SEO basics What is HTTPS?

HTTPS secures the connection to the website you are visiting. I’m sure you have seen this in action; look at the address bar in the browser and find the lock icon on the left-hand side. Is the lock closed? Then the connection is secure. Is it open or is there another type of icon or message? Then it’s not secure and vulnerable to attack. Using a site over a non-secure connection means hackers/criminals could intercept the data you send to the site, like your password and email address. Here, I’ll explain what HTTPS is and why it plays a role in SEO.

New to SEO? Get quick wins to make your site rank higher with our FREE SEO for beginners course! »

Free SEO training: SEO for beginners Info

HTTP vs HTTPS

When you type in a URL in the search bar, your browser asks the site for its IP address – for instance 123.456.7.89. This number is the actual address that a site gets online. The browser connects to this number in the hopes this is the correct site. This is all done in plain sight and there is no encryption to be seen, so everyone can intercept this traffic. So when you want to log in to a site that you connect to via an HTTP connection, the data you enter – username and password – is sent in plain text. Trust me, that’s really bad. Think about what would happen if you’d connect to your bank this way.

HTTPS secures this process. HTTPS encrypts the connection between the browser and the site, therefore making sure that no one can intercept the data sent between those two. Every site that wants to secure itself needs a so-called SSL certificate.  The browser checks the certificate of the site and verifies its legitimacy with the company that issued it. If you want to see who issued the certificate, please click on the lock icon. By using HTTPS, sites not only secure your login procedure and personal data but also what you do on a site and which sites you visit.

Besides securing the web, HTTPS is necessary for sites that want to upgrade to a new, safer and much faster internet protocol called HTTP/2. HTTP/2 includes different new technologies that make sites a lot faster to load.

yoast ssl certificate

Value of HTTPS for the user

Everyone has the right to privacy on the web. We are doing so many mission-critical things on the web these days that we can use any kind of security we can get. An ever-increasing number of websites is making the move to HTTPS. In the screenshot below, you can see that at the moment, 61% of the sites that Firefox loads are being sent over HTTPS (stats by Let’s Encrypt). HTTPS is a must for any type of site, even if you own the bakery around the corner and don’t send or request sensitive data via your website.

lets encrypt https usage

Value of HTTPS for SEO

In 2014, Google announced that HTTPS would become a ranking signal. Today, your rankings will hardly change when you activate HTTPS. But it’s not just about rankings as much as it is about user experience and gaining trust with your future customers. It’s inevitable that we are moving to an all-HTTPS web. It is, therefore, incredibly important that your site makes the switch to HTTPS in the coming year.

Several browsers now show ‘not secure’ messages when your site doesn’t have an HTTPS connection or when you try to send data via HTTP on your HTTPS site. Don’t forget, it’s easy to scare off visitors! Wouldn’t you switch over to the site of a competitor when you’d see something like the ‘not secure’ message in the screenshot below?

Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

not secure message in chrome 68

Make the switch to HTTPS

A few years ago, switching to HTTPS was a major undertaking. Some big sites waited years to do it because it came with several challenges, like speed issues and the cost/benefit issue. These days, while still not easy, it’s manageable. If you’re planning to make the switch to HTTPS, be sure to make a checklist so you don’t forget anything during the process.

Joost shared some advice in a recent Ask Yoast video on moving to HTTPS:

Forcing HTTPS is something that you need to test really well. There are all sorts of things in your site that probably aren’t HTTPS ready that you should know of upfront. I know it was a lot of hard work to get yoast.com to HTTPS and we don’t even have ads. Especially ad services can be really tough to get working on HTTPS.

The Let’s Encrypt project — which Yoast proudly sponsors — issues free certificates to anyone wanting to secure their site. Several web hosts even offer free Let’s Encrypt services that make the installation of a certificate as easy as pie. That is, however, only one piece of the puzzle. On Google’s Secure your site with HTTPS site you can find more information on best practices. We’ve written a guide on moving your site from HTTP to HTTPS. If this stuff scares you it is best to hire an expert!

