Moving Site from HTTP to HTTPS
-
Hi,
So the news is that Google has started giving more importance to sites with HTTPS i.e. it is now a new ranking signal. It says that as of now it affects fewer than 1% of global queries, and carrying less weight than other signals such as high quality content but it may decide to strengthen it as they would like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
In that case, what should we do? Switching from http:// to https:// means change in urls and low traffic. How to cope with it? Do we have to implement 'n' number of redirects?
Regards,
-
By now you may already know that Google have suggested to site owners listed under Webmaster Tools that they list four versions of their site when using HTTPS. So for us who are just initiating this move, we have to list http://redwrappings.com.au http://www.redwrappings.com.au https://redwrappings.com.au and finally https://www.redwrappings.com.au. Then they suggest making https://www.redwrappings.com.au the preferred site.
I have an associated question - we are looking at using the Cloudflare CDN with its associated SSL certificate. Will there be any negative SEO effect using this SSL cert as opposed to our own?
Thx, Graham
-
Hi Paddy,
Depending on where your servers located in the speedier currently getting out of it but more importantly in my opinion on what that server is capable of doing.
If you use a content delivery network will give you great caching options along with a very fast network plus things like googles SPDY
All of the WAF's I mentioned having SPDY as well.
So you could pick up quite a bit of speed depending on what your current host offers of course in addition to the proximity of your current hosting company & other facters I would test the RUM speed of the end user Pingdom is a great tool for this to decide whether or not the additional cost of using a CDN or WAF is worth it prior to making the change. If most of your visitors are very happy according to the speed apex then you will want to do something like adding that CDN or WAF
On the subject of how close your current hosting company is to your clients and users you can modify this easily using. Sucuri's WAF allows you to pick from more than 100 pops across six hosting companies all over the world to take over as your origin so if you are a customer is in Dallas you can choose to use Server Beach/Peer1 Can take advantage of Google's SPDY combined with a choose exactly which data center you want server origin to originate from including the caching and everything else that would be included in hosting.
I hope this is been of help,
Thomas
I think SSL is here to stay I don't want the cost of SSL certs going up over this.
-
Hi All,
We've just switched everyting to HTTPS.
We use Cloudflare as we arleady had an account with them.Our sites are pretty new (http://ezilize.fr & http://ezilize.be) so the organic impact will be extremely limited as we just started. As we're new, we're taking everythig to boost our SEO, even a <1% ranking factor.
Everythnig has been 301 redirected, and we have less than 10 external links (we're live since a couple of weeks).My question is : "Do I need to change something with MOZ campaign? Do I need to delete + create new ones using https instead of http?"
Thx,
Lio -
If most of your users come from 1 region is there any point having a CDN? Or is it better (fast) for https?
-
We didn't particularly want it at the time, but I'm pleased we have it now (funny how things work out, eh?) I'm also pleased we did it when we did it because, as said before, the site was very new on a new domain so there really wasn't much in the way of organic traffic to lose . I think I'd have had a nervous breakdown if we had to do it now when the site is much more established and I actually have some listings to lose!
Although, I did successfully manage to move it onto a new domain without losing listings in April when we formed the new company so I think I can handle most things But, still, it did give me a few sleepless nights worrying about how I would explain to my CEO why things went wrong! But, they didn't and I honestly believe that if I can move a site from one domain to another and actually gain traffic and rankings then anyone can!
-
I think that your managers made a good call at the time, especially for your industry.
I think my employees are glad that I am saying that "this is crap" for now.. .but they agree that we should do it within the next year or so.
-
We discussed this internally yesterday, and came to the same conclusion EGOL did. SEOs are so quick to panic and change everything on the slightest bit of real news. What's the harm in waiting and seeing how things are after the dust settles?
-
We did it as a response to managers above our heads within the business deciding it was a good idea. Had no choice! But, as I said before, it made no real difference, though (again, I said this before) our site was really new (about 3 months old on a new domain) so it's hard to say whether we really lost traffic, because we did not have that much organic traffic on the site at that time.
I think you're wise to wait for the dust to settle so you can learn from others' mistakes
-
Thomas, when you have a moment, could you go back and edit your response and remove some of the extra spaces and make the formatting flow a bit better? Thanks!
-
When I go to Amazon and their website says... "Hello EGOL"... I don't see the https. I only see it when I am into account information.
