Why Google’s hitting out at sites that aren’t secure

website securityGoogle doesn’t often make edicts telling webmasters how to behave, instead preferring to take a more soft-footed approach to complete coercion. In fact, much of a digital marketer’s day is spent reading between the lines and searching for crumbs of information that have been dropped accidentally (and ‘yes’ that even means keeping on top of Google’s patent applications). So, when the search titan gives you a direct order; it pays to take notice.

Google’s proclamations may have been few and far between, but they’ve shaken-up the industry. First they wanted to speed-up search and webmasters were forced to get their skates on. Next came what was nicknamed ‘mobilegeddon’ and webmasters got all responsive. Now Google’s on a mission to make the web more secure and webmasters are battening down the electronic hatches.

Stories of hackers pinching personal information are never far from the headlines and Google’s now strong-arming webmasters to help keep searcher’s personal data private. They’ve updated their Chrome browser to flag-up sites that aren’t secure and warn surfers that one click could mean their security is compromised.

There’s nothing subtle going on here and sites which aren’t secure will be branded with a fire engine red warning triangle (in the address bar) which is more than enough to scare away searchers for good. More specifically they are signposting sites that collect personal information (even a simple contact form) but don’t have a SSL.

Secure Sockets Layer or SLL is a simple security measure that ensures personal information passed between a server and a browser stays private. SSL works by automatically encrypting data, such as passwords and credit card numbers, rendering it worthless to hackers.

Adding a SLL is a smart move, but considering that Chrome has close to 50% of the market share (and eight out of ten searchers said they would leave a site if it wasn’t secure) it’s also an essential move. To put it bluntly if you don’t play ball by Google’s rules; you’re out of the game.

How to add SSL and make your site more secure

Adding a SSL isn’t exactly rocket science, but it does require a lot of hard work and it might make your brain hurt. It’s worth remembering that at the heart of the process you’re changing the entire URL structure of the site; don’t be tempted to skip any steps or you’ll pay a hefty price in the rankings.

Confident and competent webmasters shouldn’t have any problems, but if you’ve got any doubts it makes sense to get a tried and trusted digital marketing agency to provide the brain power and do the heavy lifting (and ‘yes’ of course we mean the web project).

The first step is to decide which type of SSL certificate best fits your website’s needs. Get in touch with your host and ask them to talk you through the pros and cons of the three certificates as follows:

Extended Validation: As the name suggests EV is the ‘all singing all dancing’ solution used by the web giants. It’s the highest level of SLL and identifiable by a green address bar, unsurprisingly it doesn’t come cheap.

Organisation Validation: Proving that you take security seriously OV ties the SSL directly to your corporate identity and is also identifiable by the browser padlock icon and https.

Domain Validation: Primarily aimed at non-ecommerce sites DV is the quickest and cheapest SSL certificate that webmasters can get their hands on.

Remember that SSL is an industry standard, so the ‘end product’ is largely the same; no matter how much you pay. Costs vary from zero for a DV certificate to hundreds of dollars a month for an EV certificate

For the next step you’ll need an up-to-date map of your site, this will give you a clear picture of each of your site’s URLs and allow you to thoroughly check the redirects once they are implemented. Smaller sites should be able to lean on their current sitemap while larger sites may need to use a third-party tool (such as screaming frog) to perform a deep crawl.

Once you have a map it is time to change all the references within the content of your site (effectively each time your site references itself) which can usually be achieved with a find-and-replace command. Be sure to check that each reference has been changed across your CMS, databases and individual page content.

It is then time to implement domain-wide 301 redirects (from http to https), and double-check that they are permanent redirects; or your rankings will tank overnight. You’ll also need to update 3rd party files (such as JavaScript or CDN) as well as your robots.txt and sitemap files.

Now it’s time to tell Google about what you’ve been up to and that means logging-in to Search Console and Analytics and making the necessary changes.

The final step is for those who take their SEO very seriously indeed and aims to sidestep the need for redirects by asking publishers of inbound links to switch to the new secure URL. It’s an understandably daunting task, but the writing’s on the wall, and if you don’t do what you’re told; you will be algorithmically punished.

 

 

Leave a comment

Your email address will not be published. Required fields are marked *