Should I Move my Blog to SSL?

10

 

panic SSL blogs

You may have seen headlines recently about Google changes that mean ALL websites should be on an SSL connection. 

Argh! Panic! Right? 

Well, kinda, but probably not. 

Here’s the Back Story: 

SSL (or Secure Socket Layer) is essentially like an overlay to HTTP, the protocol that governs how information is transmitted between websites and users. It’s what it sounds like – a layer that makes HTTP secure.  A website that uses SSL can usually be identified because the website address will begin with HTTPS rather than just HTTP.

Our sites use SSL because we collect membership information, and take transactions. Our badges are also SSL, because some of our users have SSL sites, and need to display the image securely. 

In simple terms, SSL takes the data submitted by a user and encrypts it, and protects it during transport so it can’t be messed with. Your SSL certificate also helps protect users against being directed to duplicate, fraudulent copies of websites without knowing. 

Back in 2014, Google announced that in an effort to make the Internet a safer place, they would start using SSL as a factor when calculating search engine results. And more recently, that they will add a feature to the Chrome icon that doesn’t just show a padlock when you’re visiting a secure website, but which shows a red cross when you’re visiting a non-secure site. 

And here’s what it means: 

Making the web more secure is a good thing. But most blogs DO NOT NEED SSL.

If you’re not collecting sensitive financial data, and the only information users are providing is an email address to comment, or join your mailing list, you probably do not need SSL to make your site more secure. 

The reason you might WANT to implement SSL is because you think it will harm your search traffic if you don’t have it – or it might boost your traffic if you do. 

Well, kinda, sorta. 

Remember, SSL is just one potential aspect of search ranking. There’s also your site’s domain age, and inbound links, and mobile responsiveness, and page load time, and pop-up ads, and keywords – remember that SSL is just one part of this mix. For a very big site with millions of visitors, then a small bump attributed to SSL might be worth thousands of extra visitors per month – but for most bloggers, especially those just starting out – it’s unlikely to be a big deal. 

There’s a caveat here, of course. Over time SSL might become a BIGGER deal in rankings, in which case, you might want to look again. But if the only reason you’re considering SSL right now is for traffic, then we’d suggest focusing on improving other aspects of SEO before going down the SSL road. 

What if i Choose to Move to SSL? 

Essentially, there are two key benefits to using SSL. 

  • A boost in search traffic through higher rankings (potentially) 
  • A more secure site for your visitors 

If you feel that your site requires SSL for one of these reasons, then the very, very best option, which we recommend with ALL of our heart is to get your host to do the work for you. If you don’t have this option, hire a developer from PeoplePerHour. This isn’t a job for people who don’t love computers and messing around in WordPress files. So how do you go about it? 

 

1. Buy an SSL Certificate 

You can buy an SSL certificate from your domain for your hosting company. Some hosting companies are offering them for free at the moment, otherwise, expect to pay around £20 per domain for a domain validation SSL, perhaps a little more for an Organisation Validation SSL. The domain SSL is all you need for a non-transactional website, while the OV certificate covers most basic commercial sites.  

2. Update your Site 

Your hosting company should install the SSL for you. This means they handle all the messy business of creating URL maps and redirecting links – effectively when you use SSL you’re creating an entirely new copy of your site and redirecting all your old HTTP pages to the new HTTPS pages. Ideally you also want to update all your internal links so they point to the new HTTPS pages, too. Oh, and you’ll need to update image links and stylesheets, too. And you’ll want to make sure any ad networks you’re working with support SSL (most do). 

Like we said – messy. 

If you’re using WordPress it is entirely possible for you to add 301 redirects to your .htaccess file but if you’re the sort of person who just read that sentence and seriously considered hiding under the desk, GET YOUR HOST TO DO IT FOR YOU. Or pay someone from PeoplePerHour. This is not the sort of job non-tech-enthusiasts should be bothering with, in our humble opinion. 

3. Get Google to Crawl your New Site 

Now you have an effectively new site, you want Google to crawl it and re-index it, to ensure your search traffic isn’t impacted.

