You already know the importance of converting your website from HTTP to HTTPS, and why it matters. We’ve told you. Google has told you. Your tech guys have told you. Your content marketing/social media/SEO team has told you. Probably even your grandmother has told you. (Okay, she was probably talking about the importance of keeping your money secure in the bank rather than under your mattress, but the same principles apply.) If you haven’t already converted, you need to just do it already. Before you do, though, it is equally important to know what the potential SEO impacts of switching to HTTPS might be. Read on to discover the good, the (potentially) bad, and how to capitalize on the former and avoid the latter.
HTTP VS HTTPS
Need a quick reminder of what exactly HTTP and HTTPS are, and what the difference is?
The short version:
- HTTP stands for HyperText Transfer Protocol, which is the underlying protocol used by the World Wide Web to define how messages are formatted and transmitted across the Internet.
- HTTPS stands for HyperText Transfer Protocol Secure – essentially, it’s exactly the same as HTTP but on security steroids. The S added onto the HTTP is a technical signal to tell users that your website is a safe and secure place for browsing and shopping; their data isn’t going to be hacked and used by dodgy types for nefarious deeds.
- HTTP = not safe; HTTPS = safe.
The long version? Read this.
Why Switch to HTTPS – By the Numbers
Before we dive into the potential impacts switching to HTTPS may have on your SEO efforts, including the bad and the ugly, let’s start with four statistics that should stave off any fears that it’s not worth the risk.
- A GlobalSign study showed that 84% of users would abandon a purchase if data was sent over an insecure connection. Customers do not trust websites that are marked as insecure (and make no mistake, Google Chrome been flagging all HTTP sites as “not secure” since July 2018), which means if your website isn’t HTTPS it could heavily impact on sales.
- And 82% of people won’t even browse an unsecured (HTTP) website. (Blue Corona)
- As of November 2019, 55.8% of all websites now use HTTPS. (Web Technology Surveys, W3Techs) This is not a case of ‘if you can’t beat them, join them’. It’s simply a case of they know better than you.
- About 40% of Google page one organic listings are HTTPS. (Blue Corona) In other words, to increase your chances of ranking well, this is one, fairly easy, crucial step you can take to help you win at SEO.
The statistics don’t lie. That S at the end of HTTPS really matters. Which leads us to…
The SEO Benefits of Switching to HTTPS
This is where we tell you all the potential good SEO impacts of converting to HTTPS.
We’re going to start in the obvious place: Google. If you don’t switch to HTTPS all your SEO efforts, no matter how savvy or Google-friendly, may, in the future, very well be completely worthless. Why? Because Google demands a secure web. And everyone knows Google rules the world wide web, SEO algorithms, and all our SEO efforts. So what Google wants, Google must get.
Let’s look at the facts of HTTPS as it relates to Google and your SEO efforts:
- In 2014, Google officially acknowledged HTTPS as an important ranking signal. HTTPS sites rank better on Google.
- In 2016, Google flat out admitted that they will “continue working towards a web that’s secure by default”. In other words, one day, the entire web will be secure and if you aren’t you won’t be on it.
- In 2018, with the release of Chrome 68, Google began marking all HTTP sites as “not secure”.
While this may all seem a bit Big Brotherish, instead of screaming into the (Google-powered) wind, the best thing to do is to just convert to HTTPS and reap the associated SEO rewards. Which, as outlined in our blog ‘Converting HTTP to HTTPS’, are:
- Better rankings,
- Better referral data,
- Better security, which equates to
- Better privacy, which leads to
- Better consumer trust, which ultimately means
- Better business, and
- Better bottom line.
The (Potential) SEO Risks of Switching to HTTPS
Of course, as in life, the good is often joined by the bad and the ugly. But before you read this section about the potential SEO drawbacks of converting your site from HTTP to HTTPS, know this: (a) the good far outweighs the bad; and (b) the bad is a non-issue if you follow proper procedures – we have a ton of tips on how to avoid any potential SEO pitfalls when converting to HTTPS, which we’ll cover below.
Potential issues that can cause a drop in traffic to your website after switching to HTTPS include:
You haven’t re-directed all versions of your site to HTTPS at the domain level
When converting to HTTPS, it is crucial to ensure that all variants of your site redirect to the correct HTTPS version.
For example, when 1st on the List converted to HTTPS, we made sure that all versions of our site, no matter what the URL prefix, were redirected to land on https://www.1stonthelist.ca. So, type in:
- ca ⇒ and you’ll land on https://www.1stonthelist.ca
- 1stonthelist.ca ⇒ you’ll land on https://www.1stonthelist.ca
- https://1stonthelist.ca ⇒ you’ll land on https://www.1stonthelist.ca
- https://www.1stonthelist.ca ⇒ you’ll land on https://www.1stonthelist.ca
In other words, no matter what you type into your browser, or how you try to access our site, you will always end up in the right place.
You haven’t pointed all URL 301 redirects to their HTTPS equivalent at the site level
When converting to HTTPS, every single page on your old HTTP site must have a URL 301 redirect pointing to its HTTPS sister page. EVERY. SINGLE. PAGE.
Just because your home page has the correct 301 redirect in place does not mean your entire site will automatically follow suit. You need to actually make it happen.
