Already the three lines of code are ballooning. I was in the computer software testing business for 15 years and nothing struck more fear in me than a programmer saying "it's only a one line change .....".

If they've got URL's hardcoded that far in a file, then they deserve the frustration they get.

Sorry about crashing in here without reading all six pages, but I have a question:

Do you have to have to have URLS listed as https:// in your site map? or does G just probe and find the https on their own? I'm hoping the latter.

I've run SSL for 10 years because the site requires user data entry when they join and login.

samwest, unless something has changed recently, Google will find the https:// URLs on its own, even with http:// in the sitemap. Several months ago the site I work on was being listed as https:// in Google. We have it for our checkout, but technically it was enabled for the whole site. It was causing havoc with images being pulled from AWS, so we redirected to http:// .

[edited by: phranque at 3:45 am (utc) on Aug 26, 2014]
[edit reason] unlinked url [/edit]

Do you have to have to have URLS listed as https:// in your site map? or does G just probe and find the https on their own? I'm hoping the latter.

http://support.google.com/webmasters/answer/183668 [support.google.com]:

Use consistent syntax for listing your URLs. For instance, if you list your home page URL as http://www.example.com/, your sitemap should not have URLs that begin with http://example.com/

translated for your question, this would read:
... if you list your home page URL as [example.com...] your sitemap should not have URLs that begin with http://www.example.com/

This'll be another craze like site speed.

This was also a joke. Depending on from where they judge speed it will make too much difference. If judged from withing the USA network data transfer rates will be neglible compared to pulling data from outside of the USA. When I performed some tests about 10 years ago researching the location of registration servers, I found that we had to have a server in each continent to keep response times bearable. What I also found was that the reponse times within the USA when compared to networks in other continents was dramatically faster, the difference being like on a home network vs the Internet.

Technology has adavanced but those differences more than likely still exist.

Only a fool would measure site speed from one location.

The rumour was, they didn't/don't measure site speed from one location - they measured it from the various users' location.

And you're being foolish if you're not paying a lot of attention to site speed. There's been enough studies done to show that site speed makes a noticeable difference in conversions.

You should be paying close attention to both your data center location and your site design with speed in mind. Having a fast website is a relatively easy thing to do. Not something I would obsess over, but something to do at least a one time audit. From what I've seen, speeding up websites is normally just a matter of 'fixing' a handful of small things. You can get 90% of the way there doing 10% of the work.

I'd certainly worry more about site speed (and probably SSL) before I bothered with a lot of other things like 'fresh' content.

By the way, I agree with phranque that you should have the site as https:// in the sitemap, but Google will index any https:// site on its own, even if the sitemap says otherwise and even if you don't have a single internal or external link going to that version of the URL.

The rumour was... they measured it from the various users' location

Only a rumour and most unreliable (line connection, connection speed, peak hour, congestion, server load, etc). Besides, which browser or service is reporting back about everything I download, when and via which proxy because I sure want to make sure that I never use them again.

site speed

As I've understood it, initially Google was just looking for "outliers", sites way slower than the statistical norm, measured (I assume) under comparable conditions.

Early in the days of Panda, I did see a bunch of those. You could watch the images on some pages load while you ate lunch... and what's amazing is many site owners saw nothing wrong with that. Many had never viewed their site performance online... only seen it locally.

On some sites, half the nav links and resources on the page were old urls that led to 301 redirects. An occasional page didn't even load. You find far fewer of those now via Google search, and that was Google's intention.

Google will likely continue to use outliers as the basis for identifying substandard performance, and mobile sites that are faster and easier to use will likely be winners if they are used frequently in mobile situations. I don't think that Google is using any one metric, btw. Bing is very likely to be making similar adjustments, all the time.

It's been 3-4 days since I redirected my site to an EV SSL cert.

No hiccups in traffic that I've noticed, up or down. I monitor sales rather than traffic anyway, and no real change there.

Google is now however lising my site with 'https://' in front of the URL. Non https sites just get www, my site gets [www....]

There's actually two of my competitors (large name brands, you've seen their tv commercials) already doing this, never noticed the https before. So if I haven't noticed it, I don't imagine it makes much difference to consumers. My wife had no idea what the green padlock was as well.

