It’s been a while since Google announced that HTTPS was used as a ranking signal. In the Webmaster Central Blog, Google stated that their motivations for this move, citing security reasons, the fact that an ever-increasing number of webmasters have begun to adopt HTTPS protocols, and “to make the internet safer more broadly”. Google also confirmed that this particular update carries less weight than other signals such as high-quality content and that it would affect less than 1% of global queries.

Still not all sites actually use HTTPS sitewide these days. According to the latest statistics from BuiltWith, only 4.2% of the top 10,000 websites redirect users to SSL/HTTPS by default. While that number appears small, the percentage drops to 1.9% for the top million sites.

Websites using SSL by Default

https latest statistics
What’s interesting here is the fact that Searchmetrics has already considered HTTPS as a feature for this year’s ranking factors study, and the results are eye-catching at the very least. The enterprise platform concluded from the data analysed that there were no discernible relationships to date between HTTPS and rankings, nor were there any differences between HTTP and HTTPS. They surmised that Google has not in fact begun to use HTTPS as a ranking factor (at least not yet).

differences between https and http
This number will certainly increase in the very near future as more and more websites adopt the securer protocol, but for the moment, transferring to HTTPS (which entails buying and installing an SSL certificate), should not be your number 1 priority right now, nor will it miraculously boost your website to the top of the Google’s rankings.

So, how do I migrate to HTTPS?

Nevertheless, migrating is certainly something to bear in mind over the coming months, as Google is sure to continue its push towards improved online security. So, if you do decide to implement the augmented security certificate, here’s some useful advice on how to do it right.

If your entire site is already running on HTTPS then you shouldn’t need to worry, but we still recommend that you test its security level and configuration using this SSL certificates tool. If you don’t have an SSL certificate, and are looking to incorporate HTTPS for your site, here are a few basic tips for getting started recommended by Google directly:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag
  • Check out our Site move article for more guidelines on how to change your website’s address