Read more: Moving your website to HTTPS: tips & tricks »

Category: SEO basics
Tag:

Edwin Toonen is an experienced writer, editor and content manager. In his work, he focuses on everything related to using, building and enhancing websites. Before joining Yoast, he spent eight years honing his skill at The Netherlands’ leading web design magazine. Read more about Edwin and find all of his posts »


52 Responses to What is HTTPS?

  1. Atul Host
    Atul Host  • 11 months ago

    In my personal opinion encryption is the demand of future, because things are not safe these days. Sites with SSL is way better than traditional ones as no one can modify anything between server and user, even spammy extensions (adware) not able to trick it.

  2. mizikisa
    mizikisa  • 11 months ago

    After I moved to https for my wordpress blog, i started to see a decrease in search traffic and ranking, little did i know that i had to index the https version of my site in my webmasters search console. after i did that i took some time before i started seeing positive changes in rankings.
    this is a kinda advice if you are moving to https, submit asap! after moving

  3. John Mulindi
    John Mulindi  • 11 months ago

    Indeed having a secure site is paramount in this era of hacking. This post provides the important information on why we need to have a secured website.

    • Edwin Toonen

      Yep, security and privacy are paramount!

  4. Michael Nees
    Michael Nees  • 11 months ago

    Great read. Got a question: do you need to update anything inside your Google Analytics setting when moving onto the https URL?

  5. ProHindiBlog
    ProHindiBlog  • 11 months ago

    After reading your post we can add ssl certificate in our blog. and thanks for sharing with us

  6. Hazim Alaeddin
    Hazim Alaeddin  • 11 months ago

    Hi Edwin,

    Installing an SSL certificate can be a drag if you are not technical. However, there are WP plugins out there that make it easy. As for installation, my hosting company made it really easy for me also. Having https is just better for everyone. Thank you for the post!

    Cheers,
    Hazim

    • Edwin Toonen

      Hi Hazim. Yeah, those plugins can save a lot of time. Thanks for the tip!

  7. T I Antor
    T I Antor  • 11 months ago

    Hey, Edwin,
    Great stuff!! You have shared an awesome post and indeed, this a very useful post who are dont aware of HTTPS. Also, i learn new things about HTTPS form your post. I will refer your post to my friends, so they even can understand what is it. BTW, thanks for sharing a great useful post.

  8. Noble Ozogbuda
    Noble Ozogbuda  • 11 months ago

    Nice Article here, though i have moved to HTTPS Early this Year, But since then i have not recovered my traffics, i lost a big amount of traffic since then, which made me to lose my revenue or income in my website.

    HTTPS Is very Good to Use, it gives trust to your visitors and Search Engine.

  9. Chris Bryant
    Chris Bryant  • 11 months ago

    Great article Edwin! Your advice to make a checklist is spot on. There are many assets that won’t be secure on a site after switching. I find using the Security tab in Chrome’s Inspector is a great way to quickly find the non-secure assets on a page.

    For what it’s worth. I’ve been systematically switching my client sites over to SSL for the last year or so. Thought I cannot say how much weight SSL certification carries. In every instance, I’ve seen a small increase in rankings within a couple of weeks following the switch. (I host all my clients on WPEngine and am using their free Let’s Encrypt SSL Certificate.)

    • Edwin Toonen

      Thanks, Chris!

  10. Muhammad
    Muhammad  • 11 months ago

    best man tnx for sharing

  11. suresh
    suresh  • 11 months ago

    good posts who wants take knowledge about SEO,thanking you

  12. ictinformatiecentrum
    ictinformatiecentrum  • 11 months ago

    Great and informative article. Just moved to HTTPS and it can be tricky. If you do not understand all the technical stuff or do not want to do it all by yourself, ask your Hosting provider for help. They often have webmasters to help you out or can do it alll for you.

    • Edwin Toonen

      Thanks for the compliments. And you are right, a good hosting company can assist you in the move to HTTPS.

  13. alat pemadam api
    alat pemadam api  • 11 months ago

    What do you think if the website does not use SSL can get page preview 1 google, this is my lesson

  14. Minecraft Crafting Guide
    Minecraft Crafting Guide  • 11 months ago

    I’m using HTTPS free on my hosting, is that good for my website or not?

    • Edwin Toonen

      Yes, barring a correct implementation of course.

  15. Jonathan
    Jonathan  • 11 months ago

    Always enjoy reading articles by Yoast. We implemented HTTPS for all of our hosting clients as well as HTTP/2. I’ve been monitoring the analytics and have seen an increase in traffic and serps.