When I go to ebay and look at the stuff I am bidding on or have purchased I don't see the https.
When I visit MattCutts.com I don't see https. WTF?
Amazon and ebay and lots of other sites don't have https even when you are logged in and they show your personal stuff.... so I am supposed to get it for my peanut.com domain where nobody logs in and nobody has any information stored?
So, I am not doing anything right now. I'll wait to see how many people step in poo setting it up and then, after the bugs are discovered and amazon does it... I might be ready. (I do have https in my shopping cart.)
ADDED: I just read Barry's post on SearchEngingRoundTable..
Google Change Of Address Tool Does Not Support HTTPS Migration..
That does it for now.
-
also there is a small overhead with the initial https handshake which can impact time to first byte and page load speed. Therefore session length and caching play an important part in determining the cost of using https.
-
Would Agree with you, its a very minor signal e.g optimizing meta tags will work more probably than this compared. Wouldn't rush into it just because Google says jump, if your on an eCommerce you should already have it anyway.
Still some really great answers here though. Would love to see SSL purchases this month must be a massive spike!
-
Hello,
Our sites are on https and have been for around a year and a half ago.
The only site we switched from http to https was really young when we did it and so the risk of lost rankings/traffic was minimised because we didn't have much to begin with. However, I have to say, we didn't really notice any difference before or after.
The only issues I have with the https version is that rich snippets don't seem to show. I suspect this will get resolved though as more and more sites move over to secured versions.
Good luck with the switch, Andy has given you all the info you need on that so I won't add anything else!
Best wishes,
Amelia
-
We have to remember that "For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content" (http://googlewebmastercentral.blogspot.co.uk/) and i would advise not rushing in implementing a full site wide HTTPs.
HTTPS generally slows down site speed and as we know, site speed is a key ranking factor, so this has to be treated carefully, along with all of the other points mentioned above.
I would wait, lets read some case studies and as many of us know, there are so many other stronger ranking factors we should be concentrating on during this first announcement by Google.
-
Hi Patty,
I would have thought the same thing but a buddy of mine and I tried this out it is amazing how powerful the trust signal is to Google look at the metrics on an extremely new domain and look at how many inbound links it has and look at where they are from. I recommend using a tool like a CDN or WAF to implement the certificate of course you can use your hosting company as well.
All the best,
Tom
-
I have been convinced this was a ranking single for a very long time https://www.authoritydev.com has a lot of trust for a site with very few links. Not to mention almost brand-new
If you think about it some SSL certificates ask you are whom you say you are as well as validate all those things so why would it not be a trust metric that would obviously convert into a ranking metric.
You will not receive duplicate content from SSL but you do have to remember to place 4 URLs in GWTs the HTTPS & non-SSL for + www. & non-www.
into Google Webmaster tools or Google will have trouble with the domain. You will also of course want to pick your same preferred domain non-www or www in SSL and without SSL this is very important Google will not give you duplicate content problems if you set it up properly.
Here is a list of some methods I have found that work very well implementing SSL certificates.
An extremely good example of a site using a CDN to carry the SSL and has outstanding load time is Yoast
https://yoast.com MaxCDN Speed SSL
One of the best things anyone can do that runs a website today is make it more secure I believe that USD19 month Sucuri CloudProxy is the easiest way to integrate your SSL certificate with security experts taking care of all the work (I respond to how to do it if you are doing it yourself below) as well as add-on extras that normally you would not have SPDY it works with every CDN on the market they have a partnership with MaxCDN this is a tool that makes your site faster and more secure with SSL http://cloudproxy.sucuri.net/
I would choose Incapsula over CloudFlare as it is much more secure and offers a lot more.
Obviously CloudFlare has the ability to integrate a shared SSL certificate there paid plans start at USD20 a month.
