https and seo

HTTPS and SEO: How Website Security Impacts Your Rankings

Wondering how HTTPS and SEO are connected?

HTTPS is a ranking factor the absence of which can harm your SEO.

In this article, you'll learn how HTTPS and SEO are related and how you can update your site from HTTP to HTTPS.

What is HTTP?

HTTP (Hypertext Transfer Protocol) is a technology process that enables web browsing. It provides a standardized way for devices, web browsers, and websites to communicate.

HTTP vs HTTPS

HTTPS is the modern, secure version of HTTP. In fact, the “S” in HTTPS stands for “Secure.”

This improvement on HTTP enables browsing to be private and safe from hacking.

You’ve probably already seen HTTPS in action. When you visit sites that use it, you’ll see a lock icon displayed in the browser’s address bar.

https lock icon

Thanks to HTTPs, people can log into websites and shop online without their data being intercepted or altered.

Internet browsers, web servers, and websites all play a role in HTTPS.

HTTPS and SEO

Interestingly, there are several ways that HTTPS (or lack of it) can impact SEO. Here are the key SEO benefits.

HTTPS as a Ranking Factor

In 2014, Google’s algorithms began using HTTPS as a minor ranking signal.

That's not surprising since secure sites provide a better experience and Google’s success is tied to satisfying searchers.

Sites that switched from HTTP to HTTPS often enjoyed a small ranking boost.

Fast-forward to today and HTTPS is still a ranking factor, but hasn’t been given additional weight since 2014. Along with a handful of user experience (UX) signals, HTTPS is part of Google’s Page Experience metrics.

Like page speed, HTTPS may impact ranking but quality of content is more important.

Avoid “Not Secure” Messages

In 2018 Google's Chrome browser began flagging HTTP sites as “not secure.” Other browsers followed suit, developing their own visual warnings.

These prominent warnings, in red, are enough to scare anyone away from a website.

http warning message
Above: Example of a Google Chrome warning.

It’s easy to see how a warning like this can crater your traffic, sales, and search engine rankings.

Improve Speed

Sites using HTTPS enjoy faster loading times, too. This is because HTTPS runs its security checks much faster than HTTP does.

You can get an idea of the speed difference by using this test website and clicking HTTP or HTTPS at upper right.

http vs https speed test
This test we ran shows HTTP as taking almost 6 seconds. By contrast, the HTTPS version loaded in half a second.

Keep in mind that page speed can impact your ranking and every second counts. And your site speed impacts conversions.

According to Google/Soasta research, for every 1-second delay in loading, conversions can decrease by as much as 20%.

Expanded Performance

HTTPS websites also get access to technologies that can boost conversions and sales.

These technologies include:

  • Credit card autofill
  • The HTML 5 geolocation API
  • Push notifications
push notification example
Plugins like PushEngage enable you to target site visitors with special offers. This is a demo example from the PushEngage website.

Trust: Generating Click-throughs and Purchases

Website security is critical for making sales. Buyers are understandably picky about online transactions. And no e-commerce site wants a hacker accessing their customers’ credit card numbers.

Realize too, that most searchers expect all sites they access to be secure, including forums, membership or subscriber sites, and blogs.

Using HTTPS costs nothing and it’s well worth the security it provides and the trust it fosters.

Switching to HTTPS

Is your site still using HTTP? If so, you may be wondering how to switch to HTTPS.

You’ll need to get an SSL certificate. The good news is: you can get one for free, and it's never been easier to do.

Role of SSL Certificates

When a searcher clicks on a secure website, HTTPS authenticates that site, ensuring that the connection is safe.

This authentication process involves a trusted 3rd party that creates and signs digital certificates.

These 3rd parties, like Let's Encrypt, are called global Certificate Authorities. They exist to help people get and manage SSL certificates, which are used by web servers and websites to enable these secure connections.

Do note: SSL (Secure Socket Layer) certificates are also called TLS (Transport Layer Security) certificates. TLS is simply an updated version of SSL, but the term SSL certificate is still commonly used.

How to Get an SSL Certificate

Getting an SSL certificate used to be a headache. Dozens of types were advertised, and it was hard to figure out what kind you needed.

Plus, installing it required a webmaster’s help.

That's all changed with the non-profit foundation Let's Encrypt. This organization, backed by industry leaders like Google and Cisco, provides free SSL certificates.

