By ProBlogger SEO expert Jim Stewart ofBloggersSEO.
You’ve no doubt seen the subject of HTTPS in the media recently – the importance of applying it to your blogging website in order to preserve your Google rankings has been widely reported. But what does it mean for you?
Do you have to drop everything and start the process of moving over right away, or will it pay to wait a few months? For some smaller blog owners it won’t make a lot of difference in the short term, but if you’re involved in eCommerce or the exchange of information, the HTTPS conversation is one you’re very much going to want to be involved in.
What’s All the Fuss About?
Hypertext Transfer Protocol Secure, or HTTPS for short, is an extra layer of protection between a website and a reader, creating an encryption in the data that’s transferred between the two.
Without it, all the information sent to a site — login details, information on forms and even passwords — can be stolen at some point between the user and the server. HTTPS encrypts the information, so only the reader and web server knows what’s in the information.
If someone does hack into the site, the only information they will receive is that you went to the site, not anything that was shared while you were there.
Google’s Push for HTTPS
In 2014, Google announced that it would include HTTPS as a ranking signal, identifying it as one of the ways for bloggers to increase their rankings. Google’s move to increase the security of the Internet has so far been voluntary, but the benefits are obvious. Not only will you have a more secure site, giving your readers a greater sense of security, you’ll also get a boost in rankings and a net increase in organic traffic.
This past September, Google announced they were going to make another change to Chrome in the near future. Starting in January 2017, Chrome users will see a warning if they land on a site without HTTPS — if that site accepts credit card details and login information — and will get a warning stating that the site may no longer be secure.
Bloggers without credit card transactions or login details may think they’re safe from harm to their traffic, but it’s only a temporary feeling of security. Google has announced that this is only the first of many changes they’ll be making, with a gradual push toward complete security on the Internet.
In the future, all sites will be subject to these not secure warnings for users on Google Chrome.
How Does This Affect Your Blog?
The added benefits of better security and higher Google rankings are nothing to ignore, just as the possibility of your readers coming upon a big red warning label on your site is something you’ll want to avoid at all costs. However, switching to HTTPS isn’t as simple as buying a certificate for your site. You’ll likely end up with duplicate pages, causing duplicate content errors among other problems to your site.
Instead of just leaving your site the way it is, you need to redirect the old pages to the HTTPS version, and then remove all the links to the old HTTP site. You’ll need to check for links in obscure spots such as:
- CSS and JS files
- Internal links
After all your links have been updated, the next step is to update all the existing redirects in place to make sure they’re all pointing to the new HTTPS site address. If you’ve done any configuration in the HTTP Search Console profile, you’ll need to mirror the information for the HTTPS Search Console profile.
Once you’ve finished with this you’ll need to do a full crawl of the blog to make sure there are no redirect changes. Also, look to make sure there are no HTTP references left. When all this is done, it’s a good idea to monitor your traffic for a few weeks to make sure there are no issues.
Back-up any file that you edit. Moving to HTTPS may require some code editing, and you’ll need the original files as reference in case any of the new changes breaks anything.
Be extra careful when working with .htaccess. This is the base file responsible for the switch to HTTPS, and one mistake in the code can stop your site from loading.
Update your Google Maps listing, social media accounts, and business listings. Old backlinks won’t cause you any trouble, but new ones will speed up the new search results.
Jim Stewart, CEO of BloggersSEO, is a recognised digital marketing expert. Jim is ProBlogger’s SEO expert and will share his vast SEO knowledge to equip you with the systems and skills to optimise and monetise your blog using tried and tested techniques. What Jim doesn’t know about SEO and blogging isn’t worth knowing
*A previous version of this post showed an incorrect Google warning screenshot. We apologise for the confusion.
Interesting read Jim. As a frequent blog reader I can see the appeal in making the switch to HTTPS. I think Google is doing a good job with the Chrome update, and I would definitely avoid any site I come across that doesn’t “feel” secure.
Like ProBlogger you mean?
I have been reading about HTTPS a lot and people are just spreading the rumors about it. You have brought with an informative article here.
It’s good to add an extra layer of security. But as you have mentioned it’s good for the website accepting the user’s personal data.
For a simple blog, it’s totally fine.
But still, an extra layer of security should be added.
Thanks for elaborating.
I’ve moved my site to https recently after knowing Google started giving importance to it.
Yes, I agree that, https sites are more secure. I trust the sites with them and I love to shop on those sites that have https.
Not only from selling experience but also from SEO perspective, it’s good to have in your site.
Thanks for explaining it a detailed blog post!
Keep sharing such posts.
Great source of information Jim. Moving your site may take a lot of effort however after it done, the security of your website is fully assured. There are so many benefits why should move to https? The data sent will be secured via transport security layer protocol , which provides layers of protections: Encrypting the exchanged data to keep it secure from eavesdroppers, Data integrity which means that the data cannot be modified during transfer without being detected and authenticate that your users communicate with the intended website. Back-upping files that you edit is quite a good and safest idea.
