Last week, Google announced that HTTPS is now a ranking signal, a change for which Matt Cutts gave his personal endorsement months ago. Although he official announcement indicates that HTTPS is only a “lightweight signal” for now, effects may become stronger in the future. The following are site update considerations to prioritize in the interim:
- Level of implementation effort
- The cost of an SSL certificate
- Effort and cost of maintenance
What Does this Mean for Brands?
For brand leaders, Google’s announcement signals yet another available avenue for getting a leg up on competitors. At The Search Agency, we predict this announcement as a precursor to more expansive future Google initiatives. Thus, staying ahead of this curve by responding actively to Google’s current update will prove beneficial if this change does indeed prove itself as a signal that weighs heavily in terms of ranking factors. Still, more impactful changes currently exist, implementable by way of less effort and lower cost. As Google’s John Mueller indicates, this is not something we need to drop everything and implement right away, so it should be prioritized accordingly among other site updates.
The changes required to transition existing URLs to reflect the HTTPS structure can be overwhelming. However in reality, they are not much different than those necessary for any other site migration. Firstly, E-commerce sites should already be utilizing HTTPS on pages requiring security encryption, such as shopping carts and transactions, so, for those sites, changes may be as simple as extending that same security site-wide. For non-E-commerce sites, once an SSL certificate has been set up and tested (we recommend following SSL best practices to ensure security and to verify your server will be able to hold up under the additional processing requirements), there are a number of steps to take to ensure no value is lost in organic search. Following these practices, switching to HTTPS is reminiscent of most other site migration patterns. Here are some of the high level steps to consider in such a migration:
- 301 redirect all non-HTTPS URLs to HTTPS
- Update all internal linking to point to the correct HTTPS URLs; the easiest way to do this would be to use relative linking across the board, as long as there are no other sources of duplication at the domain level, such as coexisting www and non-www URLs
- Add the HTTPS version of the site to Google Webmaster Tools, if it isn’t already there
- Once Google’s Change of Address tool supports HTTPS migration, use the tool to inform Google of the site move
- Reach out to webmasters of sites with valuable backlinks to your site and request changing the linked URLs from HTTP to HTTPS
Some other things to keep in mind:
Heartbleed – In April, the Heartbleed bug showed the corporate community that even those technologies designed to enhance security can themselves be vulnerable to system breaches. Keep in mind that leak opportunities are still possible, reinforcing the importance of staying up-to-date with any and all security protocol advancements.
Page Speed – Technically speaking the “round-trips” necessary for HTTPS may actually have a slightly negative effect on page speed, creating a slower page load time, which goes against Google’s interests in ranking sites with faster load times. Will Google take this into consideration when factoring in page speed?
Mobile Devices – Especially on older mobile devices, the possibility remains that certain, less common SSL certificate authorities may not be recognized. Therefore, cross-platform testing should be performed to catch any such issues.
Overall, these changes, potential page speed drains aside, stand to boost rankings and better secure both brand and consumer Internet interactions. Implementing HTTPS is a safety precaution that’s well worth the up-front implementation efforts to ensure site security and compliance; a little work, and we’ll all be breathing easier. See? That wasn’t so bad.
- Are App Installs Google’s Next Mobilegeddon Move? - April 30, 2015
- Ready, Aim…wait, Read This: More on Google’s HTTPS Update - August 19, 2014