Optimal SSL Solution?
-
I am in the process of moving all of my client's websites to HTTPS. I have a client with an SSL certificate through GoDaddy for an e-commerce site, and my host WP Engine offers them for $50/year each. This has been fine, but now I am trying to move about a dozen sites over and I'm just trying to figure out the best, most ideal way possible to do this. I could just go through WP Engine and pay them for the certificates, but after doing research on different SSL providers, I've totally confused myself. I have seen a wide range of prices for certificates, but I can't tell if it's just BS or there is actual value. I'm talking about a $10 certificate vs a $250 certificate through Symantec.
Aside from that, I have found a few different types of certificates: single domain certificates, wild-card certificates for subdomains, and a multi-domain certificate. I would love to buy one multi-domain certificate that covers all of my websites - but I'm not sure what the pros and cons are of doing this, specifically in regards to SEO. Can anyone explain what the pros and cons are for these in my specific situation?
I'd love to hear any recommendations for my situation, and if there is something else I am missing that is important, please share!
-
By the way, I buy my certificates here: https://www.namecheap.com/
In my opinion from a visitor perspective, to move in and out of ssl during a visit is bad; they would notice something is changing and average visitor wouldn't understand. So I would go for a 100% https. If you google about it you will find a lot of testimonial saying moving everything from http to https didn't have much impact in terms of performance. In my opinion the bad name of https is all coming from ages ago when protocols and hardware were not very good at managing it.
-
I probably had at least 5 more phone calls with people about SSL yesterday after I posted here. Ends up WP Engine overestimated the time, and they think it'll add less than half a second which I can deal with. I also learned that the certificate won't really affect speed.
I decided to allow my clients to choose which route they want to go with, a $50 SV from GeoTrust, a $300 EV from GeoTrust, or a $1000 EV from Symantec. I explained to them the main difference between the $300 vs $1000 option is really just the name, and how visitors trust the brands.
My next dilemma is whether or not to go 100% HTTPS. I am leaning towards it - I just don't know if it's overkill or not. I'm assuming 100% is the long-term ideal route. If, for example, I have an e-mail opt-in in the footer or sidebar of all my pages, I guess it'd be best to secure all of the pages then. I'm assuming the only negative is a possible reduction in load time?
Thanks a lot for the awesome responses. I really feel like I'm getting a much clearer picture of this whole situation.
-
How much you pay for the certificate has nothing to do with performance.
Google doesn't want your website to load under .25 seconds, they never gave a specific number above which they penalize or below which they prize. The general consensus is a TTFB (time to first byte) below 1s is ok, below .5s is great.
Keepalive is standard for browsers and servers these days, page load under https will be affected only by the initial handshake.
I never used wpengine, I have no idea how https is going to impact a website hosted on their platform, they should know if they have other customers who moved.
In my experience with the websites I moved from http to https the performance didn't degrade at all, both TTFB and full page load stayed the same, TTFB under .4s and page load below 5s; but no one of these websites were using either WP or shared hosting.
-
Thank you very much for that response, and for the links. I just finished reading through that Moz article in it's entirety. Between that and your response, I agree that the EV sounds like the ideal certificate to go with. Now here are my new questions:
Now I want to get an EV Certificate and I want to go 100% HTTPS site-wide, as these seem to be the most ideal combination, especially long-term for SEO. I just finished a long phone call with WP Engine regarding this situation. While they resell RapidSSL Certificates, they do not offer EVs. I can still buy one from someone else and bring it over though. When I told him I want to go 100% HTTPS, they told me they can help me but it will add an increased load time because the site needs to make the handshake everytime a page loads. Right now my site loads at .1 seconds (WP Engine rocks!) and I don't really care if it doubles with 100% HTTPS. However, he told me it will add 1-2 seconds. That sounds like a lot to me. We went back and forth on this alot, but he stuck to it that generally it will add 1-2 seconds.
I noticed that Symantec sells $1500/yr SSL Certificates. The higher up you go in the tiers, the faster the speed, at least they claim. In this case, does this mean if I want my site to still load at .1 seconds with 100% HTTPS I have to pay $1500/yr? If so, that leads me to this question: how is it possible that Google wants your site to load under .25 seconds, yet they want your site to be 100% HTTPS? I mean, if I have to pay $1500, it is what it is, and that will definitely separate the big boys from everyone else - and my clients might be fine with that. But something else is leading me to believe that something in this overall equation is not right - I must be missing something or have something wrong here.
-
10$ vs 250$, the only differences are the brand selling them and their customer service, the brand theoretically affect conversions, if you believe your visitors are going to check the certificate authority and trust one more than another, I don't and I wouldn't go for the more expensive.
But I would go for the EV certificates, just because the browsers will show the website company name just before the url, and I have the impression that does instill trust. But it's just my opinion and googling around you can find opposite views on the subject.
single domain, wildcard or multi-domain, again from a technical perspective are all the same; multi-domain sounds very attractive but do have few drawbacks, first whenever a user check the certificate only one company name and one domain is listed, for all domains the details will be the same; furthermore (and more important) to use UCC certificates you also need a webserver supporting SNI, not all web servers do, and last but not least you need visitors using browsers supporting SNI (which rules out anyone still using windows XP and anyone with old browser versions)
with regard to SEO, are all the same, it's not the certificate by itself which matters, but to follow the right procedure when moving from non-ssl to ssl: http://moz.com/blog/seo-tips-https-ssl
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How do you optimize a blog post for SEO after the RankBrain?
