Should You Switch Your Site to HTTPS? Here’s Why You Should or Shouldn’t


There are two types of SEOs:

Those who love the technical stuff…

…and those who hate it.

If you fall into the first category, you’re probably already experienced with HTTPS.

If you’re in the second category of SEOs, you might be a little intimidated by it.

If you are intimidated, it’s for a good reason, and I completely understand it.

There are some parts of HTTPS that are complex, but most of it is simple.

Furthermore, you don’t need to understand the exact behind-the-scenes work going on in order to implement HTTPS on a website. 

What’s the deal? Is HTTPS important or not?

The idea of HTTPS has always been a good one, and most leading businesses implemented it a long time ago.

However, somewhat recently, Google announced that HTTPS is a ranking factor.

Obviously, that got SEOs talking about and debating the subject.

At the time, it was a very small ranking factor, affecting less than 1% of global searches. Even now, it’s not a big factor.

However, security is something that Google takes very seriously, and it’s likely to become more important in the future.

Some SEOs jumped right on it and made the switch.

Most saw little to no improvement, but there was certainly anecdotal evidence of ranking improvements:


There is a potential benefit of making the switch.

On top of search rankings, you also get a pretty lock symbol in Chrome and Firefox.


If your site isn’t HTTPS, you don’t get this symbol, and sometimes visitors may get warnings about the security of your site on certain types of pages.

HTTPS: Explain it to me as if I’m five

I’m not going to pretend to know all the technical details behind HTTPS (Hypertext Transfer Protocol Secure), but I can certainly tell you the basics.

The main benefit of HTTPS is that it makes your site more secure for your users. More specifically, it’s more secure when a user is giving you any sort of information.

It’s essential on pages where users are required to give their credit card information and/or other personal details. However, it’s a good thing to have on all pages.

The real change happens when a user submits their data. HTTPS is able to provide multiple layers of protection to that data:

  • encryption – the data is worthless to anyone who somehow manages to intercept it because they don’t have the key to decrypt it (you do).
  • data integrity – data can’t be corrupted, which is a good thing.
  • authentication – it prevents “man in the middle” attacks, which means that it’s not possible for anyone to trick your customers into thinking they’re providing you data when they’re really giving it to a scammer. This is what your SSL certificate (more on that soon) is for.


Do you need HTTPS?

As an SEO or business owner, you understand that using HTTPS is a good thing.

But is it really necessary?

Well, there are two benefits to having it:

  • a small boost in rankings (possibly larger in the future)
  • a more secure site for your users

If you run a big site such as Quick Sprout, even a small boost in SEO results in tens of thousands of visitors per month. That’s one reason why HTTPS definitely made sense for Quick Sprout.

However, if you’re starting out, you’re not going to see a real difference in your search traffic.

In the future, it could make a bigger impact, but for now it won’t.

All in all, if you’re expecting to get a significant amount of search traffic in the next few years, you should plan on switching to HTTPS.

What about security?

If you just have a blog and all you require from your users is to enter their email addresses to opt in to your email lists, you probably don’t need HTTPS for security reasons.

However, if you accept payments or important personal information for any reason, you need HTTPS on those pages at a minimum.

Between those two factors, you should know whether you need to implement HTTPS on your site at all. A large portion of sites should have it, but not all do.

If you do need to implement HTTPS, I’m going to show you the steps you need to follow. I’ll provide as many specifics as I can, but there are many parts that will vary based on your site choices (I’ll lay it out for you).

Step 1: Pick a type of SSL certificate

SSL? What’s that?

SSL is the protocol that HTTPS uses. Basically, you need to install an SSL certificate on your site in order for it to use HTTPS.

There are three different types of certificates you can get:

  • Domain validation – the cheapest and most basic; it only really covers encryption (from the three things we went over earlier).
  • Organization validation – the middle choice in terms of price, which also includes authentication. If you’re collecting personal information, you probably want at least this option.
  • Extended validation – the top of the line option, which provides the best security you can get with HTTPS. This is mainly for big e-commerce sites and sites that collect really important private information.

Here’s a nice little summary:


Google recommends that you use 2048-bit encryption certificates, so keep that in mind if you go with an organization validation certificate (which offers different levels of encryption).

Where to buy an SSL certificate: You can buy a certificate from a ton of different websites. They will offer different types at different prices, so you can shop around if you’d like.

However, I recommend buying one from your hosting company.


Because most hosting companies offer them in the first place, and many of them will also help you install them. So for convenience sake, start by looking at them.

For example, Hostgator sells a few different types of certificates:


You can see that the prices aren’t too steep.

Once you’ve bought one, you can then get them to install it for you on your hosting server (provided you have a dedicated IP):


If that’s not possible…Not all hosting providers will install the certificate for you.

At this point, see if they have an installation guide by Googling:

(hosting company) + SSL certificate installation

If that doesn’t bring up anything useful, contact their support.

The process of installing a certificate differs from host to host, which is why I can’t give you specific steps here.

Step 2: Create a URL map of your site and redirect

Take an example URL of:

Then compare it to:

The only difference is one “s” in the URL, and it’s before the actual domain name.

But it makes a difference. These are two entirely separate URLs.

What that means is that you need to create copies of all your site’s pages and then redirect all of your old “http” pages to your new “https” pages.

Although a pain, it’s pretty simple.

A URL map can just be a simple spreadsheet, containing a list of old URLs with a list of the corresponding new URLs beside it.

If you wanted to make changes to your site structure or URL format, now would be a good time to do it.

If you’re using WordPress, you can add all the 301 (permanent) redirects to your .htaccess file.

Each line should look something like this:

Redirect 301 /oldpage.html

You just need to fix the bolded parts.

If you’re planning to move to a brand new domain while you’re doing this, refer to my guide to moving a WordPress site for step-by-step instructions.

3. Update your internal links

You’re not quite done with linking yet.

You likely have many internal links throughout your site. These may point to your old “http” pages.

Ideally, you want these to point directly to your HTTPS pages.

Introducing relative URLs: If you’re lucky, you’ve been using relative URLs all along.

These don’t specify an absolute (entire) URL; instead, they tell your browser to add something to the end of the domain.

For example, if this link:

<a href=“/page2”>Link</a>

was placed somewhere on our domain, clicking it would take you to:

When you switch to “HTTPS,” the same link would take you to:

which is perfect.

If your site wasn’t built like that and instead uses absolute links:

<a href=“”>Link</a>

then you’ll need to find each link and add the correct new URL to it.

4. Update image and other links

It’s not just links to pages on your site that you need to worry about.

It’s also any other link to resources such as images, stylesheets, and scripts.

If you right-click any of your site’s pages and click “view source,” you’ll see all kinds of tags like this:

<script src=”” />

The problem is that you need to ensure that all files used and served on your site also use HTTPS.

If those sources and image locations exist on your domain, you need to point them to the correct HTTPS locations.

If you have both HTTP and HTTPS URLs, you can use protocol relative URLs, which look like this:

<script src=”//” />

The double slash in front tells your browser to use HTTPS in front of that URL when the file is being requested from an HTTPS page.

Don’t forget about your CDN: If you use a CDN, you need to make sure that your CDN supports HTTPS.

Most CDNs do support HTTPS by now, but not all of them.

For example, Cloudflare does.

