Is It a Bad Thing If You Don't Change Your Clients To HTTPS?

[Dustybones]

Here is a brief post by Barry Schwartz over at Search Engine Roundtable in regards to a statement Gary Illyes made on twitter.

Google: It's Wrong & Bad To Tell Your Clients Not To Go HTTPS

Gary Illyes from Google said on Twitter this morning that any SEO "recommending against going HTTPS" is doing the wrong thing and not only are they technically wrong, they also "should feel bad," he said.

Make sure you check out the rest of the post.


What do you think???
Well, Do you agree?

<meta property="og:type" content="article"><meta property="og:title" content=""><meta property="og:description" content="">
<meta property="og:image" content="">

 

[Linda Buquet]

Wow!

"they also "should feel bad," he said."

Google is usually so middle of the road and politically correct in their comments.
So that surprised me.

Thanks for sharing Justin!

 

[Eric Rohrback]

Why would an informational site need to pay the extra fees and go HTTPS? It's not like you add a plugin and then bam! HTTPS enabled; there's actually a lot you need to do to make sure the transition is smooth and works. A SSL certificate for your site could cost an extra $60/year, so while that's not a whole lot in the grand scheme of things it is an added headache. If you have multiple subdomains then you could see $250+/year - https://www.godaddy.com/ssl/ssl-certificates.aspx

After that you'll need to make sure everything is transferred over from the non-secure site correctly, set up WMT for the SSL site, create redirects, etc.

If the website is selling something or holds private information, then I can see the logic behind the move - it would make a lot of sense to go HTTPS. If the website is just a blog, is it really needed to have the site secure? I wonder if we're going to see a penalty in the future for not having a secure site.

 

[Tim Colling]

I haven't built any HTTPS sites yet nor converted any to HTTPS.

I have "heard" that https is inherently slower and that therefore it creates an increase in page load time. Ugh. Is that actually correct?

 

[Conor Treacy]

We moved our SEO site to HTTPS last year and we've actually seen benefit from it. Not so much in the rankings, but since we spent the extra money for an EV SSL, we get the Green Bar at the top of the page. This automatically gave us a little extra level of trust from the client end, and they've commented to us on it.

When I ran a web hosting company, we had the HTTPS and EV SSL for many years, and it was something many clients had mentioned about trust and security. Anyone running an eCommerce site will do everything possible to display the extra level of trust.

The big problem has always been that even though the site is secure, a contact form that sends to Email instantly kills the "security" level of things. Of course if you're processing cards, you should be secure and porting the user directly through the gateway and not storing anything (a violation of PCI Compliance).

I personally feel that the HTTPS shift has a long way to go, and you guys are right - it does cost more money, depending on the hosting company. If the hosting company allows a UCC certificate, you can have multiple domains tied to one certificate. Some hosting companies offer SSL Certs for free to users as it's installed on their main server level. But there are certificates out there for $9/year, and some even provided for free if you show their logos etc.

IP numbers can cost more money, so there is that extra cost. But again, depending on the host and their configuration, you can have multiple SSL certificates installed on a single IP, thus reducing cost overall.

As for speed, this has been debated over the years, and the issue comes down to cache and the use of cache-control via the headers. Depending on your setup, many browsers (and hosts) set the default cache limit at 10 minutes. If you haven't been to the site in the past 10 minutes, then you must re-download the images etc - thus adding speed. However, you can control this using cache-control and extend that timelimit to your hearts content.

Similar to others, I don't believe that an informational site needs HTTPS, but if that's what's being suggested, then that's what we do. The only offset on all this is that the cost of entry to an online business is relatively small compared to a brick and mortar store.

 

[BrendanT]

A cheap fix is to use cloudflare and their inbuilt SSL - its not true https, traffic is only secure for party of the journey but Google currently sees it as SSL.

We changed 3 sites including our own to SSL as a test and it made zero different until about 3ish months ago where all three suddenly jumped a few spots so I think there is that tiny bit of boost.

Like others in the thread have said it does add an additional trust factor for some people, especially tech savvy folks so worth doing if its a commercial site.

One thing that many people don't take into account is that SSL bypasses a lot of filtering and firewall devices. I've spent a lot of time in the last few years in countries that have country level filtering in place - eg Singapore and Thailand and SSL powered sites will have slightly less impact that unsecured sites so potentially something to think about if the client is doing business abroad.

The way I look at it - we're in the business of best practices and 1% improvements. SSL is one of those 1% improvement things that makes sense for some of our clients...albeit not all