how to become an SEO expert

SEO basics: What is HTTPS?

SEO basics: What is HTTPS?

October 17th, 2017 – 52 Comments

HTTPS secures the connection to the website you are visiting. I’m sure you have seen this in action; look at the address bar in the browser and find the lock icon on the left-hand side. Is the lock closed? Then the connection is secure. Is it open or is there another type of icon or message? Then it’s not secure and vulnerable to attack. Using a site over a non-secure connection means hackers/criminals could intercept the data you send to the site, like your password and email address. Here, I’ll explain what HTTPS is and why it plays a role in SEO.

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO: the #1 WordPress SEO plugin Info

HTTP vs HTTPS

When you type in a URL in the search bar, your browser asks the site for its IP address – for instance 123.456.7.89. This number is the actual address that a site gets online. The browser connects to this number in the hopes this is the correct site. This is all done in plain sight and there is no encryption to be seen, so everyone can intercept this traffic. So when you want to log in to a site that you connect to via an HTTP connection, the data you enter – username and password – is sent in plain text. Trust me, that’s really bad. Think about what would happen if you’d connect to your bank this way.

HTTPS secures this process. HTTPS encrypts the connection between the browser and the site, therefore making sure that no one can intercept the data sent between those two. Every site that wants to secure itself needs a so-called SSL certificate.  The browser checks the certificate of the site and verifies its legitimacy with the company that issued it. If you want to see who issued the certificate, please click on the lock icon. By using HTTPS, sites not only secure your login procedure and personal data but also what you do on a site and which sites you visit.

Besides securing the web, HTTPS is necessary for sites that want to upgrade to a new, safer and much faster internet protocol called HTTP/2. HTTP/2 includes different new technologies that make sites a lot faster to load.

yoast ssl certificate

Value of HTTPS for the user

Everyone has the right to privacy on the web. We are doing so many mission-critical things on the web these days that we can use any kind of security we can get. An ever-increasing number of websites is making the move to HTTPS. In the screenshot below, you can see that at the moment, 61% of the sites that Firefox loads are being sent over HTTPS (stats by Let’s Encrypt). HTTPS is a must for any type of site, even if you own the bakery around the corner and don’t send or request sensitive data via your website.

lets encrypt https usage

Value of HTTPS for SEO

In 2014, Google announced that HTTPS would become a ranking signal. Today, your rankings will hardly change when you activate HTTPS. But it’s not just about rankings as much as it is about user experience and gaining trust with your future customers. It’s inevitable that we are moving to an all-HTTPS web. It is, therefore, incredibly important that your site makes the switch to HTTPS in the coming year.

Several browsers now show ‘not secure’ messages when your site doesn’t have an HTTPS connection or when you try to send data via HTTP on your HTTPS site. Don’t forget, it’s easy to scare off visitors! Wouldn’t you switch over to the site of a competitor when you’d see something like the ‘not secure’ message in the screenshot below?

https not secure message

Make the switch to HTTPS

A few years ago, switching to HTTPS was a major undertaking. Some big sites waited years to do it because it came with several challenges, like speed issues and the cost/benefit issue. These days, while still not easy, it’s manageable. If you’re planning to make the switch to HTTPS, be sure to make a checklist so you don’t forget anything during the process.

Joost shared some advice in a recent Ask Yoast video on moving to HTTPS:

Forcing HTTPS is something that you need to test really well. There are all sorts of things in your site that probably aren’t HTTPS ready that you should know of upfront. I know it was a lot of hard work to get yoast.com to HTTPS and we don’t even have ads. Especially ad services can be really tough to get working on HTTPS.

The Let’s Encrypt project issues free certificates to anyone wanting to secure their site. Several web hosts even offer free Let’s Encrypt services that make the installation of a certificate as easy as pie. That is, however, only one piece of the puzzle. On Google’s Secure your site with HTTPS site you can find more information on best practices. We’ve written a guide on moving your site from HTTP to HTTPS. If this stuff scares you it is best to hire an expert!

Read more: ‘Moving your website to HTTPS: tips & tricks’ »


52 Responses to SEO basics: What is HTTPS?

  1. Atul Host
    By Atul Host on 27 October, 2017

    In my personal opinion encryption is the demand of future, because things are not safe these days. Sites with SSL is way better than traditional ones as no one can modify anything between server and user, even spammy extensions (adware) not able to trick it.