If they don’t have detailed instructions on how to implement HTTPS, so you’ll again have to contact their support.

Then, you’ll have to go back to your new HTTPS site and make sure that the source for all images is pointing to the HTTPS image location on your CDN.

To ensure that you don’t miss any links or images, I recommend using a site crawling tool like Screaming Frog SEO.

You put your domain in the spider text box at the top, and it will extract a ton of information from your site.

Then, click the “internal”, “external”, and “images” filters along the top to see what’s on your site.


If they’re all HTTPS, you’re good to go.

5. Add your site again in WMT

Now that your site is basically whole again, you want to get Google crawling it as soon as possible to limit the chances of your traffic being negatively affected.

You need to re-add your site to Google webmaster tools (Search Console) because the HTTPS site is considered a completely different site.


Then, you should submit your new sitemap in your new listing.


On top of that, re-submit your old sitemap (in your old WMT property) because then Google will see the 301 redirects and update its listings.

6. Do some quick testing to make sure everything went well

If all goes smoothly, you should see no change or a small positive bump in search rankings.

If traffic drops off significantly for more than a day or two, you likely have a problem and should go through this guide again (and ask your host or an SEO consultant for help).

First you should make sure that your SSL certificate is installed correctly.

To do that, use this free SSL server test:


Just put in your new homepage URL, and it’ll do a thorough test:


Other than this, you want to watch your rankings to make sure you spot issues.

Finally, you should click around various pages on your site and make sure that the HTTPS lock shows up correctly (green) in Chrome.


I know that you might not love technical SEO, but it’s important.

By now you should know whether or not HTTPS is needed for your site and how to implement it.

Although questions about the actual migration can be difficult to answer, if you leave me questions with as much detail as possible in a comment below, I’ll try to answer them.


  1. Chris Pontine :

    Hey Neil,

    Great post!!

    Something I have been leaning on in the doing direction.

    Your thought is like mine:

    Even if it’s a small fraction of a boost in SERP it makes sense. Plus, regards users are more protected.


    Chris Pontine

  2. I recently transitioned a site from http:// to https:// and there are two important thing I’d wished I’d known before I did it.

    First, if you have a social sharing widget on your blog post pages, all of your Facebook “likes” for that page will be gone. As far as likes go, Facebook considers the secure and non-secure version as two different pages.

    I had several blog posts that had several hundred Facebook likes and when I switched to https:// … poof! They were gone. While not critical, it does help to build social proof when someone lands on a popular page and sees many likes and it’s a bit depressing to see those go away overnight.

    The second consideration is to be careful before you choose CloudFlare’s free Universal SSL certificate. Yes, it’s free — and that’s great! But your website will not be accessible by someone using Windows 98 (or earlier) or Android 3.0 (or earlier). Not a big deal, but I’d exclude 5% of visitors right out of the gate.

    Matt Thomas

    • Thanks Neil, Thomas. Do you know of any fixes for the loss of the social signals wen the switch is made?

    • The issue with CloudFlare’s “free” cert is it’s not protecting the site from “man in he middle attacks.” That’s to say the free cert gives a false sense of security as the source website is not encrypted – the end result, what’s sent *to* the browser *only is encrypted. So anything entered into a form (passwords, account details) arrives at the website in clear text.

      • Thanks for the clarification Scott.

      • John at ICNSoft :

        Not exactly. There are 4 SSL options in Cloudflare.
        1st: No SSL
        2nd: Flexible (SSL between you and Cloudflare, clear text between Cloudflare and your server)
        3rd: Full (SSL everywhere, but certificate not validated between Cloudflare and your server)
        4rd: Full Strict (SSL everywhere, certificate validated between Cloudflare and your server) ==> true protection

        John at ICNSoft (

    • Financial Samurai :

      Crap, that sucks b/c I already lost all my social likes when I did some switch two years ago. The post got back up to 1,000+ likes, and then it’s going to disappear again?

      What was the solution? Or is there no solution?

      I’m going to finally do the HTTPS switch on my site before Jan 1, 2017. Wish me luck!


    • One of the disadvantages of moving to https is losing the social media likes. If this happened to you it is still possible to recover them by following a few steps. It is awkward that this happens though. For Google+ you have to change Google+ sharing buttons so that you will share the URL on http and not on https.
      If you have this problem with Facebook, I found a fix here:

  3. Arjun Sharma :

    yes bro thats your work 😀 I like it
    after many times your both blog is on platform and your article is related to your niche and also now in your article nothing large description which is also outside of your niche 😀

  4. Gulshan Kumar :

    Apart from adding in GWT, we can also add in Google Analytics if we are using.

  5. Yes Neil,

    I always recommend https because i know its a ranking factor and google gives value to it.

    Can you tell me if i purchase a domain like then will it help to rank this website?

    • It won’t make a difference for a brand new site, but you’ll still need it if you’re processing credit cards online.

  6. Ladislav Voros :

    Thanks Neil for another amazing article : ) I also added https to my and also to the clients sites and it helped in ranking

  7. I recently did this for 2 large sites and saw an improvement in traffic and rankings. It went well.

    I would also remember to change your robots.txt exclusions, set up your parameter handling, and watch the social sharing issue – there are fixes for that.

    If your dev team has a rollback plan in case everything goes south, remember that 301 redirects are cached in the browser. If someone visits your site, you roll back, and they visit again they will get caught in a redirect loop until they clear their cache. There are controls you can implement to prevent this too.

  8. Oh, and pay CLOSE attention to make sure your canonicals are changed

  9. Arjun Sharma :

    great article neil patel and now also think to add https on my new site

  10. That’s an eye-opener, Neil! I always wonder what’s the big deal with HTTPS. I barely knew it has something to do with encryption and websites that support transactions can host their web pages using HTTPS. After reading your article, I’ll consider this option from SEO’s perspective!

  11. I have used HTTPS to my site, the setting was difficult for me, I wish why I didn’t get this guide that time. I had little boost in ranking and my traffic boosted by 2x. But, Good thing comes with package of side effects, When SSL expired, I lost my half traffic, Good thing is that I have better traffic that before and they are from google :). Thanks for this guide.

  12. Sameer Manas :

    Hey Neil,

    Great content. I just wanted to add that there is an opensource SSL company called Lets Encrypt (I’m not affiliated to it) that provides free SSL certificates for life. Its easy to setup and absoultely free without any bells and whistles. It gets verified just as any other paid SSL.
    In fact I’ve set it up on my personal blog to test. Here is a link if you’d like to check it out.

    Whats up with the Slack survery on Quicksprout ?

    • Thanks Sameer I’ll check it out.

      We’re doing some research on their product usage. Lots of interesting data 😉

  13. https doesn’t completely thwart the man-in-the-middle attack. That is why banks now has security questions as an additional security measure. I learned that in my Certified Ethical Hacking class. https does, however, make the site more secure and is worth the effort.

    Love your posts!


  14. Great article Neil,

    I see more and more websites moving to https. Not that long ago a SSL wasn’t necessary unless you were dealing with sensitive information or payments. But the game has changed.

    Thanks for the explanation and for showing how easy it is to make this move.

  15. Hi Neil and thanks for this very informative article.

    One question:

    Working with WordPress, isn’t there a hack to change http:// to https:// via the MySQL? Like search on the database tables and replace it by ?

