Last month, Google sent a series of messages to Webmasters via Search Console to inform them that Chrome would soon be displaying a ‘not secure’ message on pages with data entry forms on pages without HTTPS.

Potential implications for your site

If you ask your website visitors to enter any form of data, for example contact details, on a page that is served on HTTP and not HTTPS, the user will see a ‘not secure’ message. This will naturally impact the perceived trustworthiness of your website.

Conversion rate is likely to be affected, as users are prevented from taking action on your site due to concerns over the security of their data. Even pages with basic input fields (e.g. a search box) will display the ‘not secure’ warning, and are likely to see lower engagement and greater exit rates as a result.

What do I need to do?

Google Chrome is an extremely popular browser. It is responsible for approximately 64% of traffic in the UK.

Therefore to avoid seeing revenue and/or conversions fall, we advise anyone affected to switch to https. It’s a straightforward process and the cost is relatively low at around £150 for an SSL certificate depending on who hosts your site. However, if implemented incorrectly it can have negative SEO implications.

See our checklist below for how to migrate to https.

SEO benefit of switching to https

Google have confirmed there is a small ranking boost for pages on https, although they describe it as ‘very lightweight’.

The issue for SEO is more around user signals – if a user clicks your listing but quickly returns to search to click a different result, this is a good indication to Google that your page was not a suitable or satisfactory result for that query. This is often referred to as dwell time or long vs. short clicks (not to be confused with bounce rate, which Google insists is not used as a ranking factor).

The non-secure warning will be a big factor in many a searcher’s decision to quickly leave your site, resulting in increased bounce rates and poor performance relating to these user signals. Rankings are likely to drop as a result.

SEO implications of incorrect implementation

Without the correct implementation, there is a danger of sending conflicting signals which will cause rankings to drop.

For example, if your canonical tag still points to the http version rather than the new https version, Google will treat the two as separate pages which can cannibalise each other. We’ve seen impressive improvements in visibility from correcting this type of cannibalisation and would expect equally significant drops if the issues were to suddenly appear en masse across a website.

Checklist for a successful https migration…

Prelaunch / Development

 – Implement / test the migration in a staging environment first!

 – Install a good quality SSL certificate on the server – these can be purchased from companies such as Comodo, Verisign, Thawte etc. DO NOT use a self signed certificate as that will not be trusted.

 – Add an htaccess redirect to ensure that your site always serves the HTTPS page not the HTTP

 – Contact affiliates and any relevant 3rd parties to request updates to links

 – Ensure any CDN in use is set to serve the https version of the site and handle SSL

 – Benchmark site speed, to be compared to the https site on launch

 – Ensure that all existing HTTP links on your site are changed to use the HTTPS protocol – don’t forget the links that people create in content, they are often missed

 – Set up rank tracking for both domains to monitor fluctuations during migration

 – Switch tracking & ad scripts to https to avoid them being blocked by browsers

 – Complete and export a crawl of all URLs to be compared against a subsequent crawl of the new https site

 

Testing

 – Ensure Canonical links are set to HTTPS

 – Make sure rel prev/next links use HTTPS

 – Check .htaccess file redirects that are currently used – make sure there are no redirect loops

 – Make sure the XML sitemap references HTTPS URLs

 – Check that robots.txt file references the https XML Sitemap(s)

 – Check that the site does not link to mixed content (e.g. pulling in a Google font using HTTP)

 – Ensure that all existing HTTP links on your site are changed to use the HTTPS protocol – don’t forget the links that people create in content, they are often missed

 – Test server side/front-end caching

 – Check configuration and compatibility of all plugins (e.g. on WordPress sites)

 – Identify broken links on the current site with a crawling tool & fix on new https site

 – Internal links – we’ve mentioned links in content but there’s also images, js etc.

 

Post Launch 

 – When migrating to HTTPS you should remember to register the HTTPS version within Google Search Console

 – Annotate Google Analytics to signpost dates of key actions

 – Ensure Analytics configuration is set up to monitor the https domain

 – When migrating to HTTPS you should remember to register the HTTPS version within Google Search Console

 – Ensure any URL parameter handling in Search Console is also set up on the new https profile

 – Ensure any geotargeting in Search Console is also set up on the new https profile

 – Replicate any existing link disavow files & submit to the newly created https profile

 

If you need any help or advice on migrating your site to HTTPS please give us a call on 01204 897264 or drop us a message via our contact form.

Comments are closed.