So far, it's about what I expected. Right now it's not much more than an opportunity/excuse to review site best practices.

Do you know if I can use different certificates on different subdomains?
I'd like an EV SSL certificate on www and maybe a cheap wildcard on subdomains (forum, blog and CDN subdomains).
Does it make sense?

Unfortunately for us, since migrating to https last week, we have witnessed a total collapse in referrals from Google.
Hopefully it's only a blip...

Glitterball, have someone externally check your website and all the pages. I bet something's gone wrong with the redirect.

And then check every link on your site to make sure you don't have any http:. And check your images, make sure they're all https: too, and so on.

My conversion went smooth. Google's indexed pretty much all the pages and is showing them in the serps as https with no noticeable loss in rankings or traffic. (No real increase either).

I moved our secondary site to https: a few weeks ago, and my experience has been similar to wheel's. No problems at all, with a slight (and probably coincidental) increase in Google traffic.

(Fortunately, the site mostly uses relative internal links, so I didn't have to change many links from http: to https:.)

I moved fairly small site (3000 visits/day) to https almost 4 weeks ago. My notes on that:

* 1-2 week traffic from G was shaky a bit, noticeable decrease in AdSense CTR/CPC/RPM too (I'd say -30%-40% or so);
* 3-4 week traffic from G increased slightly and seems stable now. AdSense is back to normal too;
* wasn't able to spot any visible changes on the SERPs.

Glitterball, have someone externally check your website and all the pages. I bet something's gone wrong with the redirect.

And then check every link on your site to make sure you don't have any http:. And check your images, make sure they're all https: too, and so on.

My conversion went smooth. Google's indexed pretty much all the pages and is showing them in the serps as https with no noticeable loss in rankings or traffic. (No real increase either).

Actually, I've been even dumber than that. The migration and redirects are working correctly, however I had been looking at Google Webmaster Tools which was for the http and not the https version - DOH!

Also, noticed that Adsense earnings are down, consistent with sangi's observations - hopefully they will come back in a week or two.

Actually, I've been even dumber than that

I've done even dumber things than that! I once installed a brand new, untested FX system on what I thought was the "test" machine. No-one told me that the "test" terminal (to which I was meant to have exclusive access) had been reconnected to the live system overnight. That really mucked up that day's trading.

Never believe what appears to be obvious.

If I was a cynic I'd say someone at google just invested in secure site cert companies.

Seriously WHY? This change make's no sense at all. All I can think of is they are so desperate for quality signals that they are going down desperate paths.

This is a very limited experiment but I can say that since running https on a website there has been no traffic tank at all, and no increase in traffic either. However there has been a cost to the client!

It's all a bit false anyway because any webmaster could install a 3rd party piece of code from a company that has Purchased their own SSL to thus ensure their own SSL doesn't get a half-baked SSL logo, and that 3rd party could then load all kinds of c*** into the website, and the little 'ole user wouldn't know any different. In fact they'd think the connection was secure.

Probably this is a good thing long-term because if you've spent any time reading Hacker2600 you'll know internet security is about as strong as your "pa55w0rd" and it will force webmasters to actually look at whether extra codes that might have been forgotten about get used in the future - particularly if those code providers don't have SSL available on their website and it's stopping the webmaster getting implemented properly.

What would be really good is if Google used it's position to do an instruction video on the importance of strong passwords and delivered them to their entire customer base, because https is only as secure as the webmaster is diligent in policing it.

The only thing SSL does is protect information during transmission, after which the information is unencrypted. I believe most data that's hacked is hacked after it's been unencrypted. In fact, I don't recall ever seeing someone hack data in transit. So for real security, SSL is pretty much worthless.

Nevertheless, SSL is generally accepted as being strong security for visitors transmitting personal information. So Google's playing to that, as well as consumer's misconceptions. It's likely even Google believes that SSL is protecting information - their site uses SSL.

