Gary Illyes and Zineb Ait Bahajji, from the Google’s Webmaster Trends Analysis team, published yesterday a post in the company’s security blog announcing that sites that are protected with SSL certificates will be ranked up in search results.
«Security is a top priority for Google», ensures the announcement in which the company based in California gave more details about this change. With the aim of improve users experience and security, Google has started to test this new ranking model some weeks ago.
TLS, or Transport Layer Security, is a cryptographic protocol designed to provide communication security over the Internet. Also known as «HTTPS» or «secure HTTP», TLS and its predecessor (SSL) were designed to allow users to exchange data with web-sites safely.
Tests suggest that, so far, only 1% of global queries were affected. Google plans to start rolling this feature accross the web in the next weeks, in order to allow webmasters to switch to HTTPS.
In the coming weeks, the Google team will publish detailed best practices to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate (aka *.domain.com).
- Use 2048-bit key certificates.
- Use relative URLs for resources that reside on the same secure domain.
- Use protocol relative URLs for all other domains.
- Check out our Site move article for more guidelines on how to change your website’s address.
- Don’t block your HTTPS site from crawling using robots.txt.
Recently, thousands of sites were affected with the heartbleed bug that allowed secure communications to be intercepted by an attacker.
If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool.
See you soon!