    Does that make sense? And how to do so? (I’m personally the second type of SEO: I hate the technical aspect!).

    • There are lots of plugins for that but the most reliable way to do what you want is to use

      Follow instructions and run it, if you have issues use the previous version listed there it’s even easier!

    • As mentioned above, there are some plugins that will help. 🙂

  16. Greg Beuerle :

    Neil, keep the great articles coming! I love reading them each time you publish something new. I hate to say it, but at least for me, there appears to be a small issue with the SSL here on In Firefox on my Mac, it is showing a yellow warning triangle over the lock symbol!

    When I mouse over it, it says “This website does not supply identity information.” Not sure if everyone is seeing this?! If so, might want to get it resolved asap so you get your nice green lock symbol back!

  17. Another factor to consider could be performance. With HTTPS, the site is prone to a slight slow down due to the encryption decryption. So if the website isn’t already doing great in terms of performance and users are in a region like India where the internet bandwidth is still poor, the performance slowdown might not be desirable. Also, SEO might not be really improved if the website slows down.

    • Aaron Wright :

      The performance decrease is minimal in modern browsers. The initial connection will be a bit slower, but after that, there is no major difference. Here is a Stack Overflow discussion about that:

      If you are concerned about performance, you will get a much greater boost by optimizing other things like your code, database queries, and caching.

    • That’s a good point Abishek, you will need to weigh the pros and cons of those options

  18. Andrew Fennell :

    Great article as usual Neil

    I would love to know more about the potential negative effects of moving to https – for example I’m worried that changing all backlinks to a re-direct could be damaging


    • No, as long as you’re carefully and correctly do the redirects, you’ll be fine.

      • Financial Samurai :

        Do you guys have a service where someone does an AUDIT of one’s site post HTTPS switch to make sure all is good? I think there would be good demand for that at $100 – $300 an audit.


  19. Tommy Landry :

    Hi Neil,

    Good article. HTTPS is a hot topic the past year or so.

    For clarification, do we really need to jump through all of these hoops or will Google figure it out? They claim they will, but who knows if that is how it actually works.

    And then there’s also this:


    • I think you’ll have to get on board with it at some point, better now so you can reap the benefits from it sooner.

    • Financial Samurai :

      Tommy, this is what I was thinking. The goal Google has is that it will figure things out for everybody. Look at the Google Authorship thing. It was pushed, then it was rescinded. They gotta make it easy to figure out the best content for its searchers.

      But I guess we might as well get on it.

  20. I need to install the SSL certificate for my website. However, I have a quick question. You have stated that SSL certificates affect ranking and may affect the future of SEO. Do various SSL certificates also have different ranking points?

  21. Hey Neil,

    Nice post!! I also have the same opinion https because i know its a ranking issue and google gives rate to it.

    Once again thanks for this sharing


  22. Rohit Shitole :

    Great post Neil.
    I don’t have https on my blog, and since it takes lots of steps, i am not planning to switch to it.
    My friend, rohan singh, had a bad experience on https, so i am just worried. Wishing that it won’t have negative impact.

  23. Keep in mind, though, that Let’s Encrypt free SSL certs won’t work on Windows XP pre-SP3 (does not support SHA-256 encryption). Visitors using operating systems of that era may not be able to access your website.

    The relevance of this will depend on your audience. If they’re early adopters with the latest hardware, it shouldn’t be a problem. If they are a less savvy audience, it could be a more significant concern.

  24. Hey Neil,
    This is really a great guide. I have two question.
    I want to secure my website. Is it possible anytime?
    Is it possible to secure the website when I will buy a domain?
    I am waiting for your reply..
    Sujit Das

    • You can add it to your cart on checkout process or you can do that later from your control pannel or ask the customer care to purchase it on your behalf.

      It is an added service in every host which you can buy at any time. Thanks

    • Yes, you can secure at any time. Check with your hosting and domain provide, they should have that option available for you.

  25. Karan @ Focus and Leap :

    Hello Neil,

    I have been thinking about it ever since I read Brian Dean’s post where he analysed around 1 million Google results to compare what works the best.

    Like you said it does give a boost in rankings, keeping this thing in mind I would want to shift to HTTPS but not now.

    Thank you this straight forward article.

    Best Regards,

    • Yeah, it may not be the right time for most people I think, but you have the guide for when you’re ready.

  26. Wow, a lot of steps if you have a big site. A site with thousands of pages is going to have a headache going through them all. What about only switching to https for those pages that actually collect users’ information? In my case there’s only one page like that. Would this work or would it confuse things more?

    • That would be a start, but you’d want to get them all setup ideally. However if you don’t receive a ton of traffic, than the difference may not be of value to you yet.

  27. Timely. I’ve got this scheduled for May but in reading through the article, I decided to check godaddy for pricing and found they’ve got a 50% off sale on EV SSL’s so will scoop that up quick too.

  28. Denis Gonzalez :

    +1 for letsencrypt
    It’s automated and free script. You need very basic command line knowledge to set it up. But in almost no time you will have it working. They have announced they are going to change their name. So check their site to stay up to date.

  29. Left Hand Luke :

    Hi Neil
    We take names, addresses & phone numbers.
    Do you think we need HTTPS for security reasons?

    • If you’re getting good seo traffic on your site, it may be worth it, but it depends. Having it on pages where you collect any data will always help in general.

  30. For my website HTTPS was the best way to go. I got hit with negative SEO and https has helped me and even helped in my rankings.

  31. Chrstine Mendez :

    I don’t think it’s necessary to switch To HTTPS my site has been ranking just fine. I guess it all depends on the type of website.

    • Yeah, it’s not worth the hassle for most sites out there I think. However it’ll be something to consider at some point as your growing .

  32. Rather than creating 301 redirects for each individual page, you could just add the following to your .htaccess:

    RewriteCond %{HTTPS} !On
    ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

    This will automatically redirect any request to your site that is not https, to the https equivalent request.

  33. Pankaj Dhawan :

    https certainly adds the value because I it more of a safety feature a website uses. I don’t think I would need this right away or for a blog but I am surely gonna go for it in coming times. Thanks for sharing this awesome information.


  34. Jayakrishnan Nair :

    being in the second category and running an Ecom buz i do see the complis involved,,but a great one from Neil and thanks too

  35. Pankaj Dhawan :

    Hi David,

    You have made some good points, specially about the comment form thing. I don’t know about dashes but I know that it accepts just any comment with any fake/real email.

  36. As you mention that google is moving to https now. This is completely correct. Google build webrtc for video chat and it was working without https site before but few month before they changed it and now its works on only https site. So this sign say that google want all the website to run on https.
    Another thing if we search on google web hosting (very competitive keyword) on first page out of 10 result 7 is https site.
    Article is very helpful. Thank you for this.

  37. Pawan Diwakar :

    very nice article…
    but after having a http:// domain for long I found it too complex switching to https:// and require a lot of work even…..

  38. Huseyin Cetinbudaklar :

    Hello Neil

    Another great and useful article. Thanks a lot for that. I have migrated to https for my site via my Hosting company “Site5” (where this site is hosted at) about 2 months ago.

    According to your recommended test site I have got these results with “C” grade :

    In its most simplest form what do you recommend me to do? Shall I inform my Hosting Service Provider which is “Site5”? Or should I do something manually?