  2. mizikisa
    By mizikisa on 24 October, 2017

    After I moved to https for my wordpress blog, i started to see a decrease in search traffic and ranking, little did i know that i had to index the https version of my site in my webmasters search console. after i did that i took some time before i started seeing positive changes in rankings.
    this is a kinda advice if you are moving to https, submit asap! after moving

  3. John Mulindi
    By John Mulindi on 22 October, 2017

    Indeed having a secure site is paramount in this era of hacking. This post provides the important information on why we need to have a secured website.

    • Edwin Toonen
      By Edwin Toonen on 23 October, 2017

      Yep, security and privacy are paramount!

  4. Michael Nees
    By Michael Nees on 22 October, 2017

    Great read. Got a question: do you need to update anything inside your Google Analytics setting when moving onto the https URL?

  5. ProHindiBlog
    By ProHindiBlog on 20 October, 2017

    After reading your post we can add ssl certificate in our blog. and thanks for sharing with us

  6. Hazim Alaeddin
    By Hazim Alaeddin on 19 October, 2017

    Hi Edwin,

    Installing an SSL certificate can be a drag if you are not technical. However, there are WP plugins out there that make it easy. As for installation, my hosting company made it really easy for me also. Having https is just better for everyone. Thank you for the post!

    Cheers,
    Hazim

    • Edwin Toonen
      By Edwin Toonen on 23 October, 2017

      Hi Hazim. Yeah, those plugins can save a lot of time. Thanks for the tip!

  7. T I Antor
    By T I Antor on 19 October, 2017

    Hey, Edwin,
    Great stuff!! You have shared an awesome post and indeed, this a very useful post who are dont aware of HTTPS. Also, i learn new things about HTTPS form your post. I will refer your post to my friends, so they even can understand what is it. BTW, thanks for sharing a great useful post.

  8. Noble Ozogbuda
    By Noble Ozogbuda on 19 October, 2017

    Nice Article here, though i have moved to HTTPS Early this Year, But since then i have not recovered my traffics, i lost a big amount of traffic since then, which made me to lose my revenue or income in my website.

    HTTPS Is very Good to Use, it gives trust to your visitors and Search Engine.

  9. Chris Bryant
    By Chris Bryant on 18 October, 2017

    Great article Edwin! Your advice to make a checklist is spot on. There are many assets that won’t be secure on a site after switching. I find using the Security tab in Chrome’s Inspector is a great way to quickly find the non-secure assets on a page.

    For what it’s worth. I’ve been systematically switching my client sites over to SSL for the last year or so. Thought I cannot say how much weight SSL certification carries. In every instance, I’ve seen a small increase in rankings within a couple of weeks following the switch. (I host all my clients on WPEngine and am using their free Let’s Encrypt SSL Certificate.)

    • Edwin Toonen
      By Edwin Toonen on 23 October, 2017

      Thanks, Chris!

  10. Muhammad
    By Muhammad on 18 October, 2017

    best man tnx for sharing

  11. suresh
    By suresh on 18 October, 2017

    good posts who wants take knowledge about SEO,thanking you

  12. ictinformatiecentrum
    By ictinformatiecentrum on 18 October, 2017

    Great and informative article. Just moved to HTTPS and it can be tricky. If you do not understand all the technical stuff or do not want to do it all by yourself, ask your Hosting provider for help. They often have webmasters to help you out or can do it alll for you.

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      Thanks for the compliments. And you are right, a good hosting company can assist you in the move to HTTPS.

  13. alat pemadam api
    By alat pemadam api on 18 October, 2017

    What do you think if the website does not use SSL can get page preview 1 google, this is my lesson

  14. Minecraft Crafting Guide
    By Minecraft Crafting Guide on 18 October, 2017

    I’m using HTTPS free on my hosting, is that good for my website or not?

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      Yes, barring a correct implementation of course.

  15. Jonathan
    By Jonathan on 18 October, 2017

    Always enjoy reading articles by Yoast. We implemented HTTPS for all of our hosting clients as well as HTTP/2. I’ve been monitoring the analytics and have seen an increase in traffic and serps.

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      That’s what I’m talking about, Jonathan! Great work.