You’ll want to add it as a new site and if you use Webmaster tools, submit a new site map as soon as possible. Make sure your Analytics code is also updated. 

4. Test your Site 

After a few days, you’ll probably want to test the SSL is installed correctly (again, your host is the best person to do this) and ensure all content is being indexed correctly.  If it isn’t, you’ll need to work through the installation process again – we strongly recommend asking your host to do this for you if at ALL possible. 

 

Have you made the move to SSL? Got any questions? Let us know in the comments. 

 

Picture: Shutterstock

Sally is the publisher of Foodies100, the UK's largest directory of brilliant UK food and drink blogs and bloggers. Every day of the week, we promote the UK's best and most exciting blogs about food and drink.

Discussion10 Comments

    • Google bloggers have it comparatively easy, because there’s a simple “turn on HTTPS redirect” option in your account – but it’s not available for custom domain blogs. I do hear from SEO friends they will offer this option in the future, if you decide you want SSL on a custom domain blogger blog, so you could easily wait – there’s no huge urgency at this time, we don’t think. But I think it *is* possible to do, if you wanted to get a developer to do it for you sooner, via a CDN like Cloudflare.

  1. I have moved my store side which does collect financial information as well as more details about people to https but as the emails on the main site are hosted off site at secure email services I’ve decided at this point not necessary to move everything. PLUS with the majority of income coming from ad networks and ad networks as yet having a very low numbers of https ads I would lose money moving to the https across the site

    • I think that seems like a really sensible approach – you’re right that until you’re getting significant numbers of ads that can be delivered over HTTPS it’s a major issue for bloggers who want to monetise sites.

      • Technically 301 redirects don’t pass all the authority that you’ve built up across – it was always something in the region of a 15% loss…

        However, various Google people have said that there is no authority loss if you 301 a non-http site to https, and from the experience of a few sites, that seems to be broadly the case (It’s always hard to separate out a single factor, even in a short space of time, but there hasn’t been an unexpected drop on any site I’ve worked on, beyond the normal variation in rankings which occurs anyway).

        In return you’ll get a small ranking benefit, but it’s a very small one – and only works if none of your competition have already made the switch. So if you and a competitor were #3 and #2 for a term, and every other factor was completely equal, it may just about be enough to lift you one place higher, but generally won’t.

        If you’re collecting passwords, data or running commercial activities, you should really already have an SSL certifcate in place – if not, I’d say you should plan to make the switch in the coming months. It won’t tank your site overnight if you don’t – the main problem will be later this year when Google intends to start showing a new warning that all sites without SSL are insecure if you’re browing in Chrome, but that won’t be for a while yet… And the good news is that you have a bit of time for your hosting company to either make it easy for you, or to research free options like Lets Encrypt.

        Whether you’re hiring someone via PeoplePerHour, an external freelancer, agency or whoever, the important bit isn’t just installing the certificate, but you also want someone who has experience of setting up redirects properly, as they’ll need to know how to do a mass redirect (e.g. using .htaccess for WordPress on Linux), and also be able to either use a mass redirect tool or edit your database to update internal links etc etc…

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

So You Know...

As you've likely heard and seen, there's an increasing focus on the authenticity of follower growth and engagement on social platforms across the Influencer Marketing community. The platforms themselves have taken measures to deter inauthentic activity and brands now more closely scrutinise the audiences of the influencers with whom they are partnering.

The Flea Network has implemented a system that will detect abnormal spikes in following and engagement, and flag these properties. Of course, such spikes can often be attributed to viral posts or high-profile brands that bring greater exposure to some content.

If one of your social accounts is flagged by our system without an obvious reason, we may reach out to you for assistance in understanding it. If we find any influencer has artificially inflated their audience size or engagement using paid acquisition or automated, third-party tools, we will remove them permanently from our influencer community.

Feel free to reach out to us at bloggers@fleaenterprises.com with any questions or comments.

Thank you!

The Flea Network Team

Got it!