15 August 2014

Is A Secure Site Really Necessary?

By

You may have seen reported in the news this week that Google will give HTTPS sites a marginal ranking boost over those without the critical S. Sounds good, but it’s not as simple as just flicking a switch. In fact people started querying this as far back as 2011:

 

The problem with anything that Google says and does is that everyone reacts in a way that can often be illogical, pointless or even harmful. Whilst no one disputes that having a secure site is a good thing, you have to take a more logical approach to this. Some sites really don’t need it and I won’t be going to the trouble to arrange it for my own WordPress blog.

An issue has arisen in that because so many people have panicked and rushed through infrastructural changes without giving themselves the time to consider the consequences, the results have indeed been negative. Even as far back as 2013 people reported switching could cause a problem. The issue itself isn’t with the application of HTTPS but with the execution. A website’s ranking is built on a strong foundation of backlinks, on-site copy and structure amongst other lesser signals and it’s that core foundation that keeps a site well ranked. If you move the site without moving its foundation then you lose most of what is supporting it.

What needs to be understood is that people are encrypting their websites without placing site-wide page by page redirects - that alone is a recipe for a ranking disaster. It is also not uncommon for sites that have been newly redirected to take some time to ‘re-rank’. It makes sense because there’s nothing stopping people building sites for authority and re-directing the lot to some kind of spammy money site. To me it’s just a precautionary procedure of vetting the new site so don’t be surprised to see this happening for a few months.

The issue is mostly technical, with people suggesting you need separate IPs alongside additional ‘this’ and costly ‘that’- for some sites it simply won’t be worth the effort. In case you are looking for a solution, instead of using a dedicated IP, most major browsers support server name indication (SNI). The SNI extension allows you to have numerous certificates on one IP. This is a more beneficial and a less wasteful use of the already limited IPv4 resources.

Rackspace who are one of the largest hosting companies, and probably already your host, have already provided guidance on SNI here.

Our advice to our clients and anyone is don't panic and rush through poorly thought out infrastructural changes. We feel you would be better off waiting a few months to let the dust settle. Let’s see what issues people have technically and SEO-wise, as well as if sites experience any benefits. This way we can better decide what direction we need to go in, and whether it’s even worth carrying out any changes at all. 

Back to blogs

More from our blog Inside the industry and our agency