Interesting. This may result in even fewer domains being moved to https.

We are in the middle of site re-development and a hosting move. As a part of this, all URLs (apart from home page) will change. The site is eCom and the cart will be under https.

Since we are already changing URLs and hosting, I am thinking of going https across the whole site at the same time. This will avoid site-wide URL change if we would move to https later on.

What I am interested in is - what are the risks? Of course, providing it is technically done correctly.

One of risks is SSL certificate expiring and therefore site coming up with the ugly "Invalid certificate" message.

Any other someone can think about?

As I suspected, and glad I'm not jumping.

Any other someone can think about?

There's some talk that it can affect AdSense earnings if you have a site that utilizes AdSense. I'm not entirely sure I understand it, but I believe Google only serves ads with https landing pages to sites that are entirely https. So until everyone adopts, you could potentially affect your earnings.

I suppose another risk would be if you are embedding any non-secure element on your pages, you could get the dreaded mixed security error message.

lol, so essentially it's near worthless. I don't even understand why they made any announcement in the first place.

The concept was good, the actual implementation for everyone must have dawned upon them, at last, as monumental.

lol, so essentially it's near worthless. I don't even understand why they made any announcement in the first place.

Then you need to think further on why they made the announcement. I doubt it was accidental.

Step 1 is to always ignore Google. If you went to HTTPS in order to get an immediate rankings boost, that was a foolish move. There's no way it's that easy. Google's announcement should have served simply for you to evaluate if you should have an https cert for any reason. If so, get one.

And by the same token, ignore this 'it won't help your rankings' because that's likely just as false or misleading. If you should be using https, get it anyway. And if you should have EV SSL (as you should, if you're doing any sort of ecommerce), then get that now.

This is the single best predictor of future ranking signals that Google's announced in years. Maybe Google only announced this in order to get enough people to switch to SSL so that they could measure the data. THey measure for a year, and then change rankings a year from now. Or two years. Or 6 months.

We do know it's an extremely minor ranking signal. And we know Google cares a lot about encryption. Do it, then forget about it. It'll help, to some extent, someday, as a signal of quality. Other than that, forget about it. It's best practices, just like site speed etc.

Then you need to think further on why they made the announcement. I doubt it was accidental.

I did think that there may be something behind the announcement. I wonder if they measured the uptake, and from where that came. Drawing up a map might be easier with just https.

People need to be thinking about this purely from an encryption point of view. I'd say, do I really need it, and is it going to give my site some respect?

Does it really matter that it may, or may not be a ranking signal? No, it doesn't really matter from that side. Just do it because you need to, or want to. As wheel says, there are far more important ranking signals.

In the original announcement, they said HTTPS was a lightweight ranking signal, and it stands to reason that one lightweight signal out of 200+ ranking factors isn't going to cause a visible ranking change in most cases.

I remember asking John exactly the things you mention here (any German hangout):

-Why must "rewarding security" be so complicated and technical? The web not only has big brands, SEOs and webdesigner or pro-blogger.

-There will be a competitive disadvantage for small sites and non-technical webmaster, because big companies and "profs" know how to implement https and in future will get a more significant ranking bonus.

-Why should webmaster do it, if they don't let their visitors send data ect., not needing THIS KIND of security? Information based sites, old static sites, personal sites, my grandma ect.

His comprehensive explanations were really enlightning and transparent:

-It was important to give a clear sign, what way they will go, as security will play a bigger part in future.
Just my "feeling": there is more "behind", may be Google fear loosing public trust because of data protection/Snoden ect. which more people than ever before become aware of. And don't forget: https is a "technical" issue, giving hard facts easy to check... I think they really love such things (instaead of improving their social skills... G+...)

-https makes sense not only for sites which allow their customers sending data; this point really surprised me: on the long run (!) even other sites should have https and he mentioned some more or less reasonable things probably not many webmaster think about (don't remember concretely, sorry).

-He hopes hoster and CMS-creators make it easier in future to use https. Therefore "everyone" can and should use it then. Google will encourage this developement and https was the first step.

Btw, as far as I know, Google never used expressions like "ranking boost", but many like to create sensations, like many bad newspapers which distort truth and citations. Why do for example SEO-bloggers use words like "boost" regarding https?

So why did Google (not sure who it was - but probably John Mueller) actually say in the first place how ever many weeks ago that the https WOULD have a small effect on rankings.... I wonder does anyone have a link to that video...

It does have a small effect on rankings. Some people assumed/hoped it would be big enough for a visible ranking change. Google should have place more emphasis on small and webmasters should not have made assumptions.

This is a bit typical of Google & webmasters. Google makes an announcement that is intended to influence webmaster behavior. Webmasters overreact and then complain that Google's statement is inaccurate. Google then clarifies the statement to show it wasn't inaccurate. Webmasters then become complacent. 1-2 years later Google rolls out an algo update that adds real power to what Google suggested webmasters should have been doing all along. History tends to repeat itself so it might be helpful for webmasters to learn & remember from the past like how Google influenced nofollow tags and similar issues.

