homepage Welcome to WebmasterWorld Guest from 54.197.171.109
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

Featured Home Page Discussion

This 174 message thread spans 6 pages: < < 174 ( 1 2 3 4 [5] 6 > >     
Google To Give Secure HTTPS Sites A Ranking Boost
Robert Charlton




msg:4693630
 6:06 am on Aug 7, 2014 (gmt 0)

Just announced. Google's official blog post apparently hasn't gone live yet....

Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites
Aug 7, 2014 at 12:45am ET by Barry Schwartz
[searchengineland.com...]

Google has announced... that going HTTPS -- adding a SSL 2048-bit key certificate on your site -- will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a "very lightweight signal" within the overall ranking algorithm.... Google says it has an impact on "fewer than 1% of global queries" but said they "may decide to strengthen" the signal because they want to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

Google has tested this and is reported to like what it sees. As I read the incomplete information currently available, using HTTPS is probably scored as a Panda-like quality signal. Not yet clear about why it should affect some queries and not others.

Two items that jumped out at me, among others, in Google's list of recommendations, that will likely need further discussion....

- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains

I anticipate that this change is going to raise many questions in the community.

 

wheel




msg:4696567
 3:19 pm on Aug 19, 2014 (gmt 0)

Kind of scary for a site that already ranks well. Should this be done incrementally?

No, not incrementally. You simply do a full redirect in apache for any page lookup on port 80 over to the new IP on port 443, same address. It's like a half dozen lines in apache.

Hypothetically it shouldn't make any difference because you're only changing the protocol used to transmit the page. you're not changing the page address or the content. So it shouldn't impact your rankings unless Google specifically makes it so - and I don't know why they would.

netmeg




msg:4696584
 4:28 pm on Aug 19, 2014 (gmt 0)

The goal is to rank and make money, not argue with Google.


Pretty much my mantra.

Kind of scary for a site that already ranks well.


Not really, not any more than moving one from www to non-www (or vice versa) and maybe less. I've done tons of those, and a handful of http to https redirects, and as long as you know what you're doing (or find someone who does) and are careful and don't make mistakes (yea I've done that too) it's pretty easy, and I for one have never had a problem that lasted more than a couple weeks. (And that was my fault)

mromero




msg:4696586
 4:32 pm on Aug 19, 2014 (gmt 0)

@wheel I disagree it is so simple and cut and dried. Perhaps for a static html site, but there can be several issues.

1. Your Adsense income could crater. See https://support.google.com/adsense/answer/10528?hl=en

2. Issues with paths and URLs, see this thread [webmasterworld.com...]

3. There will be horror stories:

https://productforums.google.com/forum/#!searchin/webmasters/https/webmasters/l6d_HkLkcBQ/IFLAmJYiq80J

https://productforums.google.com/forum/#!searchin/webmasters/https/webmasters/oysJpRt6qnQ/taz14Eo313AJ

P.S. You will need to cut and paste the https URLs in this message as it appears the forum here cannot handle them - yet ;o)

JD_Toims




msg:4696588
 4:57 pm on Aug 19, 2014 (gmt 0)

It's actually only 3 lines of code and it's very simple.

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [OR]
RewriteCond %{HTTPS} ^off$
RewriteRule .? https://www.example.com%{REQUEST_URI} [R=301,L]

Any site that already canonicalizes to www or non-www via mod_rewrite can simply add the [OR] to the right side of the first condition, add the second condition above to check for HTTPS, and add an s to the http on the right side of the rule and it's done.

If they don't already canonicalize, and they have mod_rewrite access then they'd have to add the full ruleset after any other redirects and prior to any internal rewrites.

nomis5




msg:4696642
 9:59 pm on Aug 19, 2014 (gmt 0)


Kind of scary for a site that already ranks well. Should this be done incrementally?

No, not incrementally.


Question though, is there anything against doing it incrementally? If so, what is the downside to doing it incrementally / upside to doing it all at once?

EditorialGuy




msg:4696648
 10:28 pm on Aug 19, 2014 (gmt 0)

Question though, is there anything against doing it incrementally? If so, what is the downside to doing it incrementally / upside to doing it all at once?


