I know many of you will cringe when you see the word HTTPS. Ugh, technical stuff. Leave that to the IT team right?
Not today ladies and gentlemen, you're not getting off the hook so easily.
But don't worry, while this is indeed a complicated issue, I'm going to make it simple. I'll also cover why you need to be up to speed on this emerging topic of discussion.
Over the past few years, the tide has been slowly turning. More and more sites are switching from HTTP to HTTPS. This growing trend is partly due to the fact that it's just the right thing to do. It's a more secure process after all, that's good for everyone.
It also doesn't hurt that Google has come straight out and said that whether or not a site is using a secure SSL certificate is definitively a factor in their algorithm. Skeptics can hold their tongues, there's plenty of data to back this up at this point in time.
Before we get too far in though, some background for those of you interested.
HTTP vs HTTPS (What the Hell is HTTP Anyway)
At it's most basic level, HTTP (hypertext transfer protocol) is the system used for sending and receiving data on the Internet. If you really want to geek out, you can go and check out this article which has more technical information on the matter.
Image Credit: Nanyang Technological University
For our purposes however, all we need to know is that HTTP is how your computer is able to interact with websites and the Internet on the whole. So what's the difference between HTTP and HTTPS?
- Doesn't have any special security features
- Sends data via plain text
- "Stateless": Meaning there is less data to send which can result in faster page load times
- No longer in Google's favor comparatively
- Far more secure than HTTP
- Sends data in an encrypted format end-to-end
- Can be slower to load than the same page would be using HTTP (this can be remedied)
- Favored by Google
How does HTTPS ensure greater security?
It accomplishes all of this additional security through the use of a Secure Sockets Later (SSL) or it's latest iteration called Transport Layer Security (TLS).
If you do additional research, you'll find folks using HTTPS and SSL/TLS as interchangeable terms. It's a forgivable misstep, but it may be handy to reiterate that they're not the same thing.
Remember, HTTPS uses SSL/TLS to encrypt the data it sends and receives.
Why Does HTTPS Matter for SEO?
Well, again, we may want to take some time to get a little background.
Believe it or not, there was a time when many search marketers believed HTTPS had a negative impact on Google rankings. It was mostly speculation based off the fact that not many top ranking sites were using HTTPS. Matt Cutts had to step up and explain away some of those fears.
Fast forward a few years and Google has now made a formal announcement that HTTPS is a factor in their latest algorithm, and that sites making the leap will see modest ranking benefits from doing so.
Whether you love or hate Google, you have to respect their willingness to put their money where their mouths are, they've been preaching the gospel of a safer internet for as long as I can remember. When they announced that they were officially incentivizing site owners to make the switch to HTTPS, it constituted another solid step in the direction of that greater goal.
There are two other pretty cool SEO benefits of switching to HTTPS.
First, referrer data will be preserved when a visitor arrives to an HTTPS page far more reliably then on HTTP. Often when a site uses HTTP, the referrer data is lost and the visit will be logged under "direct traffic" regardless of its true origin.
I don't need to tell you how damaging that is for us marketers.
Second, by making your site more secure, people will be more comfortable using it. You might see a reduction in bounce rate, increase in sales conversions, etc. All of this combines to make a big net positive on your overall site experience, analytics, and SEO results.
In summary: at this point it's well established and confirmed by independent research data that HTTPS is a ranking factor in Google's algorithm. Yes it's a small factor, but it matters nonetheless.
Speaking of Data...
As I mentioned before, this is not a factor in the same league as having a strong content strategy, strong links, etc. But it makes the list of the top 4.
Moz's most recent ranking factors report shows this as well.
If you wanted to see some evidence of adoption rates across the internet's most high-ranking sites, behold.
Image credit: Moz
As Dr. Peter Meyers explains in his post linked above, the big jump in the middle of the graph is when Wikipedia adopted HTTPS. Figured I'd head off any confusion there.
What we can gather from this graph however, is a steady and continually growing trend of top sites switching to HTTPS. Having recently crested 35%, that means that we may see Google increase the factor's "weight" in the near future.
Put yourself in Google's shoes for a moment. They eventually want all sites to use HTTPS. If they give it too much weight, it would be an unfair advantage. But if they don't give it enough, no one will care.
Google has to strike a balance. If they reward sites with HTTPS (or dock sites without it) when very few sites are using it, then they risk a lot of collateral damage to good sites that just haven't made the switch. If, on the other hand, they wait until most sites have switched, a reward is moot. - Dr. Peter Meyers
You can see Google's dilemma. That being said, they've managed this delicate situation pretty well up until this point.
How to Get on Board
If you've decided there's no time like the present, or you're just a big believer in carpe diem, let's take a peek at how you can ensure the migration goes as smoothly as possible.
I'd also recommend reading Christoph Engelhardt's article that showcases many common mistakes that sites make when they switch to HTTPS.
If you took the time to read those articles, and you follow the included best practices, you should be just fine. But let's cover the basics here to be safe.
- Make sure to communicate to Google that you're making the switch
- Use permanent redirects (unless you have a really really good reason)
- Ensure that your content is only served on one URL (use redirects for other variants)
- Be doubly sure your redirects are pointing to the right places...
- Use 2048-bit key certificates
- Don't block your HTTPS site from crawling using robots.txt
Those are just a few pointers, but should get you started on the right foot.
So This HTTPS Thing Isn't Going to Go Away?
Nope. Sorry. Simple as that.
HTTPS is here to stay. Barring any bizarre circumstances, you're going to have to make the switch at some point in the future if you want your site to stay relevant and competitive.
At the very least, it's definitely on the short list of action items for implementing a strong SEO strategy.
It's even been reported that in the near term, Google Chrome will start automatically shaming any website that doesn't use HTTPS by displaying a red X in the URL bar. The point of this would be to alert any visitor to the fact that any data entered on the page is completely unsecured.
Image Credit: Vice
If this actually comes to pass, it will definitely help with adoption as well. Nobody wants visitors to see a red X on their site, it screams "shady". But even if that particular situation doesn't materialize from Google, this HTTPS thing is happening.