SSL and SEO

10.10.2017 - written by  in Security

8 Comments

While the exact algorithm is considered a kind of secret sauce, and every subsequent update to the famous algorithm incites a wave of panic among search engine optimization experts, there are nonetheless a few more or less known factors that can hurt or help the placement of your site in the search results of major search engines, especially Google.

For their part, Google makes an effort to update and inform website administrators about how to improve their rankings via Google Search Console.

One way to improve your rankings is by installing and using an SSL certificate for your website, which allows connections over the internet to be made securely via HTTPS and thereby guarantees the security of the data visitors transmit. Google has embraced the benefits to visitors to being able to connect via HTTPS, and so having an SSL certificate is now a critical component to ensuring good search result rankings.

For quite some time now, most sites selling anything online use this type of encryption to secure financial transactions (and if this basic security measure isn’t in place, you really shouldn’t be entering any sensitive information at all), but Google recently announced that all sites that collect any data through online forms must also be secured by an HTTPS connection, otherwise, starting October 1, Chrome (the web browser developed by Google), will display a “Not Secure” message.

Even blogs that have open comments or any sites that have sign-up forms, even just to subscribe to a newsletter, will all be affected if they do not have SSL implemented.

If you’re the administrator or owner of just such a website, then we have good news: you’ve come to the right place!

If you host your website on Gandi’s Simple Hosting platform, you can now get an SSL certificate on all of your sites by upgrading to the Small+SSL instance size, created just of this purpose.

Better yet, you can now install SSL certificates on each domain added as a Site for your Simple Hosting instance in a single click.

It’s very easy to take advantage of this new feature (so long as you’ve migrated your Gandi account to the new platform):

  • Navigate to your Simple Hosting admin interface
  • Select the instance for site you want to protect with SSL under “Sites”
  • Click on “Create a free certificate” and we’ll guide you through the rest

Once the certificate has been generated and installed (which can take a couple minutes), you can access the https:// version of your site.

Then there’s just one last step to make sure you’ve totally optimized your site for SSL: force all traffic for your site through https, so that all of your visitors will be protected and guarantee that you are in full compliance with Google’s policy.

There are two ways to do that. Either:

  • Using the Simple Hosting admin interface on Gandi v5, select the option to force all traffic via https from the “Sites” page,

  • Or modify your CMS or website applications directly.

For example, if you have a PHP instance, you can create or modify the .htaccess file via sFTP in the “htdocs” folder of the corresponding site. If you do this, you would need to add the following lines of code to redirect all traffic through https:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTPHOST}%{REQUESTURI}

And there you go! All unsecure requests to your site will now be redirected to a secure endpoint and search engines will be happy.

However, from a security stand-point, there’s more you can do to ensure the safety of your visitors. We encourage you to use secure cookies only, consider the usage of the HSTS header and even consider blocking HTTP usage altogether. Please read up on how your web development language or framework allow you to deal with HTTPS.

Of course, if you need any help with this or have any questions, you are free as always to contact our Customer care team for help.

Leave a Reply

    Anonymous

    Does “HTTPS only” settings changes the PHP “session.cookie_secure” configuration to “true”?

    Could you add an option to “HTTPS only” to not redirect, but serve an error page to users: Something like: “You are trying to access to using insecure HTTP connection, but this site is only available via HTTPS connection. Please use https:// at the beginning of the url and don’t forget to update your bookmarks.”

    Why?
    Because most scripts/portals still allow cookies over plain-text HTTP, and most browsers start an HTTP connection if you don’t explicitly specify the url. Adding too long HSTS headers are not practical either (and luckily you don’t do it).

    The consequence of this that the less tech savvy users who only visit a website weekly will still be vulnerable to cookie stealing attacks.

    Automatic HTTP redirection to HTTPS is not secure! (not to mention the mitm attacks which may cause the redirection not happening at all)

    Please review this article! The “force all traffic via https” and “All connections to your site will now be protected” parts are misleading.

    Ps: I think separating the Small and Small+SSL hosting packs then talking about “free certificates” is a kinda lame.

      Hi! Thanks for your feedback. We’ll review our post.
      In any case, HTTPS only” only redirects; it doesn’t set cookies; and users are free to setup their own HTTPS strategies if they don’t wish to redirect.

      Anonymous

      Hi! I don’t mean it should set cookies, I mean the “HTTPS Only” selection should also configure the PHP server in a way that it only allows to set secure cookies.
      (If Node.js, Python and Ruby have similar settings, do it for those too.)

      Look Sophie, if you buy some fresh eggs today, you could use them to make a cake for Firesheep’s 7th birthday.
      (http://codebutler.com/firesheep)

      Please take in account, that the people who are using this 1-click solution are trusting Gandi to set it right.

      Hi Eric. I’m very sorry but grocery and cakes are not really my stuff 😀
      But we hear you, and we tried to make our post more accurate. Thanks for your feedback!

    good i want job here

    Can we have HTTPS on S sized Simple Hosting instances now, please? This is one area where Gandi are falling behind the competition.
    Keep up the good work everywhere else.

      Hi there 👋🏻
      You can have HTTPS on every site you host on Simple Hosting « Small+SSL » pack. S pack is dedicated to customers with basic needs, so we preferred to keep it simple and create a new offer with SSL enabled.
      Have a nice week end !

      Hi there 👋🏻
      You can have HTTPS on every site you host on Simple Hosting « Small+SSL » pack. S pack is dedicated to customers with basic needs, so we preferred to keep it simple and create a new offer with SSL enabled.
      Have a nice week end !