Will the SSL Deadline by Google in October Really Be A Factor in Rankings?

[SmartAttractor]

I read that it's only going to be on Chrome only with a warning sign that the site is "untrusted" which may deter visitors to sites.

I just had 50 new citations for a client and those will have to be corrected with the new url.

Is it worth it? I'm wondering if it will really affect the rankings like google says.

Your thoughts?

 

[JoyHawkins]

You don't need to update citations when you switch over. Google can understand the 301 redirect and pass along the page rank. I only suggest updating a couple of the main sites like GMB or Yelp.

Sent from my XT1563 using Tapatalk

 

[SmartAttractor]

Joy, do I need to add the 301 redirects myself or does google do it automatically?

 

[Eric Marshall]

The announcement you're referring to is not a "deadline" and is not directly related to search rankings. This is related to Chrome (the browser), not to Google's search results (the warnings will be displayed in the browser, not the search results).

Firefox also warns users for certain non-https issues and other browsers will most likely follow suit. The warnings in Chrome and Firefox will continue to increase in prominence and for additional non-https scenarios.

Google has been using HTTPS as some sort of potential ranking signal for 3 years now, so again the recent announcement adds nothing new to that aspect.

You could certainly make the case that using HTTPS can indirectly affect search rankings...e.g. if a site isn't using HTTPS, and browser warnings cause a user to leave the site or engage less, this could potentially impact rankings negatively.

At any rate, don't upgrade to HTTPS for SEO, upgrade to HTTPS because it's now a best practice in almost all scenarios and is better for your users.

 

[SmartAttractor]

Thank you Eric. If I do tell my clients to make the change, do I need to apply 301 redirects to all the pages of their websites for the new url?

 

[LJ Ferguson]

Yes, 301 redirects will need to be implemented as well as canonicals. Google prefers server side redirects.

Note that all resources including scripts, images, etc. should also be served via HTTPS or you will get "mixed content".

 

[SmartAttractor]

Thank you!

 

[James Watt]

Marie Haynes wrote a great article about this a bit ago. It's a pretty thorough overview of all the technical issues that can come up with migrating, and a little explanation of the big picture going on that warrants the switch. You can absolutely mess up the migration. If you're asking about 301 redirects, you should probably bone up on some of the technical background before trying to make the switch for a client.

 

[LJ Ferguson]

James, spot on. I've done a few migrations both small and large. It's never as straightforward as it seems. I'd think about working with a technical SEO type (ahem) for these types of situations. A site audit both before and after is essential to make sure nothing falls through the cracks.

As Eric said, it's not certain if/how Google uses HTTPS as a ranking signal so if you're considering migrating your site to HTTPS for SEO purposes only, you might want to reconsider. Not all non-secure pages will have the warning by October 2017; but Google has said they will eventually show the warning for all pages. However, the warning *will* be displayed for pages with an input field (passwords, search, etc.) so if that applies to your site you'd want to consider doing it sooner than later as that will certainly create a trust issue for your users.

-Linda

 

[djbaxter]

Later versions of cPanel can do the redirects for you automatically at the server level.

1. In cPanel, go to Redirects.

2. Complete the appropriate fields under Add Redirect.

Type: Permanent (301)
https?://(www.)?: select domain or subdomain via dropdown
/: enter $
Wild card redirect: checked

Click on Add

You should then see something like this under Current Redirects near the bottom of the page:

Domain	Directory	Redirect Url	Type
example<wbr>.com	/$	https://www<wbr>.example<wbr>.com/$	permanent

<tbody>

</tbody>

This will automatically add all the required rules and rerwrites to your .htaccess file.

 

[LJ Ferguson]

^^^ Good stuff! Just make sure all resources are also served securely. Several browsers give mixed content warnings when they contain non-secure active content such as scripts, etc. and it also poses a security risk for your users.

