How can you claim that https is not good for a small ecommerce business site? It does not matter if you are big or small, proper web security is a good thing. You can debate the level of benefit and if it is worth the extra effort but claiming increased security is a bad thing is not a wise position.

Just because Google is not our friend and we don't like Google does not mean we should not do what is best for our website, business and users. If Google didn't exist I would still be using https. Not using https is kinda like not having a password for your email account - not the smartest idea. Security is a good thing.

I am also confused why you are connecting https with negative links. I see it less of a direct relationship and more an issue of properly redirecting good links when you migrate to https.

Remember all those bad links you were disavowing? Well guess what, with https these are NEW.

No, the protocol is not required in the disavow file just the domain unless you wanted to specify a particular page (file) and the protocol is not needed there either.

By not including the protocol you cover both HTTP & HTTPS.

>>@goodroi: How can you claim that https is not good for a small ecommerce business site?

It's death sentence, part deux , for small businesses with weak link profiles, which are basically every one.

If you have weak link profile, some of your links via Penguin are weighted NEGATIVELY. Thus, sinking some of your pages FOR SOME QUERIES down below competition.

This none of the mom-and-pop businesses know. And SEOs are making money hand over fist because of small business Yo-Yo, up-downs. Because Penguin counts some links now, some later, some counted 3 years ago... so if you have small site and weak link profile you NATURALLY fluctuate due to Penguin.

Now, if you've been trying to prevent that, or if a small business hired SEO who's been doing its job, then they've been removing links that are suspect to negative weights from Penguin. Some links are impossible to remove so they are disawoved. But Penguin still remembers it's keywords - BECAUSE PENGUIN negatively weights keyword by keyword. So, even if you disawoved the site, keyword is remembered. Or Google should come out and say otherwise.

So ho and behold - HTTPS are now NEW LINKS. They are physically different.

Small sites are being hit AGAIN (because new "bad" links) , regardless of all the work and disawoving and regardless of paying SEOs big bucks.

SEOs are going to make out again.

This doesn't apply to sites with strong link profiles as 1000 bad links out of 1 million make no difference. But 1000 bad links out of 2000 make for Penguin-ized website.

[edited by: smilie at 6:37 pm (utc) on May 4, 2017]

It is time for us to get together and do some Google Bombing of a few prominent SEO sites.

Bomb some of the fat KWs on their sites out of Google's top.

It is so cheap and easy to do. You can start by buying the crappiest possible links on fiver for $5 a bunch, and as long as it's correctly targeted it will work.

And it will finally get attention, because they will start whining and complaining "I've got negative attacked". So since Google completely ignores this site, maybe they won't ignore some of their SEO buddies who make out like bandits.

While webmasters are a dying breed.

And SEOs are making money hand over fist

While webmasters are a dying breed.

You seem to contradict yourself

.

Au contraire. Webmasters and SEOs are two different things.

SEOs make money selling SEO services.

I bet over 90% of webmasters are not SEOs.

A call to action usually is for something constructive, not destructive.

Meanwhile, if all advice is to 301 http to https when changing protocol, I can't see that a site will be negatively impacted a second time. Just doesn't make sense. And if true, you can bet your bippy the hue and cry would have sounded last year.

@tangor, it is extremely constructive.

We, webmasters, here, are completely ignored.

There's years of threads here, documenting how small business sites and bloggers are being hurt. Read all the Google update threads, if it doesn't make you weep for the people I don't know what would.

Actually, posting 25th "Google updates" thread and reading yet again how people are hurt 25th time is unproductive.

I know it does make some people salivate at the thinking of all the profits they can make selling SEO services. Which are non-stop because new bad links show up in bunches regardless of who you are, by virtue of spammers, scrapers and affiliates. Thanks to Penguin and negative link weights.

So, after years of NOT BEING HEARD, I suggest voicing a stronger opinion. And since you have no direct channel to Google, going through gatekeepers, millions making SEO gurus, is an extremely constructive way.

After all, Google takes OUR content and makes money on it. There should be ways for us to get through the cloud of self-fulfilling ignorance.

When somebody robs you , you don't start talking to them and try to "find a constructive ways of conversation".