More than this, you need to make sure that each and every page is redirected to a relevant equivalent in the HTTPS version; don’t get lazy and just redirect at random to your home page. Either consolidate blogs or pages with duplicate content into one post or page, and point your 301 redirect for the old page to the one new page, or simply do 301 redirects to exact equivalents, but do redirect with purpose. This way you won’t confuse (and annoy) Google and your users, but you also won’t lose any existing link juice i.e., if you have backlinks pointing to the HTTP version of a page and you’re not redirecting that page to the HTTPS version, then you may lose the benefits you have from those links.
Similarly, make sure you update all internal links on your site where necessary!
You haven’t switched all mixed content to HTTPS at the site level
For Google to recognize your site – your entire site – as secure, you need to make sure that not only all URLs are redirected to their HTTPS equivalent, but that all media hosted on your site gets shifted over to being hosted on the new HTTPS site. Images, PDFs, videos, audio scripts etc – if these are still being hosted on your original HTTP pages, Google will still spit out the dreaded bright red exclamation warning sign with the accompanying ‘Not Secure’/’Your Connection is Not Private’ message. Or, as we like to call it, the Google Gong of Death to Rankings.
As tedious as it sounds, when converting to HTTPS, you must go through every single page meticulously to update each and every link and media item. (Or you can let the experts to do it for you… #justsaying.)
You haven’t updated canonicals at the site level
Canonical-what-nows? As Google explains it: “A canonical URL is the URL of the page that Google thinks is most representative from a set of duplicate pages on your site. For example, if you have URLs for the same page (for example: example.com?dress=1234 and example.com/dresses/1234), Google will choose one as canonical, or as the ‘main’ page to show searchers.
So, if your new HTTPS page has a canonical tag that points to the original HTTP version, that could potentially confuse Google and other search engines. You need to make sure you explicitly tell Google which URL is canonical, or the ‘main’ page, by adding a rel=”canonical” link tag. Google outlines exactly how to do this here. (Or, again, you can let the experts to do it for you… #justsaying.)
You haven’t updated your sitemaps
When you make the switch to HTTPS, don’t forget to create a new matching sitemap. And be sure to submit your new sitemap to Google Search Console (see below).
You haven’t updated Google Search Console
When converting from HTTP to HTTPS, Google won’t automatically recognize that the two sites are essentially one and the same. Google sees your HTTP and HTTPS sites as two different sites and as such, you will have to create a new property for your HTTPS version in Google Search Console.
You haven’t renewed your SSL certificate
Once you’re up and running on HTTPS it’s easy to think you’re done and dusted, congratulate yourself on a job well done, then promptly forget about maintenance. For example, the renewal of your SSL certificate… if this expires Google will recognize that and that HTTPS you worked so hard to convert to will mean nothing. Cue that dreaded bright red exclamation warning sign…
How to Avoid Potential SEO Risks When Switching to HTTPS
Does all the above have you scared to make the switch to HTTPS? Don’t be. By knowing the pitfalls, taking all the right steps, and following Google’s guidelines and best practices, an HTTPS migration is not only one of the easiest things you can do to boost your site performance in search and beyond, but it can result in even bigger SEO wins.
To recap on a broad overview level, you can avoid any SEO risks when switching to HTTPS by:
- Making sure all variants of your site point to the HTTPS site at the domain level.
- Making sure each and every page/URL on your site has its relevant 301 redirect in place.
- Updating all canonical tags to the HTTPS version.
- Checking and updating all your internal links.
- Updating sitemaps.
- Updating all mixed content on your site to the HTTPS host.
- Updating your Google analytics tracking code on your new site.
- Adding your new HTTPS URL to Search Console and verifying you own both the old and new destination sites in Search Console.
Other key tips to ensure an SEO-friendly HTTPS migration:
- Make sure your SSL certificate is from a reliable source with reputable customer support. (Read reviews!)
- Set auto-renew options so that your SSL certificate never expires and make sure that all of the variations of your domain name are covered by the certificate (e.g. www and non-www)
- Use the power of a tool like Screaming Frog to crawl all of the URLs that exist on your current HTTP site as well as any links within them to make sure you capture each and every URL on your site in order to convert them all.
- Download the Screaming Frog report to an Excel spreadsheet, then map each URL from the old HTTP site to redirect to its equivalent on the HTTPS site.
- Create a dev (development or staging) site to make all of your site changes, add the SSL certificate and do the migration to HTTPS first. That way you can check everything is working before going live.
- Focus on just the conversion from HTTP to HTTPS. Now is not the time to be making all kinds of other design and/or content changes. Focus. Get this thing right. Then let it (and you) sit and breathe for a while.
- Pick your time wisely – don’t attempt to do a migration in peak holiday-shopping season.
- Take your time – don’t try to rush the conversion process. Your site will suffer, your SEO will suffer, your business will suffer.
- When in doubt, ask for help. There’s a reason there is an entire industry of SEO professionals devoted to doing just this kind of work.
Feeling insecure about taking your site secure without damaging your SEO efforts? Our 1st on the List SEO professionals have got your back. We can help you switch your site from HTTP to HTTPS with all of the SEO benefits and none of the risk. Contact us today by calling 1-888-262-6687 or email us at firstname.lastname@example.org.