It’s been a month since Google announced that it’ll be using HTTPS as a ranking factor to encourage site owners to keep their readers safe on the web by adding a layer of security to their websites. Although the boost delivered by the HTTPS ranking factor is lightweight compared to other ranking signals (such as providing your audience with high-quality content), many website owners are worried that they might get pushed down the Google search results if they don’t make the switch.
If you are considering moving your site to the HTTPS protocol, make sure that you do your research well and understand what it means. If you are not very familiar with HTTPS, here are some things you need to know:
What is HTTPS?
HTTPS, or “HyperText Transfer Protocol Secure,” is basically the standard way of communicating on the web, but layered with the security capabilities of SSL/TLS protocol. With HTTPS, the data exchanged between your browser and the web server is encrypted, which prevents it from being intercepted and modified or corrupted during transfer. Because the data is authenticated, users can be sure that they are communicating with the right site and are protected from any attacks.
Why switch to HTTPS?
- Security. The main reason that people move their site to HTTPS is for improved security. On a standard HTTP site, data transfer is in plain text, making it easy for eavesdroppers to steal the information. In the case of HTTPS, communication is encrypted so information is protected from being intercepted and tampered with by man-in-the middle attackers.
- Compliance. For websites that handle credit card information, website security via HTTPS can be used as a way to comply with Payment Card Industry Data Security Standard.
- Trust and Reputation. Many users prefer HTTPS sites when making online purchases. The padlock icon in browsers helps websites gain its users’ trust. Having a good reputation as a trusted and secure site increases sales and conversions.
But before you switch…
…there are a few things you need to know.
- SSL certificates cost money. The price range and features that come with the SSL certificate vary depending upon the vendor. It could mean an additional $500 or more annually on top of the cost of your website hosting. Before purchasing, make sure to check the providers’ reputation and compare prices and features so you’ll be sure to get the best deal.
- SSL certificate requires a dedicated IP address. If your site is on a shared IP, you need to check if your server supports SNI to be able to use your SSL certificate.
- Switching to HTTPScan slowdown your website. Because of the additional server processes needed to encrypt and decrypt information, your website will run slower in HTTPS — especially if you have a lot of transactional activity on your website.
- If you use WordPress, some plugins may not work properly in the HTTPS version of your site. Make sure to check all your external plugins to make sure that they will still work when you make the switch.
- Technically, the HTTPS version of your site is a new site to the Googlebot, so any social signals that you’ve accrued for your HTTP site will be lost once you switch to HTTPS.
Partial HTTPS vs site-wide HTTPS
For some, rather than not having any security at all, they opt to only implement the HTTPS protocol on pages that handle payment transactions, logins or collection of personal information. This is better, but one drawback is that session ids and cookies are not protected and can be intercepted during switches between HTTPS and HTTP pages. Attacks can also happen on the unsecured pages of the site that can lead users to go to a phony submission form instead of the intended page.
Deciding to do partial implementation can be complicated, so it is important that you thoroughly check your site implementation to avoid any slips that can lead to interception of data.
HTTPS as a ranking signal
As mentioned earlier, for now the new Google SSL/HTTPS ranking signal offers only a small boost to a website’s ranking. Over time it may eventually become stronger, but don’t rush into switching for the sake of ranking.
If your concern is your keyword ranking, concentrating on high-quality content is still the best practice. But if you are already in the process of adding security to your site then this could be the best time to do so because you may get an additional little boost. In any case, make sure that you learn as much as you can about HTTPS and what type of implementation would work best for your website. SEO Power Suite recently published a full guide on common questions and tips on HTTPS. This can help you understand what it means to make the switch. This article from Search Engine Land will help you better understand how the new Google SSL/HTTPS ranking factor works.