Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!


Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 




From the folks who brought you High Rankings!

- - - - -

Ssl & Ip Addresses

  • Please log in to reply
5 replies to this topic

#1 ep2012


    HR 1

  • Members
  • Pip
  • 6 posts
  • Location:North Las Vegas

Posted 08 October 2014 - 03:54 PM

Is it true that Google is forcing us to get a dedicated IP address along with the SSL?

My gawd, now my hosting expensive will increase by almost 50% : (


#2 chrishirst


    A not so moderate moderator.

  • Moderator
  • 7,718 posts
  • Location:Blackpool UK

Posted 09 October 2014 - 08:19 AM


Is it true that Google is forcing us to get a dedicated IP address along with the SSL?


Google is NOT forcing ANYTHING AT ALL.


What you have probably read is some CLUELESS [insert expletive] IDIOT spouting gibberish about something they have no idea about.

#3 torka


    Vintage Babe

  • Moderator
  • 4,825 posts
  • Location:Triangle area, NC, USA, Earth (usually)

Posted 09 October 2014 - 09:56 AM

You don't need to convert to SSL. I haven't converted any of my sites and don't plan to do so any time soon.


It's generally recommended to have a dedicated IP address for each certificate/domain, but since moving to SSL is not necessary (at least, not at this point and probably not any time in the foreseeable future), there's no need to panic, or to incur the additional cost.


--Torka :oldfogey:

#4 ep2012


    HR 1

  • Members
  • Pip
  • 6 posts
  • Location:North Las Vegas

Posted 09 October 2014 - 04:48 PM

This is gibberish???


#5 torka


    Vintage Babe

  • Moderator
  • 4,825 posts
  • Location:Triangle area, NC, USA, Earth (usually)

Posted 10 October 2014 - 09:53 AM

DId you see this part:



For now it's only a very lightweight signal — affecting fewer than 1% of global queries


The "gibberish" is all the so-called "SEO gurus" who are running around like their hair is on fire declaring that each and every website must convert to SSL TODAY or their rankings will be ruined! Ruined, I say!




There are lots and lots of other things you have to have 100% nailed, and you have to be in an extremely competitive space working against competitors who also have all the basics 100% nailed, and you have to be in an environment where the perception of greater security is important (I say "perception of greater security" because SSL isn't really the panacea some people seem to think it is), before you're even in the shadow of potentially being in danger of possibly at some point needing this "lightweight" signal that might not make a perceptible difference in your rankings anyway.


I stand by what I said. Google is not forcing anyone to migrate to SSL. It is not necessary now, it will not be necessary in the near future and it may turn out that it is never so. This would not be the first time that Google has hinted at a "ranking signal" that eventually turned out to be a big nothing. If you choose to panic and start paying much higher hosting fees to comply with a "ranking signal" that almost certainly doesn't affect your site today and may not ever have any effect on your site, that's your choice, of course. Personally, I choose not.


My :02:


--Torka :oldfogey:

Edited by torka, 10 October 2014 - 09:55 AM.

#6 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,325 posts
  • Location:Georgia

Posted 10 October 2014 - 05:10 PM

What is true about the HTTPS protocol is that the security certificate must be tied to an IP address.  The way Web browsers are coded is that they look for a "trusted third party" that issues the certificate; if the certificate is self-hosted or provided by a company the browser vendors don't trust, the user will see a warning.


Some of the content delivery providers are now offering blanket SSL coverage to their customers.  The way this works is that you allow them to replace your domain name data in the DNS system with their own IP address for your domain; they encrypt their servers and serve your domain via HTTPS.  But your Website must still be hosted somewhere and so the traffic between their server and your server remains unencrypted.


Hackers are not likely to try to "sniff" your private data when you connect to a Website (whether your own or someone else's) so the benefit of using HTTPS is largely overrated.


However, if a hacker DID want to tap into your HTTPS connection he would most likely do it with an HTTPS proxy server (this is one of several types of so-called "man in the middle" attacks).  His proxy server would manage the secure connection with your computer and it would start another secure connection with whatever computer you want to connect to.  This way all your data is decrypted safely on the proxy server and the hacker can save it in that format.


Google fell prey to such an attack in August 2014 in China (millions of users' credentials were stolen).


Anyone with a programmable smart phone can walk into a public WiFi hotspot like a coffee shop or a restaurant and set up an HTTPS proxy server that uses a name similar to the local hotspot's name.  They can grab all the overflow or fringe traffic that cannot get to the hotspot.


It is also possible to create an "envelope" around a router consisting of other routers that broadcast the same information as the authoritative router.  All traffic will hit the envelope first and can then be redirected to other destinations.  The authoritative router may never see any traffic (or it may see copies of traffic that the envelope decides to send through based on filtering criteria).


Should you switch your site to HTTPS?  Since most if not all ecommerce sites use it then it may be a good idea to do that for a new ecommerce site.  Consumers have been misled to believe that their data will be safe on an HTTPS Website.  In fact, the hackers exploit whatever vulnerabilities they can find in the Web software to hack into those sites and get into their databases.


The vast majority of consumer data that is stolen from the Internet is taken from breeched databases, not from insecure connections.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

We are now a read-only forum.
No new posts or registrations allowed.