原文

Webmaster level: all

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Lock

In the coming weeks, we’ll publish detailed best practices (it's in our help center now) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:

Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
Use 2048-bit key certificates
Use relative URLs for resources that reside on the same secure domain
Use protocol relative URLs for all other domains
Check out our Site move article for more guidelines on how to change your website’s address
Don’t block your HTTPS site from crawling using robots.txt
Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.

We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!
Posted by Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts

翻譯

是針對(duì)谷歌站長(zhǎng)專業(yè)博客的翻譯

確 保用戶安全是Google的首要任務(wù)。我們?cè)谶@方面進(jìn)行了大量的投入，以確保我們的服務(wù)使用的是業(yè)界領(lǐng)先的安全技術(shù)（如默認(rèn)使用功能強(qiáng)大的HTTPS加密 保護(hù))。這意味著，使用Google搜索、Gmail和云端硬盤等Google服務(wù)的用戶將自動(dòng)與Google建立安全連接。

除了確保我們自身產(chǎn)品和服務(wù)的安全以外，我們也致力于在更廣泛的范圍內(nèi)打造更安全的互聯(lián)網(wǎng)環(huán)境。其中很重要的一點(diǎn)就是，確保用戶通過(guò)Google訪問(wèn)的網(wǎng)站都是安全的。例如，我們創(chuàng)建了一些資源，以幫助網(wǎng)站站長(zhǎng)預(yù)防和修復(fù)網(wǎng)站上的安全漏洞。

我們希望百尺竿頭更進(jìn)一步。在幾個(gè)月前召開(kāi)的GoogleI/O大會(huì)上，我們提出了在網(wǎng)絡(luò)上使用“HTTPSeverywhere”的倡導(dǎo)。

同時(shí)，我們也看到越來(lái)越多的網(wǎng)站站長(zhǎng)在他們的網(wǎng)站上采用HTTPS（也稱為基于TLS的HTTP），這讓我們備受鼓舞。

因 此，我們?cè)谶^(guò)去的幾個(gè)月里進(jìn)行了一些測(cè)試，嘗試將網(wǎng)站是否使用安全的加密連接作為我們排名算法中的一個(gè)信號(hào)。我們從中看到了積極的結(jié)果，因此我們將開(kāi)始使 用HTTPS作為一個(gè)排名因素。由于我們需要讓網(wǎng)站站長(zhǎng)有足夠的時(shí)間來(lái)將網(wǎng)站協(xié)議轉(zhuǎn)換為HTTPS，因此目前HTTPS這一排名信號(hào)中所占的權(quán)重非常小， 只會(huì)影響全球范圍內(nèi)不到1%的搜索查詢，而且其權(quán)重會(huì)低于其他排名信號(hào)（例如高品質(zhì)的內(nèi)容）。然而，隨著時(shí)間的推移，其影響范圍可能會(huì)擴(kuò)大，因?yàn)槲覀児膭?lì) 所有的網(wǎng)站所有者將網(wǎng)站協(xié)議從HTTP轉(zhuǎn)換為HTTPS，以確保所有用戶的上網(wǎng)安全。

在未來(lái)的幾周內(nèi)，我們將會(huì)發(fā)布詳細(xì)的不錯(cuò)做法（到時(shí)我們會(huì)在此處添加相關(guān)鏈接），以便大家能夠更輕松地采用TLS，并避免常見(jiàn)錯(cuò)誤。下面介紹一些基本入門提示：

確定您需要的證書(shū)類型：?jiǎn)尉W(wǎng)域證書(shū)、多網(wǎng)域證書(shū)或通配型證書(shū)。

使用2048位密鑰證書(shū)。

對(duì)位于同一安全網(wǎng)域中的資源使用相對(duì)網(wǎng)址。

對(duì)所有其他網(wǎng)域使用協(xié)議相對(duì)網(wǎng)址。

參閱我們關(guān)于網(wǎng)站遷移的文章，了解更多有關(guān)如何更改您的網(wǎng)站地址的準(zhǔn)則。

請(qǐng)勿使用robots.txt阻止抓取您的HTTPS網(wǎng)站。

 盡可能允許通過(guò)搜索引擎對(duì)網(wǎng)頁(yè)編制索引。避免使用Noindex元標(biāo)記。

 

如果您的網(wǎng)站已使用HTTPS，那么您可以使用QualysLab工具來(lái)測(cè)試其安全級(jí)別和配置。如果您有關(guān)于TLS和您的網(wǎng)站性能的疑問(wèn)，請(qǐng)參考“這篇文章”。當(dāng)然，如果您有任何問(wèn)題或疑慮，歡迎您隨時(shí)在我們的網(wǎng)站站長(zhǎng)幫助論壇上發(fā)帖咨詢。

我們希望將來(lái)有更多的網(wǎng)站使用HTTPS。讓我們齊心協(xié)力，打造更安全的網(wǎng)絡(luò)環(huán)境！