will be the way forward and the signal will most likely be given more weight once website owners have had fair chance to make the move from HTTP to HTTPS.

Keep an eye open for official announcements from Google in the coming weeks, including best practice advise such as using 2048-bit key certificates and relative URLs for resources that reside on the same secure domain (using protocol relative URLs for all other domains.)

Mark Sparshott, a director at security vendor Proofpoint, says "I welcome Google's move to use HTTPS as ranking signal and downgrade those sites that are not encrypting connections to their visitors but caution that the minimal scope and weighting Google are applying may not be enough of a deterrent for poor security best practice yet."

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

rogerandre 0 Newbie Poster

As a non web designer and on top of that, not having the will to deal with web designers; was using the likes of Wix premium a safe desicion? I'm also thinking of Weebly and Squarespace here.

PixelatedKarma 65 Junior Poster in Training Featured Poster

Ahhh Davey you beat me to it! I think this is really great news overall for the internet, its users, and most importantly user privacy.

Unfortunately I do fear that this will be the beginning of the end of websites built "just because" - ie. fan sites, hobby sites, etc. Not many of these people are going to want to pony up an additional $100+ a year for an SSL certificate plus the money for a dedicated IP to work with that SSL cert.

On the bright side it may help boost web site design and development companies sales because the average user probably won't want to spend the time buying an SSL certificate or making a self signed certificate.

@Rogerandre - all those Companies will be able to help you get an https site and walk you through the process if not do it themselves for you.

Dani 2,416 The Queen of DaniWeb Administrator Featured Poster Premium Member

There's a discussion about this in our SEO forums and I seem to be the only one who is against the whole idea.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.