Eventually, yes. Google announced in August of 2014 that they started to rank https websites slightly better than http websites within their search algorithm. It may be time to move to https for companies that want to be taken seriously and that want to conduct online business with valued customers. Since then, many sites have made the switch, and most report an uptick in traffic, or no negative impact (which is good news).

What is site security?

In one sentence: It encrypt all internet traffic between the user and the website or recipient of webforms on the website. This is enforced when using a HTTPS (Hypertext Transport Protocol Secure) certificate. Your website URL starts with an https:// instead of http://. If a user fills out a form on your website, the data will be sent encrypted to the web server and final recipient.

Google’s HTTPS Ranking Signal Runs In Real Time

Unlike the previous Penguin or Panda algorithms, this is a ranking signal that is run in real time. As soon as Google indexes your site running in HTTPS, that site will immediately see a tiny ranking boost because of the fact it is running as a secure HTTPS site. That doesn’t mean you will see your rankings jump from result number 5 to 4, but it will, behind the scenes, have a small, tiny, boost in the overall ranking algorithm.

John Mueller at Google said this in a hangout video, which you can watch here at 29 minutes and 6 seconds in.

But is it worth the effort?

From an SEO perspective, there are probably hundreds of other things you could tweak to improve your website and search engine rankings which have more potential to increase your rankings in Google’s search results – but there is a long list of reasons why you may want to consider moving your site over to HTTPS.

For starters Google published their plans to warn users browsing websites using Chrome of the security risks in visiting non-HTTPS websites, which they refer to as ‘non-secure’ sites. If you don’t want users visiting your website to be put off by a visible warning of an “insecure connection”, you should start planning the migration of your website to HTTPS.


What do I need?

For WordPress, it’s actually very simple – you can use a plugin called “WordPress Force HTTPS” – but only after you’ve purchased an SSL certificate, which is what actually does the heavy security lifting. You can get those for a single domain starting at around $10 – Namecheap is one of my preferred registrars for both domain purchases and SSL certificates. Find out more below:

Step one is to generate a CSR (certificate signing request) from your web host. They will usually have tutorials or someone available to help you perform this task. Some hosts will have a package you can purchase that gives you a static IP and a certificate all in one shot, all you need to do is verify that you’re the owner of the domain.

Step two is to use that CSR to purchase an SSL certificate. You will need to work with your registrar if you’re unsure of what you need to do with it, but it involves either uploading a file or copying and pasting your CSR request into a box during or after purchasing the SSL certificate.

Step three is to install the certificate after you confirm your ownership of the domain (via email), and begin the migration process. Screen your code for http:// links that are protocol-relative. That means that if you had something like http://www.something.com it would end up looking like //www.something.com in all areas of your code. You will need to also check for CSS files that call from external sources and use Firebug or Chrome’s inspector to find the remaining files that are still being requested using HTTP.

Step four is to follow the steps outlined in the Google article here, which will help make sure that Google can index and serve content from your new URL. Install theWordPress Force HTTPS plugin if you can, or do it manually using your .htaccess file. W3C recommends using a site-wide redirect, which is similar to what the WordPress plugin above does. Read more about it here.

Don’t forget to update your social media links with the new URL, check your robots.txt for protocol-specific links, and test all of the pages of your site for non-secure links – browsers will display notices that the site is secure, but “displayed insecure content”. The best place to figure out exactly what is causing it after you have already completed the migration is https://www.whynopadlock.com/ .

Above all, don’t panic! We can help, just contact us for more information.