In August of 2014, Google announced that they would be starting to use HTTPS encryption as a factor for the search engine rankings algorithm. In other words, your apartment website will receive a search engine rankings boost if your website is HTTPS with an SSL certificate—and conversely, if you don't get HTTPS encryption for your website, you'll probably see your rankings slip a little.
This raised some eyebrows around the SEO community, since there are A LOT of websites that simply have no justifiable reason for creating a secure, encrypted channel for the end-user. For example, why should Google care whether apartment marketers encrypt their video tours, photography, and pet policies? For many websites, SSL is indispensable (and, if you are accepting credit cards or social security numbers through a resident portal on your website, SSL is indispensable for you there), but to require HTTPS encryption from the entire internet makes no sense to me.
It's no small irony that Google would announce this change on one of their websites that does not use HTTPS encryption.
At the time, it wasn't a huge bump for your search engine rankings—so small that it should only affect 1% of all search queries. Ominously, however, Google included this in their announcement:
But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
In other words, Google is not-so-subtly insinuating that using SSL is going to become a really big deal for search engine optimization, so you might as well surrender now. Because Google controls so much of the internet, they can make silly demands like this with the force of blackmail by promising to grade websites accordingly. Google is saying jump, so I'm writing this article to help you calculate how high you need to go.
If you are a RentVision client, we have you covered. We are migrating every website we have to SSL for you right now. I think Google is mandating an unnecessary change, but we want to make sure you're in the best position to rank highly on the search engines, so we'll take care of everything I'm going to talk about in this article.
But if you aren't one of our clients, this article will lay out (1) what SSL is and how it works, (2) why Google is making this change, (3) what kind of SSL certificate your apartment website needs, and (4) how to make sure you don't hurt your search engine rankings in the process of transitioning over to HTTPS.
This is a complicated subject, so be forewarned—we're going into the weeds a bit on this post.
Why is Google Making This Change in the First Place?
Publicly, the reason Google is forcing this change is for "security." In the announcement article, Google states that:
Security is a top priority for Google....
Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure....
...we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.But here's why this actually became so important. In October of 2013, the news surfaced that the National Security Agency had sliced neatly through Google's security, bypassing Google's SSL encryption. Here's a slide from a secret presentation of the NSA on "Google Cloud Exploitation" from documents that Edward Snowden leaked:
See the gleeful "SSL Added and removed here!" note at the bottom of this slide? The Washington Post article that broke this story reports that "Two engineers with close ties to Google exploded in profanity when they saw the drawing."
Don't kid yourself—requiring SSL from everyone on the internet (whether they need it or not) is entirely the result of Google's humiliation from their NSA fiasco.
So What is SSL, and How Does it Work?
SSL stands for "Secure Sockets Layer," and it allows for your computer to have a secure, encrypted connection with a website as you browse the internet. Obviously, this isn't terribly important if you are reading a news article or browsing a photo gallery or consulting a recipe.
But, when an apartment shopper is on your website paying rent with their credit card or submitting their social security number to apply for one of your apartments, SSL encryption becomes very important.
There are two simple ways to check whether your apartment website currently uses HTTPS encryption. First, you'll be able to see that your website address says HTTPS instead of only HTTP in the address bar, like this:
Second, you might be able see some kind of padlock symbol in many cases. Browsers all look different, but you will a bright green certificate that looks like this:
Or, for a website like Facebook, you might see a padlock with some kind of yield or warning sign that looks like this:
This just means that the page contains encrypted elements as well as unencrypted elements. While that's probably not a big deal while you are browsing Facebook, you should definitely get concerned if you see warning signs like this when someone asks you to put in their credit card information.
What Kind of SSL Certificate Does My Apartment Website Need?
You can buy an SSL certificate from just about anybody who registers your domain name or hosts your website. To get instructions on how to install the certificate, you'll need to consult those companies because it's a slightly different process for everyone.
