Google have recently announced that they will be giving a minor ranking signal boost to sites moving to HTTPS with a 2048-bit key certificate. They have actually been talking about this happening for years. There was a post made back in 2012 by Matt Cutts on Hacker News stating that if sites wanted to move to HTTPS they should go ahead and do so.

Google made the announcement in August saying that this is categorically a “light-weight signal” with less weight than other signals such as “quality content”. In short, don’t expect to go to HTTPS and expect your rankings to shoot up without having all other practices in mind such as site architecture, speed, usability and of course “quality content”.  This signal may get more weight in the future though…..

This is exactly what Google said on their blog post about HTTPS: “For now it’s only a very lightweight signal “” affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content “” while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

I personally think this is a great move for everyone including content only websites that don’t necessarily require users to transact on their websites. It helps keep their data integrity intact and will ensure less sites are hacked in the future.  This is great for Google as their users will see less results that return 404 errors, redirect to another site due to hacking, and so on.

Google themselves said that testing against sites on HTTPS has seen positive results in relevancy and rankings: “Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”


Should you be worried about SEO when moving to HTTPS?

In a word, no. As mentioned above, Google have been suggesting this for years. What you should do is take the correct precautions to ensure you are not negatively affect by the migration.

Here are some tips:

  1. Decide the kind of certificate you need: single, multi-domain, or wildcard certificate.
  2. Use 2048-bit key certificates.
  3. Use relative URLs for resources that reside on the same secure domain.
  4. Use protocol relative URLs for all other domains.
  5. Check out our site move article for more guidelines on how to change your website’s address.
  6. Don’t block your HTTPS site from crawling using robots.txt.
  7. Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.


Since the announcement, there is now a help centre article which provides all of the information required for a successful move to HTTPS/SSL.

Please bear in mind that you are essentially moving URLs to a new location and therefore need to make sure that correct mapping and 301 redirects are in place to direct users to your newly secured site. Google also have a help section on this which can be found here.


In the most basic form please always consider the following:

  1. Prepare the new site and test it thoroughly.
  2. Prepare a URL map from the current URLs to their corresponding new format. (HTTP to HTTPS equivalent)
  3. Start the site move and configure the server to redirect from the old URLs to the new ones.
  4. Monitor the traffic on both the old and new URLs. (I would suggest using Google Analytics and Webmaster Tools).


How does HTTPS work?

Information is secured via Transport Layer Security protocol (TLS), there are three layers of protection:

  1. Encryption“”encrypting the exchanged data to keep it secure. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information such as card details etc.
  2. Data integrity“”data cannot be modified or corrupted during transfer without this being detected.
  3. Authentication“”this basically shows that users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.



I personally think the HTTPS ranking signal will gather weight and importance much quicker than anticipated. With the ever increasing computing power available at lower costs, it will make it easier for hackers to steal information and compromise user data from unsuspecting websites.

I am testing this myself at the moment and will report on conclusive findings in the coming months on rankings and searc visibility. Over and out 🙂