Secondly, EV SSL certs pretty much gaurantee both a real proven entity and physical location, confirmed by a second unrelated entity. And in terms of security THAT is a big step forward. Which is why as I've noted already, I would go with an EV SSL cert over a regular cert. Google's not claiming to care about EV vs. non-EV certs yet, but if I was a betting man, I give it 2 years before we actually see a measurable shift towards this, particularly on any sort of ecommerce searches.

Wheel, you're absolutely right. In fact EV SSL where a cross-cheque is done with issuing server would seem to me something that should have been standard out of the box.

One day I believe Google will also see the value because when I was checking a few months ago their own products don't use EV. ;)

- Google cares about Sitespeed
- Google cares about SSL
- SSL implementation slows down your site
- Which signal is more valuable, and is there a trade-off here?

naicul, SSL will give a very small performance hit. Not too concerning.

Google said this carries “less weight than other signals such as high-quality content.”

This makes me listen! Just the fact to set this two things in comparison is something think about SSL. Panda seems more about site issues, site safty and trust then about content.

Second with every signal the add to panda score the other signals will loose steenght in regard of the 100% panda score. So if your site has lack of some new signals this will make your site to have a smaller panda score.
There is no asking about weight of SSL in panda score, there is the question how many lacks is the maximum to break through a treshold.

>>>>- Google cares about Sitespeed
- Google cares about SSL
- SSL implementation slows down your site
- Which signal is more valuable, and is there a trade-off here?

Today, site speed should win hands down. And it's because of Google. IT's been shown repeatedly that a fast loading site makes a difference in user conversions - that's why you speed it up.

SSL will produce comparatively little no decrease - not enough that it should be a worry. Much more important would be to go through your site and get rid of whitespace in html, optimize images, js and css, tweak apache and mysql, and maybe throw some faster hard drives at it.

The computing power required to encrypt a page using SSL should be not noticeable on a half-assed tweaked website/server. Go run your site through webpagetest.org.

I put an EVSSL cert on a major site a few weeks ago and it fell two places for it's main search term to page 2 last week with no other changes.

At the same time I stripped another page one site to the bones and made it superfast loading. Last week it rose two places for a very useful search term. The problem is that it's no longer the bright, all-singing, all-dancing site it was and conversions have plummeted so earnings have fallen to far less than it achieved before my vandalism. No doubt it will drop in the SERPs again as a result of the much higher bounce rate.

Oh, the many joys of SEO. Still, it's better than working for a living.

Don't confuse correlation with causation. Maybe you were on track for a larger ranking drop, and the changes saved you from that. Or maybe the changes you made had no impact on the ranking drop.

Sc2, i canīt imagine that a SSL certificate will drop your site 2 places. Ist falling donw the drain, nothing will happen or your site will get a boost. But not two places. That sounds like īserps noise.

I have to agree with wheel. All the signs seems to say, loading Speed, coding style ( White spaces, JavaScript compression ... ).
I thought i was fine with my site. And every time i go through my code if can find many, manyy things to do better. Standing still is going backwards! ( and i donīt Support Google now, i think it is the only way to compete with the big guys. )
All the low Content sites i see have one Thing in common: they are of pretty low html. I guess there is not much more than 50 rows of doing.

Back to SSL. I guess this is a sign of Profession. MOst of MFA, linking pages and i do it in the evening after my work webshops will not implement a SSL, because it is too expensive. MOst of this site use Hostings with 1 buck a month for unlimited traffic and 1 GB space. IN most cases a SSL will not be installable on this small accounts. Hence, wheather it is good or not but this makes the web a big step smaller as many Hobby sites will disappear again. Or Google will distinguish between Shopping/hobby/info sites?!

Hence, wheather it is good or not but this makes the web a big step smaller as many Hobby sites will disappear again. Or Google will distinguish between Shopping/hobby/info sites?!

I think it's more likely that HTTPS will simply become the default, and hosting services that want to stay in business will offer it to everyone--including hobbyists, personal bloggers, and the like.

Does anyone know if you need to get the certificates from your current hosting company or can you buy ones from say <a discount registrar> and still use okay? My current host is like Ģ160yr per domain.. :
.

[edited by: Robert_Charlton at 5:06 am (utc) on Sep 22, 2014]
[edit reason] removed specific discount registrar name, per forum Charter [/edit]