Rack Space offers cloud files through Akamai's CDN with over 200 pops around the world including the ability to run SSL this is a bargain and the links c name to cdn.example.com instead of this
https://c186397.ssl.cf1.rackcdn.com/CloudFiles%20Akamai.pdf
http://www.rackspace.com/blog/rackspace-cloud-files-cdn-launches-ssl-delivery/
AWS is not as inexpensive as you would imagine for SSL
http://aws.amazon.com/cloudfront/custom-ssl-domains/
very fast CDN's like edge cast are very expensive to add SSL to in the last you utilize a tool like softlayer or speedyrails
http://www.softlayer.com/content-delivery-network
CacheFly.com offers no cost to add SSL beyond the price of the certificate you bring them they have also made modifications to their pricing where it used to be USD300 a month pace to have their first proxy and all the goodies just recently they have started to just charge for the band with no more no less this is an incredible deal because they charged for the bandwidth before and it was still a deal.
http://www.cachefly.com/security.html
One of the very fastest ways to do this is to implement it through the CDN
http://www.maxcdn.com/features/ssl/
Even inexpensive high-quality hosting like site ground. Shoot a cloud flair based SSL certificate it is a deal
http://www.siteground.com/tutorials/cloud_flare_cdn/cloudflare_ssl/
CDNS
http://www.cdn77.com/custom-ssl
When installing HTTPS I think it is important to start off with the right SSL certificate I like https://www.globalsign.com/ personally however there are not other great ones like http://www.digicert.com another reason why I really like global sign is actually uses an SSL CERT in their home page standing behind your product counts a lot.
It appears to me like this is going to be a run on SSL I use a lot of managed hosting for instance FireHost & Verizon Terremark are two companies I do a lot of hosting with.
They will take care of this for you no problem.
My advice for people that are running WordPress or smaller sites that do not require a enterprise level manage hosting company the managed WordPress hosting companies all do this at exceptional rates
Pagely will give you a free SSL cert along with dedicated IP address at their USD60 month plan for three sites. A good deal if you ask me plus they use SSL themselves
Pressable uses SPDY googles faster method of delivering SSL the cost is USD10 more a month. However they take care of everything
Unfortunately the big guy WP engine recommends you do not use SSL–you are doing it on a specific page because it turns off their caching mechanism.
Obviously this will not help, sure they will come out with a fix
web synthesis will charge you nothing as long as you supply the certificate
they employ SPDY as well making for very fast SSL sites
The least expensive and one of the fastest Get Flywheel gives you a dedicated SSD VPS for USD15 in charges USD10 a month for the certificate everything is included
last but not least Presslabs supplies the certificate at no cost with their hydrogen plan with their helium plan I believe there is a cost. Press labs starts at a higher price than its competition however delivers quite a lot.
Right now I am experimenting with the Pagely VPS-3 setup so far excellent however the cost could be lower. I am adding SSL tomorrow.
https://pagely.com/plans-pricing/
To force https, modify your main .htaccess file as
RewriteCond %{HTTP:X-Pagely-SSL} off
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]
And to force only http use:
RewriteCond %{HTTP:X-Pagely-SSL} on
RewriteRule ^(.*)$ http://yourdomain.com/$1 [R=301,L]
$9 a month it put in your CDN MaxCDN is a recognized leader for this because of their ease of integration as well as their incredible speed.
There are plenty of sources it depends a lot on your hosting company for instance you can follow this one of many many SSL certificate how to use on digital ocean.com this is for Ubuntu + Nginx https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
I Hope this helps,
Thomas
-
I think the important thing is not to do a knee jerk reaction here, if you don't migrate to https correctly you will be in a world of pain!
Lets remember, right now it is a very weak signal and check your competition, are any of them https? probably not, so right now you're not losing anything.
Its the long term that worries me, it seems google is planning to strengthen this signal over time, the question is at what rate and ultimate how strong will it get ( my gut says it will never be a huge signal, but then every little helps).
In my view moving from http to https is the same as any migration ( to a different url or new platform with different url structure), if done correctly it should be painless but if done wrong can be disastrous. The other factor is if you have absolute links for elements pointing to http: they all need fixed, if you miss any then that page will flagged an insecure to the user.
Something I'm unsure about, I thought https is slower than http (and one of the main reason people don't https their whole site), maybe someone with more knowledge about https/ssl can correct me here.
-
your not the only one worried about this, and can cause some serious issues.
You are going to lose some ranking and organic traffic, but its whether the long terms benefits out wight the short term loses. Can your business afford to lose upto 12 weeks of non organic traffic, while your sites gets reindexed and ranked
Just read a good article on this, and the main section is below.
