Brad Keys

HTTP vs HTTPS: How Security Affects Your SEO

Good security is something we can all take for granted when browsing the web.

Trusted third parties and good encryption isn't something the average person thinks about during a Google search, but these factors have become significant in pushing the standards for online interaction, including SEO.

Back in 2014 at its annual I/O conference, Google Webmaster Pierre Far called for “HTTPS Everywhere,” stating that "all communications should be secure by default” and that search needed to move towards standardizing HTTPS and making every website more secure on both ends.

SEMrush Notes

Here we are in the early months of 2017, so what does this mean for your SEO now, and is making the switch to HTTPS worth it? To answer that, we'll have to take a quick look at why Google called for this movement.

The Basics: HTTP vs HTTPS

 HTTP (Hypertext Transfer Protocol) and HTTPS (Secure HyperText Transfer Protocol) are both basic structures that allow us to show and receiving information on the internet, usually through a simple web page. HTTPS was created to do the same tasks as HTTP with the addition that it provides an extra layer of security by using something called Secure Sockets Layer, or SSL, to transport secure data.

SSL is especially involved with things like online transactions, verifications, and authentications. Exchanging secure information like passwords or credit card numbers through HTTPS requires SSL to prevent hackers and others from obtaining access to it, unlike HTTP.

SEO Advantages of Switching to HTTPS

 Following Google’s recommendations to change to HTTP is easy, safe and smart decision for anyone, especially those with any e-commerce integration. Doing so will benefit the security of your site (and your customers), but there can also be additional SEO benefits to consider as well:

Better Rankings

While converting to HTTPS may not increase your ranking much directly at the moment, almost all experts recommend it as part of an overall SEO strategy.  Also, with how Google's search algorithms have evolved and their statements regarding a push for a more secure web, it is possible that we may see an increased impact of HTTPS on search over time.

Referral Data

Google Analytics becomes even more useful with HTTPS since unlike HTTP, the security data of the website that referred to you is saved--meaning that referral sources won't appear just as "direct traffic." For SEO alone, this gives HTTPS an edge.

Security and Privacy

Like any good security system, HTTPS helps both website operators and their users feel safe. The security helps you avoid monetary damages and data theft as well as damage to your site's authority or reputation.

The Process of Changing from HTTP to HTTPS

 Migrating your website from HTTP to HTTPS is a straightforward process.

  1. Purchase an SSL certificate
  2. Install your SSL certificate on your site’s hosting account,
  3. Double check all of your links. Any URL not updated from HTTP to HTTPS will break after the migration.
  4. Notify Google and other search engines of your website change by setting up 301 redirects from HTTP to HTTPS. This way, anyone who has bookmarked a page on your site is automatically redirected to the new HTTPS address after you finish the switch. Since the Search Console treats HTTP and HTTPS separately, if you have pages that use both, you will need to create a separate Search Console property for each one.

Conclusion:  Lock It Up

That should be enough for you to make the switch and secure your website. However, due to the complexity of SSL and a few other factors like various plugins, there may something you wish to look deeper into and change. You can find more answers here and at Google's official page for migrating from HTTP to HTTPS.

One thing is certain, it is far better to be proactive and stay in front of such changes when possible.

Have you seen SEMrush's newest HTTPs Site Audit report? Check out the news and let us know what you think below.

HTTPS Implementation with SEMrush

Is your website secure?

Please specify a valid domain, e.g., Please specify a valid domain, e.g.,
i agree brad is good thing have HTTPS is good pages rank better we have ranked some websites very fast whit clean work very nice this site. but Your site's security has little to do with the fact that the transport is encrypted.
[link removed by moderator]
i agree brad is good thing have HTTPS is good pages rank better we have ranked some websites very fast whit clean work
We just made the switch. Rank went down. Not for the faint of heart!
I made the switch to https however there were a lot of things that came up I wasn't prepared for. Suddenly all my Vimeo, YouTube and Audio Acrobat media wouldn't show up. Took me a while to notice and identify the problem. Then a good chunk of my images didn't show - they were hosted on my non-https site. Then to top it off none of my Facebook likes carried over. I'm stil not out of the woods yet as I went mobile soon after. So Seo wise I'm not receiving a benefit. Im glad to have it done tho.
Can you please share the .htaccess redirect code to redirect non https to https? Which keep link juice to new urls?
Your site's security has little to do with the fact that the transport is encrypted.
Anyone running ad campaigns? - it's Important to note that you should also configure your server to preserve URL query parameters else you will lose campaign tracking parameters and analytics / adwords conversion data breaks.
Brad you're a damn genius.
Hi Malachi, yes that is correct and good intel below. Mohammed, the migration is outlined as above. One thing to note is that as with any redirects it can take a little time for Google to crawl and configure which can result in a slight drop in rankings momentarily. This slight drop is typically always resolved within a couple of months. Generally better to do this sooner than later!
You don't necessarily have to pay for a certificate... if it's just a blog or website without any sensitive data (as in, user credentials and monetary information so to speak), you can also use a free certificate. If you have a (pretty) recent version of cpanel for example, you can use AutoSSL which may use a free comodo certificate or Let's Encrypt certificate. That way you don't need to go through a lot of hoops and $$ to make your site secure. If you don't use cpanel, you can probably find information on Let's Encrypt's site on how to do it yourself. As of the current version of cpanel, there is no way to do this for subdomains though, which is a pity.....
Add a comment