You know how you sometimes read SEO blog posts that are useful, and even brighten your day a little? This isn’t one of those. Sorry.
In fact there’s a reasonable chance that you’re not going like what you find here.
But please don’t shoot the messenger.
Google are starting to get more serious about the security of your website. At least in terms of having a certificate.
In other words Google are starting to care more about whether you’re using http://yourwebsite.com or https://yourwebsite.com.
If you’re using Chrome or Firefox, a secure website will have a little green padlock next to the address, like this:
You’re probably wondering: why should you care about this?
I’m not going to bore you with details and speculation behind what’s going on here, but the fact is that Google think a website with a certificate makes the online world a safer place.
Go Google.
So far, they’ve stated that this is not a ranking factor – in other words that having a secure certificate doesn’t mean you’ll rank any better.
But I think this is going to change.
Dr Pete Myers from Moz recently talked about the dominance of secure sites in the search results, and according to his research, 55% of the first page results are secure.
This research was with a fairly large sample of data.
I ran a few random searches while writing this, and would agree that the figure seems to be about right.
But 12 months ago this figure was around 30%, and for now it’s continuing to grow quite steadily.
So what, right? Why should you care?
You should care because this goes beyond Google’s official SEO stance.
Within Google, the Chrome team seem a lot more fired-up about this issue, and they’ve already announced that they “plan to be a lot more aggressive about this in the next year“.
They already warn users of Chrome that some content may be “not secure” under certain circumstances, and I expect them to become more militant about this issue in the future.
The future being this year. Update: the future being now… or rather in the past. A large number of Google Search Console owners received an email from Google around the 18th of August:
Brace yourself – this may be painful.
I could lie to you, and say that moving to a secure version of your website is really simple.
But it isn’t.
It’s not insanely technical, but it is a little fiddly. And it’s not something that you want to be doing in a rush.
More specifically it isn’t something that you want to be doing in a frantic panic when Google force you to do so.
And they’re starting to force you to do so.
So take the pain. Sooner rather than later. It’s better to do it now than having to rush it overnight because it just became vital.
How do you do it?
If you’re technically minded, enjoy learning new skills or are just very, very bored, the people at Search Engine Land have a great article:
HTTP to HTTPS: An SEO’s guide to securing a website
Update: Thank you to Stephen Kellett from SoftwareVerify who pointed me towards HTTPS Is Easy (and free).
If, however, you’re not comfortable with setting up a test server, don’t have a clue what canonical tags are, or how to even get a security certificate, then I strongly recommend that you reach out to someone who can handle this for you.
But whatever you do, please don’t just leave this on your to-do list. This will undoubtedly hurt you in the future.
And please don’t shoot the messenger.