Posted On : 28 January 2020
Increased Security Can Get Your Website Better Ranking
Every company wants their website to appear on top of the search results page. In the age of online transactions, secure websites are dominating positions on SERPs. When more people visit the site there is a chance for more sales. Promoting your website to the top of the search results page is done by Google which will analyze the ability of your site to satisfy a particular user who searches for something to use the search engine. While the usefulness of content is the major factor used for promoting a site, there are other important aspects like the security of the page and page loading speed. Both of these will provide the user with a better browsing experience and that is what Google wants. This is why improving the security of the website can favorably impact your SEO and gets you more visitors.
Know the Difference Between HTTP And HTTPS
HTTP stands for hypertext transfer protocol and is the method used for the transfer of data from and to the user. HTTP is concerned with how data is shown to the user. The movement of data is not its concern. It is a stateless protocol as none of the earlier sessions live in its memory. This makes it very fast. This was the protocol that was used by companies to show their content to the user. This was good enough when there was no sensitive information being sent through the internet.
This doesn't provide any security to the information being sent and it is easy for hackers to access the data. When the need for security was felt, the HTTPS protocol was developed. This is the same as HTTP but uses encryption of the information which made it impossible for others to see the information. What is passed between the site and the user is secured using a protocol called Secure Socket layer. HTTPS works with this protocol to give security to the information being passed to the user. SSL only protects the information but doesn’t know what it is. This makes the information even more secure.
The Relationship Between HTTPS And Ranking
Google is constantly looking to give a better experience to its users. As more people are concerned about the security of using the internet, Google has made it a matter of importance. When the site has HTTPS the user knows that the information that he shares or gets is secure. This means that the user has a better experience and Google wants all its users to have this experience. That is why Google is not giving a lot of importance to HTTPS sites and gives these sites an advantage when ranking the sites. The importance of HTTPS in the ranking is still very low when compared to other parameters like the quality of the content. But when more webmasters convert to HTTPS it will have more impact.
HTTPS has become an important aspect when it comes to SEO because Google offers an advantage to such sites when ranking them. Apart from that having this security will make users also more comfortable accessing the site and this is very important in SEO. After all, the aim of your SEO company should be to give a better user experience. The importance of HTTPS is certainly going to increase over time. It also affirms the users that they are on the correct website and prevents any alteration by a third party. It is also a small ranking signal in Google search algorithms.
Understanding The Dangers of not using HTTPS
No company wants to leave its data open to hackers. This is why you see a lot of sites employ the HTTPS security measure. But what they don’t understand is that it is not as safe as they would like it to be. Apart from the security, it provides HTTPS also helps your website reach the top of the search results as it is one of the factors that Google considers. When someone connects to a site with HTTPS security there is encryption done using the SSL certificate. While this offers some sort of protection, it is not difficult for hackers to strip your SSL and steal your data.
Many of the e-commerce, banking and financial sites expect users to input sensitive information. Most people see the HTTPS in green along with the URL. This is what satisfies them to the fact that the site is secure. It is certainly better than HTTP which now is labeled as not secure. But the security provided by HTTPS alone is not sufficient when the site depends only on 301 redirects. The 301 redirect gives the hacker enough time to strip the SSL certificate. This is because when a hacker tries to load the site from a non-encrypted browser, the short time when the browser goes from HTTP to HTTPS is enough to hack your site.
Get Improved Security with HSTS Support
Some of the things that rank high on Google's parameters for ranking a website are the security of the site and the speed of loading the page. When you are doing SEO for your sites you must ensure that you enable HSTS for better security and website loading speed.
What Is HSTS And How It Helps With Your SEO?
HSTS stands for HTTP Strict Transport Security. When you have HSTS support it doesn't allow the site to be first loaded in HTTP before using the 301 redirects. This means that there is no time for any hackers to slip in and use it with HTTP and prevent the site from loading HTTPS. HSTS allows the site to load only in HTTPS providing an extra layer of security for your site. This security layer tells the browser that the site has HTTPS protection and there is no need to try to load the site in HTTP. This will close the small window that the hackers got during the 301 redirects.
As you know the page loading is an important factor in getting people to use your site. It has been found that mobile users don't want to wait more than three seconds for a page to load. With the increase in the use of mobiles for accessing e-commerce sites and making purchases, even delays in milliseconds are a matter of concern. When you use HSTS the slight delay that occurs when the site first loads HTTP before being redirected to HTTPS, is prevented. This enables your site to load faster and you get a better ranking on the search results page.
Who Needs To Have HSTS Enabled?
Every site that has data that can be misused must surely have HSTS security. People are becoming more aware of security and will like your site to have HSTS.
How to Implement SSL, HTTPS and HSTS Support?
1: Buy SSL Certificate
1. Prepare by getting your server set up and getting your WHOIS record updated (it needs to show the correct company name and address), etc.
2. Generate the CSR on the server.
3. Submit the CSR and other info to the Certificate Authority.
4. Have your domain and company validated.
5. After you create a CSR (certificate signing request) and purchase a certificate, our Validation team validates and processes your certificate request. (Learn more about the certificate validation process.) Once validated, your SSL Certificate will be sent to you via email. You can also download your SSL Certificate in your DigiCert account.
2. Install the issued certificate
Step 1: An SSL Certificate is a text file with encrypted data that you install on your server so that you can secure/encrypt sensitive communications between your site and your users.
Step 2: Find the Apache configuration file (httpd.conf) you need to edit
Apache's main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file include /etc/httpd/ or /etc/apache2/ for a comprehensive listing of default installation layouts for Apache HTTPD on various operating systems and distributions.
Step 3: Configure the
The SSL certificate configuration is located in a
If your site needs to be open through both secure (https) and non-secure (http) connections, you need a virtual host for each type of connection in your htaccess file. Make a copy of the existing non-secure virtual host and configure second one for SSL.
It looks like this:
DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile
/path/to/your_domain_name.crt SSLCertificateKeyFile
/path/to/your_private.key SSLCertificateChainFile
/path/to/DigiCertCA.crt
Step 4: Make sure to change the file names to match your certificate files.
- SSLCertificateFile is your DigiCert certificate file (e.g., your_domain_name.crt).
- SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
- SSLCertificateChainFile is the DigiCert intermediate certificate file (e.g., DigiCertCA.crt).
Note: If the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead.
Step 5: Test your Apache configuration file before restarting and then restart
Step 6: Test installation
Try to open website with https://, if it does open with https that means your SSL certificate is installed.
3: 301 Redirects from HTTP to HTTPS
Implementing 301 redirects is one of the most significant steps in a HTTP to HTTPS migration. 301 permanent redirect passes between 90-99% of link juice (ranking power) to the redirected page.
Use below Code to Redirect entire domain from HTTP to HTTPS in Apache Server
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For WordPress Use plugin – Install and activate “Really Simple SSL” plugin. Then go to SSL tab and Acvtivate SSL Redirect.
4: Implement HSTS Support
Edit your .htaccess file and use the code below to set the header
Header always set Strict-Transport-Security: max-age=300; includeSubDomains; preload