HTTPS is add a more secure connection to your blog. Also, google consider your website trustworthy if you have HTTPS. Thank you for sharing.
Thanks for writing this article. I have set up https sites before on sites that take card payments, but didn’t realize it would be a ranking factor for blogs. I’ll look into switching my blog over.
I’ve not moved my main blog to https, as the ranking will drop and it’ll take 3-4 moths to revert back. I have no idea what to do about this.
But all the new blogs I start are of https. I think for pure content sites with no payment gateway stuff, the free version of Letsencrypt works fine.
Can’t you 301 redirect http to https?
You can and usually should, but depending on your situation, there might be more to do too
I already had https in my website. Does it serious effect if I dont have it in my other websites?
If you are collecting user details on the other sites, Chrome users will most likely receive a warning that your site is insecure. Which will in turn cause a traffic drop.
Jim needs to update bloggersseo.com to https!
Correct! :) It’s in the schedule to be done, as is this site :)
This is dumb on Google’s part. Why should a website doing nothing financial with no products need https. It is crazy. It also cost money to do it….and if you have a few websites, it could be a grand or more.
Google started the move to https a few years ago after they started getting hacked. I understand your point but most sites these days are collecting some info. At the end of the day it is better for the user.
Honestly explain to me, how can a SSL certificates and a website displaying information (no login or e-commerce) could affect the user if NO DATA is collected?
This is none-sense. Other than following Oh-So-Glory Google, this “switch” to SSL protocols is a move “forward” paying more for your web host and limiting the issue with shared hosting plans.
This article only tells you what others tell you, without really discussing the point of should a website in 2017 have a SSL certificates and why (other than SEO purposes)…
Crikey, it’s something that I didn’t think I needed, but it looks like it could be damaging to not have it in future. Just the annoyance to readers would be off putting to me. But it certainly seems like it’s a lot of work for a blogger to do themselves. Thinking I need to find someone with the time to do it for me – unless I can find a way to do bulk redirects?
HTTPS isn’t like other ranking factors. Implementing it requires complexity, risks, and costs. Webmasters balance this out with benefits that include increased security, better referral data, and a possible boost in rankings. Eventually, thanks for reveling a light on burning topic.
With best wishes,
Thanks for this post. Could you please explain the steps involved in transitioning to HTTPS? I need a step by step guide please.
This is my case study:
I moved my blog JobMob to https in February 2014 and at the time, there were very few blogs on it. After all, why bother with a slightly more complicated, slightly more server-intensive setup if you’re not actually selling anything or asking anyone for confidential information?
The main reason I did it was for speed. I wanted to upgrade my web server to use Google’s SPDY technology for faster page loads, and that required an https connection.
The technical aspects of the switch didn’t frighten me, but I was worried about two things:
1) negatively impacting SEO – my rankings would go down at least until Google recognized that the https version of my site was actually the same site, and that – at the time – was estimated to take a few months.
2) losing social proof – social networks would also consider the https’ed site to be a different site, and all my articles would lose their share button counts, putting big zeroes all over my articles. But this loss would be permanent :(
I didn’t know how important https was about to become, but I decided that I was probably going to switch in the future anyway, so may as well get it over with asap.
Exactly everything I expected: my site got faster thanks to SPDY, but my search rankings dropped drastically. My site lost roughly 65% of its daily traffic within two days and only recovered partially 3 months later.
My share buttons did lose all their counts, but that ended up being a temporary issue until I discovered the Social Warfare WordPress plugin, which has a “share recovery” mechanism exactly for the situation I’d gone through and I actually helped them test it.
At the end of the day, the switch was inevitable so I don’t regret it, but it was painful. Almost 3 years later, Google has gotten much better and faster at indexing changes, so it’s possible that a newly-https’ed site won’t lose as much.
Thanks for the case study Jacob. Yep it’s a lot better now. I did one last week and there was no loss of rankings or traffic. Did you do all the required redirects and have bot setup in Google Search Console (webmaster tools back then)
Glad to hear things are that much better.
I did a lot of research before taking the plunge. Update canonicals, 301 everyone coming to http urls, stop sharing http versions and yes, update GWT too.
This article was one of the good ones back then, in part for John Mueller’s comments:
I have a blogspot blog and Google recently informed me that all blogspots blogs have been updated to https. Does your info on duplicate pages and updating apply to my blog since I didn’t make the switch myself?
You should be ok. I’d be very surprised if Google did not do all the required redirects. :)
I made use of Cloudflare which added https to my blog, and improved responsiveness through use of a CDN. Great security benefits and reporting too, even on the free level. Saved me from having to worry about configuration on my web server.
Interesting and concerning. The advice we have received is that Australia continues to run out of https availability i.e. we cannot meet demand. So where does that leave us?
We won’t run out Jan. They may have been referring to something else.
