Back in August of 2014, Google began giving a rankings boost to secure websites.

What does Google consider to be secure?

Well, it all starts with having a TLS (Transport Layer Security) certificate installed. By making this a ranking signal, Google wanted to incentivize security as a feature..

Many companies lagged behind and left their websites unsecured, despite this ranking incentive.  SEO benefits aside, the lack of concern for utilizing security protocols is a risk to both a company and its users. Hopefully, we’ll be able to show you the value of a TLS certificate for both SEO rank and information security.

The OSI Model

In order to better explain the differences and similarities between TLS, SSL and HTTPS we’ll first discuss the OSI model. OSI stands for Open Systems Interconnection and is a model that defines how a network is structured. It’s comprised of seven layers. The lowest layer is the physical layer (the hardware and electrical signals that form a network). The highest layer is the application layer and is most likely the layer you’ve interacted with the most. While there is plenty going on in the OSI model, this knowledge will suffice for understanding this post.

What Is The Difference Between TLS, SSL and HTTPS?

SSL stands for “Secure Socket Layer” and is the predecessor to TLS, which stands for “Transport Layer Security.” While most people still use SSL to describe the certificate you purchase for websites, this certificate became obsolete back in 2009 and was replaced with TLS. You may find that all three of these terms are used to describe the same thing. However, TLS and SSL are used on multiple layers of the OSI model, whereas HTTPS is in the highest layer (the application layer) of the OSI model and is built on top of TLS or SSL protocols. HTTPS is specific to websites and is one the common services you’ll encounter when browsing a site (another is HTTP).

What Is HTTP?

HTTP stands for ‘Hypertext Transfer Protocol.’ If you aren’t tech savvy, this may sound a bit intimidating. However, at its core, this is just a technical way of saying that there is a protocol for sending data between a website and a user’s browser.

What Is A Protocol?

To simplify things further, a protocol is a set of rules that dictate a process for communicating between two devices. If two people want to have a conversation, a certain ‘protocol’ needs to be used in order for that to work. For example, two people may agree to both speak English. They may also agree to have one person speak first while the other listens followed by the second person speaking and the other listening (you and your spouse may not always work this way during times of disagreement, and we totally understand).

However, in the technical world, protocols are very important and usually require strict adherence to the rules in order for everything to work correctly.

So, What Is HTTPS?

HTTPS is a secured version of the ‘Hypertext Transfer Protocol.’ Unlike the non-secured version, HTTPS requires data to be encrypted and is not as vulnerable to man-in-the-middle attacks (with the exception of some extreme outliers). As an example, you may have noticed a lock in your browser next to the website URL you are visiting. This is an indication that a site has an TLS certificate.

HTTPS Secure Notification Screenshot

While HTTPS will not protect your site from 100% of hacks, it ensures that both the site and user are who they claim to be and protects the conversation between them from eavesdropping or intervention, significantly reducing the scope of potential hacking risks.

How Does HTTPS Affect SEO?

As previously mentioned, Google originally started giving sites priority in the rankings if they had a TLS certificate. The impact on rankings has increased over time with higher and higher numbers of HTTPS sites ranking in the top 5 positions. Below is a graph showing the percentage of HTTPS domains ranking in the top positions.

25-30% of the top 3 results have TLS certificates, meaning many companies are lagging behind on the upgrade and there’s still plenty of room for security-conscious companies to push themselves up in the rankings.

HTTPS vs Ranking Graph

Image Courtesy of Arm Worldwide

During the middle of 2017, Google started sending notifications in the Search Console inbox alerting users to an update coming to Chrome. The notifications explained that Chrome would start displaying warnings to users when they were browsing sites without HTTPS installed. Here is a copy of the original message received by one of our clients.

Google HTTPS Warning

Google’s ‘Not Secure’ Warning

Until they updated their site, Chrome showed this warning near the browser’s address bar:

HTTP Not Secure Screenshot

If you’re not currently using HTTP, not only are you limiting your ranking potential, but you are publicly showing users you are not secure. With news of data breaches constantly appearing in today’s media, this can be a turnoff for cautious users and you may lose potential customers. This is even more of a concern for older audiences who may not be tech-savvy enough to understand that the “Not Secure” message is not specific to them.

Why is HTTPS Critical Outside Of SEO?

According to the Data Breach Statistics by Gemalto, over 9 billion data records have been lost or stolen since 2013, with more than 5 million being lost or stolen per day. Only 4% of these records are encrypted, meaning that this data can easily be read after leaking. If you aren’t taking basic security precautions, you are putting users at risk, putting your employees at risk, and may oneday face a lawsuit from an outraged user. If you aren’t able to demonstrate that you took the proper precautions to protect confidential information, you may not have an easy time in court!

Data Breach Statistics Screenshot

Image Courtesy of CS Online

In addition to data breaches, hackers can install malware onto your server that may delete your files or prevent your website from showing, potentially costing you business. Additionally, malware may also infect your organization’s computers if they’re hosted on local servers. In some cases, you may even end up infecting users who visit your website.

How Do You Get A TLS Certificate?

You can purchase a TLS certificate through your Internet hosting company. Some of the big hosting companies will even take care of the installation process for you. If you have an internal web development team, any developer should be able to install HTTPS by following online instructions. If you have an external web development team and don’t know who your host is, it’s likely that your external web development team will be able to purchase a certificate on your behalf. For more information, a complete guide on getting an TLS certificate can be found on the Quinn Labs website.

How Much Does A TLS Certificate Cost?

TLS certificates range in price. Depending on the requirements of your website, you may be eligible for a free certificate. Sites without e-commerce functionality generally have cheaper certificates since credit card transactions are not processed directly on the site. Most certificates range from $50 to $200 per month, with some reaching upwards of $600. You can get a specific price quote from your Internet hosting or web development company.

Wrapping Things Up

As a summary, the following benefits are gained from having HTTPS installed on your site:

  1. Google will give you a boost in rankings, increasing your search visibility and giving you priority over websites with similar Domain Authorities, Page Authorities, and content.
  2. Your website will be less susceptible to common types of hacking, meaning you will be less likely to have your site face large periods of downtime.
  3. The increased security will further protect your users’ and your organization’s data.
  4. You will help prevent the spread of malware.
  5. Your site will be publicly shown as secure to visitors.

Given these advantages and the affordable price of an TLS certificate, it’s hard to understand why an organization wouldn’t install HTTPS onto its site. We hope this article has helped you to understand the value of HTTPS for both SEO and security. We’d encourage you to purchase a certificate today. If you are having trouble obtaining a certificate or wonder what other changes you should be making to improve your search presence, contact us at Digital Reach. We are happy to provide a free audit of your site to let you know what else you could be doing to improve your website’s visibility.

Arrow Left Back To Blog Home

Join the Discussion

1 Comments

  • Mark says:

    Great piece Sean.
    I was in doubt about using TLS on every kind of websites (private blogs, etc.), but now that we know that Google will insist on SSL/HTTPS adoption in 2018, I guess we don’t have much choice. And maybe that’s a good thing. We don’t have to speculate anymore.