John Mueller of Google has said that the HTTPS ranking algorithm runs on a "per-URL basis" (unlike Panda or Penguin, so that would suggest that making the change incrementally shouldn't hurt, and there's something to be said for testing the waters before taking a swan dive.

wheel




msg:4696669
 12:04 am on Aug 20, 2014 (gmt 0)

...except moving everything to SSL is, as noted above, about three lines of code. Move incrementally, page at a time, and I guarantee you will 'f' that up. Way too error prone IMO, and I still fail to see the benefit to doing it incrementally, or the drawback to doing it all at once.

As others have, I've done this two ways. One, did it and screwed up everything. Fixed, and was back in in no time. Second way, did it right. No changes or problems with rankings.

I suppose anything can go wrong, but practically and generally, just move the whole site over. If you do it right or hire an expert (as I did), I wouldn't expect any problems.

JD_Toims




msg:4696677
 1:05 am on Aug 20, 2014 (gmt 0)

Move incrementally, page at a time, and I guarantee you will 'f' that up.

Yup, it's way more difficult to "get right" incrementally than it is to "just do it" -- I've been working with mod_rewrite for a decade now and last I checked I still have some posts under a different user-name listed in the Apache library here and I would/will always go with a "blanket switch" when it's my option to make the call, because it's way easier to implement correctly the first time.



The first site I "switched over" also switched from extensions to extensionless at the same time and there wasn't even really a "hiccup" in traffic... As new URLs on https with the same content and no extension were found by Google they replaced the original URLs nearly seamlessly, so IME, it's really not that big of deal to make the change.

Note: We actually made the change for visitors well before Google's announcement, but basically a simple change of where the site canonicalized to was all it took -- I should probably also say any other redirects preceding canonicalization should be changed to point to https rather than http to avoid "chained" redirects, but with a find/replace in a text editor that's simple to do in an htaccess, httpd.conf, or even PHP file.

Note 2: Stripping the extension does require a bit more complex code than I posted above to implement, but with the URLs exactly the same, less the .ext, along with the move to https, there doesn't seem to have been any noticeable difference in traffic level -- Both the switch in canonicalization to https and the switch to extensionless URLs don't seem to have made a difference in traffic level, but in the situation I'm referring to, both seemed to be good adjustments for visitors in how we handle things and the level of "professionalism" we presented to them onsite, so I think it was a good move.

EditorialGuy




msg:4696691
 2:45 am on Aug 20, 2014 (gmt 0)

...except moving everything to SSL is, as noted above, about three lines of code. Move incrementally, page at a time, and I guarantee you will 'f' that up.


Depending on your setup, hosting, etc., there may be other possibilities between the extremes of "all at once" and "one page at a time."

JD_Toims




msg:4696698
 3:20 am on Aug 20, 2014 (gmt 0)

Not technically -- People should really know more about the technical side of things before they reply or spread FUD that will likely be read by a number of people, imo, because as far as I'm concerned, when someone really, obviously doesn't have a clue about what they're posting or how to do things and subsequently leads others astray it's is far from cool, right, or helpful.

There's no opinion involved in what I posted to change things over from http to https. It's fact, definitive, accurate. Period.

aakk9999




msg:4696735
 11:44 am on Aug 20, 2014 (gmt 0)

I have a client that has eCom site. Products are http, but the shopping part is https. The site has security certificate in the footer which, when clicked, shows a valid certificate.

I am wondering how is this seen by Google - do they treat the site http or https? Or do they do it on URL by URL basis?

netmeg




msg:4696742
 12:16 pm on Aug 20, 2014 (gmt 0)

I have several ecommerce sites that are https only for the cart, and Google seems to treat it by URL, but it's hard to know for sure.

Nowadays, for a new site, I'd just start off with the whole site as https (and yes, I'd definitely advocate moving them all over at once)

Just think of it like ripping off a bandaid (ork ork)

Bones




msg:4696744
 12:25 pm on Aug 20, 2014 (gmt 0)

URL by URL it seems, this might be of help:
https://www.seroundtable.com/google-https-algorithm-18986.html

freshpaul




msg:4696750
 12:37 pm on Aug 20, 2014 (gmt 0)

Can anyone think of any concerns I should have with migrating a penguin-affected site to HTTPS?

dethfire




msg:4696765
 1:46 pm on Aug 20, 2014 (gmt 0)

Does this mean that SPDY works for Apache 2.4 now?
https://github.com/eousphoros/mod-spdy

mromero




msg:4697134
 4:52 pm on Aug 21, 2014 (gmt 0)

No one here picked up on my comment on the risks at this time of doing the HTTPS swan dive, in a previous post in this thread:

1. Your Adsense income could crater. See https://support.google.com/adsense/answer/10528?hl=en

Barry Schwartz has commented on this today, saying some publishers' income fell by as much as 35% since changing over to https.