    • Edwin Toonen

      That’s what I’m talking about, Jonathan! Great work.

  16. KALYAN KUMAR SINHA, NAGPUR
    KALYAN KUMAR SINHA, NAGPUR  • 11 months ago

    These informations are really very helpful. I don’t know even the full form of HTTP & HTTPS. A layman like me, can perform seo himself, by only correspondent course is seems doubtful.
    I don’t know English very well. It is a big problem. I will love to read your free booklet first. Then only I will decide to get formal training. I think it would help.
    Thanking you
    Kks.

  17. Iyanu Victor
    Iyanu Victor  • 11 months ago

    Hello Paul, what do you think about Cloudflare’s free SSL certificate compatible with 90% of browsers? Is it really safe to use? There was a drop in traffic after moving to https using Cloudflare Free SSL. Does the extra security layer serve as a threat to search engines crawlers?

  18. backlink chat luong
    backlink chat luong  • 11 months ago

    at first when I set up http, my keywords were on top google
    but when I switched to https, my keywords went down
    I dont know the reason why
    can someone help me explain this?

    • Jonathan
      Jonathan  • 11 months ago

      Did you add the https:// part of the website to your Google Search Console and update your Analytics property from http:// to https:// ?

    • Edwin Toonen

      Did you switch recently? You might experience some small shakeup, but it shouldn’t take too long before everything returns to normal.

  19. Matt
    Matt  • 11 months ago

    I’ve heard Google announced that if you aren’t HTTPS as of this month, Oct 2017, then you will even lose rankings and it will be made very clear to visitors that the site is not secure, basically discouraging them from continuing. Is this true?

    • Edwin Toonen

      Hi Matt. Well, it’s true that Chrome will start showing messages that some parts of your site are not secure. However, Google will not demote your site if you don’t have HTTPS. But, look at it this way: what if your site doesn’t have HTTPS and your competitor does have HTTPS on his/her site? Who do you think Google and potential customers would pick?

  20. Kristie Turck
    Kristie Turck  • 11 months ago

    One problem I am experiencing is moving things like social share likes to https. Facebook reads it as a new URL, so the amount of likes you have accumulated over the years disappear when you switch.

  21. Bryan Bloom
    Bryan Bloom  • 11 months ago

    Great article, very easy to understand and also continues to advocate for all sites to be secure.

    • Edwin Toonen

      Thanks, Bryan!

  22. Andrew Smith
    Andrew Smith  • 11 months ago

    I’m confused, you said https is a “must” for sites that don’t send or receive sensitive data…but you don’t give any reasons why. Are there any reasons besides the possibility of a site appearing in a browser as “not secure”?

    • Edwin Toonen

      Hi Andrew. We are moving to an all-HTTPS web and that’s a very good thing. Not only gives HTTPS us as consumers on the web the security we desperately need, but it also makes it possible for several new technologies to come into play. HTTP/2, for instance, needs HTTPS to function. HTTP/2 is a next-level internet protocol that will dramatically speed up the web, amongst many other things. Troy Hunt proves that point in this great post: https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/

  23. Abdul Muneeb
    Abdul Muneeb  • 11 months ago

    I’m considering to move my blog from http to https, Did you recommend any SSL certificate provider?

    • Jack Harvatt
      Jack Harvatt  • 11 months ago

      Comodo PositiveSSL (just 9$/year)

      • Edwin Toonen

        Let’s Encrypt offers free SSL certificates: https://letsencrypt.org

        • Abdul Muneeb
          Abdul Muneeb  • 11 months ago

          Thanks for the recommendations :)

  24. Paul McGlade
    Paul McGlade  • 11 months ago

    Im really considering the move but when I started to look into it more I’m really not sure its worth trying (just yet). Do you think it will become easier to switch in the future?

    • Edwin Toonen

      Well, maybe. Some providers now let you install Let’s Encrypt certificates with one click, but you’d still have to take care of the rest. A project like this you should really prepare well. Always monitor everything during and after the move.