There’s a few different ways you can hurt your sites rankings through converting your site to HTTPS:
1) 301s -
Got links pointing to the http still? You NEED to 301 to your new https link, or the juice isn’t going to pass over. Alternatively do this on a forced level within the .htaccess, but GBot is dumb and often doesn’t recognize it.
2) Internal Linking -
Again, the same as changing your URLs, you need to do this on your site as well – Change any internal links to https, or Google’s crawl rate is going to be so low you’ll be feeling the heat of hell on your ballsack.
3) Canonicals -
Exact same as what I just said about internal linking, 301s etc… Setup your canconicals with https, or you’re screwed.
4) Duplicate Content -
As I mentioned above, if you haven’t got your .htaccess configured right.. You could have a http and a https version of your site – Duplicate content is a real issue.
Read more: http://godofseo.co/industry-news/https-ranking-signal/#ixzz39ml3R3K8
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Linking to External Site In Nav Bar
Hi, we are a celebrity site but also own a separate sports site with its own URL. We have a link to that site in our Nav bar. Are we being penalized by having that link? thanks
On-Page Optimization | | Uinterview0 -
Does hreflang restrain my site from being penalized for duplicated content?
I am curently setting up a travel agency website. This site is going to be targeting both american and mexican costumers. I will be working with an /es subdirectory. Would hreflang, besides showing the matching language version in the SERP´s, restrain my site translated content (wich is pretty much the same) from being penalized fro duplicated content? Do I have to implement relcannonical? Thank ypu in advanced for any help you can provide.
On-Page Optimization | | kpi3600 -
Need help in understanding why my site does not rank well for our best content?
Hi, We are a technology site from India (Digit.in) and we create a lot of original product review content (http://www.digit.in/mobile-phones/nokia-lumia-830-review-24655.html) but don't seem to rank even in the first 4 pages on Google results. Please let me know the reason for this and how to get this fixed. Thanks Arun
On-Page Optimization | | 9dot90 -
HTML Site SEO (NO CMS)
I have got a client site, which is dated (2007) and has not been shifted to any recognised CMS yet. It is HTML based. Is it possible to SEO on such a site? Is it even worth it? If it is possible to do SEO on this, any suggestions will be highly appreciated. Thank you.
On-Page Optimization | | ArthurRadtke3 -
Does Bing consider http://www.domain.com the same as https://www.domain.com?
Bing Webmaster Tools showed me that sometimes it displays https://www.domain.com in its results and sometimes http://www.domain.com. That got me thinking. Does Bing consider https to be a seperate duplicate copy of the http version? IE does my site get knocked down for duplicate content because of this? In Google webmaster tools, I can tell it whether I want https or http. But I dont know how to tell Bing. Any pointers will be appreciated. Thanks Dan
On-Page Optimization | | DanFromUK0 -
I changed my site from HTML to PHP and I need to get some help.
Ok...so the other day I went from HTML to PHP in every part of my website. I want to know the best option for me for redirecting my pages from HTML to php. I had my site scanned with SEOMoz and I was given many 404 errors which is not at all good. I do not have any pages of my site linking to any of these html pages. All of the site links have been updated. I have checked 3 times. I have never created a robots.txt file so I would love to get a little help with this part. I was thinking it would be best to tell Google not to worry about these pages in the file. I kept the pages up and I plan to remove all code with them so that no content shows up if someone visits but the issue with that is my site is already indexed as HTML. I want to have the HTML pages redirect to the PHP without worrying that my visitors will land on my site via Google onto an HTML page. I hope I am making sense. What is the best advice you can give me. I need all pages to redirect to PHP. I used an htaccess redirect from all HTML to PHP but when I get so many of them added I get an error on my site saying too many redirects. Seriously need help.
On-Page Optimization | | TrendyHost0 -
How to make google not index quotes from other sites?
Hey guys, I have a site where we post quite a lot of info from other sites. We don't want google to de-index our pages because parts of it are quotes from other sites. What would you use to make it so Google sees it's a quote from another site? Or to just make Google not index the quote? Thanks!
On-Page Optimization | | StefanJDorresteijn0 -
Https and secure pages
Hello, I have a facebook badge in my footer. Is it okay if I make the code call on https. It makes the page secure for IE. I have also have done this for images. These secure urls are also being called on non secure pages. But I don't think that matters does it? Code below. Thanks Tyler
On-Page Optimization | | tylerfraser0