Query Encryption Update: Boosting Search Security

On October 18, 2011, Google announced that it would begin encrypting search queries to protect users’ data and privacy. With this update, searchers can use the company’s service without worrying about security because of the default SSL or encryption protocol.

What’s It For

Google rolled out the query encryption update to protect the personalized search results function they provide users. The team improved the default search experience for signed-in users by directing them to Google’s URL that begins with a Hypertext Transfer Protocol Secure or HTTPS instead of HTTP alone. This means that search queries, as well as SERPs, are encrypted.

Prior to this update, the SSL or Secure Sockets Layer protocol has been the standard setting for signed-in Gmail users since January 2010. The developers decided to make this the default for its search engine as well to protect searchers’ data since the service has become more and more customized based on users’ needs and preferences.

The update still informs webmasters the source of organic visitors or that the traffic came from Google. What it doesn’t tell them is the specific query that led users to their website. Another analytics data from Google Webmaster Tools that site operators can use is an aggregated list of the top 1,000 searches that directed traffic to their domain for the month.

What Were Its Effects

The query encryption update influenced the use of security certificates for most websites in the industry. Today, a majority of domains use the protocol to increase privacy for users. At the time, though, it disrupted organic keyword referral data and returned the “not provided” error for some organic traffic.

What It Means for You

As mentioned above, most websites nowadays have a security protocol for their domains. Moreover, on August 6, 2014, Google announced that they’re giving a slight advantage to sites with an SSL certificate or those that begin with HTTPS in the SERPs.

While it may be hard to determine how significant the impact of a security certificate is on your rankings, using this feature along with putting in the effort on other ranking factors such as creating top-notch content and acquiring high-quality backlinks can considerably boost your position in the results pages.

It’s fairly easy to set up SSL for your website. Here are the steps:

  • Have an Exclusive IP Address – You need a dedicated IP address to get security protocol for your website. Several web hosts offer cheaper plans that give you an IP that you share with multiple users. An exclusive address will give you peace of mind that the traffic and rankings you get for that IP will only benefit your website and won’t be misdirected.
    A dedicated IP also helps maintain your website’s stability especially when your readership grows. It comes with a server that allows you to compress and minify elements in your domain to improve site speed. Plus, Google itself slightly favors brands that have an exclusive address since it implies that they take user experience seriously.
  • Purchase a Certification – An SSL protocol can be likened to a long and secure password that only your website knows. You can generate it yourself and have a self-signed certificate. However, a more popular option is to register with a Certificate Authority which have a copy of your passcode and can vouch for your site’s security. You can purchase one from NameCheap, GoDaddy, or SSLs.com.
  • Generate and Install Your SSL – You can ask your web host to activate your SSL for you or you can do it yourself. First, you must produce a CSR or Certificate Signing Request which contains vital pieces of information about your company and website, the public key for the certificate, and data on password type and length. Typically, you can locate this in the control panel of your web hosting settings.

    Once you have a copy of the final certificate in a .crt file, you just need to open the document, copy the entire thing and paste it in the control panel. Access your page to check if the installation was successful.

  • Update Your Website – It’s crucial to note that you don’t have to protect all sections in your domain with a security protocol if users aren’t going to submit sensitive information on those pages. It may slow down your site speed by wasting energy on encryption processing. Determine the significant locations where transactions that involve credit card and other personal information take place such as your login and cart checkout pages.