    And also, please kindly note that I am using the latest Chrome browser and the icon first shows the “lock sign” then it disappears. When I click on it I see this information :

    What do you recommend me dear?

    Thanks a lot for your invaluable help in advance.

    Cheers & Keep up the good work!


  39. We implemented https more than a year ago, and for us it was the right thing to do. A few additional things to keep in mind, though. 1) SOME of the external sites to which you might sign up will not accept https, which means you can only list your URL with the http prefix. 2) Make sure your Google analytics also list both URL’s and points one (the http) to the other (https). That way a customer who uses http only will be able to find you. 3) Many of the SSL sellers require you to renew it manually every year. Apparently they cannot do it for you, and it’s usually only valid for a 1 year period. We found this out the hard way, when our site went down for a few days last year. Be sure to check it out when you buy one.

  40. Usman Khurshid :

    One more problem with https is that most cache plugins will stop working or giving SSL errors like the connection is not secure etc. Is there any plugin which support SSL properly?

    • Good catch. I am not 100% sure, but I will dig around to see if I can find one. My hosting provider caches on their end so I don’t have that issue.

      I use WPengine.

  41. How I wish I had this guide when I moved over to https in December. I made the mistake of doing a 302 redirect. So, I suggest you add a link to a free tool to check headers. Two weeks later after WMT had half my site under http and the other half under https I realized my mistake, unfortunately my glorious top 3 rank was in the weeds. Didn’t get out until late January. As for a bump it has yet to materialize. I still have a few dozen pages under ‘http’ and I found myself 6 places LOWER than when I started. Also, there seems to be an issue ranking my root domain. It’s a 15 year old blog. Maybe something broke. Who knows.

    Again what tripped me up was checking headers to make sure the redirects were correct. Oh, and is the goal to have ZERO ‘http’ links in the index? How long does that take? It’s been more than 90 days for me.

    • Go into Google Search Console and have them crawl your whole site. It should help speed things up.

    • Financial Samurai :

      What you write is my worst nightmare as a website owner. Do something Google says, and get HURT. This is why I’ve been waiting until the last might.

      It’s now 12/29/2016. Have you recovered after doing what Neil suggested?

  42. Thanks Neil. Just now added ssl to my new website.

  43. I think I missed the shouldn’t? I use Paypal, but don’t use any credit cards nor plan on it. I do have an email subscribe for updates, but that’s it. Is it still recommended?

    Previously I changed my site from to and saw a big drop in traffic for at least a few months. Maybe cause I didn’t redirect? So scared of doing something like that again.

  44. Thanks Neil for clearing that up.
    Wasted a lot of time with this and saved some time by not going through with this after reading this. Im just a beginner

  45. David Ritter :

    Neil, great info!

    Brian Dean over at Backlinko did study earlier this year and he came up with more or less the same conclusion: HTTPS did tend to moderately correlate with higher rankings though he didn’t advocate switching to it just for the benefit. New sites? Do it.

    As far as the technical headache, just a heads-up, I noticed on this very site, the page itself loads over https but there’s a few resources that didn’t, looks like ones from WP Engine’s CDN— a few images—and one of your tracking scripts, etc. so you’re not getting the padlock in the address bar.

  46. Neil,
    Tons of excellent points, thank you for sharing as this is a hot topic and will be for the next several years.

    Quick Win:
    If you are using WordPress, then w/o having to make any edits in the .htaccess file, just install “Really Simple SSL” I just built an HTTPS site this week, added this and it works perfectly. No hassles, no coding, no 301s to mess with, it takes care of it all.

    You stated, “The problem is that you need to ensure that all files used and served on your site also use HTTPS”, which is correct. The problem is that this site does not adhere to your own statement. I mentioned this to you before.

    If you look at your source code on this page, you have both pages and images that are NOT https:

    Pages NOT https located in the footer:
    Privacy Policy
    Terms of Service

    Images NOT https:

    As a result, your secure site protocol is broken and causes errors in browsers.
    Chrome padlock is grayed out: “This page is trying to load scripts from unauthenticated sources.”
    FF Padlock has yellow exclamation mark: “Connection is Not Secure” “[yellow exclamation mark] Parts of this page are not secure (such as images).

    • Jason Lancaster :

      I was going to point out the lack of a green padlock in my own comment, but then I saw that you did.

      However, the reason is that the images in the article are not loading from a secure connection. They’re being pulled from…, and that should be….

      Better yet, the prefix should be removed and the links should just be //…

      There’s also the ‘explosive seo secrets’ ebook sign-up form with an http: action (which will cause this issue).

      I like Neil’s stuff, but it’s a bit disappointing to find all these errors when the article claims to be authoritative.

      • For us it is prioritization… I need the devs to focus on building the Quick Sprout software before I have them fix the blog. :/

    • You are correct this site is really messed up. But we have been redesigning it all… once the new design goes up we will fix all of the issues.

      Thanks for pointing them out.

  47. Thanks for the non-technical article on the technical topic.
    One thing to possibly add is that also all 3rd party apps need to support http and all sources (files, images) you pull from 3rd party site need to comply to prevent – mixed content – messages.

    Great article,

  48. Actually, the definition of the difference between the certificates is incorrect. It looks more like something a certificate sales company uses in its marcom material.

    The critical aspect is 2056 bits. The data is just as “secure” between “browser validation”, “extended” etc – there’s no extra layer of actual security.

    The difference is actually the background checking done on the applicant who is requesting a certificate for their site. Browser based – very little. Extended is likely to include confirming details with a place like Dun & Breastreet, for example, before sending out the certificate.

  49. When was Quicksporout converted to htttps? I visit few times a week but never notice until today you’ve implemented SSL on this site.

  50. Aaron Wright :

    I was going to suggest Let’s Encrypt too. I’ve been using it since it was still in private beta. The basic script is very slick, but it does require some tech savvy. For instance, I couldn’t get the script to work until I temporarily disabled CloudFlare, then I was able to turn it back on after running the script. That will make things a little tricky if/when I decide to automate certificate renewals. But if you just have a basic server setup, it isn’t too difficult to use with a bit of help from their website.

    • It does take a little bit of time to understand and grasp the steps, but it’s not too as challenging as it sounds.

  51. Thank you,very useful..Especially that there are different levels of ssl certificate.. I was not aware of that…

  52. Magic autofill :

    I recently changed to HTTPS and saw positive movement. A couple keywords that were ranking #2-#3 over the past six months moved up to #1.

  53. Good article but it’s more of a guide to switching… Would be great to see an article that discusses the pros and cons

  54. Thank you for your useful article. I want to ask you one question: If I have been building links to a site and always use “http” when placing the URL, will all the links be in vain if I migrate that site to HTTPS?

  55. Farcas Gelu Danut :

    Thank you, Neil!

  56. Hi Neil, Thank you for a great post.

  57. whoa.. thank you Neil.. i would try to my web shortly .. and will watch its SERP and ranking in few months ..

  58. Fredrick Durrant :


  59. Complete guide about HTTPS, now whenever i’ll buy https, I gonna take help of this post.
    Thanks Neil for sharing this complete information.

  60. I want to ask, I just make a new Https on my site, but I have many content on my website, for change the url http in content keywords, I just use plugin in wordpress to do it. In back end the http not change, but in front end http change to https.

    My question, are this okay for my website?

    I was check everything it’s okay for the SSL and the 301 redirect.

