If you still have yet to use a secure HTTPS connection for your website, customers have a hard time finding your business online. And if they do find you, as of July, they will be told explicitly in the URL bar that you are not secure. That is, if they use Google Chrome to browse, which 44.5 percent of all people do.
HTTPS stands for Hypertext Transfer Protocol Secure, and is the text before the www on your site. On a site without HTTPS, any data sent from a computer to a website can be intercepted by attackers or authorities like the NSA. In an effort to ensure that websites accessed from Google don't put visitors at risk, Google uses a website's security to determine its ranking on search results. In addition to preventing and fixing security breaches, this requires businesses to use a secure, encrypted HTTPS, or Transport Security Layer (TLS), connection on their websites.
The search giant is a big proponent of online security, and advocates for an "HTTPS everywhere" movement across the web. All of its services — from search to Gmail and Google Drive — automatically use HTTPS to establish a secure connection between users and Google's platforms. This is a move the company hopes other websites will emulate. [Google for Business: A Small Business Guide]
HTTPS-based search rankings have been a reality for some time. Originally dubbed Secure Socket Layer (SSL), the secure protocol was originally released in 1995. It's important for e-commerce websites because it enables you to protect credit card transactions online. As of January 2017, about half of the web had made the switch, according to Mozilla, maker of the Firefox browser. And that was an increase of 10 percent from the year before.
The change can be made easier with a little help from organizations like Let's Encrypt. It's a free, automated and open certificate authority. They give away the digital certificates you need in order to enable HTTPS for your website. Amazon and CloudFlare have similar programs. Google also recommends the following action plan to increase your security:
- Figure out which type of security certificate your website needs (single, multi-domain or wildcard).
- Use 2048-bit key certificates.
- Allow Google to index and crawl HTTPS sites using robots.txt.
- Differentiate between relative URLs for secure domains and protocol relative URLs for other domains.
- If you're changing your website's address, consult Google's site move best practices.
- Check out Google's webmaster cybersecurity guide
- Reach out to Let's Encrypt
Already using HTTPS? Google suggests testing your website. First, test its security level and configuration with the Qualys Lab tool, and then performance with IsTLSFastYet.com. For additional support, businesses can post questions at Google's Webmaster Help Forums.
Additional reporting by Sara Angeles.