Just this past month Google confirmed that in the future, its search algorithm would be giving a rankings boost to secure sites. This confirms rumors that have rippled through the search marketing industry for several months. This recent change is part of Google’s continuing efforts toward a more secure Web. Like so many pronouncements from Google, this has forced many site owners to reconsider whether to make their sites secure. Site owners need to carefully evaluate the pros and cons of going secure. It may not be either prudent or cost effective at this time.
When Google made all searches secure and stopped providing site owners the keywords used by searchers to sites, the search giant gave a clear indication of its path and direction toward a ensuring a more secure, safe, Web environment. Google reasoned that it is protecting the identity of the searcher by not providing the keyword referrer. Some find this claim a bit disingenuous, given that the keyword referrer is still available for users of paid search.
The Pros and Cons—A Short Primer
The single-largest benefit gained by making your site secure is a minor algorithmic boost in Google results. This benefit must be weighed against a number of potential negatives and some steep costs. Secure sites run slower than unsecure sites—all that encryption takes more effort than just delivering an unsecure site. Several years ago, Google announced that site speed was going to figure into the rankings formula. At this time, it is unclear whether the rankings boost from having a secure site will be larger than the penalty for slowness. Google does not reveal the valences of its ranking factors, except for declaring some minor. Unless you have made your unsecure site fast and have in place protocols for continuously monitoring and testing your site’s speed, don’t even consider going secure. It will be like adding another brake to it. Your users and your Google rankings will be negatively impacted. A perceived need to possibly go secure in the future should be the impetus to address existing site speed issues.
Then there is the potential for additional penalties for duplicate content, should redirection and canonicalization schemes prove incomplete. The task of shifting and redirecting a very large site into a secure environment is a large task and may require remapping thousands of URLs. No matter how good your team is, you should expect leaks and misses. It is practically built into such projects. If your site is well-mapped and setting redirections and canonicalization are automated, then you may be ready to go secure. If this is not the case, tap the brakes on going secure. You may be creating huge headaches with just minor payback potential.
Did I mention that there are added costs? SSL certificates must be bought and maintained. How often have you gotten a message that a site’s certificate is out of date? You can be sure that Google will take a dim view of sites with expired certificates. Another unnecessary hit! Then, there are the operating costs. Many small businesses rely on gateways and do not manage a secure environment even though they take payments. If your business already has a secure environment in place and you have fully prepared your entire operation for this change, then and only then should you implement having a completely secure site. If you are not ready, consider what steps you should take to get ready and begin the process, for we can expect others to follow Google’s lead in making the Web safer and more secure.