According to Google’s Gary Illyes, you shouldn’t ignore the HTTPS ranking signal, either.
Back in 2014, Google announced that HTTPS would become a ranking signal. In the five years since that announcement, the consensus seems to be that this signal has become less and less of an actual factor to the point that now it’s just a marketing claim.
Turns out that’s wrong.
According to Google’s Gary Illyes, a Webmaster Trends Analyst, the HTTPS ranking signal, “affects enough queries measurably that I wouldn’t ignore it.”
And it turns out that having a broken or expired SSL/TLS certificate can hurt your SEO, too.
So, today we’re going to discuss what Gary Illyes was talking about, what specifically matters with the HTTPS ranking signal, and why your SSL certificate needs to be trusted and valid for more reasons than just security.
Let’s hash it out.
SEO and the HTTPS Ranking Signal
Search Engine Optimization is a critical component of internet marketing. And when you’re talking about SEO, you’re really talking about ranking on Google. Google’s ubiquity in the Western World makes it the only search engine that’s really worth targeting. And most companies feel if they do it well for Google, it should do fine with the other search engines, too.
Unfortunately, Google is rather opaque about what exactly its ranking algorithms are factoring. That’s why the 2014 announcement about the HTTPS ranking signal was so remarkable.
But over the years, as more and more sites have started to adopt HTTPS most people figured the power of that particular signal was declining. I’ve read a couple of security researchers’ blogs that have called the claim a marketing ploy.
Not the case. Nowadays it’s a tiebreaker. And apparently it still factors in pretty heavily. Yesterday on Twitter Google’s Illyes responded to a question about the HTTPS ranking signal and how often it comes up as a tiebreaker.
But that’s just HTTPS, your SSL certificate – or more specifically its validity – also matters.
Your SSL/TLS certificate should be valid and trusted, too
So that we don’t get accused of misleading anyone, the validity of the SSL certificate doesn’t directly affect the HTTPS ranking:
…the ranking signal itself would be unaffected: you have https in the result, you get the (tiebreaker) boost
A broken cert will affect other things though.
This is a new wrinkle. I’m not sure I’ve ever seen this confirmed anywhere else before, but it makes perfect sense. Google (and the other search engines, even you, Bing) wants to provide its users with the best possible result. Having a broken SSL certificate endangers the user. That’s why the browsers issue certificate errors that advise their users to turn back.
Historically, the pain associated with a broken certificate came in the form of downtime, lost productivity, lost sales, the social impact it has on your brand. Add your company’s SEO rankings to the list of costs.
Being proactive about your cybersecurity posture now, may end up saving you a bunch of money later. Don’t find out the hard way.
As Barry Schawrtz, the Executive Editor of Search Engine Roundtable put it:
So there you have it – make sure you have HTTPS and make sure it is valid and working properly for ranking, not just for your user.
As always, feel free to leave any comments or questions below…