In the wake of serial breaches of Internet security around the world, and with the high profile revelation of spying from the NSA, a huge number of important and influential websites started the campaign called Reset the Net. This campaign strives to convince website owners to migrate entirely to SSL-encrypted websites, protecting user traffic and data from spying, regardless of source.
In March, Matt Cutts – that high profile webspam envoy from Google – make sly insinuations that SSL would be trending later in the year, though he didn’t precisely mean the Reset the Net movement. Later, in early August, he made the announcement he had been referring to; Google has decided that a secure website would be a search ranking factor. A site using full site-wide SSL would have a higher ranking than a completely identical site without SSL.
That said, SSL as a ranking factor is still very minor. Cutts claims it will only affect less than a single percent of search queries, though in part that’s due to the relatively low adoption of site-wide SSL globally. Still, if you were inclined to migrate to SSL because of the search ranking benefits, you may want to think twice. The migration is fraught with pitfalls that can completely demolish your search ranking literally overnight.
1. Improperly Redirecting Pages
Migrating to SSL is a bit more complex than just implementing a security certificate you purchased from an accredited provider. It changes your page URLs from HTTP to HTTPS. While this doesn’t seem like much, you need to remember that the URL is EVERYTHING to Google. http://example.com/page1 and https://example.com/page1 are two entirely different websites, according to Google, even if the pages are actually the same.
You are going to want to make sure that your old site and your new site are identical in every way. The structure of the pages, the content of the pages, everything before and after the migration should be exactly the same, with the only difference being the S in the HTTPS part of the URL.
The reason is because you’re going to be implementing 301 redirects on a page level, from the HTTP to the HTTPS version of the page. Unfortunately, this is going to cause a loss of link equity and PageRank. The closer to identical the pages are, the more equity it will pass.
Do not, under any circumstances, use a site-wide 301 redirect for every HTTP page to your HTTPS homepage. This will essentially destroy any ranking you had for your pages and force you to start from scratch.
2. Forgetting to Change Canonical Tags
Migrating from HTTP to HTTPS has another potential issue; Panda. Google’s Panda hunts down and punishes instances of duplicate content. Once again, remember that Google treats any difference in URL as a different page. One copy of your site on HTTP, and another entire copy on HTTPS, is a massive duplicate content problem.
The best way to work around this is to use the rel=”canonical” attribute. You will need to edit every page of your HTTP site to include the rel=”canonical” attribute pointing at the HTTPS version of that page. This way Google knows that a migration happened, and doesn’t penalize you for the duplicate content.
Generally, with modern SEO-compliant web development, every page should have a rel=”canonical” attribute pointing to itself. This helps in a number of ways. If duplicate content is generated, the duplicate points to the original version. If a content thief scrapes your page without paying attention, it will point its canonical version at you.
The problem with this is that, if you leave it, your fancy new HTTPS pages will point to HTTP pages as the canonical versions. When Google then tries to set those pages as the real version, it is redirected back to the HTTPS version in a loop. This, understandably, ruins your search ranking for those pages.
3. Migrating During a Busy Season
So, here’s the thing. Migrating to HTTPS is going to hurt your site. There’s no immediate switch in the index. There’s no quick and easy migration. Just look at this image from SearchMetrics. The blue line is the HTTP version; the green line is the HTTPS version. Even months after the migration, the site hasn’t fully recovered.
Migrating during the busy season for your business is asking for trouble. Even if everything goes smoothly, you’ll find yourself faced with a lower search ranking and lower link equity. If you try to pull a migration during a time when you’re more sensitive to the fluctuations of your customers, when your competition is doing their best to outplay your site, you’re going to suffer even more.
The best you can do is make the migration when you’re during a slow season, make use of Google’s Webmaster Tools to notify them of the migration and submit a new sitemap. From there, just ramp your SEO efforts into overdrive to compensate.
There are some notable problems with migrating to SSL throughout your whole site.
- If you have any Google penalty or manual action taken against your site, a change of URL is going to be interpreted as an attempt to squirm out from under the penalty without fixing the problem. This can earn you an even harsher penalty.
- It’s easy to screw up at any step of the way. Failing to canonicalize properly, failing to redirect properly, failing to keep your site structure the same; these can all put the hurt on your site.
- If your site is heavily reliant on third party served affiliate ads or on scripts and images served by a CDN, your SSL is very likely going to cut off that content. SSL and external hosting do not play well together.
That said, migration does help secure your site against intrusion, phishing and man-in-the-middle snooping. It helps reassure your users that you care about their privacy and your own web security. It is, as mentioned, a minor ranking factor. There are benefits to SSL; they just take some time to manifest after the turbulence of a URL migration. Migrate properly, minimize that turbulence and you’re going to have the easiest possible time.