So, Google has started to use HTTPS as a ranking signal. At time of writing which is still early adoption period, the signal is quite low. Which means, it counts but not that very much. Does that mean you ignore it? Maybe not because the official blog post did mentioned they may increase it in the future.
In general, HTTPS is a good thing. SEO aside, it can really help your site visitors and help you keep things secure.
Before moving on, if you don’t know what HTTPS is, here’s a quick explanation. Most website traffic and web pages begin with HTTP in the URL. All data that is pulled from your web host and loaded onto the computer screen of your visitor is done in the open, thus unsecured.
The good news is – getting HTTPS on your website is not rocket science. It’s also become more affordable.
These days, I get my secure certificates through Namecheap. You can get one too starting at just $9/year. For most people, that’s enough. Especially if all you’re running is a blog.
I know choosing one is confusing and the sites who sell it make it seem like one gives you higher security or protection than the other. Technically, a secure certificate is a secure certificate. They all give the same strength of protection.
The question really is how in-depth do you want them to verify your business? The deeper you let them ‘check up’ on you, that you are who you say are, the more it costs. The up side is, this gives consumers more confidence. Again, not thoroughly necessary if you are simply blogging with no e-commerce.
If you do sell products through your website, then get as much as you can afford but don’t get too hung up over it. Having one is better than a whole lot of other small entrepreneurs who don’t. So you’re still one step ahead.
While I have to emphasize again that it isn’t rocket science, you do have to pay attention to what you are doing and follow the instructions carefully how to apply the certificate. In some cases, depending on your web host, you may not be able to apply the certificate yourself. Either way, they should be able to help.
Once it’s applied, if you use WordPress, you should switch your site address and WordPress URL over by simply changing out HTTP to HTTPS but that’s the simpler issue. The tougher part – your internal links and images may not work anymore because these are often hard coded into posts. You’ll get a nasty warning in your browser that not all items are secured on a secured site – which scares visitors – a lot.
This can be done with some search and replace commands in the database or you can use a search and replace plugin. Still… this is perhaps the most intensive part of the entire process and I would highly recommend someone do it for you if these things sound remotely scary to you.
Another one for WordPress users – some plugins may not support HTTPS so you’d want to have the plugins you use checked out.
Finally, after everything is loading properly, you should submit a change of address notice to Google because switching to HTTPS is considered a URL change.
We’re down to the ultimate question – should you?
Well, let’s first look at the cost. If you make a decision to commit, you’d need:
- An SSL certificate renewable each year (starting at $9/year and up)
- A Dedicated IP address – depending on your web host this price varies but I’ve always paid $1/month extra
- Technical help/assistance to get it all to work properly – varies greatly
All in all, to get switched over you probably should budget a minimum of between $150 – $200 per website. Thankfully, you only have to set up once.
I think if you are in business, or looking to profit from your blog or website in any way – it’s a good thing. It shows you are pro-active and you care about your customer and reader’s security online even when it will cost you money every year and some extra expense setting it up in the beginning.
To me, that’s more important over SEO. The SEO benefits (that could become more important over time) is simply cherry on top.