Google SSL Requirements

On August 6, 2014, Google released a blog post which discussed a move towards Secure Socket Layer (SSL) requirements for all websites. Googles purpose was to protect searchers from malicious attackers. They wanted to use SSL to assure authentication, data integrity and encryption of website data to protect those searching the internet. In conjunction with the former, Google provided best practices for webmasters in order to ensure compliance with Google standards. So, what does all of this mean to the laymen?

It essentially means that your site needs to move toward SSL encryption in order to meet Googles requirements or your sites search engine results will be affected. According to Google and I quote, “they started running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms.” This means that Search Engine Results Pages (SERP’s) are definitely affected by a sites lack of security.

For those sites that do not have an SSL certificate, but have had a stable placement within the search engine rankings, things will change. For those who struggle to upgrade their ranking, this is just another hurdle to jump. Some people have suggested that there are some sites that do not need SSL because of the nature of their business. Those who support SSL reply with a clear belief that any data transmitted should be protected. Since the announcement of this new direction, many SSL users say that they’ve seen a spike in their rankings. While non-SSL users say this is just a bonanza for the SSL issuance authorities and the effects on SERP’s have been minimal. In essence, the relationship of SSL’s and SERP’s was determined by Google when they decided to add SSL to the ranking algorithms. It is very clear that SERP’s are affected by SSL. Nevertheless, whatever side you fall on, Google is a necessary evil for most business owners, therefore compliance is a must. If you don’t want your site deemed as unsafe or moved down the rankings list, this issue should be on your mind.

How can you move towards compliance? How can you ensure that your site is not demoted because of a lack of security? The answers may be much easier than you think.

1. The easiest way to make this a non-issue is to host with a service that gives SSL by default. For instance, Qdhosts gives all of their clients SSL certificates and even auto installs them. This means that clients on this type of service do not need to do anything because they are for the most part “in compliance” if their site structure is correct.
2. You can also download and install a free SSL certificate depending on the kind of site you have. Simply do a search on free SSL certificates and a list will come up.
1. Letsencrypt
2. Comodo
3. InstantSSL

             These are just a few of the companies you will find.

1. You can also purchase an SSL certificate for about $10-$12.
1. Qdhosts
2. Comodo
3. Geotrust

            These are just a few of the companies that sell SSL certificates.
Keep in mind, in most cases you will have to install the SSL certificate yourself. However, once you’ve installed your certificate, you should be ready to go. You can test your sites SSL setup and configuration. Just go to Qualys SSL Labs. Qualys will grade your SSL setup. You can even find out about any errors or changes that need to be made.
Don’t fret too much about the SSL requirements because getting in compliance is easier than you think. If you need more details on SSL certificates and install please read our blog called understanding SSL.