#46 – Why You Must Switch To HTTPS This Year

What you will learn

  • What changes Google is planning for HTTPS
  • How these changes will affect Chrome users
  • An important SEO impact and why its urgent
  • How to switch to HTTPS simply and easily

Google has recently announced major changes to the way non-https sites are handled in Chrome. These will roll out in January and will affect SEO.

Anyone not currently on https should strongly consider moving to https this year. In this episode, we explain how and why.

Resources Mentioned In This Episode

Full Transcript

Gael: Hey guys, welcome to the Authority Hacker podcast. Today we are going to talk about https and why you actually need to move your site over to it, by the end of this year. And I am quite serious that is going to have some serious implications. Today I am with Mark, how is it going Mark?

Mark: Going great.

Gael: Cool. And you don’t know so much about https, right so you are mostly going to be like asking me questions etc, right?

Mark: I am going to be playing devil’s advocate here asking you all the newbie questions, so yeah.

Gael: I love it.

Mark: My understanding of https is it’s like http but a bit more secure? Right?

Gael: Yeah, basically, it adds a lot less security than people think.

Mark: Right, so what is http in the first place then?

Gael: I mean, http is just the protocol, it’s like a hypertext transfer protocol that is what it means actually. And it’s just a protocol that the internet uses to pass information, essentially. And alternatively, you have like FTP which is connecting directly to the files of the server, http kind of like displays the files on your browser. Https the s just stands for secure. That is basically it.

Mark: Actually, before we get started, I just want to let everyone know that Authority Hacker Pro is open for a limited time, until the 28th of September, for those who don’t know, Authority Hacker Pro is our premium course where we teach you everything you need to know about building, growing and monetizing your own authority sites, there are over 200 over the shoulder training videos, a huge active member community, loads of templates, webinars and a bunch of other goodies in there. Hundreds of people have already joined in the last week since we’ve opened, and we are leaving it open for another ten, eleven days, as this podcast goes out, until the 29th of September basically. And after that, it is not going to be available at all until next year, so if you want to check it out now, then go to authorityhacker.com/pro.

Gael: Now, let’s get started with the podcast, and let’s talk about what https does today, right, and, as I said earlier, it ads some security, the s stands for secure, but really all it does is it confirms that your site is not a fake site, is not fishing, you know how sometimes you get these scammy emails that say hey, update your bank password, click here to update your bank password, otherwise you are going to lose all your money or something like that, and these really scammy emails that try to steal your bank account. And usually when you click, it says like https.com but it doesn’t do https so they can basically simulate that they have this domain, but they don’t. Basically https prevents that, it prevents you from pretending you are someone you are not, and it also-

Mark: People can actually see let’s say PayPal.com in a browser?

Gael: There would be, not exactly, people will do, I don’t know how they would do it but for example sometimes you can do with an ‘r’ and ‘n’ you can make it look like ‘m’ and so it could be the ‘arnazon’ or something and then it’s instead of ‘amazon’ so if someone had that domain they could scam a bunch of people, it also encrypts the data you send, that is the main role of the https is encrypting the data you send and confirming that you are connected to the right server. That even though people could intercept the data that you send to a website say your credit card information, they can necessary decrypt it, it would be very complicated to decrypt it, it would take so much processing power that only very few supercomputers if any in the world could actually decrypt that data, whereas http just sends plain data which anyone can intercept and steal.

Mark: Okay.

Gael: Anyway, I am not a technical guy so that is the really broad vision, so if someone technical listens to that, and I said something wrong, just correct me on Twitter or in the comments but that is roughly what we know about http, but essentially that is what it does, so the technical aspect is that which is it’s great, it encrypts the data especially when you send credit card data that is why it’s basically mandatory to have an https on your site, if you process credit card payments on your site, otherwise, you should be using something like PayPal or Clickbank to process payments outside of your website, and it just confirms that, so nothing that crazy.

Mark: How is it different from SSL?

Gael: It is the same, the SSL certificate is what makes your site display https, you know.

Mark: Okay. Got it.

Gael: It’s the same thing exactly. That is what https is, now what it does right now is well, technically it displays https with a little like secured lock on the top left of the address in your browser, which tends to boost conversion rate and trust in your website especially if you are processing payments, so for example, now we have that all over our sites because we also sell e-books and stuff and that gets people to trust more, I mean, when I search in Google as well, it boosts the click through rate a little bit, when we post the https sites they know they are less likely to be spammy, it’s not like infoaboutacne.info or something, you know what I mean, it’s less likely to be a spammy site, so people-

Mark: It’s less likely but it is not guaranteed, is that right?

