Back in March 2014, Matt Cutts gave the audience at SMX West a little tip that making a site secure (i.e. using Secure Sockets Layer or SSL encryption) was going to trend in 2014. Matt wanted to ensure that sites that utilize SSL encryption would see a ranking boost within Google, however at the time there were some people at Google that did not agree with him, nor did they want this to happen.
Well, only a couple of weeks ago Google announced that using SSL encryption will give sites a ranking boost within Google’s SERPs. Although away on leave, Matt Cutts did tweet about this new update on the 7th August 2014:
Within the post tweeted; Google has published some clear guidelines on what they expect to see from a site using HTTPS (aka HTTP over Transport Layer Security or TLS). They also confirmed that due to the positive response, they’ve made this a positive signal for ranking websites, however they also state that this is a very “light-weight signal” and will only affect less than 1% of global search queries. The secure signal will apparently carry less weight than other signals such as a website containing high-quality content, but may become a stronger signal in the future. It’s still early days and although Google has given some guidelines on what they want to see from a website, there are a number of other aspects from an SEO perspective to take into account when moving your website from HTTP to HTTPS.
Tips when moving HTTP to HTTPS
Moving your website from HTTP to HTTPS is very much like migrating your website to a new URL structure, or even moving to a brand new domain. Past experience has told us that there’s so much that can go wrong if things aren’t implemented correctly. Google has given some guidelines on moving to HTTPS here and here, and Barry Schwartz over at Search Engine Roundtable covered the topic too. There are also a few other SEO aspects that you should take into consideration before you commit to moving your website to HTTPS. Firstly, you need to choose the right level of certification (i.e. 2,048 bit certificate) from an accredited/trusted provider. Once you’ve completed this step, there are a few other SEO considerations that will be important to migrating successfully:
- Ensure all your internal links point to the new HTTPS URLs.
- Ensure any external links and new social shares point to the new HTTPS URLs, if you’re still getting links to the old HTTP version of your website Google can become confused and you won’t see the benefit that these new links have the potential to pass on to your website structure. Google won’t be able to decipher which is the most authoritative page that deserves a higher ranking.
- Ensure that all rel=canonical tags within your HTML don’t point to the old HTTP version. Once you move over to HTTPS these tags must be changed to the new HTTPS URLs, as this helps Googlebot understand which version of the page should be used to rank. Again, if you still point to the HTTP version then Google will once again become confused over what page should be ranking in the SERPs.
- Ensure that you’ve mapped out the new HTTPS URLs on a page-to-page level – you basically want an exact duplicate URL structure the only thing that is changing is that ‘http://’ will become ‘https://’.
- Once you’ve got these in place you then want to implement a permanent 301 redirect on a page level. Do not 301 redirect everything (either via global or via a wild card redirect) to the home page as this will kill all your rankings overnight.
- Finally, you need to watch your Webmaster Tools account post go live and monitor for any issues Google may be having with your new HTTPS website.
Following these points will ensure that your website has the best chance of maintaining its current rankings. The reason why I say best chance is because with Google, any major change to a website, even if done correctly, can still result in either short term or long term ranking drop or fluctuation. This could be from just a small drop in one or two places for a few days to some major drops that could last for weeks or even months. Rectifying any problematic change to a website can take time to recuperate, especially with Google’s re-crawl and re-indexation rates. Here’s an example of a website that recently underwent a URL migration mid-2013, and then a domain migration in early2014 of which the above recommendations were not followed (N.B. this was a standard migration and not a HTTP to HTTPS migration, however the move is essentially the same and as you can see, this particular website hasn’t yet fully recovered):
It’s important to time a site migration correctly. When switching to HTTPS you should choose a quiet period – there’s bound to be some fluctuation in search rankings and any errors will be punished mercilessly. You don’t want this to come during peak.
If Christmas is a busy time of year for you, hold off on this change until the New Year. That way if any major mistake is made, or if Google takes a while to update things, it won’t affect your revenue stream from Google as much. This also gives you a little bit more time if something does go wrong and you need to fix things, whilst you wait for Google to re-index and rank the HTTPS URLs.
It’s worth bearing in mind, though, that much like time Google waits for no man. ‘Mobilegeddon’ came in April, which is arguably the quietest time for most retailers, travel agents, banks and so on, but should Google suggest that sites still using HTTP will be downgraded on the 1st December there will be a similar level of hysteria.
Reasons NOT to move to HTTPS
Up to this point HTTPS has been a “lightweight” ranking signal – the boost given to sites that make the switch is all but negated by the link equity lost through 301 redirects from HTTP to HTTPS. A recent study conducted by Searchmetrics suggested that there was no advantage to switching at this point. Migrating often isn’t high on the list of priorities as a result.
If you’re an SEO and you’re recommending against going HTTPS, you’re wrong and you should feel bad.
— Gary Illyes (@methode) August 18, 2015
Making the switch to HTTPS is a bad idea if you believe your site may be suffering from Panda, Penguin or a manual action for unnatural links.
If you make this move whilst under a manual or algorithmic penalty, it may cause Google to think that you’re trying to escape the penalty and they may lose even more trust with your website making things even harder to recover from. It’s vital that you fix any existing issue Google is having with your website first, whether it be a links based (Penguin) or content based (Panda) issue and then make the move over to HTTPS.
Finally, if you think that moving your website to HTTPS is going to fix any existing issues or is going to happen without any difficulty…think again. You are changing every single URL on your website, so you have to be very careful to get things right to avoid damaging your rankings. With regards to any existing issues or penalties, Google will eventually figure things out and pass on the existing penalty to your new URL structure.
Penalties can’t be avoided by switching URLs. Above buyyourcar.co.uk is affected by Panda and switches to the new carsite.co.uk domain using 301 redirects, topping search results for only a couple of weeks before the Panda issues are transferred through the redirects. There was no Panda refresh at this time – the algorithm does not have to update to cause problems – and Google has lost all trust in the website, so switching to the new autovillage.co.uk domain does not provide a ranking boost this time.
The important thing to remember is to treat the migration from HTTP to HTTPS as important as a URL or domain migration – if done wrong it can have a detrimental effect on your organic visibility within Google. It’s also important to bear in mind the signals your website is sending to Google. If any signals around your HTTP URLs remain, or are created in the future, this can cause Google to become confused and they may rank the wrong page. Help Googlebot to find the new HTTPS pages on your website by keeping things simple; any confusing signals can take Google a long time to figure out and update things in its SERPs.
Finally, do expect some ranking issues -as mentioned earlier, even when done right, a site can hit some ranking turbulence while Google works out the change. Following these recommendations will give your website the best chance of holding its current position.
It’s important to bear in mind that despite the inherent risks, it’s likely that Google will at some point make HTTPS all but mandatory as it dials up its weight as a ranking signal.
In the HTTPS as a ranking signal blog post Gary Illyes and Zineb Ait Bahajji stated that “for now it’s only a very lightweight signal – affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content – while we give webmasters time to switch to HTTPS.”
The announcement was made in August 2014 after tests for “the past few months”. Google is not a company to rest on its laurels, so it’s likely that the announcement that HTTPS is being strengthened as a ranking factor could come in the not too distant future.
HTTPS as a ranking signal has echoes of the mobile-friendly update: it’s not often that Google chooses to announce ranking signals, but with both mobile-friendly and HTTPS it is attempting to give notice before it effects the change.
Neither migrating an entire site to HTTPS nor launching a new mobile site are small changes – both require business cases and buy-in. Though the returns may be small now, in the future that might not be the case.