While HTTP was created in 1990 it was only a few years later that https came along in 1994, and it wasn’t heavily used by many websites initially. Over the years many eCommerce businesses adopted this protocol but mainly for checkout pages. Many of the blogs at the time and over the next 20 odd years for didn’t adopt the secure version – why would they need to. These sites weren’t taking peoples credit card details or PPI info so there was very little benefit to them investing in going secure.
Removing the data
Then Google made a major change in the fall of 2013 when they made search secure and stopped passing keyword data into analytics and other platforms. I can still remember the day the switch happened, at the time I was the Head of SEO and PPC and Ebuyer and over night we went from having vasts amount of keyword data to virtually zero. Bing and Yahoo still pass the data into GA but the majority of sites these search engines represent such a small amount of traffic that the data is useless.
Google still gives you this data into Search Console but you can’t match this back to conversions or other business KPIs.
While this was a major blow to data geeks like myself, this didn’t get many webmaster switching to fully secure sites.
Then Google made another big announcement a few months later in August 2014 when it said it would start giving a rankings boost to going secure. At first they claimed if two sites of equal waiting and all other ranking factors we’re the same then the secure site would rank above the non secure site.
As many webmasters care deeply about their Google rankings as it usually their biggest source of traffic many started switching immediately, Google claims now that https is slightly more important than before – but still a very small signal. Even as recent as April this year Google said that they wouldn’t be increasing the boost of HTTPS, more info can be found on SERoundTable.
Google says jumps and webmaster start
In my opinion, it is a very small signal but because the majority of large sites have moved to secure Google got its way. Its kind of similar to when Google said about “Mobilegeddon” and that sites would lose their mobile rankings – every body switched which is kind of similar to this – Google says what it wants an the majority of webmaster jumps.
Google final push
The final announcement made by Google is coming soon and isn’t an SEO issue but more UX. This time it doesn’t affect Google but Chrome. So this won’t just affect SEO traffic but ALL traffic. Google is going to be warning users in the address bar if the site isn’t secure – read this full article on Forbes for more details.
This is a game changer, the average user doesn’t realise that a site needs to be fully secure, they only care about that their bank details etc are secure and till know this has been enough to get a user to convert. The average user will see a warning about a site not being secure and bounce off quicker than Arsenal fans are for shouting Wenger Out.
Google hasn’t been warning users about this issue for a few months now but its awful close and if this rolls out before Christmas could mean the difference between a great xmas sales and bad sales period.
There are going to be two cases when deciding when to move to https.
1. A Brand new site
This is simple, make the site secure from the scratch. It’s now easier than ever to get a HTTPs certificate and most hosting companies now offer them for free.
2. An existing site which needs to switch
This is the biggest issue – especially for large established sites can be a lot of work and the risks are huge, mess it up and you can lose all your Organic traffic – this could be the end of your business. In my experience its not much difference it much different from moving domain name. While we have covered this in more detail in this blog post moving domain name – what to consider, I will cover in brief here what to do.
- Change all your internal links point to the new HTTPS URLs (use a tool like Screaming Frog to crawl your site to make sure you haven’t missed any).
- Change any external links and new social shares point to the new HTTPS URLs, Old non secure urls will cause Google confusion
- Check that all rel=canonical tags within your HTML don’t point to the old HTTP version. Once you move over to HTTPS these tags must be changed to the new HTTPS URLs, as this helps Googlebot understand which version of the page should be used to rank. If you don’t change these you are giving conflicting messages to Google and again will potentially lose your rankings.
- Do a page to page level url map. You basically want an exact duplicate URL structure the only thing that is changing is that ‘http://’ will become ‘https://’.
- Page by Page 301 redirect – don’t redirect everything to your homepage, again you will lose all your internal page rankings.
- Finally, you need to watch your Webmaster Tools account post go live and monitor for any issues Google may be having with your new HTTPS website.
While this is will offer you the best chance to keep your rankings (in my experience expect to lose these for 3 months while Google rediscovers your site) if you do make any mistakes it can be a long time before you recover your rankings.
Once done this isn’t the end – you need to do checks to make sure everything has gone as smoothly as possible.
Crawl your site, you can pick your tool of choice but crawl your website – we have covered crawling many times and reviewed many of the platforms so we wont cover here what tool to use – the important thing is you need to be crawling your site looking for http internal links.
Server Logs Analysis again we have covered this many times, but you need to be analysing your logs to see if Google is still accessing http links or generating 404 errors.
Gary from Google makes it clear you should be moving to https – there it is, direct from the horses mouth.
If you’re an SEO and you’re recommending against going HTTPS, you’re wrong and you should feel bad.
— Gary “鯨理” Illyes (@methode) 18 August 2015
Some stats for you (As of June 2017):
- 21.7% of Alexa top 1,000,000 websites use HTTPS as default
- 43.1% of the Internet’s 141,387 most popular websites have a secure implementation of HTTPS
- 45% of page loads (measured by Firefox Telemetry) use HTTPS
- According to Mozilla since January 2017 more than half of the Web traffic is encrypted
Now is the time to move to https – just make sure you have a detail and thought out plan as you don’t want to lose your rankings and kill your business. The downside is Google is making the changes in Chrome in October of this year.
That’s the big issue – do you offer a bad user experience to chrome users and potentially lose them because of the warnings or do you make the switch keep your chrome users happy but potentially lose your rankings over the busiest time of the year.
You will need to get into the data and do the maths – which one will hurt you the least – the one thing you can’t afford to do is do nothing. Your competitors aren’t sitting and hoping this passes by. Google and Chrome will be making these changes, you just need to make a decision and create a plan.
If you are worried and would like our advice, drop us a quick email or use our contact form. For a short period of time I am willing to give you feedback on what I think is the best option for your specific site.
I am the Managing Director of Indago Media and have been in Digital Marketing since 2009. Initially in-house working for some of the UK’s biggest brands, but now I run my own agency helping small business grow.