Mike Cushing / Development Digital Marketing / August 19th, 2014

Is HTTPS Necessary to Secure Your SEO?

In Aug. 2014, Google announced that it is now factoring HTTPS encryption support into its ranking algorithms. Security in search has been a long-running priority for Google, and HTTPS as a ranking signal is ostensibly the latest push for increased online security. So, now that security will impact your search rankings, just how necessary is HTTPS support?

Can’t Stop the (SEO) Signal

Let’s be blunt here: if Google says it’s decided something is important to how it delivers search results, you should pay attention. According to the Google announcement, the HTTPS signal is very lightweight in its algorithm – it affects about 1% of queries, and it doesn’t carry as much weight as high-quality content – but that weight is sure to go up as Google continues testing and refining results. After webmasters have time to switch to HTTPS, you can bet the signal will increase.

Google generally allows webmasters and SEOs a fair amount of time before they revisit an algorithm test, but you should have a plan in place to transition to HTTPS sometime in the back half of 2015.

What Is HTTPS?

paypal ssl

You’ve probably seen the green lock icon next to a secure URL, and it’s a signal to users that your connection to a site can be trusted to encrypt and manage user data. It’s been vital for eCommerce sites that manage payment card data, as well as any service that users might trust with personal data. Gmail and other Google services have used HTTPS for years to give users a sense of security. YouTube began implementing HTTPS for embeds across the site in 2011, and now it’s your turn. Applying an SSL (secure sockets layer) certificate will tell Google that your site is secure, but it will also signal users that your site can be trusted. The “positive results” mentioned in the Google announcement would indicate that users like seeing that a site is secure before they ever land on it. And as we can see from Google’s moves regarding mobile results, we know that user experience will always play a large role in search.

If you run an eCommerce site, you probably return HTTPS pages once a user logs into your site, or as soon as they proceed to the checkout page. Amazon, for instance, serves up unsecured pages until you begin checkout, after which everything is HTTPS. It makes sense, and you know your transaction is secure.

Why Should I Care?

Right now, you’re probably asking yourself, “Why the heck does Google think my blog needs to be encrypted?” And that’s an incredibly valid question, insightful reader. HTTPS is meant to ensure that data transactions are done with the highest possible security, and most sites simply do not require that level of encryption.

Well, not until Google said they did.

Of course, making sure that HTTPS is done right is not as simple as Google might want you to think. Once you apply an SSL, you have a lot of work to do behind the scenes to make sure everything works properly.

Well, Great. How Do I Do This Thing?

First off, it’s very important to remember that this is currently an incredibly lightweight signal in the search algorithm. There are a couple hundred ranking factors to consider, so HTTPS should not be your top concern if you’re still working out other problems in your SEO strategy. Over time, you can bet HTTPS will become more important, but you should not be in a mad rush to make the switch to HTTPS (well, at least not yet). Once you have your ducks in a row, you need to do it right.

Much like these cute ducks swimming, HTTPS requires a lot going on out of sight.
Much like these cute ducks swimming, HTTPS requires a lot going on out of sight.

There are some real challenges to implementing HTTPS across an entire site, especially if the site was not originally built to be encrypted. The ranking boost will only be applied to pages that have an SSL on them, which can cause some problems. There have been enough tech improvements to minimize site speed issues, but the security benefits of HTTPS can be quickly neutralized if the entire site framework isn’t reworked to be secure. To be truly secure, you need to make your domain, all URLs and any file your site delivers secure. All it takes is one image on a page to load without HTTPS for the security of the entire page to be compromised.

With the minimal SEO benefit of adding HTTPS comes a raft of potential SEO nightmares, especially duplicate content concerns. Although Google has called for HTTPS, its Change of Address Tool does not support HTTPS migration, so get ready to do a lot of 301 redirects. Once you have every page of your site covered by SSL, it’s important to use proper canonical tags to ensure that Google knows the HTTPS version of pages is the preferred result so you can avoid any duplicate content issues. Our SEO guide to domain changes lays out all of the big items you should be aware of.

A Note of Caution

It may seem like Google is pointing its sword in the general direction of your site’s SEO with this announcement, but it’s important to take your time before you make the switch. HTTPS may mean the difference between a No. 1 and No. 2 ranking, so it will be important to make the switch. But first, make sure to carefully test how HTTPS works on your site and for your users. It may be important to secure important landing pages, but for many pages the SSL may simply not be worth the trouble or the cost.


Image credit: Guillame Speurt

  • http://infolific.com/technology/ Marios Alexandrou

    If the site speed factor announced a while back had had a bigger impact, I’d be more inclined to move ahead with https. At least with site speed there was little chance of doing anything detrimental to performance and had the potential to make for a happier visitor.

    • Mike

      Yeah, it’s surprising that the site speed factor and HTTPS are roughly equal signals at around 1% of queries. Of course, the impact of site speed goes well beyond SEO and into the UX world. Since you’ve got about 2-4 seconds to keep a customer around, that should be a priority anyway.

      Of course, if the HTTPS becomes a heavier signal as expected, it’ll be time to re-assess.

  • Christopher Burns

    On a blog, for example, https seems like overkill and probably a waste. I mean if you’re just looking at products on a store, what’s the benefit? … unless … maybe the benefit is to encrypt everyone’s traffic to avoid the snooping NSA?

    • Mike

      Well, Google would say the benefit is to prevent snooping from anyone, especially phishers and the like (although avoiding the NSA is surely an added benefit). The problem will come when everything is HTTPS and users assume they’re safe because that green lock says they are. Malicious parties can pretty easily set up a site with an SSL to steal data who don’t know better – but you can rest easy knowing you’re on an encrypted connection.

  • Christopher Burns

    On a blog, for example, https seems like overkill and probably a waste. I mean if you’re just looking at products on a store, what’s the benefit? … unless … maybe the benefit is to encrypt everyone’s traffic to avoid the snooping NSA?

    • Mike

      Well, Google would say the benefit is to prevent snooping from anyone, especially phishers and the like (although avoiding the NSA is surely an added benefit). The problem will come when everything is HTTPS and users assume they’re safe because that green lock says they are. Malicious parties can pretty easily set up a site with an SSL to steal data who don’t know better – but you can rest easy knowing you’re on an encrypted connection.

  • dwasylow

    As with anything, you have to weigh the cost vs benefit – and translate both into dollars – to determine whether the https conversion investment is worthwhile.