We are living in an era where people are concerned about online security and privacy more than ever before. So, it is not surprising to see webmasters are pushed to make their sites more secure.
In August 2014, Google announced that, moving forward, they are considering HTTPS as a ranking signal. It is seldom that we hear about ranking factors from the giant. So, does it affect search engine rankings as advertised?
From January 2017 onwards, Chrome will label websites without HTTPS connections as non-secure. With the Chrome’s growing market share as a browser, what impact will this have on our visitors?
The latest post of Matt Mullenweg, the founder of WordPress, on official WordPress blog, revealed that some of the upcoming features would require site owners to have HTTPS on their site. In the same post, he mentioned that they would only promote hosting partners who provide an SSL certificate by default.
Where the World is Heading
Despite all this fuss about HTTPS, the total adoption of SSL is less than 0.1% for the entire internet, and around 10.5% for the top 100k sites in Quantcast.
Isn’t that still a small number? In an article posted on MOZ in 2014, total SSL usage in 100k sites was 4% at that time. So, when comparing that with the present statistics, there has been growth of 160% in the past two years. The rate of SSL adoption among the top sites is significant.
In February, Google released a report on worldwide HTTPS adoption among the top 100 non-Google sites using internal and external data. According to their estimates, these sites get 25% of the all internet traffic, and around 43 sites are using HTTPS.
Also, in the same article in which they made the announcement about the upcoming changes in Chrome, it was stated that 50% of the desktop pages loaded via Chrome have HTTPS.
All these statistics give us a clear indication of where the web is heading, and it is even more interesting to see how the forthcoming changes in Chrome impact HTTPS adoption.
Forthcoming Chrome Changes
At the present, if you browse a non-secure site in Chrome, it only shows an icon as a warning in the address bar, and that is going to change. From January 2017 onwards, Google is converting it to a warning message to get higher user attention. Initial roll-out will target the non-secure sites that collect passwords or credit card information.
This shift is backed up by research carried out by Google and the University of California, Berkeley. This research shows that users are not conscious of the non-secure icon as a warning. Also, users become blind to the warning if the frequency of occurrence is too high. The image below exhibits the proposed security indicators by the research team.
Based on the stats collected by w3schools, Chrome holds a market share of 74%. The competitor, Firefox, has only 15% and this is falling. Chrome usage has been increasing ever since its arrival in 2008.
According to Statcounter, 51% of people are using Chrome worldwide.
So, it is clear that the majority of web visitors use Chrome and it keeps growing. If your site collects sensitive information you should seriously consider acquiring an SSL certificate to avoid getting flagged as a non-secure site, as this will create a negative impression in the minds of your users.
Additional Ranking Boost for Secure Sites
In 2014, Google revealed that they are considering HTTPS as a minor ranking signal. It was a move to encourage webmasters to make the switch.
In an analysis carried out by Brian Dean, it was found that HTTPS had a moderate correlation as a ranking factor. The analysis was done using one million Google search results.
Before that, in an analysis done by MOZ, the team also noted a positive but low correlation between HTTPS and Google rankings. This was based on 17,600 keyword search results from Google.
It is apparent that HTTPS has an influence on Google rankings. But it is not a significant constituent, and even Google has admitted this in their official blog post. We don’t know whether this will become a major factor in the future.
WordPress is Also Pushing for HTTPS
Like Google, WordPress is also driving site owners towards HTTPS. Some of the upcoming features will require sites to have HTTPS enabled to utilize them. Matt did not mention anything related to what they are or an exact time, but it can be anytime in 2017. WordPress.org is tracking HTTPS usage in WordPress sites, and it is around 11.45% at present.
From the beginning of 2017, WordPress will only promote managed WordPress hosting companies that enable HTTPS by default, as the recommended partners. This will push hosting companies to provide SSL certificates for new accounts.
If you are a WordPress user or going to be a one in the future, then you should consider getting a hosting package that supports HTTPS by default.
Changes in the Technological Environment
Technology is advancing at a rapid pace. Apart from the external factors which influence us to use HTTPS on our sites, the technological improvements motivate us to do so.
One shortcoming of SSL usage in the past was the slow load speed. With new and improved hardware, applications and mechanisms, speed is no longer an issue. Read this article if you want to know more about recent technological advancements that facilitate increased HTTPS adoption.
Free SSL Certificates
Previously, cost was a major factor that caused many sites to avoid installing an SSL certificate. I think that is the most influential factor determinant for most. Even today, the cost of acquiring an SSL certificate might be difficult to justify unless you own a site that gathers sensitive user information.
That is where Let’s Encrypt project comes into play. It is a free, open source and automated certificate authority which is provided by the Internet Security Research Group (ISRG). It issues domain validated SSL certificates free of charge for 90 days, and can be renewed painlessly.
So, what is the impact this has brought to the SSL certificates market? According to W3Techs statistics, Let’s Encrypt has less than 0.1% share. However, their certificates are cross-signed by IdenTrust, which means browsers identify IdenTrust as the root certificate. This is a preventive measure that has been taken until the browsers recognize Let’s Encrypt as a trusted authority, which will take time.
IdenTrust is used in 5.3% of sites with a market share of 18.2%, which is the second highest at the time of writing this post. It shows an exponential growth, and the credit should go to the Let’s Encrypt initiative.
You can see that Let’s Encrypt usage is more weighted towards websites with low traffic. That segment would have hardly used an SSL certificate if not for the existence of Let’s Encrypt. It appears that the motive behind this initiative is paying off.
Wrapping it Up
More than ever, people are concerned and are talking about online security and privacy. Google is apparently making its intentions crystal clear by letting webmasters know that their sites need to be more secure. WordPress wants their users to adopt HTTPS.
Advanced technologies have been able to reduce the traditional issues that were tied up with using SSL certificates. Initiatives like Let’s Encrypt have made it more feasible and easier to get into HTTPS. Now it is your decision whether or not to make the switch. Let us know your thoughts below.