July 6, 2015 | Sarah Danks
Hyper Text Transfer Protocol Secure: Wave of the Future?
While Google is nearly always hush-hush about telling us specific ranking signals, at times they decide to let marketers into the circle of trust…
…and divulge a secret.
The latest announcement of this kind was this spring when they told us mobile-friendliness was becoming a ranking factor — slated to be larger than Pigeon, Panda and Penguin all added together.
You can imagine that got online marketers all in a tizzy, launching an entire #Mobilegeddon discussion across Twitter and other social media venues.
Well, in the summer of 2014 Google quietly announced that HTTPS would become a slight ranking factor. What’s HTTPS? Well, it’s HTTP…
…with an S on the end.
I like this (somewhat) simple definition:
“HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.”
So, instead of seeing https://thinksem.com you’d see https://thinksem.com. That’s it. Well, not entirely. There’s a lot more — technically speaking — that goes into it.
I’ve read various blog posts, articles and discussions on this topic, but overall it hasn’t gotten nearly the amount of buzz that the mobile-friendly ranking update did.
Why is that?
When Google gives us advice, we should take it. Right?
So why didn’t the HTTPS ranking factor cause a big stir in the online community?
I mean, normally when Google tells us to jump, we pull out the trampoline. So what gives: they point-blank told us HTTPS sites will get a boost in organic search results. Why didn’t the WWW catch fire with the amount of webmasters switching their sites to HTTPS?
It could be due to the technical complexity of making the change — correctly — from HTTP to HTTPS. As mentioned on the Moz blog, webmasters have had to make a decision between the costs, risks and technical application of making the change, vs not reaping the benefits of doing it.
And, in the first few months after Google’s announcement, it did seem many webmasters made the switch from HTTP to the secure form of HTTPS …
…and then after receiving no boost in organic traffic wanted to change back from HTTPS to HTTP!
Not to mention: just adding that one little “S” is a big deal. As in, all your URLs change. Sitewide. Which means you need to have proper 301 redirects in place. Is a POSSIBLE boost in the SERPs worth all the blood, sweat and tears that go into changing an entire domain’s URL structure?
(Okay. So that was a bit dramatic — changing all URLs on a website isn’t that big of a deal IF you’ve done it before, IF you’re well organized and IF you put proper 301 redirects in place. IF.)
Well, Neil Patel’s take on all this in March 2015 gives some contradictory information. One one hand he said for the amount of work put in for the (potential) benefits you could see in the search engines, focus on content instead:
“Changing to HTTPs isn’t going to give you a meteoric rise in the SERPs. The one thing that will move the needle on your rankings is content. If you have to decide between improving security and improving content, go for the content.”
That could be the very reason so many websites haven’t made this huge switch — a change of this magnitude could help a little, yes. But if done incorrectly, it could end up actually hurting you instead. How? Well, if you don’t do your 301 redirects properly your site could suffer from:
- duplicate content (same content living on both HTTP and HTTPS versions)
- internal link confusion (i.e., all internal links still point to HTTP)
- lose all backlink love (all your existing incoming links are pointing to HTTP)
So, there’s that.
Yet, in the next breath Neil tells us:
“Since the original HTTPS algo change was rolled out on August 6, I would advise webmasters to have their new encryption in place by about the same time in 2015.”
So, which is it, Neil?
Besides, isn’t HTTPS just for banks and e-commerce websites anyway?
Not anymore. These days, it’s not just financial institutions and ecomm websites that users want to be secure; it’s content in general. Google’s made no secret about making the user the focus of any webmaster’s efforts — and the (slight) push for the web to go HTTPS follows that vein.
Is “Securageddon” Upon Us?
On the morning of June 17th, 2015, Dr. Pete Meyers said he “woke up to a historically massive temperature spike on MozCast.” Evidently the temp at Moz was so hot (a steamy 101.8°F) it prompted Dr. Pete to delve into the data to find what change could cause such a huge spike to occur in the SERPs.
(PS: for those of you who’re unaware, Mozcast claims to track the “weather” patterns of Google algorithms.)
Upon first glance, the algorithm change seemed to have been related to HTTPS.
“HTTPS URLs on page 1 jumped from 16.9% to 18.4% (a 9.9% day-over-day increase), after trending up for a few days. HTTPS URLs also seem to have gotten a rankings boost – dropping (with “dropping” being a positive thing) from an average of 2.96 to 2.79 in the space of 24 hours.”
Dr. Pete also asked Gary Illyes on Twitter about it; Gary responded:
“…it’s nothing to do with HTTPS AFAIK”
AFAIK = As Far As I Know. Being the cynical and jaded search marketer I am, I take that to mean, “I’m nice enough to respond to a respected member of the community but I’m not telling you jack sh*t.”
Of course, that being said, after Dr. Pete stripped out HTTPS-specific data — including Wikipedia results (they made the switchover from HTTP to HTTPS around the same time), it was found this wasn’t the reason for the change.
Turns out we’re safe from “securageddon” — for now, at any rate.
To HTTPS or NOT To HTTPS…That Is The Question.
If Google’s telling us they consider security to be so important to make HTTPS a ranking factor (however small), that probably means they want everyone to do it.
Plus, according to this source, Gary Illyes (Webmaster Trends Analyst at Google) has said:
“HTTPS is super important and (Google) does have plans to improve it and make it stronger.”
But, as with any monumental decision, we need to make a list. It’s time to weigh the pros and cons of switching a website to HTTPS.
Pros of Switching to HTTPS:
- Could provide “slight” performance improvement in SERPs
- Offers security for your content
- Offers security to readers of content (i.e., no one can see what they’re reading)
- Reassures (potential) visitors that your site can be trusted
- Will be able to see all HTTPS-to-HTTP referrer data
Cons of Switching to HTTPS:
- If not properly configured, could do far more harm than good
- Requires site-wide change of URL structure (and necessity for 301s)
- Cost/hassle of purchasing SSL certificate
- Extra server response time
- Possible need to switch servers to one that supports HSTS
Are the risks — or just the sheer work — of changing from HTTP to HTTPS worth it?
HTTPS: Worth the Switch?
I’d say probably. Let’s forget about performance in SERPs for a minute (I know, it’s really hard to do) and think about what matters: the user.
Will your website benefit from being a trusted source of information? Of course. Will moving to HTTPS create a sense of safety to your users, potential users, etc.? Probably.
As more and more websites make the switch, users will most likely become accustomed to seeing that little iconic padlock before web addresses…
…and if yours doesn’t offer that same sense of security, you could lose out simply for not keeping up with the Joneses. Kind of like how Bing always tries (desperately) to keep up with Google. In fact, Bing is even going to HTTPS — which is (we think) causing some weird anomalies in Google Analytics with referral/organic traffic sourcing.
Long story longer: why should you switch to HTTPS? Because it makes sense for your users; not because you expect a ranking boost in the SERPs.
We’re switching to HTTPS on our next design iteration (coming soon!) — how about you?