Matt Cutts to give secure sites higher Google ranking?
It’s been reported that there is some lobbying within Google to give secure sites higher rankings. This is clearly something Google has been thinking about also in relation to itself, as it’s known to be moving all its sites to SSL environments. The suggestion is that Matt Cutts is promoting this internally and it’s something he’s publically stated he would like to be part of the algorithm in 2014. There is, by the way, no implication whatsoever that there are plans to make it happen, but when Cutts speaks, the internet community listens.
My view is that encryption is a serious matter for commercial sites whether they have sensitive information / process payments or not. The Heartbleed bug drew everyone’s attention to vulnerabilities in OpenSSL’s encryption libraries, quickly remedied by Fixed OpenSSL. But of course who is to say there won’t be other issues further down the line. If you have not heard of this it is worth reading up on the bug and confirming with your support people you are properly protected from the issues raised by Heartbleed
It seems that post-Heartbleed, Cutts is even more positive about rewarding secure sites. Perhaps Cutts views this as just good practice. More likely he may argue that if you value your online assets, searchers may too. You’re also more likely to be a proper business and therefore likely to have control over your own assets.
Google’s algorithm is more finely nuanced than most of us imagine. We have to assume Google is in a permanent state of seeking out ways to differentiate between sites particularly the very best ones. In that context, giving kudos to secure sites makes sense.
This is perhaps another area where Google’s interests and those of online businesses align. Certainly if security was to become a ranking factor, you can bet there would be more sites with secure certificates!
It’s my experience even successful small businesses may be unaware of the difference between http and https because there is no one person designated with looking after security. However as a result of the hoo-ha over Heartbleed you may have already moved sites to https environments. Previously the norm has been to only use https for a few pages, but that’s going to become less common, if it isn’t already.