Ever since Google announced that websites operating fully secured behind the HTTPS protocol will feel the benefit of a ‘small ranking signal’, a high number of successful and failed migrations have happened. To read the announcement from Google, click here.
Security for Google is a huge priority and using strong HTTPS encryption as default is highly rewarded due to it being more secure. At Google I/O in 2014, Google have called for “HTTPS everywhere” on the web. Google had been running tests to identify whether or not they can use secure websites (HTTPS) as a signal in their search ranking algorithms – positive results have been identified and they launched this officially.
Whilst it only affects ~1% of global queries at present, and currently not being identified as a significantly positive ranking signal, it’s something to be aware off and be ready to do.
Results will be instantly seen from this switch, you will know if it has been completed successfully or not. Tell tale signs of a successful migration are seeing rankings remain the same and search impressions match the level of previous numbers in Search Console.
Tell tale signs of a failed migration is ranking drops consistently across your entire keyword set, as well as a reduced queries number in Search Console.
Google provided these original recommendations when making this switch:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag
A Google employee, Gary Illyes, recently stated…
If you’re an SEO and you’re recommending against going HTTPS, you’re wrong and you should feel bad.
— Gary Illyes (@methode) August 18, 2015
This left me frustrated due to Google’s original recommendations mentioning none of the most important recommendations from an SEO perspective to mitigate any traffic or visibility loss. This has left several SEOs baffled due to witnessing failed migrations, as well as successful ones.
More updated documentation has been provided by Google here.
It is a difficult thing to advise a brand to move to HTTPS when their rankings and organic visibility is great, why take that risk if all the right areas, such as login and checkout processes are already under HTTPS?
Through witnessing a few successes and failures and seeing Gary’s tweet, I’ve decided to create a checklist for anyone to follow when going through this HTTPS migration.
Things to follow to ensure you have a successful migration from HTTP to HTTPS:
- Before migration, run through all current redirects and update to point directly to HTTPS, skipping the current redirect into the HTTP URL. This reduces additional hops and reduction in any equity this URL passes
- Create redirects for both www and non-www version of URLs, unless forced, into HTTPS through one hop, no more
- Ensure all other properties that you own that link directly into the current website redirect directly into HTTPS URLs.
- Ready to switch all rel=”canonical” & rel=”alternate” tags to HTTPS
- Create HTTPS specific Search Console account as data from HTTP account will disappear
- Create HTTPS sitemap to upload to website and Search Console when switch happens, delete old
- Notify Google of site move through Search Console
- Update all internal links
- Have valid SSL certificate
- Crawl website through new protocol using Screamingfrog or something similar to ensure all interlinking is working correctly
Once this is all done, you are ready to move to HTTPS.
Please be aware that whilst Google crawls the new URLs, it will take some time for Google to completely remove the old HTTP URLs.
If you’re experiencing a downward trend still, please get in touch as a more in-depth analysis may be required.
James, thanks for writing this! I too was very frustrated with Gary’s tweet and lack of follow-up/discussion or clarification. It creates more confusion than needed. In regards to your step #1 (finding redirect chains) I have a whole post how to do that, if anyone needs some extra help with that: http://www.evolvingseo.com/2013/10/09/how-to-find-fix-redirect-chains/
Hi Dan,
you’re more than welcome. It was very frustrating to say the least.
Thanks for helping readers find out more detail about nailing this process.
“If you’re an SEO and you’re recommending against going HTTPS, you’re wrong and you should feel bad.” – Wish I could make my co-workers believe this, HTTP everywhere not a sniff of a HTTPS