"So I was all excited migrating over this site to SSL and my corporate site but despite very little ranking changes, both negative or positive thus far, AdSense earnings seem to have taken a hit somewhat."

https://www.seroundtable.com/https-google-adsense-19035.html

You my need to cut and paste the HTTPS urls as WebmasterWorld appears not able to be able to connect to https websites.

netmeg




msg:4697204
 8:46 pm on Aug 21, 2014 (gmt 0)

Well I guess I understand how that happens. Next step will probably be for AdWords to start pushing the advertisers into SSL, then.

superclown2




msg:4697205
 8:51 pm on Aug 21, 2014 (gmt 0)

@mromero; well pointed out. It seems that Google are quite clear about it:

please be aware that because we remove non-SSL compliant ads from the auction, thereby reducing auction pressure, ads on your HTTPS pages might earn less than those on your HTTP pages.

So yep, sites carrying adsense need to think twice about the shift.

Well I guess I understand how that happens. Next step will probably be for AdWords to start pushing the advertisers into SSL, then.


So more and more advertises go SSL, more availability means prices drop even further, publishers switch back to HTTP ..........

What a complex world we live in.

Selen




msg:4697227
 3:33 am on Aug 22, 2014 (gmt 0)

I do not like how SSL sites are presented in Google search results at all. I think they don't help build a brand. For example compare:

https://www.example.com/ (this is what appears when website uses SSL)

vs.

example.com/ OR www.example.com/

It would be better to add maybe a small padlock or something so that the https:// part is removed and doesn't confuse visitors (it's enough that some of them are confused with the 'www.' part already). Now user has to read the extra 'https://' to read your brand name (ie. domain name).

nomis5




msg:4697242
 7:39 am on Aug 22, 2014 (gmt 0)

...except moving everything to SSL is, as noted above, about three lines of code. Move incrementally, page at a time, and I guarantee you will 'f' that up. Way too error prone IMO, and I still fail to see the benefit to doing it incrementally, or the drawback to doing it all at once.


First off it's not three lines of code but that's not the real problem. It's more to do with the philosophy behind testing a change.

If I change ten URLs to SSL as a test and it doesn't work as expected then I can revert back and think again, no real damage done. And I can let the change "settle down" without major financial impact to really test the effect of the change. If it does work I might be tempted to revert back those ten URLs and then make a site wide change.

A quick glance at this forum, other forums and even Gs own documentation indicates to me that a change to SSL may suit some sites but be disastrous for others. I want to know which result will apply to my site before I make a site wide change.

The way I interpret what I've read here and elsewhere, there are a large number of factors (many of which I don't yet understand) which can effect a change to SSL.

I'm talking from the point of view of someone who runs two Adsense ads on almost all pages I publish. My site sells nothing and the only sensitive data it collects is general location (not address) and email address, both entirely optional.

Maybe commerce sites and informational sites should be treated differently as far as SSL is concerned and it's not a case of one solution fits all. The same might apply to sites that do or don't run Adsense?

mihomes




msg:4697251
 10:34 am on Aug 22, 2014 (gmt 0)

First off it's not three lines of code but that's not the real problem.


Depending on how you have your site setup it really is. As JD pointed out above if you are doing non-www to www or vice versa (as everyone should) then you can do this easily. All of my sites, off the top of my head, would be fine doing exactly as he stated... in my case adding an OR and an s to my existing code.

If I change ten URLs to SSL as a test and it doesn't work as expected then I can revert back and think again, no real damage done. And I can let the change "settle down" without major financial impact to really test the effect of the change. If it does work I might be tempted to revert back those ten URLs and then make a site wide change.


