Like many SEO, I’ve naturally been telling all my clients to consider switching to HTTPS asap since Google said to a few years back to do so.
NOT because of any claimed ranking boost, but because it is the trend that Google prefers HTTPS – and it is more secure.
Many still haven’t moved to HTTPS, and I haven’t either.
The only reason I have not moved this (Hobo) site to HTTPS is that I am tidying it all up first, as much as possible, before I switch, because I see the entire process as a chance to learn as much as possible from the changeover.
I also want to ensure I don’t mess anything up, and there is plenty to mess up.
Google Chrome Will Mark Your HTTP Website ‘insecure’.
Now that Google Chrome is imminently planning on marking your website ‘insecure’ if it is NOT HTTPS, it is probably time to make switching to HTTPS a priority if it hasn’t been up to now.
This is quite a different issue, especially if you sell online, or take people’s information, and is just another example of the web evolving to focus on security and quality.
Time permitting, I still think you should clean your site up (e.g. remove redundant pages) before a switch to https to get the maximum benefit from such a move.
That time, though, may have run out.
Obviously, Chrome marking your site insecure could well be a conversion killer.
Why Is Google Chrome Marking My Website Insecure?
This goes way back to 2014, and is not unexpected:
Proposal – We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security. GOOGLE – 2014
Chrome pushing forward on marking plain HTTP as outright insecure is an incredibly strong and pro-user move,” Eric Mill, a technologist who’s been working on web encryption, told Motherboard. ”Despite how common plain HTTP can still be today, it *is* outright insecure, and a real and present danger to users and to the open web.
Should You Move To Https Immediately?
With Google Penguin on the horizon, I might wait until I see the fallout from that.
If I had a massive site, I probably would wait. I don’t want to be going through a known major algorithm update with a massive change also underway on the site.
I don’t build any links, or buy links, but I have a lot of negative seo attacks on this site and I want to see how this site is impacted by the Penguin update.
I have a very small site (100 pages) so moving to https shouldn’t be drawn out or problematic.
In fact, with this switch to https at the back of mind for many months, I’ve focused on reducing the site in terms of pages (from about 2000 to 100) largely to improve quality but also to help manage such future migration or management challenges.
I’m ready to switch to HTTPS, and keen to do it, but very pedantic in my other priorities on this site.
I will be switching to HTTPS shortly, and suggest you think about it too, if you have not done already.
Cleaning Up Your Site Before A Changeover To HTTPS
When I say clean up my site before I move to HTTPS, I mean:
- getting rid of redundant pages on my site and sorting obvious low-quality issues before I move to HTTPS
- reducing the amount of redirect paths to important pages on the site
- reducing the amount of broken or misdirected links on pages on the site to lay down a clean, internal linking solution for the future
- speeding up a website load times
- disavowing all known low-quality backlinks
- reconnecting broken backlinks to pages on the website
- preparing templates for new internal linking requirements that minimise any redirects
Essentially – I work with sites with a lot of quality issues, and fixing them before you move has benefits in managing the site and anything you need to do in the future.
Moving to HTTPS can add a layer of complexity to some sites, so in some cases, cleaning up before you move makes analysing the impact easier, later.
As an SEO, telling clients to move to https (which is going to probably negatively impact organic traffic levels for up to a few weeks at least (sometimes months)) is not exactly news they want to hear.
This is compounded by the fact that Quality Rating Issues on a site are more important to tackle heads on, than prioritising moving to a secure server for an elusive ranking boost.
Moving to HTTPS is important from a security point of view, of course, but fixing quality issues is more important for me (as that is what I am hired to do).
I think, though, with this (not unexpected) move from Google chrome, migrating to HTTPS is going to have to be up there as a priority too.
Both for security reasons and conversion reasons.
Do I need to Register My Site With Google Search Console?
YES. Make sure your site is a manageable shape, then:
- Register all versions of your site in Google Search Console (AKA Webmaster Tools) (that’s 4 versions at the last count)
- Disavow all backlinks pointing to these domains, and upload the disavow file to all domains
- Make sure you have preferably 301 redirects on all other versions of the domain, pointing to one canonical version of the domain
I have witnessed fallout in early instances where a disavow was in place on the HTTP site, but not migrated to the https version by Google. Google neglected to point out to us in the beginning that that was necessary.
It could be said that Google prioritises migrating a penalty to another totally different domain over migrating the preventive penalty measures you put in place in good faith in a switch to https on the same domain.
That seems a little unhelpful.
You can ask yourself why we need the unnecessary complication of 4 versions of Webmaster tools, and 4 disavow files to manage all this, to ‘optimise’ a website in organic listings.
But – I would not switch to https without registering with Search Console first.
Google’s 2016 Advice on Moving To Https
The following advice is from John Mueller:
Planning on moving to HTTPS? Here are 13 FAQs! help center at https://support.google.com/webmasters/answer/6073543
# Do I need to set something in Search Console? No, just add the HTTPS site there. The change-of-address setting doesn’t apply for HTTP -> HTTPS moves.
# How can we do an A/B test? Don’t cloak to Googlebot specifically, use 302 redirects + rel=canonical to HTTP if you want to test HTTPS but not have it indexed. Don’t block via robots.txt . More about A/B testing athttps://googlewebmastercentral.blogspot.ch/2012/08/website-testing-google-search.html (302 redirects aren’t cached.)
# Will the rel=canonical guarantee that the HTTP URL is indexed? No, but it’s a very strong signal when picking the indexed URL.
# What’s the next step after testing? Follow our site-move documentation (https://support.google.com/webmasters/answer/6033049 ). Use 301 redirects from HTTP to HTTPS, confirm the new version by adding a rel=canonical on the HTTPS page, pointing to itself, and submit sitemaps including both HTTP & HTTPS URLs with new change-dates (in the long run, just keep the HTTPS sitemap).
# What about the robots.txt file? The HTTPS site uses the HTTPS robots.txt file. Check that it’s reachable or serves a 404 result code, and check that your HTTP URLs aren’t blocked by the HTTP robots.txt file.
# Is it OK to have just some pages on HTTPS? Yes, no problem! Start with a part, test it, add more.
# Should I move everything together, or is it fine to do sections? Moving in sections is fine.
# Will I see a drop in search? Fluctuations can happen with any bigger site change. We can’t make any guarantees, but our systems are usually good with HTTP -> HTTPS moves.
# Which certificate do I need? For Google Search, any modern certificate that’s accepted by modern browsers is acceptable.
# Do I lose “link juice” from the redirects? No, for 301 or 302 redirects from HTTP to HTTPS no PageRank is lost.
# Will we see search keywords in Google Analytics when we’re on HTTPS? This won’t change with HTTPS, you can see the search queries in Search Console.
# How can I test how many pages were indexed? Verify HTTP / HTTPS separately in Search Console, use Index Status for a broad look, or the sitemaps indexed counts for sitemap URLs.
# How long will a move from HTTP to HTTPS take? There are no fixed crawl frequencies, it depends on the size of your site, and the speed of crawling that’s possible. The move takes place on a per-URL basis.