  16. KALYAN KUMAR SINHA, NAGPUR
    By KALYAN KUMAR SINHA, NAGPUR on 18 October, 2017

    These informations are really very helpful. I don’t know even the full form of HTTP & HTTPS. A layman like me, can perform seo himself, by only correspondent course is seems doubtful.
    I don’t know English very well. It is a big problem. I will love to read your free booklet first. Then only I will decide to get formal training. I think it would help.
    Thanking you
    Kks.

  17. Iyanu Victor
    By Iyanu Victor on 18 October, 2017

    Hello Paul, what do you think about Cloudflare’s free SSL certificate compatible with 90% of browsers? Is it really safe to use? There was a drop in traffic after moving to https using Cloudflare Free SSL. Does the extra security layer serve as a threat to search engines crawlers?

  18. backlink chat luong
    By backlink chat luong on 18 October, 2017

    at first when I set up http, my keywords were on top google
    but when I switched to https, my keywords went down
    I dont know the reason why
    can someone help me explain this?

    • Jonathan
      By Jonathan on 18 October, 2017

      Did you add the https:// part of the website to your Google Search Console and update your Analytics property from http:// to https:// ?

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      Did you switch recently? You might experience some small shakeup, but it shouldn’t take too long before everything returns to normal.

  19. Matt
    By Matt on 18 October, 2017

    I’ve heard Google announced that if you aren’t HTTPS as of this month, Oct 2017, then you will even lose rankings and it will be made very clear to visitors that the site is not secure, basically discouraging them from continuing. Is this true?

    • Edwin Toonen
      By Edwin Toonen on 23 October, 2017

      Hi Matt. Well, it’s true that Chrome will start showing messages that some parts of your site are not secure. However, Google will not demote your site if you don’t have HTTPS. But, look at it this way: what if your site doesn’t have HTTPS and your competitor does have HTTPS on his/her site? Who do you think Google and potential customers would pick?

  20. Kristie Turck
    By Kristie Turck on 17 October, 2017

    One problem I am experiencing is moving things like social share likes to https. Facebook reads it as a new URL, so the amount of likes you have accumulated over the years disappear when you switch.

  21. Bryan Bloom
    By Bryan Bloom on 17 October, 2017

    Great article, very easy to understand and also continues to advocate for all sites to be secure.

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      Thanks, Bryan!

  22. Andrew Smith
    By Andrew Smith on 17 October, 2017

    I’m confused, you said https is a “must” for sites that don’t send or receive sensitive data…but you don’t give any reasons why. Are there any reasons besides the possibility of a site appearing in a browser as “not secure”?

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      Hi Andrew. We are moving to an all-HTTPS web and that’s a very good thing. Not only gives HTTPS us as consumers on the web the security we desperately need, but it also makes it possible for several new technologies to come into play. HTTP/2, for instance, needs HTTPS to function. HTTP/2 is a next-level internet protocol that will dramatically speed up the web, amongst many other things. Troy Hunt proves that point in this great post: https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/

  23. Abdul Muneeb
    By Abdul Muneeb on 17 October, 2017

    I’m considering to move my blog from http to https, Did you recommend any SSL certificate provider?

    • Jack Harvatt
      By Jack Harvatt on 18 October, 2017

      Comodo PositiveSSL (just 9$/year)

      • Edwin Toonen
        By Edwin Toonen on 18 October, 2017

        Let’s Encrypt offers free SSL certificates: https://letsencrypt.org

        • Abdul Muneeb
          By Abdul Muneeb on 18 October, 2017

          Thanks for the recommendations :)

  24. Paul McGlade
    By Paul McGlade on 17 October, 2017

    Im really considering the move but when I started to look into it more I’m really not sure its worth trying (just yet). Do you think it will become easier to switch in the future?

    • Edwin Toonen
      By Edwin Toonen on 18 October, 2017

      Well, maybe. Some providers now let you install Let’s Encrypt certificates with one click, but you’d still have to take care of the rest. A project like this you should really prepare well. Always monitor everything during and after the move.

