Last month Google announced that the secure HTTPS protocol will be now be used as a light ranking signal in its search algorithm. For those who aren’t familiar with HTTPS, it stands for Hyper Text Transfer Protocol Secure and, as the name suggests, is a more secure way of transferring data over the internet.Perhaps Google’s encouragement to move to HTTPS and subsequently adding a SSL-bit key certificate to sites shouldn’t be that big of a surprise. They have been hinting at the importance of secure HTTPS encrypted websites for some time now. Before Google’s Matt Cutts left on his sabbatical earlier this year, he stated his support for SSL as a ranking factor. Similarly, in June at their I/O developer conference, Google continued its quest by adopting the parole “HTTPS everywhere”. Google’s call seems to have been heard. According to Cyrus Shepherd, 24% of webmasters recently polled by MOZ plan on switching their site to HTTPS and 17% profess to already be using HTTPS in some shape or form. Despite the trend, it’s important to note that for SEO purposes HTTPS remains only one of 200 or so signals in Google’s search algorithm. Additionally, it’s a ranking signal which affects less than 1% of global queries. With that said, Google seems to be pushing hard for the change. Not only have they made it a light ranking signal as stated on their webmasters blog, but have said they may strengthen the signal down the road. Of course, Google has been known to lead SEOs and webmasters down certain paths which ultimately led to dead-ends (see Authorship).
Why is Google pushing for a switch to HTTPS?
If you listen to Google it’s all about web security. But even ‘web security’ is a nebulous concept for most. To break it down, HTTPS secures sites against eavesdroppers and so-called Middle Man attacks, where information is intercepted during transfers. HTTPS encrypts all communication which also means browsing history, credit card numbers and passwords are safe. However, as Dan Cristo points out, HTTPS doesn’t protect sites against hackers, denial of service attacks and scripting or database exploits. Simply put, it’s not the be-all and end-all in web security.
Is a switch from HTTP to HTTPS worth it?
For some it may be an easy answer – if your site is one that transfers sensitive and or personal information over the web, then the answer yes. Most of these types of sites are already using HTTPS if only on the login, cart and order processing landing pages. Webmasters just developing their websites also should strongly consider opting for HTTPS. Why not get in on the ground floor especially when the potential for change in the future is certainly a possibility? For bigger and more established sites that have thousands of pages indexed, the answer might be more complicated. Here are some things to consider in making your decision:
1) It can be costly, depending on your budget. Although there are free SSL certificates out there, most cost money, and this usually hinges on the validation duration of the certificate you choose. Just as importantly, IT resources or ‘technical debt’ will surely come into play for bigger sites.
2) The change may slow down your site speed. Data will need to be encrypted so this could be a factor, but then again if everything is as it should be, most argue site speed shouldn’t be an issue. Don’t forget
3) The change will take time to complete. There are many changes that will need to be done, 301 redirects aside, webmasters will need to ensure that every element on the page is HTTPS compliable whether it be image URLs, java script etc. Not to mention changes that will need to be done to robots.txt files, xml sitemaps and so on.
I think I agree with most when I say – do what’s best for your website and the goals you associate with your website. If you are switching solely for a boost in SEO then it’s probably the wrong thing to do.
Will you change your site from HTTP to HTTPS? If so why?