    • You don’t have to change your whole site… you could just change your front end as backend content and pages are usually never ranked.

  61. we did 2 months earlier with our website and found that it actually increased a bit organic traffic to website.

    I following step 6 from this guide was really helpful for this purpose as well

  62. Interview iq :

    I was wanting to learn more about this. But why don’t sites like Amazon and ebay use it for all pages?

  63. You might not believe it but we just ordered the SSL certificate for our website. The trigger – your post. Thanks, Neil!

  64. Joydip Biswas :

    Thank you Neil for the in-depth knowledge about https, now my confusions are cleared.

  65. I am using HTTPS since a long time now and ofcourse, I am getting a better result. I have a blog (wihtout HTTPS) where I am using // – this format for interlink. So, do I need to update those links with HTTPS if I migrate from HTTP?

  66. I didn’t knew what HTTPS is all about, and whether it is a good fit for my site or not. But now, thanks to your article, I have enough knowledge to make a decision.

  67. Jeff Domansky :

    Neil, I always admire the ability of you and your writers to take a technical topic and wrangle it into terrific tips. Wish I had it sooner when I stumbled through it! Thanks.

  68. Jon Bradshaw :

    Is CloudFlare’s SSL Certificate good? What’s the one that you use?

    • Jon Bradshaw :

      Chrome verified that RapidSSL SHA256 CA – G3 issued this website’s certificate.

      Your’s isn’t secured via the server. Is that an issue?

    • I am not 100% sure… I would ask a developer. Each SSL is roughly the same from an SEO perspective.

  69. Rounding Tech :

    Hey Neil,

    Thanks for this awesome guide. I agree that https keeps you secure bt if you are a newbie then it may hurt as less ads are there in adsense.

  70. Andrei Mincov :

    I installed SSL but got stuck with having to change all third-party images and scripts, some of which were not SSL, which broke the SSL for the page.

    Do you know if Google Tag Manager would be a solution for something like that?

  71. Wim Bervoets :

    Hi Neil,

    Your site is running over https, but Chrome doesn’t report it as secure (padlock icon) because you have still resources linked via http.

    Also you can improve your SSL Lab score to A+ by using HSTS


  72. Thank you Neil for the in-depth knowledge about https, now my confusions are cleared.

  73. Jelena Milosevic :

    Hi Neil,

    Again great article !
    By making a good security , we show to our clients/customers, we care about them and do all to protect their data and make them feel safe and trust you.
    And you did show to everyone not just importance of HTTPS but you also did explain how to make it !
    Thank you for sharing your knowledge with everyone !

  74. The issue is, some plugins won’t work on wordpress

  75. Robin Khokhar :

    Hi Neil,
    I have a little confusion, That changing from http to https will affect the Off-Page (build Links). It will be great to hear from you.

  76. salman noorani :

    Right now my site is on http. It is about genuine ways to make money online which is personally tested by me. So what u suggest me for this kinda webiste. Shall i go wid https or continue using http. Please reply

    • It depends, are your receiving a lot of organic traffic? Are you ranking relativity close to the keywords your targeting?

  77. Hi Neil,

    Quick question please. Why is that no one ever talks about the complete fall out of traffic in Bing Search once you convert to https?

    I switched a month ago and not only have all of my rankings disappeared off of Bing Search but Bing Webmaster Tools will not accept a https sitemap either!

    What is your experience with Bing Search and your website since you have converted and what is it that causes you to be basically de-indexed once you transition to https???

    Thank you Neil and I look forward to your response.


    Campbell McArthur
    Owner / Lead Engineer
    PC Medics On Call

    • I haven’t had that experience Cam, but I’ll ask around to see if any of my buddies had anything like that happen.

  78. Complete explanation.. (y)
    till now i didnt use https for my personal blog, may be next time i should

    • You may not need right now if you aren’t getting a ton of traffic yet, but it’s something to consider sooner than later.

  79. Anil Agarwal :

    I always buy from the sites that has HTTPS. It’s a trust factor for me.

    Well, I didn’t know it is also one of the Google ranking factors until now. Thanks for the great point.

    I think everyone who is running a small business online, eCommerce, online portal etc should certainly get HTTPS for their website domains. It increases both trust and sales.

    Lots of technical stuff discussed Neil! Great one.

    • Thanks Anil. It’s definitely required for selling and processing a credit card online, but the benefits for the entire site may also be worth it.

  80. Timely article Neil. Thank you, I am in the process of switching to https as well on my site RIGHT NOW and this was helpful, especially with the Console resubmission portion.

  81. Pavankumar Karnati :

    Awesome article, nice steps to setup right from the beginning, would help to be on the secure side, three types of security levels, costly but not so costly that you would put your company on the line.

  82. Isn’t it too much of a hassle for a normal website that doesn’t involve any transaction or sensitive data?

    Once you move to SSL or HTTPS version, you are supposed to stay there next year or your website will start throwing a warning. This is a bad user experience. You need to be choosy about it

    • It might be, it depends on the size of your site. If you don’t already have high rankings or experiencing a consistent flow of traffic, then it might not be the right time for you to do this yet.

  83. Hey Bro your blog need to fix the error “This page is trying to load scripts from unauthenticated sources”

    Image –


  84. MohammedTahir :

    I am taking care of my company’s SEO. its just a website services firm also running a blog on that website for promotion purpose. Do i need to add https to it?
    Thanks in advance Neil.

    • Does the site have high rankings, or a consistent flow of inbound traffic? If not, then it might not be necessary.

  85. The only question is, if there is no shock results of organic SEO?

  86. Any spammer could get a cert… and they will surely be the first to do so, to boost rankings. Google can afford to do this because they have no competition… https as a ranking factor is total BS.

  87. Kalpana Sharma :

    Hi Neil,
    This is really a very nice and detailed article.
    This is really an additional benefit to switch your website from http to https as this way you have your website secured and trusted and it will help in website ranking also. Your visitor can trust on you and they can visit and buy your stuff from your website without any fear.
    As I am running a health Blog and an eCommerce website at the same time so I am planning to switch my website from http to https and get a security seal also in near future so that my visitors and buyers can trust on us
    As I am not much technical so I would hire a technical person for this rather doing this myself.

    Overall an awesome guide. Thanks for sharing

    • If you have the means to have someone do it for you, then that’ll best the best route for your to take. Let me know how it works out for you.

  88. Great information Neil. Thank you!

  89. Segun Onibalusi :

    I was all about searching for how to change my site to HTTPS, this just came to me at the right time. Thanks a lot Neil.

  90. Ronak Toshniwal :

    If it comes to security of my website and SEO. I’ll surely give it a try.
    Thanks NEIL PATEL

  91. I was unaware from that thanks for sharing it. I will try it 🙂

  92. Bradly Sharpe :

    Really? No mention of Free SSL – given you have a little bit of technical know-how.

    Also is a lot easier to drop the protocol from the URL and just use // then have all HTTP redirect to HTTPS through .htaccess or config.

  93. Hi Neil,

    I want to ask one question “HTTPS” really effect in SEO AND google ranking?

    Many Thanks

    • Yes, however, if you have a new site or don’t experience thousands of visitors or more per month, it may not make a big difference for you now.

