Google: Migrate your website to HTTPS all at once when installing SSL
Do not migrate in steps, the best practice is to do it all at once—or let your SEO suffer.
Migrating to HTTPS can impact your SEO. If you’re not familiar, SEO is search engine optimization. In the online marketplace, you need visibility and that comes in the form of search rankings. The goal of SEO is to get the content on your website to rank the highest possible in search results. The higher you rank, the most business you’ll do.
Sometimes, adding an SSL certificate to a website and migrating that site to HTTPS can cause your search rankings to temporarily drop. Remember, when you migrate you’re changing the URL for every page on your site—instead of starting with “http://” they now start with “https://”.
But there are best practices that can help you mitigate risk.
Best Practice: Migrate your entire site to HTTPS at the same time
In a Google hangout posted last Friday, Mueller shed some light on the way Google’s search handles a website’s HTTPS migration:
In general, what I would do with a move to HTTPS is just move everything at once. We do try to recognize site moves like this where you are moving a bigger part of your web site to a new set up. We try to process that a little faster. And it helps us to really know that the whole web site has actually moved. So if you are doing this in steps what generally happens is it takes a lot longer and there is a bit more room for error. Because we might be missing something, we might be assuming that you are only moving part of your web site, and next month the next part comes, how and where do we combine these things? So my recommendation there would be to just bite the bullet and do that change completely.
Mueller also calls using 301 redirects the “perfect method” for pointing your users to the new HTTPS URLs.
Don’t move your website to HTTPS piece by piece
Many websites do try to move their websites to HTTPS in small fragments. And frankly, that’s understandable. Some enterprises have massive infrastructures. Some businesses want to make sure and test that everything goes smoothly before committing to migrating the entire site.
But as much as you may want to do that, it’s not the right move.
Just like it may be tempting to just migrate certain, more sensitive parts of your site to HTTPS while leaving others unencrypted. Don’t do that either. The best practice is to encrypt your entire site. HTTPS Everywhere is an initiative the browsers are pushing. If you don’t encrypt parts of your site, those pages will receive an SEO penalty and you’ll also be opening yourself up to new risks like side-jacking.
And when you do migrate, don’t yell at your SEO guy if the search rankings dip a little.
In general, if you move to HTTPS [all at once], for the most part it will be very smooth. It won’t be the case that you’d drop out of the search results completely. However, anytime you do a bigger move on a web site or any bigger change on a web site there are potentially fluctuations that can help. So that is something you’d want to keep in mind. If things do fluctuate a bit, don’t panic, it will pass.
If you have any other questions, leave them in the comments section. We’ll be happy to help.
What we Hashed Out (for Skimmers)
Here’s what we covered in today’s discussion.
- When installing an SSL certificate, the best practice is to migrate to HTTPS all at once.
- Google tries to recognize when a whole site has moved, just moving pieces can cause mistakes.
- This won’t impact your SEO long term. Though your search rankings may fluctuate, it will pass.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown