Google announced early this morning that they are now using SSL/HTTPS as a ranking signal in their Google search algorithm.

The signal is incredibly weak and webmasters should not go crazy about it, but it is indeed a signal now. Google said they are "starting to use HTTPS as a ranking signal." Google did add it is "only a very lightweight signal" and that it only had an impact on "fewer than 1% of global queries." Google equated the SSL ranking signal with the Panda signal and said it carries "less weight." Google did say they may "decide to strengthen" the HTTPS ranking signal "over time" to "give webmasters time to switch to HTTPS."

In March, Google's Matt Cutts said he'd like for HTTPS to be a ranking signal and I guess, even though he is on leave, he got his wish. Matt did decide to tweet about it even while on leave:

Reading "HTTPS as a ranking signal": http://t.co/nEjcGhm8bJ — Matt Cutts (@mattcutts) August 7, 2014

I Have SSL Already, Do I Need To Do Anything?

I am seeing this question a lot, from e-commerce sites that have SSL on their checkout forms. The answer is, yes, you need to still do something. This ranking boost is applied to only the pages that have SSL on them. Typically, SSL is only on those checkout pages and not on your product pages, content pages, etc. So you need to make your whole domain name, all the URLs, all the files, all the includes, all of it, go over HTTPS. So yes, you need to do something.

This obviously will take some time, you need to test and then test, to make sure the HTTPS certificate doesn't show errors to your users. There can be images, videos, and third-party includes that need to be adapted on the pages to ensure that it doesn't give the user a security warning.

Is There A Negative Side To Going SSL

Google has told us time and time again, that if you switch your site over properly, there is no downside. Google has said before there was an SSL boost there there is no ranking change in a negative way for going SSL. Even back in 2012, Matt Cutts encouraged users to go SSL with their sites. Google even improved Google Webmaster Tools to support HTTPS vs HTTP reporting.

But the key is you need to do it right. Google gave this advice:

Decide the kind of certificate you need: single, multi-domain, or wildcard certificate

Use 2048-bit key certificates

Use relative URLs for resources that reside on the same secure domain

Use protocol relative URLs for all other domains

Check out our Site move article for more guidelines on how to change your website’s address

Don’t block your HTTPS site from crawling using robots.txt

Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

Google also recommends you use Qualys Lab tool to test your SSL certificates and pages.

Let's not forget the HTTPS everywhere video presentation, watch that.

My only concern right now is with sites included in Google News. Google News has your URLs plugged in so I think it is more than just a 301 that will communicate the change to Google News. Google said they will get back to me on that question, but once we hear back, we know Google News can index and rank HTTPS content.

Webmaster/SEO Reaction:

So what is the reaction of the SEO and webmaster community to this news? Personally, I think there is little downside to going SSL, but it does take time and testing to do right. SSL certificates are really not that expensive, of course there are expensive ones, but you can buy cheap ones that work the same.

We have forum threads at WebmasterWorld, Hacker News, Google+, Google Webmaster Help and Twitter. I even asked people what they felt, if there was a negative side to this, on Twitter, I'll include a screen shot of those responses below.

Here are some lines of reaction:

And a lot of cash for certificate authorities. This'll be another craze like site speed. It's manipulation of the webmaster community, and I don't believe it's fair to judge every site based on HTTP vs HTTPS. People will be buying certificates just because it might help a teeny-tiny bit, when in fact their site does not warrant a secure connection.

My site is informative only, no login or personal/sensitive information, so why the hell do I need to use SSL?

It makes sense for some sites, but is completely unnecessary for others, and as long as WIndows XP is around it will exacerbate the shortage of IP4 addresses.

This will add extra costs for certificates and administration, which will hinder small business owners...

Social share count problems (nr. of tweets, shares, etc) will come as a surprise for many marketers and bloggers.

what about reduced pagespeed from extra payload?

But overall, the feedback is not negative and mostly positive.

Truth is, any new site I launched since March, was launched using HTTPS. We are about to switch our company web site to HTTPS later today. This site, since it is in Google News, I want more clarification before I make the switch. But it is something all site owners should look into now versus later.

Pierre Far answered some questions on HackerNews:

Q: Google treat the http and https versions of a domain as SEPARATE PROPERTIES. A: That's not quite accurate. It's on a per-URL basis, not properties. Webmaster Tools asks you to verify the different _sites_ (HTTP/HTTPS, www/non-www) separately because they can be very different. And yes I've personally seen a few cases - one somewhat strange example bluntly chides their users when they visit the HTTP site and tells them to visit the site again as HTTPS. Q: This means that even if you 301 every http page to https when you transition, all of your current rankings and pagerank will be irrelevant. A) That's not true. If you correctly redirect and do other details correctly (no mixed content, no inconsistent rel=canonical links, and everything else mentioned in the I/O video I referenced), then our algos will consolidate the indexing properties onto the HTTPS URLs. This is just another example of correctly setting up canonicalization.

John Mueller of Google is answering questions about this on Google+. Google also added a new resource this morning on securing your site.

Forum discussion at WebmasterWorld, Hacker News, Google+, Google Webmaster Help and Twitter.

Update: New stories on this you may want to check out: