What to Know About HTTPs Protocol for SEO

On August 6th, 2014  Google announced that HTTPs Protocol  is going to be used as a ranking signal.

While this is a reason to pay attention to securing your website, it’s a small ranking signal only affecting fewer than 1% of search queries globally. So, don’t make this transition strictly for better rankings. You’ll likely be disappointed with the results. If you make this move, it should be because you are committed to securing you site’s content and your visitor’s privacy.

The slight ranking boost is an incentive from Google to prevent security breaches. Google called for “HTTPS Everywhere” at Google I/O 2014.

With this incentive came a predictable flood of websites plunging into HTTPs security. In this post I want to help ensure that SEO best practices are being observed during your transition, otherwise, what was supposed to give you a small ranking boost could actually do harm to your SEO efforts.


Don’t be fooled, secure for the right reasons.

Are You Moving to HTTPs for the Right Reasons?

Making the move to HTTPs will incur further costs both immediately and annually especially depending on what SSL certificate you decide to use. For many businesses a standard SSL certificate will work great to encrypt their websites.

But, are you changing your website protocol for the right reasons?

The best reason for encrypting your website is to improve security. An SSL encryption will protect any information sent to you by visitors via your website. It will also secure your website’s files, content, and content management system dashboard.

Another benefit of encrypting with SSL is that visitors are used to seeing it on big sites that they trust, like Google, Twitter and Amazon. This is just another way of confirming to your visitors that your website is legitimate and the content on it can be trusted.

Think of Google’s ranking signal as an added benefit, not the core reason to make the change.

Picking the Right SSL Certificate for Your Business

To move to a HTTPs connection you must first purchase an SSL certificate.

Choosing a SSL certificate for your business can be difficult and depending on your website hosting company. You may also be required to upgrade to a dedicated IP address. This can create an additional cost, but the upgrade to the dedicated IP address will also compliment your SEO efforts. If you’re serious about your website, the additional cost is worth it.

Example of extended validation from PayPal.com

Example of extended validation from PayPal.com

SSL certificates range in price from $49.99-$489.00/yr. That higher end is reserved for an extended validation (EV) certificate.

EV will give you an extra markup in your address bar for your website. It will also normally carry pretty high insurance if the encryption is every hacked. Though this is a very small probability for small websites, shop for your certificates thoughtfully, making sure the insurance and validation you want is featured.

A suggestion we make to our clients interested in switching to SSL is to first look into the options your web host and domain registrar offer to keep your annual renewals in fewer places. This leaves less of a chance that the renewal lapses and you have an unsecured website for a time.

Are Their Any Detriments to Using a HTTPs Protocol Instead of HTTP?

In short, yes, but they are too minimal to outweigh the advantages of using a HTTPs connection.

The two detriments of an HTTPs protocol on the website are the added annual cost of the SSL certificate (depending on the one you choose this can be more costly) and a minimal decrease in page speed.

Neither is a reason not to encrypt you website with HTTPs protocol. Their are just items to be aware of as an SSL certificate is one more thing to renew every year, and if you already have a poor page speed, it will likely increase a little more when encrypting, but again, this is very minimal.

spdy-protocol-from-google The latency of a HTTPs connection, which is what causes the slight increase in page speed, is being improved using SPDY.

Google is working on SPDY, which is a browser side improvement meant to retrieve web pages faster, reducing the page speed further. Using the encryption and compressed information that HTTP doesn’t contain we may actually see HTTPs versions of websites load faster because of SPDY.

Again the page speed is a minor detriment when considering moving to HTTPs.

What to Know About Implementation for SEO

When implementing your SSL there are 3 considerations to make for search engine optimization. Most of these are pretty basic knowledge for an SEO, but are good reminders to anyone implementing HTTPs because taking the extra steps past just configuration will avoid any potential snafus in your search engine rankings.

The two biggest potential issues with HTTPs and SEO is 1) having duplicate versions(both http and https) in Google’s which creates URL-based duplicate content and 2) losing site authority because your pages aren’t redirected or updated from one protocol to the other for the same page.

define-your-https-configurationDefined Configuration

Once you have your SSL certificate installed and working you will have both a http version of the site and an https version. There are a number of ways to configure a website to use HTTPs. You can encrypt the whole website (which is what Google prefers), you can encrypt just portions of your site or just specific pages like on eCommerce websites.

My suggestion is to fully implement your HTTPs across your entire site for the maximum value for search engine rankings and visitor trust. Make sure when doing your implementation you test pages protocol thoroughly. Though the testing will also depend on being redirected properly and making sure your links have been updated to HTTPs.

redirect-https-to-http-confused-yetProperly Redirected to HTTPs

This is where we most commonly see issues with websites. Often they don’t fully implement their HTTPs encryption because they fail to redirect their HTTP version to HTTPs.

If you fail to redirect the HTTP URL’s properly to the HTTPs URLs, you might as well not have your site encrypted.

For most Linux based web hosting you should be able to configure your redirects in your .htaccess. If your site is on WordPress, my suggestion is avoid installing a plugin for implementing the redirect; it will be worth the time and investment to have your implementation hard coded on your website.

If for any reason the HTTPs plugin is deactivate, this will cause issues because you will no longer be encrypted.

Properly redirecting your HTTP open connection to HTTPs will avoid any loss of link authority and will help direct Google’s crawl bots to index only one version of the website.

You may see two versions in Google’s index for a short time when making the transition to HTTPs but do not be concerned if you have your redirects in place. Google will take a little time to make these associations and drop the old HTTP pages from the index.

.htaccess code for Site Wide Redirects from HTTP to HTTPs

Below is a small bit of code that will work on a Linux (apache) server for redirecting your website entirely to the HTTPs version. This is a preferred and a very concise way to redirect your website with ease.

Non-WWW Version
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
WWW Preferred version
RewriteEngine on
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

UPDATED: Thanks to Jon Hannah at Verticlswitch.com for the WWW preferred version.

Updating Internal Links to HTTPs

almost-threre-update-internal-links-to-httpsAfter implementing your configuration, properly testing it and establishing your redirects from your HTTP version to HTTPs make sure to update your internal links, scripts, and anything else that might still be pointing at the old, unsecured HTTP version.

My suggestion to do this most efficiently is to update your content in your website’s at the database level with the new protocol as well as any coded references in your  website files. This will save loads of time, that otherwise would be spent chasing links page by page.

If you are unfamiliar with this you should consult a professional to help. Both databases and website files can be sensitive and mistakes can be easily made.

The Bottom Line

There are obviously legitimate advantages of moving to HTTPs beyond what Google has confirmed they will provide (a slight ranking boost). Make the right decision when moving to a HTTPs connection and take the time to do the implementation correctly. Without making all the needed adjustments your SEO campaign will suffer and you will not be receiving the maximum value out of your new security features.