Unless you understand what you are doing with these 'test' pages then I would not recommend this. You could easily end up with some dupe content issues, wrong links, etc if this is not done properly. It would be MUCH easier to do everything OR nothing assuming your structure and linking in the site is the same throughout. Again, in my case I use relative links everywhere... if I wanted to make a switch to all https all I need to do is change two lines of code in my htaccess file after the cert is setup for the domain. There may be a few php/js files which use full urls but that is simply a replace all of http/https.

netmeg




msg:4697268
 12:16 pm on Aug 22, 2014 (gmt 0)

It would be better to add maybe a small padlock or something so that the https:// part is removed and doesn't confuse visitors (it's enough that some of them are confused with the 'www.' part already). Now user has to read the extra 'https://' to read your brand name (ie. domain name).


That might happen at some point, but maybe they're waiting to see how implementation goes. Or not. Google doesn't care very much about how brands are represented; all AdWords display URLS are required to have www, even on domains that are non-www. I'm still pissed about that one.

wheel




msg:4697273
 12:31 pm on Aug 22, 2014 (gmt 0)

please be aware that because we remove non-SSL compliant ads from the auction, thereby reducing auction pressure, ads on your HTTPS pages might earn less than those on your HTTP pages.

That's an opportunity if you think about it.

teokolo




msg:4697280
 1:33 pm on Aug 22, 2014 (gmt 0)

I'm trying to move one website to https and I've noticed browser warning about blocked mixed content: an external javascript and few images loaded from a non-https CDN.

Assuming https is (or will be) a ranking signal, do you think this warning could be a problem with rankings?

wheel




msg:4697285
 1:48 pm on Aug 22, 2014 (gmt 0)

Short answer, fix it so everything is being pulled from https.

netmeg




msg:4697289
 1:58 pm on Aug 22, 2014 (gmt 0)

Whether or not it's a problem with rankings, it's not something you want your users to see, so like wheel says, fix it.

aristotle




msg:4697339
 5:59 pm on Aug 22, 2014 (gmt 0)

please be aware that because we remove non-SSL compliant ads from the auction, thereby reducing auction pressure, ads on your HTTPS pages might earn less than those on your HTTP pages.

If i understand this, it means that switching to https would probably reduce earnings for sites which get all of their income from Adsense. So for people who have a purely informational static html site, in most cases wouldn't this reduction in Adsense earnings more than offset any potential gains from the supposed ranking improvement that Google has announced for sites that do make the switch? In other words, for this type of site, wouldn't you be better off not to make the switch, especially since there's no other reason to do so anyway.

netmeg




msg:4697341
 6:01 pm on Aug 22, 2014 (gmt 0)

In other words, for this type of site, wouldn't you be better off not to make the switch, especially since there's no other reason to do so anyway.


Yet another reason I'm not jumping into it right now.

nomis5




msg:4697345
 6:25 pm on Aug 22, 2014 (gmt 0)

There may be a few php/js files which use full urls but that is simply a replace all of http/https.

Already the three lines of code are ballooning. I was in the computer software testing business for 15 years and nothing struck more fear in me than a programmer saying "it's only a one line change .....".

In other words, for this type of site, wouldn't you be better off not to make the switch, especially since there's no other reason to do so anyway.


Absolutely right at this point in time. Don't get fooled into thinking that coding is the only thing that needs to be considered. There's a whole pile more than that to consider. Wait, watch and read lots, before taking the plunge.

ChanandlerBong




msg:4697718
 6:55 pm on Aug 24, 2014 (gmt 0)

so out of the traps we come and then G says perhaps they're not ready in adsense and neither in webmaster tools...

this is another case of not wanting to be first at the waterhole only to discover it's cyanide in there, not water.

won't even consider this till Christmas when I've trawled through all the "omg, site visits down 74% since https switch" threads on here. I already do non-www to www in my htaccess so when I do take the plunge, it's a two minute job.

Just not yet....

wheel




msg:4697740
 12:18 am on Aug 25, 2014 (gmt 0)

Already the three lines of code are ballooning. I was in the computer software testing business for 15 years and nothing struck more fear in me than a programmer saying "it's only a one line change .....".

If they've got URL's hardcoded that far in a file, then they deserve the frustration they get.

This 174 message thread spans 6 pages: < < 174 ( 1 2 3 4 [5] 6 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved