We all want secure sites. A big part of my business is helping folks do that. But, the new SSL ranking factor is NOT something you want to jump into lightly. In fact, you need to seriously consider the bigger picture before you make any changes this drastic to your site. Read on for what you need to know before you do anything.
UPDATE: Take a more in-depth look with my follow up post
Google SSL Ranking Factor – the Why, What, and How
Chasing the Google Cheese
SEO is still such a game. First it was keywords. Then Authorship. Then schema markup. Then Publishership. And now SSL.
Every time Google tells us what new thing they’ve included in their ranking factor, we all run like mice through the maze to capitalize on it.
Once enough folks have sufficiently gamed that system, Google moves the cheese.
SSL and HTTPS
Today Google announced HTTPS is a new ranking signal
Buried in that announcement is the following:
“For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
What That Means
Nothing about a site stands in isolation. This is now one of thousands of factors in Google’s ranking algorithm.
And, you have time to consider what you need to do.
Changing to HTTPS requires an SSL certificate. E-commerce sites must have them. Any site that requires secure transactions must have them. Blogs, not so much. That’s why this new ranking factor will only affect “1% of global queries.”
SSL is a minor factor in keeping your site safe.
It’s more about keeping your site visitor safe.
The data they send you is encrypted. That matters.
Your blog post being encrypted. Does anybody need that? Really?
What They Didn’t Say
There’s a whole world of stuff you need to consider before you make this move.
Changing to HTTPS means changing your permalinks.
That’s not a little thing.
You have to jump through proper hoops, not the least of which is submitting a new sitemap to have your entire site re-indexed.
It could 2-3 months for Google to fully re-index a medium size site.
It takes more time for your page or post to load from a redirect. So, if you have a wildcard redirect to send all http to the new https, it’s going to jump through that time drain hoop first.
The second speed drag is the TLS (Transport Layer Security) filter that the page has to go through. It takes time to encrypt and then deliver a page.
An SSL certificate costs money. If you’re lucky, your host provides a shared one. That’s great, but there are two other kinds that aren’t free. What if Google decides it wants one of those?
Like CloudFlare? Me too. But it and all other CDNs charge a fee for handling SSL sites.
Playing Well with Others
Do you know if all of your plugins work with SSL?
Are you using any special integrations on your site that you need to research first?
The Ranking Result
So, you could have a knee jerk reaction and try to jump on this immediately. Then take all the Google pops on the head for 404 error pages or other permalink related issues, and then for your site performance dragging in the dirt.
Or, you could wait.
Let the dust settle.
Get the whole story.
Then make an informed decision about what’s best for your site in the long run.
The Bottom Line
We all want more secure sites.
Were it as easy as getting an SSL certificate, I would have been the first person advocating it.
Right now, I’m saying hold up on the SSL thing for now, unless you have some reason better than Google saying they may make something of it somewhere down the road.