Hi Guys Just curious to hear what you guys do to rank blog posts in the top in Google especially onsite, after the RankBrain update? Do you still use SEO tools to optimize this or are the SEO tools outdated for this? If yes which tools do you use to get success with? Cheers John
Algorithm Updates | | igniterman751 -
Does my website need the SSL Cert / HTTPS Update?
So, I own a car shipping company called Car Shipping Carriers ( www.carshippingcarriers.com ) and I am trying to find out if I need the SSL Cert / HTTPS for the site. I attached a picture that shows I dropped a HUGE amount of rank back in the beginning of August 2014 and that the SSL/HTTPS update happened at nearly the exact same time. I do have a quote box on my website asking for: Name, Phone, Email, Origin, Destination, Move Date, Year/Make/Model of Vehicle, and Carrier Type. I was unsure if I needed the HTTPS because I am not asking for sensitive data, but it seems that I might need to bite the bullet and update the site to HTTPS. What do you all think? Any expert opinion and/or advice? JWV4N1o
Algorithm Updates | | Dutko23850 -
Optimizing for Lawyer vs Attorney Words
With Hummingbird update, my client's personal injury lawyer site went from very good positions for top terms in Google to oblivion. The site had primary landing pages for parallel terms such as "dog bite lawyer" and "dog bite attorney", among other. He does work in Philadelphia and Pennsylvania, so we focus on key phrases for both "Philadelphia dog bite lawyer" and "Pennsylvania dog bite lawyer" etc. I've decided to investigate siloing more deeply, but am unsure whether Google now considers attorney searches to be the same as lawyer searches, which would mean we would silo for "Pennsylvania" and "Philadelphia" not "Attorney" and "Lawyer". Any real world experience in this anyone? Thanks
Algorithm Updates | | JCDenver0 -
What would be the right website hosting solution for a global brand with multiple TLDs?
Hello everyone, we are preparing a global we strategy for our customer, who wants to focus on many local markets. They are present with their products in over 60 countries on all continents and they can cover 7 languages easily. They also own the TLDs in each main country. Our priority is to be not only found in Google, but also in all major local search engines, which are popular in each country. Our main concerns with this strategy are: How do we host the website locally for each country, so local search engines recognize the website as a local website? Also, is it that important? Is cloud hosting the right solution for this? We would have different server locations for each TLD/language. Surrounding countries would at least get a fast connection and download rate, if the server is located nearby. If yes, can you recommend any companies doing cloud hosting? Is it also wise to additionally redirect the user to the local server based on his/her location? Is there a risk of duplicate content or being recognized as a link spamming site (for having links to each other from different domains of the same site, the content will be in different languages, though) just by using this solution? We would, of course, keep the content separated by domain to avoid duplicate content. Any comments and ideas would be highly appreciated. Thanks, Wojtek
Algorithm Updates | | webeeline0 -
Using a stop word when optimizing pages
I have a page (for a spa) I am trying to fully optimize and, using AdWords have run every conceivable configuration (using Exact Match) to ascertain the optimal phrase to use. Unfortunately, the term which has come up as the 'best' phrase is "spas in XXX" [xxx represents a location]. When reviewing the data, phrases such as "spas XXX" or "spa XXX" doesn't give me an appropriate search volume to warrant optimizing. So, with that said, do I optimize the page without the word "in", and 'hope' we get the search volume for searches using the word "in", or optimize using the stop word? Any thoughts? Thank you!
Algorithm Updates | | MarketingAgencyFlorida0 -
How Do I Optimize with Google's Video Search?
Hi everyone, I am looking here https://developers.google.com/webmasters/videosearch/schema and I don't fully understand. Could someone please explain, step by step, what I have to do to optimize for Google video search? I.e. Step 1 do this Step 2 do this. I don't fully understand Thank you!
Algorithm Updates | | jhinchcliffe0 -
Google dance/over optimized/paranoid?
Hi guys, hope your all OK and thanks in advance for taking a nosey at this. OK where to start - my rankings for the last 12 months have progressively improved every week, usually of the 300 KWs i track the last few months has seen approx 70 up/70down per week, but the improvements usually outweigh the declines. This week I saw a sudden drop though - 35 improvements and 112 declines. The strange thing was though, the improvements came on the more competitive KWs, and the less competitive words I haven't done much or any back linking for dropped. Seems silly me asking this question when I run that through my head ofcouse KWs you don;t work on will drop like flies? It should be plainly obvious those words would drop off but all have been improving on there own slowly over the last 6/7 months. Now if this was a penalty (nothing showing in webmaster tools) I would have expected it to come through on my KWs I have over done the backlinking for, but these are the 1's that improved. So is it just the Google Dance? I normally see some words such as the big 1 we target DJ Equipment go from position 13 - 24 can change hourly sometimes! Could it just be quite a few have dropped all at once and will pop back up this week? Also if anyone could give us any pointers in general on where you think we should be taking our SEO it would be much appreciated. I know we have been a little lazy with our backlinking and could do with some much better/ industry related websites linking to us, and there are title tags/metas on product page that need sorting.. aside these couple of issue's? DJs Only
Algorithm Updates | | allan-chris0 -
Title Tags and Over Optimization Penalty
In the past, it was always a good thing to put your most important keyword or phrase at the beginning of the Title Tag with the company name at the end. Now according to the over optimization penalty in the Whiteboard Friday video, it seems to be better to be more human and put the company name at the beginning with the keyword or phrase following. Am I understanding this correctly?
Algorithm Updates | | hfranz0