ssl-lock-browserGoogle is always announcing new things and this week was no exception when they announced that HTTPS encrypted sites would be given a slight preference over non HTTPS sites in the rankings.

Here’s the official word from Google Webmaster Central.

Here’s what they said:

For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.

You can read what Google has to say about best practices in implementing HTTPS here. (Mind you, it's pretty general because this is complex and the specifics will vary from site to site.)

Here’s some of the things you should consider before making a switch to HTTPS on your site:

Speed

Speed. HTTPS is inherently slower than HTTP. Yes, slower. With ranking signals, I’d worry more about the overall speed of my site first before switching to HTTPS. [updated 8/11/14: this site tests with an additional 43 ms – that's milliseconds – so not much impact on speed from SSL in this case)

URL, Links and Social

This is like changing your domain, all of your urls change.

Since your urls change, this affects social counts for +1’s, likes, tweets – so they’ll reset to zero. If you make use of these counts/badges on your site, you might want to reconsider.

If you embed external content – this can cause issues with warnings. For example, you embed a photo from another site on your site – and it's not HTTPS, your visitors will see a warning about non-secure items (this warning depends on the browser).

You need to treat this like you were changing your domain name – this means paying attention to the proper canonicalization and doing the right redirects, and testing and making sure it all works correctly.

Added Cost

It’s an added cost, that will add to your annual costs to keep your site up and running. SSL certificates are typically only good for a year, then must be updated. You can buy them for multiple years, but you’re still spending the money. Certificates range in cost from $20 to upwards of $500 for those with extended validation. Another cost factor: you need a dedicated IP address, if your hosting account doesn't come with one, you'll have to upgrade, at additional cost.

Free?

Free SSL?  You can use Lets Encrypt – who offer a free certificate – I haven't tested them or their process, but it's an option, especially if you're only going SSL for SEO reasons. Otherwise, you need a certificate that’s issued by one of the big CA (certificate authorities) because their credentials are already in place in your visitors browser. Going the free route means, in most cases, your non-technical audience would have to do very technical things to “trust” your certificate or if you rolled your own self-signed certificate, people would see lovely warnings about security when they visited your site – pretty sure you don't want that. And if all of that doesn’t make you cringe, you must have a very geeky audience or your don't depend on organic traffic. Many hosts make this available in your hostin control panel.

Wrapping it up

For me the bottom line is this: Google says it is a “very lightweight factor” – so if you still have things on your to do list about bigger, heavier ranking factors, you should probably do them first.

I’m working on a write-up of the whole process for a WordPress site, with screen shots right now and expect to have it up in a few days. Is there anything you’d like to know? Tell me in the comments!