  94. Thanks Neil, I have shown this article to my senior for updating https for our website…Now he is agree to take ssl certificate.
    I hope it will help to improve the ranking of the website

  95. Stuart Masson :

    Hi Neil,

    One point that I don’t think has been raised is the negative impact of HTTPS on advertising revenue.

    My site does not sell anything, but provides advice and only generates income via banner adverts. I followed Google’s recommendations to upgrade to HTTPS and, after plenty of trial and error, got everything working correctly and the lovely green padlock displaying. But…

    My advertising revenue plummeted by over 80% immediately. I decided to hold my nerve, as changes to site format often cause a dip in revenues, but it failed to recover over a couple of weeks. So I got in touch with different advertisers to find out more.

    Google AdSense,, Sekindo and Adsterra (and others, but I haven’t used those) all report that they are either: a) not compatible with HTTPS, or; b) are limited in the number of advertisers who support HTTPS, meaning fewer bidders for ad spots and therefore lower revenues.

    After about three weeks I downgraded again back to HTTP (and untangling HTTPS is as difficult as setting it up in the first place!). Revenue bounced back quickly and I have had no further issues.

    So for me, or others who are not taking payments on their site, it was definitely not worth the effort and cost me a fortune in lost revenue + costs of HTTPS setup/SSL certificate. Until the advertisers support HTTPS, I won’t be going back. It’s particularly disappointing that AdSense does not properly support it, since it is Google that is pushing for everyone to upgrade in the first place!



    • That’s really good to know. I appreciate you sharing this as I never thought about this point due to the fact that I don’t run ads on my blog. But if that is how you generate most of your income, it sounds like it can hit you really hard if you switch over.

      Again, thanks for sharing.

    • Hamza Sheikh :

      Same thing happened with me. I shifted my 5 years old blog to HTTPS. I was using Adsense on it, and in hours I lost most of my revenue due to no ads being displayed on the website.

      Most of the time, Adsense showed backup ads on my website. I am still struggling to get it back. Thanks for sharing this. I will revert back to non-HTTPS version.

      – Hamza

    • I basically have the same experience for Since a majority advertisers don’t support https, users get a warning that content may be unsafe (mixed content). Especially annoying in IE, where it is right in your face.

      As a users, you can tweak your settings and get rid of the warnings. But most users don’t do that – and why would they? They just visit another site instead and… oops – you lost more than you gained.

      So, if you have ads – like Google Adsense – just wait until this improves.

  96. Darshan Gowda :

    Great insights.
    I didn’t know SSL certification would have impact on keyword ranking.

    Thank you

  97. Selena Shields :

    Great article. This helps our site to improve.

  98. Thanks so much Neil for this post, I have been wondering about this for awhile now, and been looking for legit reasons from legit source since I notice many big sites have made the switch.

    These two facts u mentions are good enough for me to make the switch for my sites and thank u for explaining them in details:

    a small boost in rankings (possibly larger in the future)
    a more secure site for your users

    I am big fan of your work and repeat visitor.

    • Lots of possibilities for you Thordur. Keep me posted on your progress

      • I will thank u Neil, by the way thank you for sharing your journey with Nutrition Secrets, I will use it as a guide but what is your back-linking strategy for that site, if any?

        Is it still good to do guest posting & use blog networks, press releases software for gaining links? If yes what do you use?

        I took a good break from my online biz and now I am back and these strategies where the best when I was doing it full-time.

        You have so many great articles that I am kinda all over the place on what I should do on daily basis for content creation and marketing.

        Thanks again Neil

  99. Great sharing. I just started in SEO, and have to learn more & more. Kinda get it a little about this, but is it important for people like me?


  100. Complete explanation.. (y)
    till now i didnt use https for my personal website, may be next time i should

  101. Thanks Nail Patel, it’s good tutorial.
    Keep sharing..

  102. Hey Neil,

    Nice post!! I also have the same opinion https because i know its a ranking issue and google gives rate to it. I can more knowlegde

    Once again thanks for this sharing


  103. Hi Neil,

    Could you write simple tutorial on how to switch feedburner feeds from http to https so feedburner subscribers will contune getting updates from my site, the thing is I want to keep using feedburner for for people that haven´t paid anything but keep on building relationship with them by giving them free content from my blog for free with FeedBurner, and use paid email newsletter services for the visitors that actually buy my products.

    I think this is something that many would like to know.

    • People don’t really use feedburner or RSS feeds anymore. They have been dying in the blogging world. 🙁

      • Oh that´s to bad, what do bloggers do now, when they collect subscribers email that sends them on autopilot when they publish a new content?

        • Never mind, I think I found a good solution:

          By the way, I have been reading your Guides and browsing through your site so I can set up a daily task guide that I can apply everyday.

          Your 100k challenge series are epic and has inspire me greatly.

          Neil your style of writing is so easy to follow, thanks for that. You are saving me ton of money and time and I thought I was great online marketer until I have been reading your blog.

          So many things that I have not been doing in the past that i should have, for example collecting emails, being on social sites and stuff like that, on my older sites I was only focusing on SEO promoting affiliate products only, and that was a huge mistake.

          Hope I don´t sound that I am kissing your ass, I just want to share my gratitude when it´s deserved and I will most likely than not, never ask you to promote my stuff as I am not in your IM niche and I have no interest in being in it.

        • yep. Collect emails and have email blast every time you publish a new post

  104. Definitely will if the blog is actually getting bigger and bigger like Quick Sprout.

  105. Sue J. Maselli :

    Great insights.
    I didn’t know SSL certification would have impact on keyword ranking.

  106. Indo Agenset :

    Hey Neil,
    This is really a great guide.
    Thanks for another amazing article, I also added https to my and also to the clients sites and it helped in ranking

  107. milon khan :

    Great post!!

    Something I have been leaning on in the doing direction.

    Your thought is like mine:

    really help rank better on yelp listing page. I tried it for few local businesses and it
    really helped my

  108. Very well explained. I was checking the implementations on Quicksprout itself. There are errors in internal linking which hasn’t been redirected yet from HTTP to HTTPS
    For eg:, etc.
    I don’t know whether its left intentionally.

  109. I converted my site into https yesterday and it works for http and https and I don´t know why, I thought it would only be https site after I changed i to https.

    I went with standard https from GoDaddy because I am from Iceland and I am a person not a company, so I can´t get the most expensive one.

    Do u know why this is like that and how I can change that the site will only be https site,?

    My webmaster does not how to do this, he had a huge hard time to convert the site to https.

    Please help me if u can

  110. With the forthcoming introduction of visual warnings in the Chrome browser for all sites without HTTPS, I would say that this is no longer a choice for most site owners.

  111. Jamie Jamieson :

    A good thing to have, but I’ve seen Google crack down super hard on a site that didn’t have 301’s in place for different host names. Went from page 1 rankings to nowhere overnight… I didn’t think Google would be so harsh about duplicate content!

    Nice post!

  112. Hi Neil – Thanks for yet another insightful article. SSL certification has certainly become a key ranking factor. Kudos to you for explaining the concept so well.

  113. Now SSL is ranking factor and Lets Encrypt is providing free SSL certificates then why not to use SSL. I’ll go for SSL.
    Thanks @Neil Sir.

  114. Karan Bhardwaj :

    Great techniques Neil sir, I am going to start a new site, so I am going to implement each step you provide on QuickSprout and let me try this method which you explain here. I will share my improvements here with you.