  25. Pius Tolani
    By Pius Tolani on 17 October, 2017

    Nice one, I have to https as well

  26. Alan
    By Alan on 17 October, 2017

    Interesting information, thanks. Quick question, as everyone wants to sell a SSL certificate because of the changes by Google, which is better, to buy a certificate through the domain name provider, buy from the web hosting agent, or buy from the cdn provider e.g. cloudflare. does it matter? and would you recommend buying one that covers any future sub domains and even domain addresses e.g .biz, .yoast, .com. that you might require in the future. Thanks in anticipation of your reply

    • Edwin Toonen
      By Edwin Toonen on 23 October, 2017

      Great question, Alan. It all depends on what you want to achieve with your business, what level your certificate needs to be, how much you want to pay for it and what kind of service you need. We use Let’s Encrypt certificates: they are free and give us enough value and security to use. We take care of the implementation ourselves.

      There are, however, instances where a Let’s Encrypt certificate might not be enough. If you own a bank, for instance, a Digicert issued certificate with support will give much more peace of mind then a free certificate. Nobody can make these choices but you.

      Here’s Google’s advice on choosing your site certificate: “Keep in mind the following:

      – Get your certificate from a reliable CA that offers technical support.
      – Decide the kind of certificate you need:
      – – – Single certificate for single secure origin (e.g. http://www.example.com).
      – – – Multi-domain certificate for multiple well-known secure origins (e.g. http://www.example.com, cdn.example.com, example.co.uk).
      – – – Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com).”

      https://support.google.com/webmasters/answer/6073543?hl=en

  27. paul
    By paul on 17 October, 2017

    We converted to https and followed all guidelines from google and others, The result 8 weeks in seems to be a 30% drop in traffic and revenue. Kind of wishing we hadn’t bothered. Hopefully a temporary state?!

    • Vince Arnone
      By Vince Arnone on 17 October, 2017

      Paul, I’ve done several HTTP to HTTPS transitions with no issues and no traffic drop at all. I’d highly suggest digging way into your migration and make sure there are no problems you missed. Key points to check would be redirects, tracking errors, proper analytics/google search console configuration. Something is really wrong if you’ve dropped that much.

      • Edwin Toonen
        By Edwin Toonen on 18 October, 2017

        Hi Paul. I’d listen to what Vince suggests. If you followed the guidelines during the migration there should not be such a drop in traffic.

  28. Stuart Masson
    By Stuart Masson on 17 October, 2017

    Hi Edwin,

    We switched our site to HTTPS about 18 months ago and switched it back to HTTP in less than three weeks because it absolutely killed our ad revenue. Other sites at the time were also reporting similar problems after going HTTPS.

    On digging into the issue (and assuming it was our own setup errors that had caused the problem), we were told by both Google AdSense and Yahoo Bing Media.net representatives that their systems didn’t support HTTPS. This came as something of a shock, especially another department of Google was loudly telling sites to go HTTPS at the same time. So we untangled everything to go back to regular HTTP.

    I’d like to commit to HTTPS, mainly for site performance as we don’t collect sensitive data, but we can’t afford to drop 90% of our revenue again.

    Do you know if this has been resolved yet?

    • Edwin Toonen
      By Edwin Toonen on 17 October, 2017

      Hi Stuart. I can understand your problems. As Joost’s quote in the article said, there are often external factors on sites that make a full, clean move to HTTPS very hard. Most often? Ad networks. When I checked Google’s AdSense documentation, however, I found that they should be able to serve ads over HTTPS as per this page: https://support.google.com/adsense/answer/10528?hl=en. Is that what you were looking for?

      • Stuart Masson
        By Stuart Masson on 18 October, 2017

        Many thanks Edwin, that’s very helpful. Looks like Google has caught up with itself, so we’ll have another go shortly!

        • Edwin Toonen
          By Edwin Toonen on 18 October, 2017

          Great, good luck!

  29. susan
    By susan on 17 October, 2017

    It isn’t impossible anymore. Security outlets announced yesterday (10-16-17) that a major vulnerability has been found in the WPA2 protocol which is used on all Wi-Fi networks which allows attackers to decrypt WPA2 connections.

    • Edwin Toonen
      By Edwin Toonen on 17 October, 2017

      Hi Susan. On the contrary: yesterday’s news makes it even more apparent that we should move to an all-HTTPS web. In addition, the discovery of a vulnerability in WPA2 only break the security of wifi networks and not that of HTTPS websites.


Check out our must read articles about SEO basics