Gael: No, exactly. I mean, essentially now depending on your hosting provider, installing https can take up to 6 clicks and 3 minutes. And I am going to talk about how to do that.

Mark: Do you need to verify your identity or anything like that or can anyone do it?

Gael: Okay if we are going into the technical side, basically you used to have to do that with the classic SSL with the classic SSL it used to be until really recently, until 6 months ago, you had to give your company information and give your official address and all that stuff. Then you would kind of like put that key, that hash key into your server and that would generate the SSL through in the sale company like Commodore or something like that and that would be how you setup your SSL and that is how we’ve been doing it for our shopping carts until recently. But now there are these free SSL certificates which essentially register all the information in the name of your hosting company or in the name of the third party company. It’s a Bluehost as a seller, or it’s whatever. And so, on one hand it kind of removes that secured aspect to it, it’s much easier to access it and it’s actually for example we use Traffic Planet Hosting for some of our sites and literally, it’s two clicks, you just say enable SSL on that site and boom, there is an SSL, so there is definitely less verification and so on, but it’s also much easier to deploy which was a little bit of a pain before, so it’s l=kind of nice. But overall, the appearance of it for people is going to be essentially quite similar unless they actually look into the SSL itself, they look into their info that is encrypted into it, then there is a little bit fewer data and even SSL has different types of SSL, sometimes you get the really big block of green on the left like if you go on Amazon or something you get that or if you go on our sites you get the lighter version so it’s pretty complicated but overall, what you need to understand is that the classic SSL is registering name the company, the new SSL is registering the name of the hosting company essentially, or whatever third party you are using there is letsencrypt.org that actually provides free SSL for anyone using any hosting company, if you are not afraid to touch your service settings that s pretty cool. But that’s what it does. But for the normal user, think about your mom, your mom has no idea about all this stuff, right, and it just boosts conversion rates, so that is what it does. And one thing I wanted to say as well is that it’s better to if you have a choice, when you start a new website, now I would never start a new website without SSL anymore, also because there are some SEO implications, and we are going to talk about the migration process that we’ve had moving our sites to SSL in the last few months. But, I want to first talk about what SSL is going to mean next year. There are a few things that are going to happen, officially, with google that is going to make SSL kind of-

Mark: Wait, when you say SSL you mean https? You use it interchangeably.

Gael: It’s the same thing. SSL is the certificate that shows https on your site, so it’s the same thing. It’s going to be kind of mandatory first of all, because Chrome which is the biggest browser out there is getting an update where now when you go on an https site it just says oh that site is secure, it’s great for your conversion rate, but actually next year, they are going to change so that if your site is https then it’s going to say this site is not secured. Instead of rewarding https sites is going to punish non-https sites and I believe especially if you are going to be pushing any kind of transaction, or even reviewing products for that case, I think that is going to mean a huge drop in conversion rates. If you make any kind of money with your site, unless you are doing advertising maybe, even then, I think that it’s going t o be quite important to reassure your visitors that you are a safe website, and for that you are going to need that SSL on your site, that https on your site. That is the first one, The second one is that the announce that-

Mark: Did they say what it is actually going to look like?

Gael: Yes, so I will post the link in the show notes, but there is a TechCrunch article where they actually showed what it is going to look like. Which is, where you https on your address bar now is basically going to show like this site isn’t safe or something, so it is going to be red as well.

Mark: Is it quite like people know what it is or is it subtle?

Gael: It’s pretty subtle still. But you can see they are pushing in that direction. The same way you don’t always notice if you are on https or http site, look at how https is written in your address bar when you are on the site like that, well, that is going to be red and when you hover over it is going to be the [10:15 inaudible] Not exactly like flashing on your screen but still, it counts. Especially when it’s an easy switch now. The second thing is that this is going to, it’s already a ranking signal, Google already said like they are slightly favoring sites with https right now in the rankings, it’s not a big ranking factor, it’s not like if you are doing bad with SEO you add https and you are going to do great all of the sudden, but, especially in competitive markets, that is something that can give you a tiny edge and give you a bit of traffic and for sites like us, Health Ambition that gets a lot of traffic, even 1% increase can be quite a bit more traffic so it’s something that counts, but they actually are going to tune that factor up, so they are going to make it more important in the algorithm, so if now it counts for like 1% of the ranking factors, maybe next year it is going to be 2% or 3% which 2 or 3 percent more traffic on Health Ambition once again is quite a bit of traffic, so that means that on top of getting your traffic to actually trust your site is also going to give you a bit more traffic, because, for all these transitions this technology called transitions, sure, a lot of people are going to switch, but it’s always 80% of people switch and 20% just don’t do it or never update their sites or whatever. Especially if you are in an industry where people are not very good with tech, it’s definitely an opportunity to take advantage of that.

