As all of you might be aware, WordPress today is the king of Content Management Systems (CMS) with an undeniable lead in market share. CMS is built primarily, as the name implies, to help manage content which is great for content-driven websites. It is therefore also important to understand the role that SEO plays in content-driven sites.
Way back in 2014, Google announced that it would be placing a lot more focus on security as one of the key indices that helps it rank search results. For websites, this meant that the spotlight was on Hypertext Transfer Protocol (HTTP) versus Secure Hypertext Transfer Protocol (HTTPS).
This impact would hit a lot of websites hard – so what was the reason that Google made this move? Is there a marked difference and what would the complete implications be for sites that refused to move towards HTTPS?
What is HTTP and HTTPS?
Trust on the Internet has become an extremely contentious issue given how many are treating data as the new oil. From data theft to cybersecurity breaches, many people have become wary of trusting their information to any source today.
This has also contributed users looking more carefully at where they enter their information online – much less pay digitally to websites. As such, knowing that a trusted and seamless user experience is one of the key elements of running a website today is important.
One of the ways that this can be carried out is by the implementation of HTTPS site – but to carry that out, you need to know the difference between HTTP and HTTPS.
HTTP is what allows users to send and receive information on the internet. It controls how information is presented to users, not so much about the way that the information gets to users. This allowed for the rapid transmission of information but also presented several weaknesses.
HTTPS was originally designed to make sure that data transmission was secure, such as in payment authorizations and other sensitive data. The key difference between this and HTTP is that HTTPS makes use of secure socket layer (SSL) to transmit data, making it safer.
The two protocols are almost identical except for the use of SSL in HTTPS. Of course, there are other technical details, but the focus here is on the differences and why HTTPS is so important today.
Why Google is Focusing on HTTPS
As a search engine, Google wants its users to be directed to relevant and trustworthy information that they search for. In this quest, it has found that it is better to send users towards websites that it knows are safe – hence the focus on HTTPS.
HTTPS enables it to guarantee (to a degree) that those sites encrypt information between them and users for that extra element of security. Knowing this is crucial to understanding how having a HTTPS site affects your search engine ranking.
As a bit more of the detail into the security of HTTPS, the security involves elements of Encryption (scrambling data to ensure it can’t be read if intercepted by a third-party), Authentication (to verify identity) and Data Integrity (to ensure information is not tampered with).
How HTTPS Affects Your SEO
Although we have seen why HTTPS is much favored by Google because of security, there are other reasons for implementing it. These reasons include a possible increase in search engine rankings and reassuring your users of your site integrity.
Better Search Engine Rankings
As mentioned earlier, Google gives preference to rankings for HTTPS sites versus HTTP sites. This means that if you are the only one of ten similar sites to implement HTTPS – it is very likely that your site will be the top suggestion offered by Google.
Besides, for WordPress CMS users, you have the advantages to choose the website themes that are optimized for SEO as well.
All mainstream browsers like Edge, FireFox and Chrome today have clear visual indicators when websites are secure. As such, more users are becoming aware of this and are keeping their eyes open. Offering your users the secure browsing experience is good for retention.
Switching to HTTPS also help overcome the loss of referral data. This usually occurs when the referral value is dropped in site transition and can help you avoid being labelled as ‘dark traffic’ in analytics programs
These factors might not seem overly significant at first glance but looking at the implications it is clear why they are important.
When your site is better ranked, that means it is more likely you will get better traffic. Because Google also clearly identifies secure sites, this can act as a psychological signal to users, which again translates to better potential traffic.
It is also more likely that you will win the trust of users with a secure site. Imagine a user if faced with making a buying decision on a HTTP versus HTTPS site – which do you think they will choose? According to a GlobalSign survey, 84% of users would rather drop a purchase than follow through with it if they knew a site was not secure.
Can you imagine fighting for not just user traffic, but also conversions to sales if you stick with HTTP and refuse to make the move towards HTTPS?
Making the Switch to HTTPS
How difficult the switch to HTTPS is depends a lot on what kind of site you are running. For example, if all you’re running is an informational site such as a blog then you can benefit from a free SSL certificate from a source like Let’s Encrypt.
Let’s Encrypt SSL certificates are free and can be obtained through most web hosts. In fact, there are becoming the de facto standard with all web hosting accounts today.
This level of SSL certification is the easiest and fastest among all of them. For any other sites which are around, there are many more things to consider.
For example, if you run an eCommerce site or any other site which processes payments, you will most likely be looking at an SSL certificate that is either Organization Validated (OV) or Extended Validated (EV).
OV certificates require the issuing organization to validate who owns a domain and must include additional details such as names, city and country. The time taken to validate these details means that it is likely an OV certificate will take a few days to obtain.
EV certificates require even more detail such as the inclusion of some legal details. This is the highest level of certification validation and offers users the most reassurance of security. Getting an EV certificate will take up to a few weeks and involves a significant cost.
*Caution: Switching to HTTPS does not make your website more secure – it is meant to give reassurance to your users (which as I mentioned, has its other benefits). You will still need to pay attention to other security factors separately including SSL/TLS vulnerabilities, hacking, software bugs and vulnerabilities and the whole host of other issues that stem from owning a website.
Should You Worry About Moving to HTTPS?
For those of you who have been running a WordPress site for some time and are happy with how things are going, I am sure that you may have concerns about moving to HTTPS. Will your search engine rankings be affected? What happens to canonical tags? Will there be issues when redirects occur?
Yes, all of these are concerns but to put things bluntly, it is a long-term goal that you are aiming for in the move towards HTTPS. I’ve spelled out the reasons why search engines like Google are doing this, so focus on this fact: if you don’t make the swap, in the long run all of your concerns will actually come true.
By that time, you will be far behind the game, since so many have already switched to HTTPS in the interim.
Here are some of the things you can do to mitigate potential problems when moving to HTTPS;
- Update canonical tags to the HTTPS version
- Make sure to check and update internal links
- Implement 301 redirects
- Update your robots.txt file
- Update sitemaps
- If necessary, update your analytics tracking code
It is also important to note that switching to HTTPS can have a slight impact on your site performance. Speed does affect your rankings as well, so make sure that you choose a good WordPress host so that any impact on performance will be minimal.
By now you are probably clear that making the move to HTTPS isn’t really an option, but a requirement if you intend to stay in the web business. Even sites like blogs are not exempt – although most likely the cost implications differ from fully commercial sites.
Blogs and informational sites can benefit of making sure that their hosts offer free SSL which is the entry level option that they would most likely be using. The benefits of moving to HTTPS are clear and although there might be hiccups during transition, remember, you are playing the long game here.
According to a study carried out by SEMrush, between 2014 to 2017, the percentage of domains on their top 100,000 list that were found using HTTPS increased from 7.6% to 31.5%. Of course, the moves by industry type vary, but the signs are clear – everyone else is moving, will you get left behind?