1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:09 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

What will happen if I don't switch to HTTPS?

possible downside of non-secure pages

         

keyplyr

12:23 am on Feb 18, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Many site owners are still deciding if or when they will follow the new SSL standard of using a security certificate and switching to HTTPS.


Possible downside of not switching to HTTPS*

• Visitors may start to decline. As discussions about secure web sites become more popular, visitors may avoid non-secure web sites.

• Browsers are still transitioning but the warnings will get more explicit for ALL pages, not just Credit Card or forms. These warnings may further scare off visitors.

• Google has made statements that secure sites will gain advantage in mobile & desktop SERP. HTTPS is already being displayed for secure sites. Bing & other Search Engines will surely follow.

• Eventually, non-secure websites may be considered unsafe to users and purged from SERP altogether.

• Browser support for HTTP/2 protocol is only for HTTPS websites. This protocol greatly speeds up page loads. If your site is not secure, you will not benefit.

*Possible scenarios, no one knows for sure.

keyplyr

5:44 am on Sep 3, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



@killua - IMO 483 out of 489 is pretty good. From what I've been seeing, 3 months for a site your size is about normal. Don't forget, 10s of thousands of other sites are doing the exact same thing you are. There's likely a rush to get this done before the hammer falls.

There's also the possibly of report descrepanccy. That index report has been faulty several times in the past, sometimes only for some accounts.

super70s

1:02 am on Sep 7, 2017 (gmt 0)

10+ Year Member Top Contributors Of The Month



I just wanted to warn anyone with Disqus comments on their site, leave the URL of your http site alone in the Disqus settings because the comments will still load anyway. If you change it to https you'll go down a rabbit hole that involves downloading a .CSV file of all your pages with Disqus comments, correcting it in Excel by adding corresponding https URLs, and reuploading it. Some of the URLs weren't even my domain (I have no idea why) and as long as War and Peace, so this was practically impossible for me to do. I thought I finally had the .CSV file fixed, but they wouldn't even accept it!

I just went back in the Disqus settings and changed my URL back to http, and the comments showed up again.

killua

4:45 am on Sep 7, 2017 (gmt 0)

10+ Year Member



I'm not sure how you did that with Disqus. In my initial test, the Disqus comments will disappear if the site is accessed through https. I'm not sure though if the HTTPS 301 redirect triggered that. In my case I just used disqus recommendation of migration tool which is the csv method, and the process was easier than I thought.

Mark_A

7:04 am on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I have questions re changing to https.

1) presumably all the pages on the site have to be re-indexed by g as they now have new urls.

2) relative insite links will still work but if there are any full / absolute links they will have to be updated.

3) presumably all inward links to the site will now be broken, how can I maintain traffic and PR benefits from inward links once I have new urls?

4) links elsewhere formed as www.example.com should still work, will they? but any that were formed as http://www.example.com will have to be updated - for example in all employees outlook email templates and the like?

Any that I have missed?

[edited by: phranque at 7:37 am (utc) on Sep 7, 2017]
[edit reason] exemplified domain [/edit]

Mark_A

7:14 am on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Yup missed one.

I am being offered two different levels of ssl deal, a basic one and an enhanced one. It seems the only benefit from the enhanced one is that our company name will appear in the top left of the url bar, it is quite a lot more expensive, I am thinking of going for the basic ssl deal, any opinions?

keyplyr

7:36 am on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Those are two different types of security certificates.

You can self install a free certificate. These hosts try to take advantage of their customers. This doesn't need to cost you anything.

Get a free cert here:
Lets Encrypt [letsencrypt.org]

Peter_S

11:20 am on Sep 7, 2017 (gmt 0)

5+ Year Member Top Contributors Of The Month



These hosts try to take advantage of their customers. This doesn't need to cost you anything.

It's sure that LOT of hosts will take the opportunity to charge their clients for certificates they may get themselves free ! Also charging for free certificate, and for installing them, etc, etc... and may be for the renewal. It's easy to pressure clients by claiming that if their site is not in HTTPS they will be wiped from the face of the world (which is not true)

Get a free cert here:Lets Encrypt [letsencrypt.org]

From scratch is requires some skills and knowledges, to set up a LE certificate. but it's possible that Mark_A is using a web control panel which can include this automatically. I know that CPanel, Webmin, and certainly others come with a module especially dedicated to Let's Encrypt.

