What is https? What is a secure certificate? Do you need to worry about this for your site?
Some website and blog owners that use Google Search Console got a shock recently. They got an email from Google telling them that from October 2017 some pages on their sites were going to come with a warning sign (on Chrome browsers).
I thought I’d take this opportunity to look at secure certificates for websites are and whether it’s really necessary to make the move to HTTPS.
Should you get a secure certificate for your website? Listen below to find out
This is the third episode in our series called Tech Arrghhh in which I try and demystify some common tech questions.
In episode 90 we looked at UTM tracking links and how you can use them to measure success
In episode 91 I decided it was time to find out if posting duplicate content to LinkedIn, Medium and Facebook notes would damage your SEO
What is HTTPS?
HTTP is four letters that appear at the start of every website you visit. It stands for Hyper Text Transfer Protocol. It’s basically the technology that lets us communicate with web servers and websites via the world wide web.
But it’s not secure. If you are accessing and inputting sensitive data online it’s vulnerable to hackers on HTTP.
The S in HTTPS
The S on HTTPS stands for Secure. At first only eCommerce sites, banks and the like needed to be secure but as the internet has come of age and hackers have become more prominent more and more sites have been adopting secure certs.
Is there an HTTPS SEO impact?
Google have been telling us for ages that they like secure sites.
In 2014 they updated their algorithm to favour HTTPS sites although it didn’t seem to have much impact on search engine placements at the time.
In 2015 they told us that in a tie break between a site on HTTPS and HTTP for a position in Google search rankings they’d favour the HTTPS site.
Here’s what Google’s Gary Illyes was reported to have said:
“If you’re in a competitive niche, then it can give you an edge from Google’s point of view. With the HTTPS ranking boost, it acts more like a tiebreaker. For example, if all quality signals are equal for two results, then the one that is on HTTPS would get … or may get … the extra boost that is needed to trump the other result.”
What finally prompted me to panic and get on the phone to my web guy this year was an article from MOZ showing that 50% of sites on the front page of Google are HTTPS.
That stat was from April of this year. When I looked at the MozCast site today that percentage had grown to 60%. It looks like Google really are favouring secure sites.
And if that’s not enough, In September 2016 a Backlinko study shows.
“HTTPS had a reasonably strong correlation with first page Google rankings.”
So yes, it does look like moving to HTTPS could have a positive impact on our search engine optimisation.
Non-Secure site warnings
If that’s not a big enough reason for you to want to get a secure cert for your site this new development might be.
At the moment when you visit a nonsecure site on the Chrome browser, you’ll see an i in a circle next to the web address. This tells you that the site is not secure.
From October that warning sign is going to get more prominent on pages that include forms. Any kind of forms including, contact forms, subscribe forms, anywhere on your site where visitors input information.
The warning is scary looking too. The gentle i is replaced by a big red exclamation mark in a triangle with ‘Not Secure’ next to it. Enough to scare people off before they fill in their details.
Where do you get a secure certificate for your website from?
Most hosting companies offer secure certificates.
You’re probably familiar with the term SSL (short for secure socket layer). All secure certs used to be SSL but now there’s an alternative. TLS (Transport Layer Security) is the new, even more secure standard.
Either option will work in the eyes of Google.
If you have a customer friendly hosting company talk to them, they may even be able to implement the certificate for you.
If you are techie yourself you might want to take on the challenge of moving your site to HTTPS but I’d highly recommend hiring an expert. It’s not a big job when you know what you are doing but it’s easy to mess it up.
What can go wrong when you switch to https?
Here are just a few of the potential issues you could run into if your secure cert isn’t set up correctly
If both your HTTP and HTTPS sites are visible to Google you may have issues with duplicate content. Although, according to Google’s 2015 announcement it looks like they’ll be choosing the HTTPS version if this happens.
If you don’t update your website in Google Analytics you may find errors in the reporting.
Both links within your own site to your own site (internal) and external links from other sites to your website need to point to your new HTTPS site. This means if someone clicks or inputs the old non-secure address they are sent to the new secure version.
You’ll need to set up redirects for external links and check internal links are set to point to the HTTPS version of the page.
Does that all sound too techy to you? Me too that’s why I got an expert to do the work for me. They made the transition seamless with no issues. It’s not a big job for someone who knows what they are doing so don’t be scared to contact your web developer.
Should you get a secure cert for your site and make the change to HTTPS?
Yes, absolutely do. It’s important now, it could help with your SEO and it will ensure you’re not scaring people off with warnings. My guess is it will become more important in the future.