I wonder if they measured the uptake, and from where that came. Drawing up a map might be easier with just https.

Good point. Perhaps they are monitoring if Churn&burn sites will be converting. If it is too complicated/costly for them to convert every time they do rinse&repeat, then they could dial the signal up later on.

I am still in two minds whether to convert the rest of the site to https or not (cart will be under https anyway). The site is changing the hosting, the country being hosted in, the site is being re-developed and all URLs will change (old URLs will redirect). I am not bothered about "ranking boost", but I am wondering whether introducing SSL across the whole site will give the site more trust and therefore minimise any potential drop.

@goodroi:
+1
Very true... unfortunately both webmaster and Google itself forget to learn from the past in most cases.

Google's https posting confused half of the web, evoking wrong expectations and interpretations. Like many other "information posts/videos"...
Would have been easily avoidable, just by writing more, being more transparent, precise and concrete, considering their experience with webmasters, their perception, wishes and fears.

Fewer engineers and more experts in communication psychology, human/social skills ect.

Google's https posting confused half of the web, evoking wrong expectations and interpretations. Like many other "information posts/videos"...Would have been easily avoidable, just by writing more, being more transparent, precise and concrete, considering their experience with webmasters, their perception, wishes and fears.

They said HTTPS was a "lightweight" ranking signal. I'm not sure how much more "transparent, precise and concrete" they could have been without divulging the recipe of their secret sauce.

Still, maybe it would have been better if they'd said nothing at all. "Transparency" sometimes creates more problems than it solves.

Still, maybe it would have been better if they'd said nothing at all. "Transparency" sometimes creates more problems than it solves.

Uahh!

Usually transparency cannot and shouldn't solve problems, but it can help to avoid them efficiently.

Bad done transparency is "not good", but no transparency at all is very bad. I vote passionately for better transparency in terms of quality and quantity.

More and better transparency regarding https in my eyes has nothing to do with revealing exact algo influences.
It's more about the things I heard in the hangout. So every webmaster better can consider https regarding his individual situation and needs. Is it worth for me...why... when.... how....secondary factors...

Google says "lightweighted" and IMHO this is absolutely correct but not really good in terms of transparency and useful clearness. Imagine: Google publishes his post about https. Millions of webmaster read it the next days and I bet 50% of them react like this:
"lightweighted ranking factor"? "dollar-on-mode" in the eyes... what could that mean, between 1 and 10 rankings dependant on absolute SERP-position, longtail, KW-domains, not competitive KWs? Having 100 KWs each improving a bit.... ect. ect.
And google should know this. Of course it's up to the webmaster what he or she wants to do then, but the first step is made by their post.

More than 200 ranking factors.... considering as single factors almost every one is "light", just because there are 200. Not only https.

Years ago everyone knew that a normal single directory or article link is just a very lightweighted help and what happened...

More than 200 ranking factors.... considering as single factors almost every one is "light", just because there are 200. Not only https

Google never said that all 200+ ranking factors were equal in value. (Identifying HTTPS as a "lightweight" signal makes it fairly clear that some ranking factors are "middleweight" or "heavyweight.)

The problem with announcements of this type is that some site owners and SEOs blow everything out of proportion. Still, if Google is trying to encourage people to use HTTPS, it makes sense for them to communicate the fact that HTTPS is now a lightweight ranking signal even if some people can't or won't understand that "lightweight" means "lightweight."

Certainly not all the factors are equal in value. Neither Google nor my last post claimed this.

some people can't or won't understand that "lightweight" means "lightweight."

Nobody is able to estimate, what "lightweight" means or could mean. Nobody knows the worth in relation and dependance on other factors. Dependant on his KWs ect.
You only know: more than zero and not making you rich soon. Somewhere inbetween.

aakk9999 certainly better knows to estimate "lightweight" than many other webmaster and is not sure if implementing https...

light, middle, heavy? Are you sure this classification exists?

Maybe Google is waiting for enough trusted sites to move to https before dialing the signal up. Because big brands, which I presume are Google trusted sites, move slowly (for example, just a slight change to the colour of the font can result in a 6-12 weeks release schedule, https would be much longer project with big guys).

If G. dials the SSL signal up too early, the SERPs may actually get worse as many Google trusted sites may get disadvantaged over fast paced smaller websites that are able to react quicker.

I think the reason they made the announcement is because it's a huge switch for most website owners and that announcement is step one on a long road. It's like McD starting the move towards becoming a vegetarian restaurant. You don't just show up one day and it's all lemon grass burgers and nutloaf.

It's a huge shift and they were careful to say that "for now", it isn't a ranking thing but the scope is there in the future for it to become one. In other words, it was important for them to get that stake into the ground as soon as possible but don't expect any picket fences just yet.