But, you don't just buy a general certificate. (If only it were that easy!) If you head to your domain registrar to buy an SSL certificate, you'll probably be overwhelmed by all of the options and choices. So, here's a quick guide to help you navigate the choices.
The first question you'll be faced with is whether you want a single domain certificate, a wildcard certificate, or a multi-domain certificate. Here are the factors you should consider:
- If you only have one domain name, and you don't use multiple subdomains (e.g., only www.yourdomain.com and not also apartments.yourdomain.com or anything like that), then just get a Single Domain certificate.
- If you use multiple subdomains, get a Wildcard certificate. For example, if you have a corporate site at www.yourdomain.com and then you use subdomains for each of your communities (community1.yourdomain.com, community2.yourdomain.com, etc.), a single wildcard certificate will cover all of your sites.
- If you have a fixed amount of unique domain names for your corporate website as well as all of your community websites, it might be easier to buy one Multi-Domain certificate. This kind of certificate can be a pain, however, because you might need to update the certificate each time you add a new domain name.
The next question to ask is what level of validation you will need. This is a little complicated, but Wikipedia has a really straightforward breakdown if you are still confused after reading this article. Basically, there are three levels of validation from SSL certificates:
- Domain Validation certificates give you the necessary level of security encryption, and to get one, you only need to prove that you control the domain name for which you are trying to register the certificate.
- Organization Validation certificates are a step above Domain Validation certificates, and they require you to prove your business's existence as a legal entity.
- Extended Validation certificates are the highest level of SSL certificates, and your company would need to go through an intense application process to get one. Only with the EV certificates, however, do you get the pretty green certificate in the URL bar.
For most apartment websites, you'll probably only need the Domain Validation certificates.
What Do I Need to Protect and Improve My Search Engine Rankings with HTTPS?
The biggest thing you want to avoid as you migrate to HTTPS is that you don't lose any of your current search engine ranking power in the transition. Moving to HTTPS is kind of like changing domain names (or, at least, it's like moving from a www.yourdomain.com to yourdomain.com), so you want to make sure that you do everything you need to do to transfer your page rank and link juice correctly.
First, make sure that you actually migrate your HTTP site to HTTPS. That means several things:
- Claim both the HTTP site and the HTTPS site through Google Webmaster Tools
- Set up 301 redirects from each HTTP pages to each new HTTPS page
- Submit a new sitemap to Google once the migration is complete
You can find all of Google's instructions for migration your site here.
Second, you'll want to update your Google Analytics to track HTTPS visits. I called Google to ask them what leaving your Analytics to track HTTP after your migration could affect, and they said that you could mess up some of the rich insights through In-Page Analytics, so it's worth fixing this.
So, within Google Analytics, click "Admin" from the top navigation menu:
Then, you'll need to adjust your settings at the Property Level and the View Level. So, click "Property Settings" and then later click the "View Settings."
Then, in each of these settings pages, you'll need to adjust your default URL settings from http:// to https:// like this:
Has Google followed up on any of this or was it all just chatter?
So far the answer seems to be that Google is taking serious steps to push people toward HTTPS. According to the Google index, 34% of the web is now HTTPS. Illyes also, "strongly recommended that webmasters consider migrating their websites from HTTP to HTTPS sooner, rather than later."
What does that mean for me?
Well, as HTTPS is adopted more broadly across the internet, it likely will also become more popular in the multifamily niche. That means your competitors are going to start using it, which in turn means your competitors will have an advantage on you if you are not using a secure site.
The big idea with all of this is relatively simple and straightforward: Google wants to push people toward secure websites that have HTTPS properly set up. For that reason, you need to be taking steps to secure your website by getting an SSL certificate properly installed.
The good news for RentVision clients is that we already have HTTPS set up for you. You do not need to do anything. If you are not a RentVision client, check to see if your site is secure. If it is not, then you need to talk to your website provider or development team and get that resolved soon.