One area which often trips people up in terms of Google rankings is HTTPS (also known as SSL). Put simply, Google ranks unsecured websites lower than secured ones. This has been the case since July 2018’s Chrome 68 update, and it might affect your rankings adversely. If your website is fully optimised for responsive design, the perfect length for the average browsing session of your consumer base, and has excellent social media integration, it won’t matter if you don’t have the coveted HTTPS security.
Let’s back up a little. HTTPS stands for “Hyper Text Transfer Protocol Secure”, and, as you may have guessed, it’s the secure version of the standard HTTP protocol. HTTP is the method by which browsers and websites exchange data with one another, and it’s been used since 1991, the same year Tim Berners-Lee pioneered the Internet. It’s as old as the hills, and that’s for a good reason: it’s efficient and universal.
One thing it wasn’t, though, was fully secured. Exchanges between browser and website which used the HTTP standard were not encrypted by default, which allowed for a window in which hackers could potentially steal information. In 2016, Google introduced a program by which websites containing password information or credit card fields would flag up a “Not Secure” message on their Chrome browser if the site wasn’t using HTTPS.
This message was there, but it was fairly small and not particularly visible unless you knew what you were looking for. As of 2018, though, Google’s Chrome browser will be labelling all websites which don’t use the HTTPS protocol as “Not Secure”, and the warning will be much larger and more visible than it has been up until now. All websites still using HTTP will display this message, and users visiting that website via Chrome will all see it.
So what does this mean for your site’s rankings? Well, it’s no secret that encryption and secure protocols have been part of Google’s ranking process since 2014. The degree to which having an HTTPS-encrypted site affected your ranking was weak, though, so it wasn’t a huge deal if your site didn’t follow this standard yet. Note in that blog post the use of the phrase “HTTPS everywhere”, though. Even back in 2014, Google wanted to make this standard universal.
Now, Google Chrome is on version 68, which means that you’ll see a padlock icon next to the URL in the address bar which shows that the website is secure. It’s worth noting that the overwhelmingly vast majority of browser usage is Chrome; as of August 2018, Google Chrome has a 62% market share, with the second most popular option (Internet Explorer) trailing way behind on 11.87%.
If we combine Google’s full integration in Chrome with the “Not Secure” message that non-HTTPS sites will now display, as well as HTTPS being a more significant factor in ranking, it’s a no-brainer that you’ll want to update to this protocol. Put simply, HTTPS-enabled websites consistently rank higher on Google’s first search page, so you’ll want to update your site to make sure your rankings don’t suffer. This is also a great idea for users on unencrypted Wi-Fi networks, such as public networks or work connections.
How do you go about this? First off, you’ll need an SSL certificate. These are tiny files which allocate a key to a company’s details and activate the HTTPS protocol when installed. You can find many SSL certificate vendors around the web, so make sure you shoot for a reputable one, preferably one with support so you can troubleshoot if necessary. Google recommends you opt for a 2048-bit key for maximum security on your site.
Once this is done, you’ll need to deploy the certificate on your website and test it to make sure it’s working properly. Setting server-side 301 redirects is crucial, as without doing this you might end up with users or search engine bots landing on the HTTP version of your site. Next, you’ll need to edit your robots.txt file to make sure you don’t have any restricted HTTPS pages. Once all this is done, check and double-check everything you’ve done up to this point to make sure there are no mistakes.
If your CMS doesn’t allow for a simple transition, like with WordPress, then you’ll need to trawl your website to check for images, videos, media links and other external links which might contain HTTP protocols instead of HTTPS and change this. If you don’t, you could end up with a “mixed content” warning, which is unattractive at best and could cause everything you’ve done to be useless at worst. Once all this is done, it’s time to perform the final checks; go into your website, check and double-check that you don’t have any HTTP links remaining, and then it’s safe to go live. We strongly recommend that you deploy in a test environment first to see if there are any kinks you missed that need to be worked out.
We hope this has been a helpful guide on how to switch your site over to HTTPS, and why it’s important to do so. We wish you the best of luck with switching, and hopefully you’ll see a boost to your rankings as a result!