Mark: I imagine that it’s mostly going to be businesses that are doing this, I can’t imagine too many people with their personal blogs spending the time to update it at least. I guess it will probably become the default starting point.

Gael: Yeah, I mean, hosting providers will make it default very soon, you know.

Mark: Yeah.

Gael: There will probably be a gap between new sites and old sites if they don’t update, and I even expect that eventually all hosting providers will just update your site, and just do all the redirect etc, just write scripts to do that. There will be I think in a few years, it will be like all the way it will be https and there will be the odd http site and you will be like oh what is this. This is where we are going, essentially. But it takes time, it is like the [12:26 inaudible] when that existed, it took two years for people to adopt it and so if you are an early adopter you can actually have an advantage, at least for some time, once everyone has it, everyone will be on an even plain ground so it won’t really add much more other than like you will have to have it.

Mark: I haven’t seen too many sort of big warning signs like oh you must do this by January whatever, yet.

Gael: I mean, it won’t happen, Google will never tell you that you have to do it, at the end of the day, if you want to live without Google, you don’t have to do it. Which you are totally allowed to do. But, it’s something that more and more, you know, maybe Facebook will also do that, Facebook will be like oh yeah, we are going to give some more visibility to https links, for example, and your social media traffic could go up or even Twitter could do that, and everyone is just going to start following their lead and Google is often the first company doing these kinds of things and then there are companies that follow, everything is going to be harder if you don’t do it. I think as well that one thing that it’s going to do is it’s going to make PBN sites and gray hat stuff outlie a lot, because the way it works, is people have these networks of hundreds of sites that they use to link to their site. Now, moving one site to https is pretty easy, especially if your hosting provider which tends to be the more expensive hosting providers, not the $1 a month hosting providers that people that have big PBNs use, offer the SSL, but if they don’t like most SEO hosting companies won’t and even if they do it’s going to take a while to switch all these sites, I just can’t see most people most PBNs being switched to https which is going to be a great opportunity for Google to flag a bunch of these sites, and either make their links more toxic or make their links count less, or do something and essentially see who switches and who doesn’t. Essentially when you switch, it just shows hey I care about my website. The same way it was for the [14:22 inaudible] back then,and so I think that is going to be slight advantage people doing white hat here,

Mark: There is no technical reason why they can’t switch, just it;s lie a lot of hassle to do it.

Gael: Yeah, it’s a lot of work. It’s like doing one task is easy, doing that same task a 100 times or 200 times is definitely cost in resources. I am sure some people will do it, people who really care about their PBNs they will do it but I can also imagine a lot of lazy people/ people that don’t have the resources to do it that just won’t do it.

Alright, so now let’s talk a little bit about us moving to SSL because actually if you check Authority Hacker right now, it’s on https if you check Health Ambition it’s on https and actually we moved other sites that we work on to https as well. And it’s been around three months so usually I don’t like talking about things two weeks after I’ve done it because I see so many case studies out there where people are explaining how they have increased their traffic by 200% and it’s been only like ten days and then you check two months later and there is nothing left. It’s been three months, so I’d say we are done with it now, I mean, if you check Google, most of our urls are https now when we rank for stuff. What I want to say is that first of all, there has been a lot of horror stories about moving to https and how you would lose all your ranking and everything; that did not happen to us, actually, all the sites that we moved to https went up in ranking by 10 to 20 percent after we did that, in traffic, not in ranking. That actually was definitely a positive experience for us, and I am going to go through the process that we have been using; one thing that I have noticed as well is transition time, so often when you change the address of your website whether you change domain, or you know, in that case you just change the https so you had www or whatever it is, oftentimes your traffic drops and goes back up, actually that didn’t happen this time, this time literally the traffic stayed steady and just increased and you know, there was that transition time where some http urls would rank in Google and some https urls would rank in Google, and that was a little bit weird. Usually when it would switch from http to https the url would go up one or two positions and that is what explains the traffic increase which does seem to be like, https seems to be a bigger ranking factor than google says right now, which would not surprise me, although, we only tried it on the handful of sites so I would not say this is the proof that is going to get you more traffic.

Mark: I saw someone actually in the Authority Hacker Pro Facebook group said that they moved and the the rankings went down significantly. Or the traffic too, both.

