Google announced back in August that sites secured with HTTPS will get a boost in search rankings - a secured site would gain a small benef...
Google announced back in August that sites secured with HTTPS will get a boost in search rankings - a secured site would gain a small benefit as opposed to a similar site without HTTPS security. We took a look at how exactly did this new ranking factor work, but like any other Google search ranking factor, it isn't very transparent. Instead, we came across some potential problems during implementation. So we ask again: is implementing HTTPS really a good idea, and is the ranking boost really worth the time and effort?
HTTPS implementation isn't straightforward. There were some problems with change of address tool, and some security certificate errors. The problems began as webmasters started overestimating the usefulness of this ranking boost, and rushed to implement security. Incorrect implementation resulted in ranking loss. For such webmasters who have had problems, here's a brief overview;
What is HTTPS?
HTTPS is a form of encrypted website traffic that does a lot to make a site more secure. This is most important when using public networks (open/public WiFi connections). Malicious users connected to the same networks can track the data you send and receive, see what sites you're on, and even what you type in there.
HTTPS connections encrypt the data you send and receive. The middle-man can still access your data, but can only see the encrypted form, which is next to useless. HTTPS also works as a form of verification to prevent possible phishing attacks. If someone were to create a perfect duplicate of your website, you and your users will have a quick and easy indicator in HTTPS. The phishing site isn't going to use a secure connection, since they won’t be issued the certificate.
Why Use HTTPS?
- When an HTTPS site links to your HTTP site, traffic from that link is listed as direct traffic because the unsecure connection strips referral data from the traffic. If your site runs HTTPS as well, you maintain that referral traffic.
- HTTPS is a minor ranking signal in the Google algorithm. But heed the word minor, because it probably won't effect your rankings at all. And probably modestly at best.
- HTTPS also has a benefit to security and user comfort. When a user knows their data is secure, they’re going to trust your site a little more.
Implementing HTTPS
From a website owner’s perspective, implementing HTTPS is a complex prospect. The exact process depends on the server architecture you’re using, and you will need to purchase – that’s right, purchase – an SSL certificate. Certificates are only issued by certain authorities, which helps keep them secure. After all, if anyone could just make up and issue a security certificate, it wouldn’t be secure at all. Here are some concerns while setting up HTTPS;
- Does your site sit on one domain or on multiple domains? A site using multiple domains will need a multiple domain certificate, which will be more expensive. This also applies to website owners who want to secure several different sites hosted on the same server.
- Does your site use subdomains? You can purchase a wildcard certificate, which will allow you to cover each subdomain under the main domain’s security.
- Are you going to secure the entire website or just a few critical pages? Pretty much every site that uses an online storefront will be using SSL for, at the very least, their purchase pages. If you have user accounts or logins of any type, you should have SSL on those pages.
Google telling webmasters that SSL is a valid ranking factor is a drive to push webmasters into implementing site-wide HTTPS connections, even if the benefit they would receive is nearly negligible. According to a survey by Moz, nearly a quarter of all webmasters have plans to implement SSL. Of the rest, only 17% were already running SSL, with the rest staying in their current configuration.
Should you implement HTTPS?
Google’s urging to use HTTPS is, unfortunately, overshadowed by the issues involved with implementing such security on a site that doesn’t strictly need it.
- It’s hard to know which certificates you need for your site, between a single, multiple domain or wildcard option.
- It’s easy to opt for less secure certificates and provide questionable value to your users.
- You will need to redirect or change links internally.
- HTTPS requires security handshakes, which can slow down your site.
- HTTPS can restrict the CDNs you use to host scripts and content off-site.
- SSL certificates are not cheap for small businesses.
- You essentially need to migrate your site to a new secure URL, with all of the danger that entails.
It’s this last issue that causes the most problems. When you migrate to a new URL, even if every page is a 1:1 redirect and everything is done by the book, you still lose some of your PageRank and domain authority. Remember, a www.example.com URL and a http://www.example.com URL is a functionally different site according to Google. A https://www.example.com URL is yet another variation, and thus yet another different site.
Migrating your site runs the risk of losing your site ranking due to the migration, even if it’s just a basic security update. One would think that the potency of the search ranking factor might be calculated to balance this loss, but it’s not.
In essence, you should only implement HTTPS on your site if you’re in a position where user data and user trust are important. Otherwise, the potential loss of ranking from migrating, coupled with the hassle and expense of setting up security, is going to be more than enough to outweigh the benefits of a secure connection.
COMMENTS