 

[djbaxter]

See also:

https://ca.godaddy.com/help/redirect-http-to-https-automatically-8828

How do I Force my Website to use SSL? | Web Hosting Hub

http://www.wpbeginner.com/wp-tutorials/how-to-add-ssl-and-https-in-wordpress/

To check for insecure content:

https://sslchecker.godaddy.com/

https://www.whynopadlock.com/check.php

https://www.jitbit.com/sslcheck/

 

[camarchi01]

You don't need to update citations when you switch over. Google can understand the 301 redirect and pass along the page rank. I only suggest updating a couple of the main sites like GMB or Yelp.

Sent from my XT1563 using Tapatalk

Joy,
I read this article a while back.
When going HTTPS, don't forget about local citations!

Do you still disagree on the 301 redirects portion?

 

[JoyHawkins]

Yes.

Andrew actually wrote a response to that article after it published: More on HTTPS & Local Citations & 301 Redirects - Local SEO Guide

You can see in the comments, he pretty much said what I mentioned initially which would be just to update GMB and not worry about the rest. If I'm going to spend hours on a task for a client, I want it to actually make a big impact and this isn't one of those cases where it would.

 

[Eric Rohrback]

As long as you're comfortable querying the phpMyAdmin database to update all the internal links (turning everything from http to https), and adjusting the site options, then the migration to https isn't all that bad. Like David mentioned, the 301 redirect will be a wildcard redirect in the .htaccess file.

If you're still getting an insecure content warning, then use Chrome Dev Tools to diagnose where it's coming from.

Depending on your hosting company, it could be an easy transition (and a free SSL from Let's Encrypt).

 

[JoshuaMackens]

The reason to move over to SSL before October is so that when customers go to your client's contact page to call or inquire about a service it doesn't show them that the website is not trusted. Which would make them think the business isn't trustworthy and cause the business to lose a sale.

And yes, it will help SEO too also potentially conversions. SSL is just great to have these days for a whole host of reasons. Http is a thing of the past, this change is just ushering it further in.

I've done a lot of SSL migrations (for local businesses, smaller sites) and it isn't too daunting.

The redirect is simple. I just do it in the .htaccess folder. Here's the code I use:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

It will redirect all pages to https. Just make sure you site URL structure remains the same for all pages. I don't know why you would change the site URL structure during an https migration anyway though.

The main issue you'll probably have is securing all the http elements on the website after the fact. Which just means changing the call from http to https in the code, like images, etc. If not all pages are secure it will still throw insecure warnings even if you've installed https.

If you're on WordPress securing http elements is pretty simple to handle. You'll just need to change the site in settings > general to the https version. That should take care of most of the issues.

Use whynodpadlock.com to figure out the rest.

Good luck!

 

[Tim Colling]

I agree with the advice to migrate to SSL.

I host all my client sites with WPEngine and they make it really, really easy to add Let's Encrypt to installs there.

I do this a wee bit differently. Rather than edit the .htaccess file, I use a plugin to do a series of search and replace operations to convert all appropriate http:// references over to https:// references.

The plugin I use is Better Search Replace Pro (https://bettersearchreplace.com/) and it works well for this purpose. I like the "Pro" version because it provides more information before you commit to the changes and it's very affordable.

The online testing tools I use to assess the result of the work include these:

• https://www.jitbit.com/sslcheck/
• https://www.ssllabs.com/ssltest/index.html
• https://www.whynopadlock.com/

I realize that I may be "doing it the hard way" but I find comfort in knowing that I've really changed everything that needed to be, and, in my niche, the sites are small enough that it's really no bother to do things this way.

Can anyone point out something I might be doing wrong, based on the above description?

Thanks!

 

[Eric Rohrback]

Tim,

You should do both - the find and replace and Htaccess edit. The Htaccess file mod makes sure you're forcing HTTPS for anyone coming from a web browser, while the find and replace updates existing hardcoded links on the site. You really need both to make sure you cover all bases. I do a mysql query in the database to update all links and wp_options settings, but still make sure you force all incoming users to HTTPS.

People may be typing in the http version or have it cached in their browser, so having the redirect rule Joshua mentioned is necessary in addition to updating existing links on the site.

 

[Tim Colling]

Hey Eric, thanks. I forgot that changing the .htaccess file is indeed part of the automagical process that WPEngine carries out for me when I set up SSL on a new site with them for a client.