Thanks for the great post. I doesn’t know that HTTPS is the ranking factor for Google. My blog was initially at HTTP and I couldn’t rank it even in the second page even after doing the proper SEO. As per your advice in this post I have moved my blog from HTTP to HTTPS last week and I found that the ranking is gradually increasing now. Thanks for the great post dude.
Hi friend, how did you do it? Can you give a step-by-step solution please.
Great post ! Very insightful and very informative. Thanks for sharing this valuable information that it seems will eventually give us top level security and help with Google rankings. I’m planning on getting my https by the beginning of the year. Again thanks for this value packed and very relevant post.
Before Google’s announcement of ranking boost with HTTPS signal, webmasters were thinking that it’s only important for website that contains sensitive information. But, Google’s this crucial and effective step make us to move towards HTTPS even our website doesn’t store login or sensitive detail.
Thanks for speaking up your mind. But, I would like to know the impact on AdSense earning? Does it go down or the fluctuations are for temporary period.
Hey Tauseef, a couple of years ago it was an issue but Google have said it should all be fine now. https://support.google.com/adsense/answer/10528?hl=en
can i use free ssl on my blog? it is good or not
Well, recently, there been a lot of Fuss about HTTPS and i have tried using it on some of my micro blogs for experiments to check whether it helps in rankings or not.
And I can say, it does help but to a very small extent, so it’s necessary to for normal blogs to use HTTPS as it also slows down the website, but as you said, it is must for sites using transactions or taking users personal data, they will need maximum security, but when ti comes to normal blogs, it 50-50 case, we can opt for it if we want, and ignore it, it will not be a big issue.
Correct me If I am Wrong?
It will eventually become a big issue. Google is pushing the web to https.
Internal links could play a big part as well, so once you switch it’s always best to do a comprehensive crawl to find broken links and fix them. Especially in CMS such as WordPress or Blogspot links that are placed manually could lead to a 404.
Thanks for the clarification regarding https using in blog. There are so many misconception in bloggers regarding https. Google have clearly stated in their blog about this and they did not forcefully doing this. But they will surely working on this to make the web more secure.
Wonderful post, Thanks for sharing with us!
BTW, i already moved my all sites to https and i can see that some of my keyword ranking is improved..
If you switch to https, the external links will still be pointing to http version
Read somewhere that with 301 redirect only 90% of link juice is passed, if it’s true then it’s a risky move to switch to https.
For an old site that gained links over the last 8-10 years, switching now might decrease overall link juice, the Google’s SEO boost for https might now be enough.
Have you came across cases where https switch resulted in traffic drop? In how many cases did it increased traffic?
Read my case study higher up in the comments where I did lose a lot of traffic. However, that was probably related to the fact that I made the switch a few years ago.
Hi Durga, that is no longer the case. Google announced earlier this year 100% of link juice is passed when 301 or 302 redirecting to HTTPS. We’ve seen marginal improvements in some sites but nothing significant. This exercise is more about risk prevention and making sure you don’t lose traffic when the new warnings come in.
I made the switch some months ago, but didn’t notice must improvement seo-wise.
Would be implementing same for my older blogs in a short time. Thanks for sharing this informative tips.
Great article as usual,
For my websites HTTPS was the best way to go. I got hit with negative SEO and https has helped me and even helped in my rankings.
I think everyone who is running a small business online, eCommerce, online portal etc should certainly get HTTPS for their website domains. It increases both trust and sales.
Thanks for sharing this awesome information.
Interesting read on the hot topic which is the SSL!
I understand it is necessary for the security standpoint and moreover, it is the sign of a trust.
I know so many people are switching to SSL and still there are much more who ain’t.
And I think I am one of them as well.
I will first examine the situation as to what happens with not moving to SSL.
And then decide later for the move. :)
Thank you for putting this up for us!
Like others here, I am aware of the push to https but since I don’t have eCommerce or any other registration requirements it is not on the top of my priority list for the very reason that you’ve outlined. Just reading what has to be done makes me nauseous because there is no way I would attempt that transition myself.
Still, I get it, so I’ve budgeted in first quarter 2017 to have a professional make a few adjustments and do a complete health check of my site and that includes the shift to https so I can feel confident it’ll be done right.
I’ve moved mine to HTTPS earlier this year. It was fairly easy, and free via Let’s Encrypt integrated into my web host’s cPanel. I did make sure to check my site’s links, as well as updated some links elsewhere (on my social media pages).
I summed up my experience moving to HTTPS in a post on my blog. I feel it’s worth the effort for the increased security, even if I’m not conducting financial transactions.
I am aware of all the advantages of https. However, as someone who doesn’t conduct financial transactions on his site, this feature is useless. Since I use Hostgator, the procedure to install ssl is tedious and not worth it. As Hostgator doesn’t support Let’s encrypt, an ssl certificate just adds to my expenses. I might consider it getting down the line but for now I’m sticking to the good ole http.