Google is so much more than search
For years, Google’s relentless focus on continually improving user experiences has led them down many paths other than simply search.
We have witnessed them enter the analytics market back in 2005 with their purchase of Urchin, create Google Webmaster Tools (now Google Search Console) in 2006, and introduce the Chrome browser back in 2008. In the last few years, their search algorithm updates - Google Panda in 2011, Google Penguin in 2012 and Google Hummingbird in 2013, as well as pushing AMP in 2016 have all aimed to improve the experience for users.
After kicking around SEO discussion boards for a couple of years, security is now firmly in Google’s sights.
Google’s ‘security princess’ Parisa Tabriz, showing Google’s intent to fight non-encrypted sites.
How do Google want to improve security?
Google are doing this in two ways – by:
- Making Chrome explicitly state when a web page is secure in the URL area
- Increasing the importance of having an encrypted website as a search engine ranking factor
For more detail about website security, and why it’s important, read our article on Internet Security Defined.
Chrome wants all websites to be encrypted and secure
In September 2016 Google announced via their Chromium blog that by the end of January 2017, Chrome will mark non-encrypted sites that collect payment information and passwords, as well as the long-term plan being to mark all non-encrypted sites as non-secure.
Google explained that the lack of a ‘secure’ indicator as well as frequent warnings did not deter users from using non-secure sites, therefore putting personal data at risk. The Chrome update will have a ‘not secure’ indicator for any sites that use password or credit card form fields, but (currently a least) will continue to have the grey ‘i’ icon when collecting data such as a contact form.
In the longer term, Google plan on labelling any site not using HTTPS as ‘not secure’, with a red triangle. The idea is that it will make users think twice about entering personal data into a site that is not secure.
Google starts by putting non-encrypted websites on the naughty step
There are a number of high-profile sites that aren’t using HTTPS, even if they are collecting user information such as passwords and payment details.
In the example of video-sharing website Dailymotion below, when you first get to the homepage, the ‘not secure’ warning is not shown.
When you click to log in, the ‘not secure’ warning appears next to the URL.
Another example is FIFA. While there is no login on this page, when you go to the login page, there is still no encryption.
How much does having a secure website influence SEO?
Since 2014, HTTPS has been a signal in Google’s ranking algorithm, but as Ahrefs explain, while HTTPS is only a small ranking signal, it can be important when tied for a ranking with another website, the site with HTTPS will rank higher.
About 1% of all website are using HTTPS, but 40% of page one Google search results use it according to Blue Corona, showing Google’s intent to encourage Webmasters to make the migration to a secure site.
Is the future secure?
While transitioning to HTTPS is not mandatory, Google has gone as far as naming and shaming large organisations that are not using HTTPS in their ‘transparency report’.
Google’s plan to eventually label all sites using HTTP as ‘not secure’ indicates their intention for HTTPS to become the default for all websites.
With 77% of internet users worried about their data being intercepted or misused online and 84% of users saying they would abandon a purchase if data was sent over an insecure connection (GlobalSign survey 2014), Google’s desire to a more secure internet is shared amongst users.
There’s no escaping Google’s crackdown on non-encrypted sites and for the benefit of SEO and user confidence, purchasing an SSL certificate can only have a positive effect on your website.