These are typically obtained from your web hosting provider. Often the host will handle this process automatically. At the most, you may need to click a button or two.

Regardless, it's an easy process, and it varies slightly from host to host.

enable https on netlify
Above: Netlify users can get an SSL certificate auto-installed by clicking a single button.
  • For security reasons, every 90 days Let's Encrypt automatically issues a new certificate for your site.
  • You can opt to renew your certificate every 60 days if you prefer.
https enabled message
Above: Many hosts, like Netlify, have processes that auto-renew Let’s Encrypt certificates every 90 days. Site owners can click “Renew certificate” if they want to renew before the 90 days. That process is automatic too.

Hosting Providers

WordPress hosts that offer Let's Encrypt certificates include SiteGround and WP Engine.

Drupal hosts include Acquia.

If you're using a static site generator, like Gatsby or Hugo, consider using Netlify.

How to Redirect Your Site from HTTP to HTTPS

Once you have your SSL certificate, you'll want to redirect your old HTTP URL to the new HTTPS URL.

http://example.com → https://example.com

This way Google and other search engines will crawl the new site and stop displaying the old HTTP pages in search results.

WordPress site owners can use the All in One SEO (AIOSEO) plugin to perform this redirect. It's easy.

aioseo homepage

All in One SEO (AIOSEO) is an established plugin with over 3 million users and thousands of 5-star ratings on WordPress.

Download the All in One SEO (AIOSEO) WordPress Plugin

First, download and install All in One SEO (AIOSEO).

Then, in your WordPress admin bar, mouse over the AIOSEO icon and choose Redirects from the drop-down menu.

aioseo redirects

In the new window that's opened you'll see several tabbed options.

Click the Full Site Redirect tab.

aioseo full site redirect

Scroll down to Canonical Settings and click the toggle button on.

aioseo canonical settings

That will open a new window with a few options.

At the top, you’ll see your old http address displayed and the https one you’ll be redirecting to.

aioseo http to https
Notice how the new site address at right includes HTTPS.

Now, click the toggle button next to Force a redirect from HTTP to HTTPS

aioseo force redirect

Optional: Below that you'll see a drop-down menu that gives you an option to add or remove www to/from your domain.

aioseo preferred domain

Scroll down to click the Save button at lower right and you're done.

Note: Some web hosts automatically redirect HTTP to HTTPS. But many do not. Check with your host to find out whether you’ll need to execute the redirect yourself.

Bonus Tips on HTTPS and SEO

  • If you’ve just moved to HTTPS, be sure to update Google Search Console and Google Analytics so the correct URL is tracked.
  • Fun fact: You can visit any HTTPS-enabled website to view its SSL certificate information. In the browser's address bar, click on the lock icon. Then click on “Connection is secure” and choose “Certificate is valid.” A pop-up window, called the Certificate viewer, will appear.

Q&A on HTTPS and SEO

Why don’t all websites use HTTPS?

There are several reasons why not all websites use the HTTPS protocol. There are plenty of abandoned HTTP websites online. In some cases, these sites were abandoned before HTTPS was available.

Other sites never redirected their HTTP address when they switched to HTTPS, so all their web pages can be accessed with either protocol. (By default, Google will index the HTTPS version.)

And lastly, some site owners may simply not know how easy it is to switch to HTTPS.

What is HTTP/2 and HTTP/3?

HTTP/2 and HTTP/3 are major revisions of the World Wide Web’s protocol. HTTP/2 was designed to replace the original protocol: HTTP/1.1. The purpose of the revision was to improve performance and solve congestion problems caused by the increasing complexity of websites. Using a new technology called QUIC, HTTP/3 boosted performance further.

What’s Next?

We hope this post helped you learn how HTTPS encryption can improve your search engine optimization and support conversions.

You can also check out our article on how to boost your SEO without expert help and our complete blog SEO checklist.

If you found this article helpful, then please subscribe to our YouTube Channel. You’ll find many more helpful tutorials there. You can also follow us on Twitter, LinkedIn, or Facebook to stay in the loop.

author avatar
Sherrie Gossett Content Writer
Sherrie is an SEO analyst based in New Hampshire in the United States. When she’s not busy researching, implementing, and writing about new SEO developments, she can be found hiking and playing guitar.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.