Google announced that on 17 October’17 all non-HTTPS websites should prepare to see a significant drop in rankings, user engagement, website enquiries and revenue.

Chrome (version 62) will show a ‘NOT SECURE’ warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode. The new warning is part of a long-term plan to mark all pages served over HTTP as ‘not secure’.

Secure your site with HTTPS for Google

How will this impact your website?

Even if you do not have a standard transactional or e-Commerce website, if you have any input fields – like an enquiry form – your Chrome visitors are going to see warnings right in the entry fields. Most users will become wary of this, thinking that your website might be hacked (if they don’t understand the warning, or even if they do), and will abandon the check-out or goal conversion process and leave the website for a more secure looking site.

A secured website should show a green secure HTTPS status in the address bar. If the site has implemented a security certificate (i.e. applied HTTPS), however there are still some unsecure input areas on the website, then the HTTPS status will be red. A non-https site will show a warning, not secure, icon.

How non secure input fields will appear on Chrome

What does this mean to your business?

As a non-secure website will display a warning sign in the address bar of the website, any new website visitor may feel uneasy when landing on your website and they will bounce (i.e. leave before navigation further into your website). For those who are not deterred by this first hurdle, and proceed to the enquiry form or checkout step, they will see non-secure warnings in the input fields and this might then eventually scare them off and they are then likely to abandon the cart or conversion funnel.

HTTPS secure appearance in address bar

Finally, Google will rank your non-secure website lower on the Google SERPS (Search Engine Results pages) than your secure counterparts. Google has already started to do so gradually in the past, however it is likely that non-secure sites will now see even harsher knocks on their rankings if they don’t migrate.

So in summary, you want to care about securing your website with HTTPS, otherwise you will feel the impact in the following ways:

  • Drop in Google rankings
  • Increase in bounce rates
  • Drop in leads or conversions
  • Drop in revenue resulting from your website

What does it mean to have a secure site?

A secure site means that the website has obtained a security certificate to provide the following layers of protection to its users:

Authentication: prevents ‘man-in-the-middle’ attacks and provides a guarantee one is communicating with the exact website that was intended.

Encryption: provides privacy by encrypting the exchanged data. This ensures that conversations won’t be eavesdropped and the information won’t be stolen.

Data integrity: prevents data from being unnoticeably modified or corrupted during the transfer.

Why Is HTTPS so important?

Not only is HTTPS a ranking signal for Google, it also makes browsing safer for the user which in turn leads the user to have more trust in the website and creates more conversions. Google is also starting to give preference to secure websites by ranking them higher in the SERPs, provided that they are mobile friendly.

What can you do about it?

Migrate your website to HTTPS

If you employ an SEO specialist, then you feel you should ask them to assist you in migrating your website to an HTTPS version. Many company’s approach their web hosting company or web developers to advise on the HTTPS migration, who make it seem like a simple ‘switch’. While it appears fairly simple on the server side, unless they are an SEO specialist – or are completely aware of Google’s recommended process to switch to HTTPS to prevent SEO or ranking issues – they are not likely aware of the impact of switching to HTTPS without a proper SEO migration plan.

Over the past few months, we have seen a number of websites, who have failed to apply a proper HTTPS migration plan, suffer massively in their rankings and leads due to duplicate content and indexing problems, as well as a host of other complications.

Warning: Attempting to switch to HTTPS without a proper SEO migration plan will hurt your rankings. Do not make the switch without consulting with an SEO expert.

If you and your SEO Specialist feel comfortable attempting the migration to HTTPS on your own, then perhaps this checklist below may serve as some guide. However, if there is any doubt about what these steps entail or how to proceed, we recommend you contact an SEO Migration specialist:

HTTPS Migration Checklist

  1. Obtain a security certificate as a part of enabling HTTPS for your site.
  2. Prepare a URL mapping from the current URLs to their corresponding new format and update all URL details.
  3. Update annotations in the HTML or sitemaps entry for each page.
  4. Each destination URL should have a self-referencing rel=”canonical” tag.
  5. Update internal links – Change the internal links on the new site from the old URLs to the new URLs.
  6. Set up HTTP 301 redirects on your server from the old URLs to the new URLs as you indicated in your mapping.
  7. Add the HTTPS property to Search Console. Note that Google sees HTTP and HTTPS as separate properties and each as such, you will require a new Search Console account.
  8. Be sure to verify all variants of both the source and destination sites.
  9. Review the Search Console verification and make sure your Search Console verification will continue to work after the site move.
  10. Prepare site and test the redirects thoroughly.
  11. Verify sitemap file contains the new URLs in the mapping.
  12. Fetch as Google for testing individual URLs or command line tools or scripts to test large numbers or URLs.
  13. Verify robots.txt to ensure the HTTPS is reflecting.
  14. Update incoming links immediately after the site move is started.
  15. Update all ad campaigns to point to the new landing pages.
  16. Monitor the traffic on both the old and new URLs.
  17. Update any external or API tracking and reporting tools with the new URL’s & Search Console accounts.
  18. Monitor rankings, organic traffic and search console index and crawl data for any unexpected discrepancies.

While you can do a live deployment of HTTPS, we do not recommend this route as this could result in many bugs on the live site. We recommend that you either deploy the changes on your development site before implementing migration on your live site, or Deploy the migration to a staging environment first as this will allow you to make a fully functional mirror of your site to a staging environment to test that before deploying to the live environment.

HTTPS Migration Training

If you feel that you want to attempt HTTPS migration on your own, but still feel overwhelmed or nervous by the information, then you might want to consider attending our 3-day SEO Training Course where you will learn how to do your own HTTPS SEO migration, and have the opportunity to engage with our HTTPS migration experts who have implemented many successful migrations (and recovered many poorly planned HTTPS migrations). They will share challenges with you, lessons learnt, and tips for a successful HTTPS Migration plan.

Call our SEO Experts

If you’re not comfortable doing this on your own, call our SEO Migration experts to assist you with your HTTPS SEO Migration. We can consult to you or manage the entire migration on your behalf. Get in touch with one of our SEO Experts for assistance.