Ever since Google made the announcement that HTTPS is a ranking signal, there has been a lot of discussion around whether that extra ‘s’ is really worth the hassle.
There are clear benefits to obtaining that sought-after green padlock, but there is also a lot of nervousness around actually making the switch.
The apprehension is understandable; as with any big change to a website, mistakes have the potential to be extremely costly – both to the user experience and to search visibility. Any risk of a drop in rankings has SEOs quivering in their boots.
However, this is not reason enough to avoid the change. There has been an almighty push towards creating a more secure web. There is a pressure for website owners to take responsibility for the security of their sites; those who do will be duly rewarded by Google.
What does HTTPS actually mean?
HTTPS stands for Hypertext Transfer Protocol Secure; not that this will help you understand it any more than you did a few seconds ago.
As Google explains, HTTPS “protects the integrity and confidentiality of data between the user’s computer and site.” This involves three layers of protection: encryption (goodbye eavesdroppers), data integrity (goodbye corrupt data) and authentication (goodbye attacks).
In short, HTTPS is essential for ensuring a safe and secure experience for users of a website. This is of paramount importance in an age where internet security is coming under increasing threats from all angles.
Having said all that, it is worth mentioning that HTTPS does not make your site an impenetrable fortress. Even with the best security in the world, a site can still come under attack.
That’s just an unfortunate reality of our digital age – look at the recent ransomware attacks across the globe. Nevertheless, HTTPS sure does help.
Benefits of HTTPS
First and foremost from an SEO perspective, Google considers site security to be a ranking signal and will favour websites with HTTPS. Although it is currently only a ‘lightweight’ ranking signal and will therefore only affect a very small number of search queries, we expect this to evolve.
Much like the shift towards mobile-friendly websites, which started gaining momentum and then suddenly slapped us in the face with the (albeit underwhelming) #mobilegeddon and mobile-first indexing, it is only a matter of time before secure sites become more of a priority. In addition, we love the theory of marginal gains so every little helps!
The effectiveness of a move to HTTPS will likely be determined by the type of website. For example, ecommerce sites will certainly benefit the most from a switch to HTTPS. Where payment or the exchange of sensitive data is involved, security becomes critical.
Migrating to HTTPS may not yet be as important as high quality content or link-building prowess but it would be foolish to dismiss its importance on these grounds.
There are further benefits, too, in the realm of user experience; visitors will be more trusting of your website and confident in its ability to provide a safe browsing experience for them. Plus, let’s not forget the peace of mind it will bring you knowing that your site is protected with that little ‘s’.
Concerns with HTTPS
But – and there’s always a but. Just the thought of migrating from HTTP to HTTPS is enough to strike fear into those responsible for the move. What if I accidentally block important URLs in robots.txt? What if it slows the speed of my site? What if my web applications aren’t compatible with HTTPS? What if I mess up the redirects and canonical tags? What if the rankings of my site plummet, never to return? What if my website just DISAPPEARS off the face of the digital ecosystem?
These are (mostly) legitimate concerns but they should not stop you. Here at Yellowball, we recently decided to make the move.
We had similar concerns, especially that we might see an initial drop in rankings and weren’t sure how long this would last. But alas, we made sure that those responsible for the move knew exactly what they were doing and we followed the best practices (getting to these shortly).
So, did anything terrible happen? We have seen a slight drop in rankings but these are already climbing back to normal and we expect to see an overall improvement in the long run. So no, nothing bad happened and now we can all relax in the knowledge that the big move is done.
HTTPS migration checklist
Mistakes can be made during a migration, so it’s important that you do your research and ensure the process is handled correctly. If you follow this step-by-step checklist and enlist the help of someone who knows their stuff, you’ll be just fine.
- Obtain a security certificate (usually referred to as an SSL certificate). Ensure you choose a high-level security option: Google recommends a 2018-bit key. You can get these certificates from a certificate authority but we recommend buying one from your hosting company, as they will usually help you install it.
- Set up redirects to ensure that all of your old HTTP pages redirect to the new HTTPS pages. There may only be one tiny difference of an ‘s’ but this still makes the URLs completely separate. Create a URL map that lists all of the old URLs with their corresponding new ones. If you have been wanting to make any tweaks to your URL structure for a little while then now is the opportune time to do it. Be sure to use permanent 301 redirects (rather than temporary 302 redirects).
- Update internal links so that these all point directly to the new HTTPS pages, rather than having to redirect.
- Update all other resources including images, downloads and other scripts, as these will all need to point to the correct HTTPS locations too.
- Avoid blocking your HTTPS site from crawling using robots.txt and avoid the ‘noindex’ tag.
- Reindex your site via Google Search Console and submit your new sitemap. Note that you will have to create a new property, due to the different URL. You cannot just submit to the old property and expect it to work.
- Test all is working correctly using this SSL Server test. If there are any technical issues then get in touch with your host or a developer to resolve problems quickly.
This is not a comprehensive list so it is worth enlisting the help of an expert. Remember that you can check the data in your Google Search Console to find out whether there are any URL or crawl errors.
All in all, it is clear to us that the benefits of migrating to HTTPS outweigh the potential pitfalls. Having a secure site will only become increasingly important and there’s every possibility that we will eventually face the HTTPS equivalent of mobilegeddon (securigeddon?).
Having said that, there are times where making the move may not be necessary. For example, if you run a personal blog, get only a small number of website visitors and don’t expect this to increase dramatically in the new few years.
However, if you are expecting to see a rise in traffic, or if you already see high volumes of traffic then our advice is to make the switch.
In short, Google says so. So do it.