In this article, I have placed all the HTTPS/SSL tidbits into a pot and distilled them into these “10 Facts & Myths” about creating secure websites.
What inspired me to do this?
Recent conversations with both peers and client have taught me two things about creating secure (HTTPS) websites:
- Many companies still haven’t moved their websites to HTTPS (Learn how to do an HTTPS/SSL WordPress upgrade quickly).
- There are a great many misconceptions about the benefits and drawbacks of moving to a secure website.
Also, for more information about these HTTPS fact and myths, be sure to see the resources section below where I present the best articles that I have found on the process and ramifications of creating a secure website.
#1 – Fact: Google sees a secure website as a different website.
A client called me last month and said: “I got our SSL certificate from Hostgator and decided to switch our site over to HTTPS tomorrow.”
“Wait,” I said. “Have you made plans to redirect your pages, images, and all else so that Google knows about this?”
“Oh,” responded the client, “I didn’t know that I needed to do anything like that.”
Many people are unaware of the ramifications of switching their environment to HTTPS — Google see it as an entirely different site. This is ok…if you do it right. See Myth # 6 below.
#2 – Fact: Makes your website appear more professional and trustworthy.
When you visit a secure website, you will see an icon in your browser bar indicating that a website is secure (often with the company name) and when it is not secure, as you see in the photo below. Many visitors feel that this increases the professional look of a site and they certainly feel that their information is more secure. If you’re considering the move to a secure website, both of these facts may be a consideration.
#3 – Fact: A Secure HTTPS website encrypts all traffic.
Most people do not know this but with some basic networking tools you can “sniff” out the information being passed between a non-HTTPS website and a client. Here’s a simple video that explains how to do it:
As you see suggested in the video, HTTPS encrypts all traffic to prevent this sniffing.
#4 – Fact: An HTTPS enabled website allows you to see Bing keyword data.
Bing has officially enabled HTTPS for all logged in users. Thus, if you have an HTTPS website, you will be able to see the Bing keyword data of these logged in users. The problem is…not too many people use Bing as a logged in user so this reason alone does not really make a compelling case for switching to a secure environment.
#5 – Myth: A secure website allows you to see Google keyword data.
Unlike with Bing, the ability to see Google keyword data would make a valuable case for switching to HTTPS. When Google switched all searches to HTTPS, many in the SEO community were over the moon thinking that they could now see keyword data from the big “G” if they switched their sites to HTTPS. Sadly, this is not the case. Google does not allow you to see keyword data even if you have an HTTPS site. Why not? Well, Google does a re-direct which eliminates keyword data before they take you to the destination site.
#6 – Myth: Setting up a secure website is a snap.
As explained in fact #1 above, many people mistakenly feel that moving their website to HTTPS is a snap. This is not the case. Moving your website to HTTPS takes time and planning. In the article listed below entitled “Moving your website to https / SSL: tips & tricks”, Joost de Valk lists many things you need to be aware of including: “All of your internal links should start to use https, not just to pages, but for images, JavaScript, CSS, etc. This means going through your theme with a fine comb and cleaning all of those up.”
#7 – Myth: It will destroy all of the SEO work that you have done.
While it is true that your HTTPS website will be seen as a different website by Google, your long-term rankings will be maintained if you do everything right.
Interestingly, articles on making the switch to HTTPS that are dated (say before 2012) list many potential problems and heavily advise against switching to HTTPS. However, articles that have been written more recently do not come with as much caution suggesting that Google is now dealing with these HTTPS conversions more efficiently.
#8 – Fact: You may lose rankings for a short time during the conversion.
Because converting to HTTPS is like moving to a whole new website name in the eyes of Google, you may see a temporary drop in your search rankings while the “Google Dance” is being performed. However, provided that you did your conversion to HTTPS correctly with canonical URLs and/or redirects, your rankings should rebound quickly.
#9 – Myth: Converting to HTTPS will slow down your website.
This is one of the primary concerns of most web administrators. It is known that HTTPS requires slightly more overhead than HTTP because it has to encrypt all of the information before sending it along. So then, why isn’t this a fact rather than a myth? Because, when setup correctly, some people have actually realized faster speeds with HTTPS. In his article “Moving your website to https / SSL: tips & tricks” (see below), Joost de Valk, after implementing a Google protocol called SPDY, writes: ” It makes your website faster and funnily enough that means that your fully SSLed site could actually be faster for those people who visit your site with modern browsers than your plain http site.”
#10 – Fact: In the future, HTTPS will allow you to rank better.
This may be a contentious fact but I’m keeping it in the fact column nonetheless. Sometimes, you have to go with intuition…and what Matt Cutts says. In reading an abundance of articles on this topic, one thing is clear: The user experience is better with HTTPS. Users feel more secure and, in fact, are more secure in the way that their data is being transmitted. We all know that Google favors a better user experience. Then, on top of that, we learn that “Matt Cutts said at SMX West that he would personally love to make it (an HTTPS website) part of the ranking algorithm.” We all know that when Matt Cutts says something, we see it factored into the future algorithm. When will it happen? That is anybody’s guess but I would say that within one to two years that an HTTPS website will give you a boost in the SERPs.
Creating a Secure Website: Summary
Well, that’s it for the “10 Facts & Myths” about securing your website. Be sure to view the great articles that I have listed below on this topic. And, as always, you are invited to add your two cents in the comments section below.
Secure (HTTPS) Websites: Great Articles and Resources From Around the Web
Should we move to an all HTTPS web? Great article by Joost de Valk about HTTPS, keyword data, and the future of HTTPS. You will also enjoy Moving your website to https / SSL: tips & tricks which is essentially a post-mortem on the Yoast conversion to HTTPs and offers many valuable tricks that you may not have otherwise considered.
We Analyzed the HTTPS Settings of 10,000 Domains and How It Affects Their SEO – Here’s What We Learned: Christoph Engelhardt writes an informative data-driven post about the current state of HTTPS implementation and found that over 90% of domains had a sub-optimal HTTPS implementation.
SSL Web Sites Don’t Get Ranking Boost In Google : Barry Schwartz at SEO Roundtable shares his thoughts on switching to HTTPS and provides key considerations before converting to a secure site. He offers further commentary in an article entitled Google: Want To Switch To HTTPS? Go Ahead!
SEO Aspects of Moving from http to https: In this article circa 2012, you will notice that the author points out the negatives of converting to a secure website and suggests you may want to consider long and hard before doing so.
Changing complete website from http to https: This is a Google forum which provides a case study in which a user saw his SERP rankings disappear (but then reappear a day later) after converting to HTTPS.
Impact of migrating whole site from HTTP to HTTPS: In this case study, an “SEO expert” informs a client that he must start from scratch after the HTTPS migration. Thankfully, someone informs the poster of the correct steps to take so that their transition can go smoothly.
Understanding Always On SSL and SEO: Jimmy Edge at Symantec talks about the many benefits to visitors by having a full SSL-enabled website.
Stackoverflow.com: the road to SSL: Nick Craver of Stack Overflow often gets asked by users why they do not yet have an SSL connection. He points out that it is simply not a matter of flipping a switch. Moving to a fully secure website takes time, planning, and effort.
If you have any other great resources that you would like us to reference below, send them along.