You take out a bat or a gun and try to hurt them enough so that they stop harassing.

This is basics of human survival skills. Extremely constructive.

Because the robber is here not to have a constructive conversation with you, they are here to rob you of your money.

@smilie

some https migrations go wrong, can you not ad property https urls both www and non www in WMT than put same disavow file to them as you did for http url?

Forgetting all the absurdities in the analogy above, just who is stealing whose "money"? Did g give everyone a pot of gold just for running adsense, like getting a toaster for opening an account?

There are no freakin' guarantees anyone will make any kind of money. Only thing that is offered is the opportunity to play the game BY THEIR RULES, and take what comes.

If those facts aren't obvious then.... well, might try a different kind of business.

We were dropping out of our #1 spot on Google and were told to implement SSL and that would surely improve our SEO.

BUT it killed us--our ranking, our traffic--and it's been almost 60 days now, with no climb back up.

The other issue is that we've put the redirect in our .htaccess file so if someone goes to the main url it will redirect to SSL, but any subdirectory does not get redirected. So any backlinks will still go to the insecure site. Don't know if that's an issue..? This is the code:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

[edited by: Robert_Charlton at 11:44 pm (utc) on May 4, 2017]
[edit reason] delinked example code - use code tags in future [/edit]

@devGirl

Should be

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

OK, will try that. Thanks!

Try visiting pages in your subdirectories with/without the www and the https. mod_rewrite rules only could work under some conditions, but "any subdirectory does not get redirected" sounds like they are not being inherited.

Subdirectories / folders commonly need their own rewrite rules. IF there is any .htaccess file in those folders, they need to have their own rewrite rules. If they are not inheriting rewrite rules, they need their own rules.

Subdirectories / folders commonly need their own rewrite rules. IF there is any .htaccess file in those folders, they need to have their own rewrite rules. If they are not inheriting rewrite rules, they need their own rules.

Yes, so if the HTTPS redirect is correctly done in the base directory, any sub-directory would only need these two lines in htaccess:

RewriteEngine on
RewriteOptions inherit

The indication is that devGirl did not have the HTTPS redirect correctly done in the base directory.

Some do have their own .htaccess. I'll try the inherit, first.

BUT most importantly - SSL killed our rankings! Anyone else have this experience.

BUT most importantly - SSL killed our rankings! Anyone else have this experience.

Sorry to hear that, however it appears you did not implement SSL (HTTPS) correctly so the correlation that it caused rankings to drop may not be valid.

Here's the rub.. so far I've switched about 30 web sites to HTTPS, including my own 3 sites. Not one has dropped in ranking due to the switch. I have only heard a few reports that HTTPS caused a ranking drop and since I'm not privy to all their information, I can't say whether these are valid reports.

There have been several SERP updates lately that have upset a lot of sites. It's very possible (and probable) that if your new HTTPS site has seen ranking decline, it is due to these updates or some other factor unrelated to the HTTPS switch.

@keyplyer - true, there are always other factors in a rankings drop but it tended to correlate with our SSL implementation. Now that the code is implemented correctly, I will be tracking it in the next month or two.

Appreciate everyone's help...
Jennifer

Theoretically there should be no difference between HTTP and HTTPS if configured properly and all redirects are done correctly. HTTPS in and of it self it not specifically a ranking factor for KEYWORDS or LINKS. Like keyplry I suspect recent algo changes are responsible, particularly over the last 90 days. Its all too easy to look to the protocol change to be the villain, but that's highly unlikely.

If your site collects any kind of PII from the users, you need to be using HTTPS. If you don't, then ride HTTP while you make full plans to change to HTTPS at some future date. Run the checklist of things to do to make that switch over as painless as possible.

Anyone having issues after switching to HTTPS might want to consider this checklist:

- Generic Steps to Switch from HTTP to HTTPS -

• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.

• Install security certificate.

• Have you host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS.

• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.

• Install 301 code in .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Note: your server may require a different code

• Go through site again, page by page, and test. Any remote absolute links will need to be HTTPS including those found in scripts & pluggins. If you publish Adsence or other advertising, links in these scripts need to be HTTPS also (or just remove the protocol altogether.)

