In December Google announced that it would use HTTPS as part of its quality signals for ranking algorithms. Most people made the switch even though Google said it was a minor boost. Now, if you have both HTTP and HTTPS indexed in the search engine, the algorithms will default to HTTPS. Here are some of the rules to consider.
Make Sure Your HTTPS Pages Have No Insecure Dependencies
Everything on your page should contain an HTTPS version. For instance, you can’t link to an image using HTTP within the HTTPS page. This is a common error when coding between HTTP and HTTPS. It’s also an issue for your users, because the browser gives them a warning that you have insecure dependencies. Browser warnings for encryption and security scare off users.
Check Your Robots.txt File
The “robots.txt” file is located in your website’s root directory. You can allow or disallow crawling in this file. You can block pages that you don’t want Google to crawl including HTTPS pages. It’s a text file, so you can open it with any text editor. Open the file and find the Google section (if there is one). Ensure that HTTPS pages are not blocked.
Don’t Redirect HTTPS Pages to Insecure HTTP Pages
Redirecting users from HTTPS pages to HTTP pages could be considered sneaky redirects. It’s allowed if you redirect to a page that does not take any information from the user, but any form pages should have HTTPS. If you redirect a form page to an insecure HTTP form, Google won’t index the HTTPS version. Using HTTPS for forms encrypts data sent from the user to the server, so it’s recommended that you always use HTTPS.
Set Your Canonicals to HTTPS
WordPress site owners are especially affected by this rule. Most WordPress sites automatically place canonicals using a plugin. The canonical must point to another HTTPS page. If you use an HTTP page in your canonical directives, Google uses this as a signal to index HTTP pages instead. Of course, if you want to index the HTTP version, leave your canonicals as they are. Otherwise, check them to ensure that they are pointing to the HTTPS version in your pages.
Remove Any Noindex Meta Tags
Google gives you the option to remove a page from the index by creating a noindex meta tag in the page’s header section. This directive can be for one search engine or all of them. The noindex tag is only honored by certain search engines, but Google is one of them. If the page is currently index, Google removes it after the search engine crawls the page and detects it. If you have this directive in your HTTPS version of the page, then Google will index the HTTP version. You can delete this tag from your pages without causing any errors. It’s only necessary when you want the page removed from search engines.
Remove Any Non-HTTPS Links
Your HTTPS site architecture should point to other HTTPS pages. This means that your HTTPS page links should point to other pages with the same protocol. Google specifies that the links must be “on-host” outllinks, so only pages under your control should point to HTTPS pages. If you link to an external site, you should point to the site’s HTTPS version if there is one. The basic rule of thumb is to use HTTPS when you can.
Check Your Sitemap for HTTPS Versions
Your sitemap is a list of links to your pages. It helps search engines find pages if you don’t have any links to them within your site structure. Google specifies that you should only have the HTTPS version in your sitemap. Any HTTP links will be detected and the search engine will use them instead.
Ensure That the Certificate is Valid
SSL/TLS certificates expire. You need to update them each year. If the certificate expires, a warning is shown to the user. Google picks up on this warning and rejects the HTTPS version of your site. If you have no HTTP version, you’ll notice that the site pages start dropping out of Google’s index. Always keep your certificate up-to-date to avoid problems with users and search engines.
Using these eight tips, you can ensure that you get the full benefit of a ranking boost from HTTPS pages. The hardest part is ensuring that your site structure is well defined, but once you flip to HTTPS, you should see improvements in your rankings.