  115. Premium Consulting :

    I am considering switching to https too, but I’ve read recently some SEO experiments that proved that actually you can expect a ranking drop shortly after switch, because it will take some time for Google to figure it out, even if you do it 100% correctly.

  116. great post!
    but, till now i didnt use https for my personal blog, may be next time i should 🙂

  117. As always great stuff.
    HTTPS is a ranking factor more and more websites are switching to it.
    We recently created an infographic with the exact steps to take which may add value to your guide.
    You can find it here
    All the best.

  118. well! Does migrating to https has any affect in the ranking of the position in google?

  119. Thanks for this very informative article, Neil.

    However, one thing baffles me completely:

    I understand the reasons and benefits of migrating to HTTPS.
    But why oh why do I see numerous – well respected and well ranked – sites with TWO versions, both HTTP and HTTPS, of their sites?

    Not only that, Google indexes and presents in the serps the 2 different versions.

    If you state your preferred site to be HTTPS:
    1. Why keep the HTTP version.
    2. Why does Google not just list the HTTPS version?

    If you, or anyone else knows, please enlighten me.

    • I’m not 100% sure Lisa, but they are making the transition over to https all around

      You wouldn’t need to keep the http version after you change it.

  120. i did change the url http in content keywords by using plugin in wordpress to do it, is that ok?

  121. MOst of my questions are answered in your article and helps to make some decisions in SSL. I have one doubt. I have some good ranking in some keywords. Does it affect in my ranking when i move to SSL ?

  122. Hi Neil, thanks for the article, it was really helpful. One thing I did notice on this particular page though, is that you still haven’t changed all the urls in the source code to https://. For example, in my browser (Chrome latest version), this page doesn’t show up with the green lock, and it says: “Your connection to this site is private, but someone on the network might be able to change the look of the page”.

    To prevent this from happening and to get the actual green lock in the address bar, all urls on the page have to point to the https:// version of the site. This is easily done by changing those in the database (with caution). Checking the source of the page, some of the example urls that still point to the with http://, are:

    – WordPress Facebook Open Graph protocol plugin
    – Some menu items
    – The link in your author name when responding
    – Sidebar widgets
    – Footer menu

    Changing all those and possible others left to https:// will get the full green https:// sign in the address bar.

    * also a note: quicksprouts comment system doesn’t allow emails with new TLDs, resulting in an error “Please Enter Valid Email Address”

  123. Hi Neil

    Great Post!

    I’ve made the switch to HTTPS yesterday.

    Now I have a nice-looking green lock icon located in the browser’s address bar next to the URLs of my website.

    Just like Yuri Lau, I also notice that this page doesn’t have a lock icon in Google Chrome and even a lock icon with warning in Mozilla Firefox.

    This is because your site includes HTTP resources.

    You can check those HTTP resources, by following the next few steps in Google Chrome:

    1. Click on the info or lock icon located next to your site’s URL.
    2. Click on “Details”.
    3. Click on “View requests in Network Panel” (at the right window that appeared after clicking details).
    4. Hit the F5 key on your keyboard.

    And now you will see a list appear with the resources that still use HTTP.

    On your page there are images that still don’t use HTTPS.

    • Right on Mickel! Was it easy or did you have any trouble getting it done?

      Thanks for the heads up, I’ll get it taken care of 🙂


    Great Post By Neil, HTTPS is fairly helpful these days and I’ve shifted all my websites to HTTPS, I tried many resources but Found QuickSprout’s guide to be best.
    I also wrote a whole guide on this, Find it here:

  125. :

    Awesome things here. I’m very glad to peer your post.
    Thanks a lot and I am taking a look ahead to contact you.
    Will you please drop me a mail?

  126. I have switched my website to HTTPS and it it’s better than just http.

  127. Gayatri mantra :

    Thanks alot,

    You have given me the clearity I have been looking for long ago. I will surely add this to my blog.


  128. Hi,

    If you switch to https, the external links will still be pointing to http version
    Read somewhere that with 301 redirect only 90% of link juice is passed, if it’s true then it’s a risky move to switch to https.

    For an old site that gained links over the last 8-10 years, switching now might decrease overall link juice, the Google’s SEO boost for https might now be enough.

    Have you came across cases where https switch resulted in traffic drop? In how many cases did it increased traffic?

    • It’s not risky, but switching doesn’t do much for your rankings from what I recently tested a few months ago. I haven’t seen a traffic drop.

  129. Joseph Heininge :

    When I landed on this page from Google. I got three (yes, three!) full-screen modal pop-ups. The first asking me to like you on Facebook, the second two asking me to sign-up for a mailing list. That is really not cool, Patel. That is a poor user experience. You should be ashamed of yourself. I didn’t even read the content of this article because I was so annoyed. I’ll be praying for you and sending positive thoughts your way and hoping that you can think about your pop-up practices, because if this is the way you treat your readers, you don’t deserve to have any.

    • I appreciate the feedback and this does mean I have areas to improve for all my readers. I will take this on board and apologise Joseph if this put you off the actual content which is why I do this work.

  130. Great article, I’m right now considering the move to https, I guess it’s a good move for the future. I have a question about backlinks, though. Google considers http and https as different websites, so that change can affect your backlinks, does it? I will appreciate your answer.

  131. Hey Neil,
    I moved to https two days ago and i noticed that all my first page articles jumped to 2nd and 3rd page of google. I performed the proper steps given above and resubmitted in webmaster tool.

    How many more days will take to recover the ranking in google and reindex?

    If you can tell that will great help! 🙂

  132. Hello Neil recently i switched my site to https but my google rankings going down slowly. i already redirected http to https with 301 redirect but still cant get it. i asked in some other blogs they told its normal after switching https untill google recrawls all new urls. if its true how many days it needs to gain back those rankings…

  133. Thanks very much Neil for this wonderful and well written article. I was having lots of problems transitioning my from http to https version but with the help of this article i was able to achieve that without much hassle on

    Thanks very much ???

  134. Nathan Argenta :

    Neil, thanks for going over this in great detail. Have been considering making the change to https for my SEO agency website (and my clients websites). Great insight and understanding into the changes and differences with both options. Thanks again!

  135. Thanks for the well detailed article,
    you have https enabled on this blog but you don’t have green lock, why ?

  136. one question that i want to ask.

    what about those backlinks that i have build on other sites, that has http prorocol and after switching to https will those backlinks still mine ?

  137. I’m considering getting my site to HTTPS, one of my concern is whether I have to proceed all the 301 redirect manually or not as it’s going to be huge! And I also expect to lose a significant ranking at the first few weeks too.

    SME Frog

  138. Bhawani Garg :

    Great article <3

    i am strugling with

  139. Hi Niel,

    This is truly a great resource. I just had one question. We are planning to do a domain move sometime soon (Domain A – Domain B) and i was wondering if we should switch to HTTPS first and then do the move, (as in Domain A HTTP – Domain A HTTPs). Or should we straightaway move Domain A HTTP – Domain A HTTPs?

  140. Thanks Niel for the wonderful post! It’s a useful post that you’ve shared as very few people are aware about the facts that you have mentioned in your post. It’s worthy reading your post. Thanks brother!

  141. thanks for this
    I really appreciate

    am having issues about my Google blog

    don’t know which profile is best

    Google+ or blogger profile

    please which will be the best?