Maybe Google is waiting for enough trusted sites to move to https before dialing the signal up.

This is what I'm thinking.

There's also the indirect angle. If users tend to click more on HTTPS sites or tend to be more loyal to those sites, then the user feedback could be a positive signal.

All depends on users perceptions really. It only takes some users to have this behaviour to make it a 'lightweight factor'.

I believe Google only serves ads with https landing pages to sites that are entirely https.

I checked a few ads on some secure domains and plenty of them have an "adurl" that's http-only, so I don't think this is the case. As I wrote in the other thread [webmasterworld.com], I believe Google is referring to the many third-party ad networks, some of which do not currently support SSL and will be disabled if your site is SSL-only.

(It took ~60 seconds to publish this post after clicking the "Submit" button...)

Google generally doesn't show any visible response to even more heavyweight ranking factors. These take time and it is difficult to tell what actually caused what. The use of https is not necessary for most pages. If you are taking credit card details or user data then that is where it is important but there is no real need for it on static sites. Peoples isp is still going to know what sites they have been on and so will companies like google and facebook with their buttons and ads on peoples sites. Perhaps it makes people feel safer but an encrypted tunnel would do a much better job of keeping their activities private as does having seperate login accounts for different sites that are not attached to their id and are of low security importance.

One thing to keep in mind is that we're slowly moving towards 'replacing' HTTP/1.1 with HTTP/2 which, like SPDY, will be HTTPS-only.

I have switched two of my websites and i lost 90% of the incoming coming from Google.

I think that switching to https is a big trap.

I plan switching back to http in mid november but i already switched from http since 30 days.

I have discovered that switching to https is way more critical that it looks.

I remember i saw those two google guys announcing the ranking to https but they didn't talk about lots of issue surrounding https.

1. It turns all your incoming to 301 redirect because everybody linked to the http version of your website and not your https version.

2. I had issues with my wordpress plugins that didn't get the https.

3. I have discovered some shared web host ask for a fee to get a https (even if you use free cloudflare).

4. That's an unknown world and there is no benefits.
Some people started to do some tests online and they didn't see the benefits.

There are benefits to switching to https (from Google & for general security) but you need to ask yourself if the benefits outweigh the trouble of migrating to https.

In my opinion, for most websites today it is not the right time to switch to https. If I was launching a brand new site today I would probably launch it as https because I do think most websites will eventually migrate.

I have switched two of my websites and i lost 90% of the incoming coming from Google.

I switched one shortly after John Mueller's announcement, mainly as a test, and as far as I can tell, changing from http to https hasn't had any effect at all.

Down the line? Maybe. The fact that CloudFlare is pushing https so hard (it will be available even to free accounts soon) suggests that the winds are shifting toward https.

>>1. It turns all your incoming to 301 redirect because everybody linked to the http version of your website and not your https version.

That's a great point. It's worth doing some work to get your inbound links changed to https from http.

Of course I have no idea if that helps or hurts, but it seems like good practice. I did a bit of this, but not a full scale shift.

It's possible that the 301 to https from http isn't as bad as a 301 from one url to another - because the url isn't changing just the protocol. Entirely speculation though as to whether that's true.

As I noted, I experience no discernable shift in my rankings - up or down.

I moved my entire website to https shortly after Google's announcement. I had been considering doing so well in advance of what Google said for the sole reason that various points of contact on my website request a company's name, contact person, address, etc. Google's stated preference for https was the nudge I needed to move forward. The results? Not impressive at all.

After switching to https, our homepage dropped from the search results for about a week. A month into the switch, only 72% of our sitemap listed pages are being reported as indexed in Webmaster Tools (100% had been reported for the http version). And there are days when I log into Webmaster Tools and it reports 0 pages indexed (maybe a glitch in WMT). Traffic is down, but thankfully most of our sales come from repeat customers that we've been serving for years.

People who are more reliant on traffic from Google should be cautious about switching. Even though Google is the search company promoting better ranks to https sites, with the correct level of encryption, my results from switching indicate lower Google search traffic even a month after the switch to https was performed.

My traffic with Bing/Yahoo really did not change at all. I credit this to their superior site move feature in Bing's Webmaster Tools account. I never noticed my site losing its positions (#1 or #2 for main keyword) during the transition process.

My recommendation to anyone switching would be to follow Google's flimsy checklist (an easy site move option in WMT would be much simpler like Bing/Yahoo has) and use a Bing Webmaster Tools account to do the same for Bing and Yahoo.

It's possible that the 301 to https from http isn't as bad as a 301 from one url to another - because the url isn't changing just the protocol. Entirely speculation though as to whether that's true.

I would guess if moving from one domain to another isn't the 10%-20% loss that is often reported, changing protocols isn't "hugely bad" either -- [webmasterworld.com...]