Additionally, there is Caddy WebServer which is really great for this, you simply have nothing to do. It handles HTTPS automatically, and generate the certificate without any action from you. But people using Apache or Nginx, will certainly not try to switch and rewrite their configurations.

phranque

12:10 pm on Sep 7, 2017 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



links elsewhere formed as www.example.com should still work, will they?

that is considered a relative link so a click on that link should request www.example.com using the same protocol as the url of the page containing the link.
assuming that is a link on your https:// page you should be okay.

if you enter www.example.com in the browser address bar (without protocol specified) the default requested ptrotocol usually depends on browser settings.

super70s

1:38 pm on Sep 7, 2017 (gmt 0)

10+ Year Member Top Contributors Of The Month



I'm not sure how you did that with Disqus. In my initial test, the Disqus comments will disappear if the site is accessed through https. I'm not sure though if the HTTPS 301 redirect triggered that. In my case I just used disqus recommendation of migration tool which is the csv method, and the process was easier than I thought.


Well I figured out how to make the .CSV file work, I just put all the URLs (3656 in my case) in a plain text file, and separated the http and corresponding https URLs with a ", " as they instruct. That's a lot easier than trying to modify it in an Excel file, at least for me.

They accepted my .CSV file, and the migration has begun. A check of the first few URLs shows it's working (thank God).

Peter_S

1:45 pm on Sep 7, 2017 (gmt 0)

5+ Year Member Top Contributors Of The Month



I am surprised that it's sound such a pain with Disqus, I assumed that they were handling this automatically considering how important they are.

super70s

1:59 pm on Sep 7, 2017 (gmt 0)

10+ Year Member Top Contributors Of The Month



Yeah me too. And personalized support with Disqus seems to be nonexistent.

Mark_A

2:45 pm on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Hi phranque
if you enter www.example.com in the browser address bar (without protocol specified) the default requested ptrotocol usually depends on browser settings.


I was thinking of inward links, if they configured as www. rather than "http://www" - anyhow as long as they arrive at either they will be served the right page.

But would it be wise to request webmasters hosting inward links to our site change their links to https ..?



[edited by: not2easy at 8:22 pm (utc) on Sep 7, 2017]
[edit reason] unlinked partial URL [/edit]

keyplyr

6:48 pm on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Mark_A - if you can get some backlinks edited to reflect your new protocol, sure do it.

However, if your 301 Redirect is working correctly, there's nothing future you need to do as far as backlinks. Everyone will get to the correct place.

lucy24

10:24 pm on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



But would it be wise to request webmasters hosting inward links to our site change their links to https ..?
It's no different from any other type of link where your URL has changed (or the link was incorrect in the first place). If you can get the linking site* to update it, do so. Otherwise, just make sure you've got the appropriate redirect in place.


* If you are the other site owner's mother, you are home free. For arcane historical reasons, quite a few people arrive at my games via my son's personal site. Easiest Update Ever. Haha.

keyplyr

10:57 pm on Sep 7, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It's no different from any other type of link where your URL has changed (or the link was incorrect in the first place).
Sure it's different. Other links that have changed in path lose some link juice with redirects. Google has stated that an HTTPS 301 will not.

Mark_A

6:40 am on Sep 8, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Sure it's different. Other links that have changed in path lose some link juice with redirects. Google has stated that an HTTPS 301 will not.

Good to know, thanks! I was worried about the link effect in google.

lucy24

4:01 pm on Sep 8, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Other links that have changed in path lose some link juice with redirects.
Link juice isn't everything. Or, at least, it isn't the only thing. (This is not the Google SEO subforum.) There's also bandwidth and server load and all the details that add up whenever someone has to make more than one request in order to receive a given page.

Mark_A

8:01 am on Sep 9, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Hmm, I may have to look at the URLs used in adwords also.

keyplyr

8:09 am on Sep 9, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



No need. All Adsense is HTTPS.

Unless you're referring to the links you put in Adword ads you are creating.

Mark_A

8:25 am on Sep 9, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Yes, I am thinking about adwords ads that we run.

We don't do adsense, our site is a B2B SME selling its own products.

keyplyr

8:40 am on Sep 9, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



So once you switch protocol to HTTPS, you will use that everywhere, for everything.

The old HTTP protocol is history. The web isn't going back :)

super70s

3:29 am on Sep 10, 2017 (gmt 0)

10+ Year Member Top Contributors Of The Month



Hmm, I may have to look at the URLs used in adwords also.

No need. All Adsense is HTTPS.

Unless you're referring to the links you put in Adword ads you are creating.


I had to modify a lot of Amazon widgets (which they don't offer anymore but still support in a legacy manner).

CPhttps

7:46 pm on Oct 15, 2017 (gmt 0)

5+ Year Member



If you don't make the switch to HTTPS sooner or later your content is going to get booted. Furthermore without HTTPS you can't use HTTP/2 which means your content will be slow.
I use Godaddy and they haven't upgraded to HTTP/2 but the day is coming.

keyplyr

9:00 am on Oct 24, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



There's an ongoing & informative discussion regarding server response headers that strengthen security after you've made the switch:

HTTPS Security Headers [webmasterworld.com]
This 204 message thread spans 7 pages: 204
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:09 am May 21, 2026