Gael: I mean, I haven’t checked how that was done.

Mark: Yes, what I was going to say is, if that happens, what is the approach someone should take, should they move back, should they troubleshoot it or find out what is going on somehow?

Gael: I would probably first move back then I would try it again. I would move back and let things resettle back to the normal state and then I would try again two weeks later. I believe in that case it was probably not done technically properly, I just don’t know what the site was he didn’t share the url so I couldn’t really go and check, but we’ve done it on several sites, and we didn’t have any problems. For us, it’s doing very well, the only thing that was annoying though, is that you are going to lose your social shares, and that is really annoying, so Facebook, Twitter doesn’t really display shares anymore so it is not the problem but Facebook, Pinterest, and a few others literally just are kind of done, and they don’t understand that if https www.authorityhacker.com/posts is the same url as http www.authorityhcker.com/posts. It doesn’t get it, it doesn’t concatenate the shares, and so you are going to lose if you are using plugins like SumoMe, if you are using Thrive Themes or whatever. Actually, the display of your shares is not going to be done correctly and you are going to lose a lot of them which has been painful.

Now, at the beginning I was looking around and especially on Authority Hacker, I kind of wanted to save the shares on Health Ambition we get so many from Pinterest anyway, it wasn’t really a big deal, but on Authority Hacker we wanted to keep them and I tested a plugin called Social Warfare which I ended up removing actually, it does the job, it actually gets the shares back and concatenate in the share account essentially, and that is the plugin doing it, but it’s pretty horrible on mobile, despite what they advertise on their website, I have actually switched back to Thrive, so it could be good, if they improved the way the plugin displays on mobile a little bit, otherwise, I would much prefer something like SumoMe or Thrive I think that’s better, even if you lose your shares, yeah, it’s a bit annoying, but that is, I would rather have higher organic traffic and higher conversions, versus a number of shares showing up. And also, I have a high hope that Thrive themes or someone else figures that out in the next update, because they can still go back to http version and go and get these share numbers.

Mark: It’s possible to retrospectively recapture.

Gael: Yes, exactly, so that is why I didn’t, you know, it’s annoying, but I have high hopes that technical solutions will come out that will let us actually recapture all these shares and get back to a high share numbers on a bunch of posts, and if you go around Authority Hacker now, it’s kind of funny, because we have posts with 100 comments and 10 shares, you know, when they used to have hundreds of shares, and that is because of the https move, so definitely there is a loss here, but once again, organic traffic increase by 10 to 20 percent on both sides and I am pretty sure conversions are going up a little bit as well. I’d rather have that than a shared number on the counter, you know, it’s just what I prefer personally. We are going to basically go over how we did that, and I am just going to go in a really simple way, we have a full detailed webinar exactly on how we did it plus we talk about other things like push notifications and so on and how they work together, inside Authority Hacker Pro, so if you join Authority Hacker Pro actually, there is going to be more information about that transition. It’s only on the platinum level that is on the webinar that we talked about this, so yeah, if you want more about that, check it out.

How we moved to https? Very simple, first, we used a free SSL certificate provided by our hosting provider, for us, we use dedicated servers on Digital Ocean mixed with a service called Server Pilot.io but you probably shouldn’t do that if you are a beginner. What we recommend is that you use Traffic Planet Hosting I’ve seen Blue Host has that as well but Blue Host is pretty slow and not very- I mean if you really can’t afford anything better go for it, but I personally think Traffic Planet Hosting is a better deal. Both of these actually have the option and you just need to set your domain and they are going to show you and you click install free SSL certificate and you are done, it’s two clicks inside the control panel. Then we use a WordPress plugin called Really Simple SSL and essentially, that plugin does everything you need to 301 redirect and just anything you need and activate your SSL and so on, and then once you’ve installed it, you just need to click activate SSL and it’s on, basically it’s going to log you off your site but your site is going to be https. If you use Cloudflare you need to change the security settings to flexible all strict, I personally use strict but you can use both, and then, once you have done that, you need to go inside the webmaster console add the https version of your site so I went and did https www.authorityhacker.com and then I set that as the preferred version, and I said google hey, please show https if you have the choice between http and https. I updated our google analytics url because otherwise, it’s not going to track the traffic, and that’s it, I was done, it takes around 5 minutes actually to do all of that so it’s pretty easy.

Mark: If someone is not particularly tech savvy, who would you hire to do that for you?