  25. Pius Tolani
    Pius Tolani  • 11 months ago

    Nice one, I have to https as well

  26. Alan
    Alan  • 11 months ago

    Interesting information, thanks. Quick question, as everyone wants to sell a SSL certificate because of the changes by Google, which is better, to buy a certificate through the domain name provider, buy from the web hosting agent, or buy from the cdn provider e.g. cloudflare. does it matter? and would you recommend buying one that covers any future sub domains and even domain addresses e.g .biz, .yoast, .com. that you might require in the future. Thanks in anticipation of your reply

    • Edwin Toonen

      Great question, Alan. It all depends on what you want to achieve with your business, what level your certificate needs to be, how much you want to pay for it and what kind of service you need. We use Let’s Encrypt certificates: they are free and give us enough value and security to use. We take care of the implementation ourselves.

      There are, however, instances where a Let’s Encrypt certificate might not be enough. If you own a bank, for instance, a Digicert issued certificate with support will give much more peace of mind then a free certificate. Nobody can make these choices but you.

      Here’s Google’s advice on choosing your site certificate: “Keep in mind the following:

      – Get your certificate from a reliable CA that offers technical support.
      – Decide the kind of certificate you need:
      – – – Single certificate for single secure origin (e.g. http://www.example.com).
      – – – Multi-domain certificate for multiple well-known secure origins (e.g. http://www.example.com, cdn.example.com, example.co.uk).
      – – – Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com).”

      https://support.google.com/webmasters/answer/6073543?hl=en

  27. paul
    paul  • 11 months ago

    We converted to https and followed all guidelines from google and others, The result 8 weeks in seems to be a 30% drop in traffic and revenue. Kind of wishing we hadn’t bothered. Hopefully a temporary state?!

    • Vince Arnone
      Vince Arnone  • 11 months ago

      Paul, I’ve done several HTTP to HTTPS transitions with no issues and no traffic drop at all. I’d highly suggest digging way into your migration and make sure there are no problems you missed. Key points to check would be redirects, tracking errors, proper analytics/google search console configuration. Something is really wrong if you’ve dropped that much.

      • Edwin Toonen

        Hi Paul. I’d listen to what Vince suggests. If you followed the guidelines during the migration there should not be such a drop in traffic.

  28. Stuart Masson
    Stuart Masson  • 11 months ago

    Hi Edwin,

    We switched our site to HTTPS about 18 months ago and switched it back to HTTP in less than three weeks because it absolutely killed our ad revenue. Other sites at the time were also reporting similar problems after going HTTPS.

    On digging into the issue (and assuming it was our own setup errors that had caused the problem), we were told by both Google AdSense and Yahoo Bing Media.net representatives that their systems didn’t support HTTPS. This came as something of a shock, especially another department of Google was loudly telling sites to go HTTPS at the same time. So we untangled everything to go back to regular HTTP.

    I’d like to commit to HTTPS, mainly for site performance as we don’t collect sensitive data, but we can’t afford to drop 90% of our revenue again.

    Do you know if this has been resolved yet?

    • Edwin Toonen

      Hi Stuart. I can understand your problems. As Joost’s quote in the article said, there are often external factors on sites that make a full, clean move to HTTPS very hard. Most often? Ad networks. When I checked Google’s AdSense documentation, however, I found that they should be able to serve ads over HTTPS as per this page: https://support.google.com/adsense/answer/10528?hl=en. Is that what you were looking for?

      • Stuart Masson
        Stuart Masson  • 11 months ago

        Many thanks Edwin, that’s very helpful. Looks like Google has caught up with itself, so we’ll have another go shortly!

        • Edwin Toonen

          Great, good luck!

  29. susan
    susan  • 11 months ago

    It isn’t impossible anymore. Security outlets announced yesterday (10-16-17) that a major vulnerability has been found in the WPA2 protocol which is used on all Wi-Fi networks which allows attackers to decrypt WPA2 connections.

    • Edwin Toonen

      Hi Susan. On the contrary: yesterday’s news makes it even more apparent that we should move to an all-HTTPS web. In addition, the discovery of a vulnerability in WPA2 only break the security of wifi networks and not that of HTTPS websites.


Check out our must read articles about SEO basics

What does Google do?

How does Google work? What does Google do? In this article we explain in a clear and comprehensive way how Google works!

Read article »

What is SEO?

What is SEO? SEO is the acronym for Search Engine Optimization. With SEO you aim to make websites rank high in Google. Learn the basics here!

Read article »

What is content marketing?

Content marketing contains all marketing strategies that focus sharing information. It is an important aspect of an SEO strategy.

Read article »