  142. Robyn Smart :

    Great post and lots of detail! It will be interesting to see what the trend is this year with Chrome showcasing ‘Not Secure’ websites. I made the move to HTTPS over the last month and it has been a good move for me.

  143. David James :

    Hi Neil,
    I see no mention here of using the newish http 2.0 server protocol abut with this websites must use SSL (TLS). This was basically forced on us by the major browsers who will not support http2 without TLS.

    HTTP 2.0 actually will speed up a website by at least 20% so the old problem with SSL domain lookup lag times will be now overcome.

    As Http 2 was a result of Google’s SPDY experimental protocol, it’s has Google’s full support.

    Do you recommend switching to this new protocol?


    • I don’t see a big enough change switching to https for everyone but it can make as with all changes a difference.

  144. Shannon Martin :

    Hi Neil,
    I switched to https on May 12 and started losing traffic and almost dropped by 80%. Is it common to notice a drop in rankings after switching to https? If so, from your experience how much time it would take to retain the rankings?

  145. Hi, thanks for such detailed post.
    I have been planning to make the big switch. I had no idea that changing from http to https involves so many things to do, this almost takes me aback.
    Isnt there a simpler way, like using .htaccess pages to redirect all http requests to https version? Why do we need to change internal links if htaccess file is already successfully set?
    And installing the ssl certificate thing is also new to me.
    I was thinking for a social media marketing website, and this requires users to singup with an email. This doesn’t require any personal data except linking to their social media profiles. But there are some social media marketing and seo packages selling at marketplace, so organization validation could be the preferred level, i guess? Or is domain level enough?
    Many thanks.

  146. I am looking through search engines for articles, trying to get to grips with all this https stuff. I am very much an amateur coder, having produced my first website in the late 90’s and have continued to do so. I am, I suppose, someone with a paying-hobby website….that is, I sell a few things from it via Paypal. I don’t collect people’s personal details and my Paypal buttons take people directly to Paypal for their transactions, so personally I can’t see why I would need to go through all the effort of converting my site to https.
    I don’t get a lot of traffic, so is it really worth the bother? I generally understand what I need to do regards the re-coding…..and I have actually got a Let’s Encrypt SSL thing available for my domain…..but I’ve never gotten around to fathom out what to do with it. To be honest I feel that I’m being bullied into doing these changes by the fact that browsers now shriek “not secure” when my site is called up. My site doesn’t actually need to be secure….Paypal looks after that side of things. Seems to me it’s a ruse to drive the little guy off the web.

    • It’s just a good strategy at this point if you’re planning to do this for the long haul or if you might eventually accept payments on your own website instead of through PayPal.

  147. Your post kept me to my seat. It’s a great one.
    Many thanks.

  148. Do I have to keep my old site after the site is switched to https? to keep the seo value, backlinks etc.

  149. Hi Neil,

    Following up with M’s question above, I have a website and some articles have had tens of thousands of shares on social media. The site currently is HTTP.

    If I switch to HTTPS, will I lose the credibility of these backlinks? I am not only concerned about it from a SEO point of view, but also from the public metrics.

    Like on this page, I see that you have 1.1k shares/engagements on twitter from this article alone. On my site, would those numbers for my articles go away if I changed the site to HTTPS? Thanks Neil for looking this over.

  150. Neil, I want to sincerely thank you for your help with this switch. I have been thinking about it for a few weeks now and I am so glad I found this! You are always helpful, from your articles to your podcast. I really appriciate the content you put out. Thanks again!

    • Thanks for listening to my podcast! And I’m glad this article helped you make the switch to HTTPS. Thanks for your support!

  151. Hi Neil, We moved our wordpress site to HTTPS recently but many of our ‘form’ landing pages are built on Marketo and non-secure. Our PPC campaigns point to those landing pages. While the LPs are not financial/transactional in nature, we do collect non $$ info like name, company, email, phone etc. I am not able to decide if we should make a move to HTTPS for these Marketo LPs or let it be. Please suggest.

  152. Hi Neil,

    I believe that now there’s really no choice – all websites should use HTTPS. Beyond the SEO and security reasons you mention, you also get a speed boost by enabling HTTP/2 when you switch over to HTTPS.

    But, starting October 17, Chrome 62 will warn all non-HTTPS site visitors that your site is “Not Secure” if you have ANY form on your site, including simple search forms, contact forms, newsletter subscriptions – any field no matter what. So, there’s really no going back to HTTP any more.

    That’s why it’s important to switch. I have more info on pros and cons (challenges) with switching to HTTPS for WordPress here:

  153. Malik Sharjeel Tahir :

    Hi neil

    Well yup Google says that https boost rankings but after installing ssl on my site ( I started saw drops in traffic and revenue so I reverse back to http.

    What you say the main reason in dropping traffic.

    I used free ssl by my hosting and integrate with cloudflare.


  154. Hello Neil about WordPress plugin is good enough or not for SSL in Google??


    • I’m not familiar with that plugin, but it might work. I would look at several different solutions before deciding on one. That plugin doesn’t have any reviews, see you might look for one that does.

  155. Hi Neil, thank you for all your awesome work and the time you take to read our questions and provide them with detailed answers. It’s very impressive.

    I have a question about updating the http links to https on social networks (facebook pages, google my business, twitter), on advertising (facebook ads, adwords), emailing campaigns and all the netlinking inbound links. All the SEO checklists about migrating from HTTP to HTTPS tell us to manually update all those links, although we have the 301 redirects.
    So, any user will be automaticaly redirected anyways on the HTTPS domain when clicking on the old HTTP links on social networks, ads, etc.

    In that case, can you explain us why whe should :
    – implement the 301 redirections from http to https
    – AND manually update the external links ?

    PS : Please excuse me for the english mistakes, i am not an english-native speaker.

    Thanks and keep up the good work,


    • Your English is very good, Claire! The main benefit of manually updating external links is so you don’t confuse Google. However, I don’t think it’s necessary to go back and fix old social links. That would take forever. Just start using the HTTPS on all new social media posts.

  156. Hi Neil,

    I am in a state of confusion on the use of http and https, particularly while installing WordPress.

    1 – If you don’t have SSL certificate at the time of WP installation you can install WP using http:// or http://www. and you got the SSL you can install that in server and setup 301 redirect to serve from https.

    2 – If you have SSL certificate acquired for the domain and already installed that in server you have all (http:// or http://www. and https:// or https://www.) options open while installing WP.

    I have SSL certificate installed in server and I can install WP using both http and https. My confusion here is some articles suggest to use http while installation and set up 301 to serve from https. Should I install WP using http or directly on https so no redirection would be required?

    Thank you,

  157. Hi Neil,

    Can I ask a potentially daft question?

    For shared hosting, many web host companies provide AutoSSL via cPanel.

    On the face of it, this would seem to cover the HTTPS issue, but I guess the important thing is that the WordPress site be set up as HTTPS and not HTTP by default (and explicitly stated as such in Search Console)? Otherwise users will be directed to the non secure version and you’ll lose out on the SEO boost for having an SSL site?

    Os does autoSSL not cut the mustard when compared to a proper paid for SSL certificate?


    • I can’t tell you unequivocally that it’s a bad idea, but I think getting a regular SSL certificate is a better move

Speak Your Mind