Gael: Honestly, I would first ask my hosting support, because, as they offer this service, they are going to have more and more tutorials for that, try to DIY it and just follow screenshot guides etc, we have it in Authority Hacker Pro, maybe some of hosting providers is going to help you with that, I am not sure about Blue Host because they are not very good technically, but your hosting might be able to help.

Mark: Is there any risks, is there anything that you can really mess up when you are trying to do this?

Gael: Yeah, if you fuck it up your site is going to crash. [laugh]

Mark: Okay. Back things up before you do this

Gael: Yeah, that should probably happen anytime you do something on your site especially if you are unsure what you are doing. But yeah, if you do it wrong, especially with Cloudflare also if you, when you switch, and if you are running Cloudflare, don’t panic, if your site doesn’t work after you have activated the Easy SSL plugin, it’s because you need to go and switch the security settings inside Cloudflare from SSL none to SSL flexible or SSL straight. once you switch that, your site comes back online, so don’t panic if you didn’t do that step, and your site is offline, go and check that out but yeah, try to backup everything before you do that kind of stuff. Otherwise, maybe [23:51 inaudible] can help with that, you should ask them as well.

That is basically how you do it, that is basically how we did it and on several sites we’ve done that, on our friend’s sites we’ve done that, and I’ve never seen the traffic drop, ever. So that is a little guide that you can follow. Essentially if we recap all of that, right now having SSL is nice, but not necessary if you don’t do credit card payments on your site, but as time passes, it’s going to become more and more necessary, it also happens with push notifications as I said earlier, it’s going to make you rank lower if you don’t have it, it’s going to decrease your conversion rate if you don’t have it, so essentially, even if it is a little bit scary to do it and maybe you have a site that ranks and you are worried about what is going to happen when you do it, you should probably not change what is not broken etc. As time passes I believe there would e more and more incentives for you to switch over or rather punishment if you don’t so-

Mark: I mean, given how easy it is, I mean, not easy but how quickly you can do it, it takes 5 minutes you say then, there is not really a reason not to do it.

Gael: Yeah, and it’s just like you are going to have to do it anyway, so you might as well be an early adopter and get some benefit in terms of traffic and conversion rate while it’s still something that makes you stand out rather than the norm, you know.

Mark: Do you think people should do it now or wait until just before the update?

Gael: I mean, once again, it really depends on where you are on your business, right, if you are just starting out, and you have no content on your site and you are making no money, then probably you should worry about that first. If you are already making good money, you have a site that is running, you make several, at least a thousand bucks a month then just it’s worth your time because it’s so quick and even if you get a 5 or 10 percent boost in what you are making it’s like 1000 dollars a year, or 1000 dollars a month, in ten minutes.

Mark: Yeah. I kind of meant it more from the point of view of doing it now versus do it just before the update when perhaps like the social sharing issues are fixed, or this would be easier maybe some other hosting companies have easier options to do it, you know what I mean?

Gael: Yeah. I mean, yeah, if the social shares really matter to you, okay, otherwise, there is no real other issue, you know.

Mark: Okay, cool.

Gael: There is this Social Warfare plugin but it’s a paid plugin, it’s not very good, to be honest, I paid for it, and I wouldn’t recommend it, so they are going to hate me… But, so it really depends, if it’s a brand new or if it’s a site that doesn’t relies too much on social shares for social proof, sure, go for it, if it is important then maybe you can wait a little bit. I really hope, I know Thrive Themes is working on new themes, I really hope they’ll build that function in, for people that switch to https because it looks like social networks they just don’t care, Facebook, come on, they have the resources. It should be there for a while and it still not done, it’s not new to move to SSL right. I just feel it’s one thing that is going to come way too late, same with- and if Facebook doesn’t do it, the other social networks won’t care too much.

Mark: Ahrefs need to update their system as well.

Gael: Oh yeah, so Ahrefs also show a different backlink profiles etc, it doesn’t concatenate, basically, if you own a web service, that gives any kind of data, please, concatenate https and http together, that would make a lot more sense in terms of data, whether it’s social shares or it’s backlinks or whatever it is. Other than that, really, that is the only drawback to it, and I think we’ve given it quite a bit of time so it’s up to you, but, if it’s not a big deal, I would definitely switch now just because it’s too easy to do it. Cool, any last questions?

Mark: No, I think we’ve gone through everything.

Gael: Alright, well, guys, that was this week’s podcast. Remember, if you want to check out all the training that we’ve built, over 200 training videos, monthly webinars, and member community with over 500 site builders now, you can go check authorityhacker.com/pro and thank you for listening, as usual, we’ll see you guys in the next episode.