Google’s New HTTPS Ranking Signal – The Ugly Truth You Need to Know

Google's New HTTPS Ranking Signal
Google announced that the company will be boosting the search engine rankings of websites that use HTTPS. This is a rare and significant announcement as the search engine giant does not normally broadcast new ranking signals. The reasoning behind the new ranking signal is security. Let’s take a look at what this means for website owners and if it will impact SEO.

What is HTTPS?

HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS enables secure encrypted connections over the Internet between your browser and the web server. The encryption provided by HTTPS running over TLS (Transport Layer Security) is designed to provide the benefits of:

  1. Authentication– To make sure that the servers who you are talking to over Internet are who they say they are.
  2. Data Integrity – To make certain that the data has not been modified in transit.
  3. Encryption – To protects Internet conversions from ease dropping.

Some people may recognize the HTTPS in the address bar of their browser or the padlock when they shop or do their banking online. In essence, the use of HTTPS protects the integrity and confidentiality of users’ data.

Google’s Top Priority

Google has been very clear that security is a top priority. The company has been experimenting with tests “over the past few months” and received positive results. To help make the web a more secure place, Google has decided to reward those with a similar mission. According to the official Google Online Security Blog:

“For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS.”

You may be thinking why you would make the switch from HTTP to HTTPS if only 1% of global queries are affected. Will making the change on your website be worth the time and energy? Here are 9 things you need to know:

The Ugly Truth About Migrating Your Website to HTTPS

  1. You Will Need to Do It Right – Google has explained that if you switch your website to HTPPS properly, there will be no downside. If you are not sure that you have the technical skills to make the migration properly, you may want to enlist the help of a professional.
  2. Time Requirement – Migrating your website from HTTP to HTTPS will take time to complete it properly.
  3. It Costs Money – SSL certificates cost money. A SSL certificate is required to enable the HTTPS on a web site. A few SSL certificate providers include Comodo, Trustwave, Entrust, Geotrust, and Verisign. Prices vary from provider to provider. Installation fees may apply.

    Update: Check with your web host to see what they offer. Some hosts are offering the ability to use Let’s Encrypt SSL certificates. It is a free, automated, and open certificate authority by the non-profit Internet Security Research Group (ISRG).

  4. Multiple Edits– All internal links including images, javascript, CSS, etc. will need to be edited to secure connections. If you have a large number of images in your website, this will take time. You could edit the HTML of each image to a relative URL. For example,
    • Instead of, you can edit it to: //

    For those familiar with phpMyAdmin, you can use SQL queries to find and replace. A word of caution: always back up your database before making any changes.

  5. 301 Redirects – You will want to implement 301 redirects from the HTTP to the HTTPS version of your domain name to be certain that you are telling the search engines that the site is permanently moved to a new address.
  6. Social Sharing Counts – Unfortunately, social sharing program numbers for popular WordPress plugins may restart when you change to the HTTPS version of your domain name.

    Update: Social Warfare offers the ability to preserve social shares when changing URLs after migrating to HTTPS. For more, please see: Social Warfare Plugin Review: Supercharged Social Sharing.

  7. Test, Test and Test Again – After you have made the edits, you will want to conduct tests to be certain all is working properly.
    • Google recommends testing the security level and configuration with the Qualys Lab tool.
    • If you notice a security warning in your browser when testing your page, the tool at Why No Padlock will help you determine any insecure links are still present on your website.

    For example, while preparing our website for the HTTPS migration, my tests showed that two URLs generated by the popular plugin, Digg Digg, were causing insecure connections for Pinterest and Buffer.

  8. Google Webmaster Tools Addition
    After the migration is complete, you will want to add the HTTPS version of your website to your Google Webmaster Tools Account, verify it and select it as your preferred domain.
  9. Update Incoming Links
    Google recommends that after you have made switch to start trying to “update as many incoming links as possible” including

    • External links: Make a list of sites that link to your website and attempt to reach out to them and ask them to update their links to include your new HTTPS address.
    • Google+ profile Authorship “Contributor to” links.
    • Social media profile links including Google+, Facebook, Twitter, and LinkedIn.
  10. What Google Says Goes
    You may be thinking that the switching your website from the HTTP to HTTPS is too much work. Or, if switching is worth it if this new “lightweight” ranking single only impacts 1% of global queries. On the other hand, you may be concerned that what Google says, goes, and it may be time to start the process or be left in the dust. The good news is that Google has stated that it is giving webmasters time to switch to HTTPS,

“But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

Big Guys Who Have Made the Switch

Big guys in the SEO community are taking heed to Google’s recommendation and have made the switch from HTTP to HTTPS including:

  • Joost de Valk of Yoast – the famed WordPress SEO by Yoast plugin.
  • Search Engine Roundtable’s Barry Swartz of Rusty Brick

Google’s Best Practices

Google has stated that in the coming weeks, they will “publish detailed best practices to make TLS (Transport Layer Security) adoption easier”, and tips to avoid common mistakes. Current recommendations are at Google Online Security Blog.


