Migrating to HTTPS: How SSL Impacts Search Engine Rankings

Migrating-to-HTTPS--How-SSL-Impacts-Search-Engine-Rankings

For the real low-down on how SSL now affects your search engine rankings, we went to the pros to find out more. This post is from the experts over at DigiCert.

On August 6, Google announced that they are now giving ranking boosts to sites secured with SSL. This initiative, called HTTPS everywhere or “Always-On” SSL/HTTPS, has been pushed as a security best practice for years by standards bodies. Many large companies have already implemented it, including Microsoft, Google, Facebook, and Twitter.

Google believes that enabling Always-On HTTPS is critical to online security and data privacy. Because of this, they are rewarding websites that use 2048-bit SSL encryption with an extra boost in search engine rankings.

For now, using SSL is considered to be a lightweight ranking signal with respect to Google’s organic search algorithm. However, Google has said they will increase its influence on rankings once webmasters have had enough time to migrate their sites to HTTPS.

What Is SSL/HTTPS?

HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of the Hyper Text Transfer Protocol (HTTP). When a user connects to a website through HTTPS, their session is encrypted with a digital SSL Certificate. Users can tell if they are securely connected to a Website by looking at the URL. If the URL begins with https:// instead of http://, the page is secure.

HTTPS

When a user is securely connected to a website with an SSL Certificate, all of the data passed back and forth between the user and the website is secure and encrypted. Currently, SSL Certificates are mainly used on pages that handle sensitive data, like login pages, shopping carts, or other forms with personal information. This causes users to bounce back and forth between HTTP and HTTPS sessions.

By having SSL on all web pages of your site, users’ sessions are secured the entire time they are on your site—protecting any and all data that they transfer.

Is Using SSL Recommended for All Websites?

Websites that integrate 2048-bit encryption provide a safer online experience to their customers. This additional security increases user confidence and leads to improved site engagement and conversion rates. The fact that Google now rewards HTTPS webpages with a search engine ranking boost should tell you just how important online security is.

As is the case with every other SEO ranking factor, the first wave of websites who follow Google’s recommendation and migrate to “HTTPS everywhere” should receive the best long-term results.

That said, there will be a few situations where migrating a specific URL/webpage to HTTPS isn’t possible. To achieve the best results and avoid potential complications from switching to HTTPS, work with your marketing/development teams and an SSL Certificate Authority to develop an appropriate migration strategy.

What Kind of Certificate Should I Get?

There are a few different kinds of SSL Certificates, and though they all provide the same level of encryption, not all SSL Certificates are the same. Different types of certificates were designed for different use cases, and you don’t want to spend money on a certificate that you don’t need. Below is an explanation of the basic certificate types and what scenarios they are best for.

Single-Name SSL Certificate

Single-name SSL Certificates are perfect for small businesses, blogs, and personal websites. They secure a single domain (www.example.com) and a single server.

EV Single-Name SSL Certificate

Extended validation (EV) SSL Certificates are the same as a single-name SSL Certificate, but require a higher level of validation. Because of this higher level of validation, browsers show EV-only visual cues to let users know that you’ve passed a more rigorous validation process. These cues include the green address bar and lock icon. Because EV certificates are proven to increase conversion rates, improve engagement metrics, and elevate brand reputation, they are perfect for companies looking for more than just encryption from their certificate.

EV_HTTPS

Wildcard Certificate

Wildcard certificates are great for large websites or companies that need to secure multiple subdomains (www.example.com, login.example.com, shop.example.com). Rather than buying a single-name SSL Certificate for each subdomain, you can purchase a single Wildcard certificate to secure your entire website.

Multi-Domain/SAN Certificate

Multi-domain/SAN certificates are perfect for service providers, SEO companies, or companies that need to secure multiple domains (www.example.com, www.example123.com, www.example456.com). Rather than buying a single-name or Wildcard certificate for each website, you can purchase a multi-domain certificate to secure all of your websites.

EV Multi Domain/SAN Certificate

Extended validation (EV) multi-domain/SAN certificates are the same as a multi-domain/SAN certificate, but require a higher level of validation. This higher level of validation enables EV-only visual indicators to show users you’ve passed a more rigorous validation process. These cues include a green address bar with a padlock in your browser.

How to Migrate to SSL

When you’re ready to move your site to HTTPS, you will need to do the following things:

  1. Decide what kind of certificate you need (see above)
  2. Purchase an SSL Certificate from a trusted Certificate Authority
  3. Install the certificate on your server
  4. Migrate your site to HTTPS (see this guide from Google)

Keep the following best practices in mind when migrating your site and check out this best practices page from Google. Also note that the ranking boost only applies to pages that have SSL enabled. You need to make sure your whole site (all URLs and files) are moved over the HTTPS to gain the boost.

  • Don’t rush the migration – carefully redirect traffic from the HTTP version of your site to the new HTTPS version
  • Use relative URLs for resources that are on the same secure domain
  • Use protocol-relative URLs for all other domains
  • Look into HSTS (HTTP Strict Transport Security)
  • Don’t block your HTTPS site from being crawled using robots.txt
  • Allow your pages to be indexed by search engines where possible and avoid the noindex robots meta tag

Always On SSL Is the Future of Web Security

Always On SSL isn’t just interesting because of how it affects the future of SEO. The move to HTTPS everywhere is a positive step forward in personal privacy and online data security, and it’s exciting to see large companies like Google incentivizing security best practices like enabling site-wide SSL. Companies that enable SSL help move the entire Internet toward HTTPS everywhere, reducing the risk of going online and increasing user trust in ecommerce.

About the Author:

HeadshotMeggie Woodfield is the Content Manager at DigiCert, a leading Certificate Authority. With her background in information development and software project management, she brings a technical perspective to DigiCert’s content team.

Get Internet Marketing Insight For Your Company - SEO.com

6 Comments

  1. Philip says

    Very well explained article that will definitely help website owner to switch from HTTP to HTTPS but what about the real question? Why content based website needs SSL? this question will be there in webmaster’s mind who are running a content based website. I am one of them!

    After reading Google’s blog post, i started looking for useful information that can really answer the question. After spending hours, i came across this blog post https://www.ssl2buy.com/wiki/i-have-content-based-website-does-it-still-need-ssl-certificate/ which explain this in detail.

    I am sure it will help other readers to understand the importance of SSL apart from just SERP boost. It really mean a lot.

    Do you have any other question in mind? share in reply to understand the importance of SSL for content website.

  2. Vivek Jain says

    Negative SEO services and techniques are somewhat of a monster that frightens web marketers in many ways.

  3. says

    I think HTTPS should be deployed across every single website today. The security and privacy it offers is immeasurable. Hope to see more and more websites adopt the technology.

  4. says

    After changing to https I can report no google benefit and probably an actual decrease in ranking. While it is a good move for security, do not make the move for better google ranking- it does not happen.

Leave a Reply