Why switch to the HTTPS protocol? If your website appears as “not secure” in the browser, you could lose visitors… Learn more about how security certificates impact SEO and rankings!
If you’ve encountered the “not secure” warning while browsing, it’s often due to the lack of activation of the HTTPS protocol, which secures connections.
Any website can be flagged by Google (and other search engines) as insecure in order to protect users from potentially harmful sites.
The warning is shown to discourage users from accessing the site…
… After all, who would click on a security warning?
What HTTPS Protocol Handles
The HyperText Transfer Protocol over Secure Socket Layer (HTTPS) is a protocol for secure communication over a computer network. It’s the result of applying an encryption protocol to the HTTP hypertext transfer protocol.
The principles behind the HTTPS protocol are:
- The authentication of the website visited.
- The protection of privacy.
- The integrity of the data exchanged between communicating parties.
It is used to ensure the confidentiality of data transfers over the internet, preventing any interception of the content.
What advantages does it provide in terms of SEO?
In August 2014, Google announced that transitioning to the HTTPS protocol would eventually be considered a positive ranking signal for websites adopting a more secure connection, influencing their positioning.
Three years later, this prediction has materialized: the HTTPS protocol will now be a ranking factor. According to Google, it will currently affect only 1% of global queries—a minor factor, but one that could become more significant in the future.
However, simply switching to HTTPS (after purchasing an SSL certificate) is not enough for an unoptimized site. A well-designed website will rank well even without HTTPS, unlike a website with poor or nonexistent SEO, even if it uses HTTPS.
What advantages does it provide in terms of security?
Google’s goal is web security – and the HTTPS protocol can ensure this by protecting data through encryption.
To guarantee this security, it is important to ensure that all connections to your site use only the HTTPS protocol.
For those enabling it in WordPress…
The WordPress CMS allows you to manage your site’s traffic via the HTTPS protocol once the SSL certificate is enabled on your domain’s hosting plan.
After logging into the admin panel, it will be enough to:
- Visit the Settings section;
- Click on the General tab;
- Set the corresponding URLs with the https:// prefix for the WordPress Address and Site Address fields;
- Then, save the changes.
The presence of a green padlock icon in the address bar, before the site’s URL, indicates that the switch to the HTTPS protocol has been successfully made.
However, if an icon warning of an incompletely secure connection (a circled “i”) is displayed instead, manual intervention will be necessary to correct any references to addresses that statically indicate the “http” prefix. By opening the source view from the browser, you will need to locate the references to “http://” and modify each reference in the pages or content managers.
There are specific tools available online that help with this check, showing (once the website name is entered) all the content that isn’t loading properly in HTTPS. Updating all the paths can be made easier by using third-party plugins, many of which are available in the WordPress plugin directory itself.
What to watch out for
Naturally, it’s important to remember that Google “sees” protocol changes as if they were a website change, so HTTP pages must be redirected to the new HTTPS version. In terms of SEO, the transition to HTTPS should be managed properly to avoid losing rankings, as it is essentially a change in the domain extension.
When switching to the HTTPS protocol, make sure it is applied to every element that makes up the website, including widgets, JavaScript, and CSS files.
This is one of the cases where 301 redirects are essential to send all URLs from HTTP to HTTPS.
Like the URLs, the canonical tags must also be corrected and pointed to the HTTPS version.
Other key precautions to keep in mind include:
- The robots.txt file must be updated accordingly;
- It’s a good idea to update the Google Analytics tracking code;
- Social buttons, as well as RSS feeds, by default do not support HTTPS. Therefore, their code must be modified to make them functional and ensure that users can share content securely.
In conclusion
Let’s conclude with the analysis by Tim Nash in his 2014 article:
«… So, why did Google make a bold announcement that SSL is a “minor” ranking factor?
Well, let’s simply say that the stick didn’t work. Security professionals, system administrators, and operations teams have tried to scare senior management into using SSL – and it’s shocking how many sites should be using SSL but aren’t. For many, the scenarios are purely hypothetical, and security is something to be dealt with “later.” However, SEO and marketing are things to think about in real-time, so Google is dangling a carrot – improve security, and we’ll consider you more trustworthy and rank your content accordingly.
SSL as a ranking factor makes sense when you think about it less from the perspective of security and more from the perspective of trustworthiness. The validation system means there has been validation at the domain or organizational level – and that someone cares enough to implement an SSL certificate. […]»
To learn more and stay updated on new developments, continue following us – or feel free to contact us: we are at your disposal!