Google’s announcement of including the use of HTTPS as a ranking signal in their algorithm has brought a great deal of discussion among the SEO community. There are a number of edits that website owners will need to make to make the switch. Is it all worth it? What Google says usually goes, and the search engine giant is giving webmasters time to make the switch.

How about you? Are you ready to make the switch and help make the web more secure? Or will you be putting this on the back burner for now?

More from Google
Google I/O 2014 – HTTPS Everywhere

Fascinated with the growing potential and power of the Internet, Robin founded R & R Web Design LLC in the Chicago area in 2000. As creative director, she is passionate about helping others reach their Internet objectives through a strategic online presence with results driven custom web design, ethical SEO, and social media marketing.

8 comments on “Google’s New HTTPS Ranking Signal – The Ugly Truth You Need to Know
  1. Robin,

    Thanks for taking the time to document the effort that goes into making the switch to https. I migrated my site to run under SSL last year, and it was time-consuming and expensive. I lost social shares, many of the plugins I loved and relied on didn’t work under SSL, and an embedded Aweber newsletter sign-up form threw mixed content warnings whenever a new subscriber hit the submit button. AWeber was unable to help solve the issue.

    The most difficult part was going through each and every blog post to make sure the correct protocol was used for every file, image, etc. on the site. Testing was time-consuming for sure.

    After a few months of running under SSL, I decided at that time I didn’t want the overhead of the SSL site. It’s not an e-commerce site so I made the move back to http, which was simple to reverse.

    I’d love to see an internet where all of our websites were tucked safely under an SSL environment. But it’s a big move and your point is well taken: people need to be aware of what goes into such a migration and think it through before getting started. Then test, test, and test some more. Sites that link to each other may run into mixed content issues similar to my AWeber experience.

    As for migrating again? Well, for now, I’m going to back burner it, but will definitely give it serious consideration for 2015.

    • Michelle, it has been my pleasure putting this together. I actually started the migration process yesterday and then decided not to. Like you, I was hesitant to proceed without more time to test and have put it on the back burner.

      As for changing each and every URL of images, etc, that is a daunting task, isn’t it? We can run SQL queries to make the changes. The plugin, Search and Replace will also help on WordPress database. More daunting is having a list of other sites that link to ours and writing them to ask them to add the “s” in the http of our domain name.

      It looks like we are all going to have to wait and see what Google will mandate, doesn’t it? Thank you for taking the time to read and to comment.

  2. Chad Egeland says:

    Great write up and info Robin!
    While I applaud what Google is trying to attempt to do by making the web more secure. I can’t help but feel that this is a slippery slope for them to take.
    Maybe I feel a little ranty today but I think the job of Google Search is to serve up the best content related to my search results and if that happens to come from a site unwilling or unable to make the switch to https then that is what should surface. Right now they say it’s a low ranking signal but Google is known for making plenty of changes and they could decide in the future that it’s worth more weight.
    The content should always be the determining factor and technology should not be a deciding factor in this ranking.
    What if Google decides that websites that also have an Android app in the Play store get better rankings or that sites written in ASP will rank lower than PHP. I’m not saying this will ever happen but from my standpoint as a user, Google should be more concerned with serving up high quality search results based on content rather than technology that websites have implemented.
    I’ll probably eventually make the switch to https (mostly because Google says so) but I really don’t like the weight that Google can throw around when it comes to making decisions about web search.

    • Thank you, Chad! I too, applaud Google for attempting to make the web a more secure place. You definitely have something there. Google has stated in the past that their ultimate goal is to serve high quality sites in their search results, and that they want to make the Internet a better place. The task that we have before us as website owners to make the switch may definitely feel overwhelming for some. I am with you. We will be waiting and watching for now.

  3. Anton Rius says:

    This is a great point, Chad. I agree that quality content should be the biggest factor. I wouldn’t put it past Google to rank sites who are friendlier to their platform higher, though. Just look at the way they weigh social signals from Google Plus.

    They have the influence to sway search results in their favor. In the end, if this becomes a bigger factor, we’re all going to be forced to make the switch if we want to keep showing up in their results.

  4. I appreciate you stopping by, Anton. Chad does bring up a great point. It is going to be interesting to see how this all plays out. You are right. In the end, it does look like we are going to have to comply and make the switch to HTTPS to keep showing up in the search results.

  5. Mallie Hart says:

    I find myself in much the same boat as the rest of you. It’s just not an undertaking I’m prepared for at this time. It’s not so much the cost thing, but all of the detail work checking every image, every link, yadda yadda.

    Honestly, this is a move I may find myself making ONLY if forced by Google itself or if my traffic just completely shuts down.

    Thankfully it’s not something I have to worry about today. I dread the calls from clients who get wind of this, though. It would be very hard to price such work in any way that was fair to both parties.

    • Thank you for sharing your thoughts on this, Mallie. It looks like we will all be waiting to see how this all will play out when and if Google decides to give more weight to HTTPS in the search results.