• Update sitemap.xml (if applicable) and submit to appropriate agencies (Google, Bing, Yandex, etc)

• In Google Search Council create a new site using HTTPS. It will take a few days to start populating information. This is normal & traffic to old site (HTTP) will drop off accordingly.

• Bing Webmaster Tools, Yandex & others should update automatically once they crawl your new pages. Updating/re-submitting sitemap.xml should speed up this process.

In addition, for large sites (greater that 10,000 urls), bear in mind search engine crawl budgets. It might take a little time to completely index the site.

Even when the site is completely indexed it might be another six months before any ranking changes will appear, though some have reported a severe drop after a two week period of joy. I think it might take a year before everything settles down, but that just me.

To the excellent checklist keyplyr posted above I would add a note:
When you add the https version as a "new" site in your Google Search Console account - do not use their Change of Address form [support.google.com] because it does not support https: changes.

Note: The tool does not currently support the following kinds of site moves: subdomain name changes, protocol changes (from HTTP to HTTPS), or path-only changes.

I find the insight and help on this very timely. Sooner rather than later is how I'm viewing this. If this helps earn some trust or show credibility then I have to do it. It's hard enough getting organic so why make it harder.

Switching to https has been great for our site.

Some kind of content/panda related penalty meant we simply couldn't rank for anything at all. If any of our terms were in the top 10 pages it would be in position 80 onwards.

The only thing that would rank was is if you added our brand name and even then it would be lucky to get somewhere on page 1.

We switched to https and have done all the usual redirects etc.
Like a switch being turned on, Google suddenly understood what the pages on our site are about which changed all the rankings of our tracked terms dramatically.

For example one of our core keywords we were on position 70 on average. The page Google was showing in the SERPs was our 'about us' page for this term.

We switched to https and then a couple of days later at most we suddenly jumped to position 12 to 14ish (which is totally fair enough - it's got a lot of competitors for this term).
It was also showing the right page as well!

It's the same story for all the tracked keywords - http urls found in the serps were in row Z and could've been any random page on our site, https urls are ranking as they should.

It's almost as if switching to https caused google to treat our site as new and have evaluated the content again and have lifted whatever Panda slap the site was on, which it simply wasn't doing 2 years after changing all the content on our http version of the site.

All the links are the same (they now say 'via this intermediate link' in GSC).

Happy with https - organic SEO is now worthwhile because absolutely nothing could've moved the needle beforehand for love nor money.
Now there is a possibility...

@dereksmalls5

when did you make the switch to https?

I initially saw a huge increase in traffic, but it dropped back to lower than before within 2 weeks

Guys, what I said in post #1.

You get possibly a boost due to Google's manually boosting https because they for some reason want https.

After several weeks, since https are ALL NEW pages and https are all new links too, you lose traffic.

Because:
1) your manual boost is over and external links point to the wrong pages, and
2) the https links Google finds that Google Penguin considers "bad" , as they are found they are new bad links on top of already found links.

Unless, of course, you have 10,000 links or more and don't care if 1000-2000 of them have negative weights.

But if you have 2000 links, like a typical small business or a blog that doesn't spam, and there's already 1000 links that are "bad" due to Google Panda, you are getting another 1000 due to people switching to https. And, ADIOS, amigo, you now have more "bad" links that others.

What a mess.

@smilie

After several weeks, since https are ALL NEW pages and https are all new links too, you lose traffic.

That is not accurate. If you have properly installed the 301 redirect, all traffic will go to the new HTTPS website. All your link juice from backlinks will also go towards your new pages.

Properly switching from HTTP to HTTPS does not, in itself, cause you to lose traffic. If you are, then it is because of something else.

The PROTOCOL has nothing to do with link juice or keywords. It is a transport medium and you, the conductor, will just have to make sure the traffic is REDIRECTED to the new PROTOCOL.

I'm more inclined to believe internal links, if not relative or have been search and replaced for the protocol, would be the problem. Until that is done the site, even on HTTPS is "not secure". Any third party that is called which is not HTTPS will also be a problem.