Google has taken its obsession with security to a new level by including a preference for sites running SSL in its ranking algorithm. Starting slowly with less than one percent of search results impacted worldwide, Google is boosting rankings slightly for secure HTTPS/SSL sites.
Security is a big concern for Google, and one it pushes often across its array of products and conferences. Search engine optimization has already been affected by Google’s security push in other ways recently, such as the keyword data “not provided” issues that we all see in our web analytics reports. I’ve addressed that topic previously, at “Understanding Google’s Keyword ‘Not Provided’ Data.”
Security is a big concern for Google, and one it pushes often across its array of products and conferences.
With this algorithm update, Google is attempting to lure sites across into adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security) as the default protocol. Google has been running tests for the last several months to determine whether searchers prefer sites using secure, encrypted connections — with positive results.
The HTTPS signals are a minor ranking signal for now, according to Google, “while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
Google’s definition of security is using 2048-bit key certificates, whether you need a single, multi-domain, or wildcard certificate.
HTTPS and Ecommerce Sites
As an ecommerce site, your site is already secure in at least the sections dedicated to log in, account and payment. As a result, the HTTPS change should in theory be easier for most ecommerce sites than it would be for content sites.
Historically the search-engine-optimization community recommended against HTTPS as the primary site protocol based on slower site performance and lower rankings. For the last couple of years, however, Google has treated HTTP and HTTPS the same in rankings, presuming there’s no lag in site performance.
The bottom line is that switching to HTTPS may give your site a small but growing advantage in Google’s rankings. Still, this isn’t a change you need to rush into today. Consider the ramifications of switching entirely to HTTPS before you pull the trigger.
The switch definitely needs to be handled carefully from SEO and development perspective. Switching to HTTPS is a URL change, and any time URLs change — see “SEO: Traffic Changes When URLs Change” — SEO performance is at risk. However, switching to the HTTPS should be relatively easy to implement from an SEO standpoint.
For a detailed guide on how to change URLs with minimal SEO risk, see “SEO: Launching a Redesigned Site.”
SEO Tips on Switching to HTTPS
In a URL switch this seemingly simple, remember to check the following items.
- 301 redirects on HTTPS. Many sites have used 301 redirects to canonicalize the HTTPS to the HTTP. In this URL switch, the reverse will actually be implemented. Make sure to remove the old redirects from HTTPS to HTTP, or you’ll end up with an infinite loop.
- Robots.txt disallows. If your site has disallowed HTTPS URLs in certain sections of the site to block search engines from crawling them, make sure to review those disallows to avoid blocking pages you now want to have crawled. Because robots.txt files are unique to each protocol, domain and subdomain, the robots.txt disallow file you’ll need to check is the one on the HTTPS protocol: https://www.example.com/robots.txt.
- Meta robots noindex tags. Likewise, if certain sections of the site utilize meta robots noindex tags to request that crawlers not index those HTTPS pages, you’ll need to review the noindex commands to ensure they’re still desirable.
- Update Canonical Tags. Now that the canonical version of each URL will be the HTTPS version, canonical tags across the site need to be updated to refer to the HTTPS.
- Update the XML sitemap. Hopefully you have a bit of software that does this automatically, but it’s a good idea to check to ensure that the HTTPS versions of the URLs are listed and not the HTTP versions. Make sure the XML sitemap is also posted on the HTTPS.
- Site speed. The length of time it takes a page to load is still an algorithmic signal as well. HTTPS sites tend to load more slowly, so figure your site’s speed into your plans to change to HTTPS. Check out Google’s Page Speed Insights for some tips on speeding up your site.
- Google Webmaster Tools verification. Each protocol, domain, and subdomain is treated as a separate site in Google Webmaster Tools and needs to be verified separately. For example, all of these URLs would need to be verified separately in Google Webmaster Tools even though they may load the exact same content: https://www.example.com, https://example.com, https://sub.example.com, http://www.example.com, http://example.com, http://sub.example.com. If your site is properly canonicalized you probably need to only monitor the sites that are your canonical sites regularly, but it’s a good idea to have them all verified in case something odd happens.