On the 6th August 2014, Google confirmed that they were going to start using HTTPS as a ranking signal.
If you're a ‘techie‘ this may well be routine but if you're a business owner who has a website, what does this mean for you?
In terms of the basics, most sites that are hosted have a web address (URL) prefixed HTTP, which stands for Hypertext Transfer Protocol. The ‘S' in HTTPS is for ‘Secure', and this is a web communication protocol that provides additional security capabilities for websites. Google would like the web to be ‘HTTPS everywhere' citing security as one of their top priorities.
Security is one thing but the announcement to make HTTPS a ranking signal, i.e. a factor to be taken into account for organic search rankings, or SEO, has sent slight ripples through the SEO industry. Really? HTTPS for SEO? Conference schedules have been thrown into chaos! Virtual bookshelves will soon be full of ‘HTTPS as a ranking signal‘ ebooks and SEO experts are busy rewriting their CVs to include the acronyms ‘SSL' and ‘HTTPS'. I jest, of course!
I've recently gone through the process of changing from HTTP to HTTPS for my company website. I had heard the message a few months earlier at a Google Partner's conference so started on the process more for my understanding.
One thing that surprised me was when I tried to purchase the SSL certificate, I was told not to go through the standard ‘add to basket' buying process as that only worked for domains setting up new hosting accounts. Perhaps just an oddity with my host but worth checking with yours before making the purchase.
You also need a dedicated IP address before the SSL certificate can be installed.
My route to HTTPS was not without challenges. The site would not render initially but this was probably compounded by switching over to using the CloudFlare service at the same time. It all settled down after a couple of days but only after being caught in a game of ‘support tennis'.
I also then had to spend time clearing up absolute URLs that were fixed as HTTP and thus caused the page to fail validation. I still haven't figured out how to fix WordPress Featured Images so that the URL doesn't break SSL validation but that can keep for another day!
On my travels, I came across a really good article on the Moz site that I would encourage you to review if thinking of embarking on a switch to HTTPS – The Big List of SEO Tips and Tricks for Using HTTPS on Your Website.
Yesterday, Mark Vang of the Sanctuary Networking Community on Google+ hosted a Hangout on Air with a panel of experts. This HOA discusses implementing SSL / HTTPS but also touches on website security generally. Mark's demo at the end using FTP and exposing passwords is certainly something to be aware of!
My recommendation would be for any site owner to review their site security generally and consider HTTPS as part of that. I certainly wouldn't go down this path simply for any SEO gain; always see that as a potential additional benefit, never the primary reason.
It'll be interesting to see how far Google push this. If they start flagging unsecure websites in the search results with a ‘proceed at own risk' type label, then that might give cause to switch sooner rather than later.