Hopefully there are some experts on here that can answer this question.

Also how would it affect the speed of the site and what type of encryption would be best to use. I already secured my checkout pages due to customer feed back but not the rest of the site.

I see it should be easy for me now to secure the whole site but don't want to do it just yet until I know more.

I'm assuming that swapping from http to https will not affect any rankings that we've already built other than increase the ranking

I think the BBC are (yet again) blowing a very small thing that was mentioned out of proportion.

There's a lot of negatives to this. Best to wait for the best practices to emerge from Google. I suspect there will be a lot of resistance, not least from ISPs with page caching.

I wouldn't be completely surprised at this. For quite a while now google were listing my https pages in preference to my non SSL equivalents.

I fixed this by giving them a canonical link to the non-https page. It looks as if I'll need to read around and consider changing the canonical links.

My reading on this up to now was that Google was just presenting the https version of the page in prefrence to the non-https page. It doesn't necessarily mean there's any increase in the page rankings.

My reading now is that more info and evidence is required before making any changes.

Mike

I agree with wait and see

There is a possibility that the reporter is mis-reporting, in their ignorance, as I have often noticed this in news stories where I happen to know more than the reporter.

In my opinion, it is very wrong for Google to prioritise sites with ssl. I used to use ssl in the Checkout, years ago, when we used to capture card details on our website. This is now frowned upon, as it is far less secure than using a payment provider. We now only accept orders online, going through the payment provider, and do not handle, access or store anybody's payment details in any form anywhere. We complete the PCI forms annually accordingly. Prioritising sites using ssl will be encouraging sites to be less secure, which I am sure is not Google's actual aim.

When we used ssl, we paid extra for a dedicated licence, which we abandoned once we switched to using a payment provider. SSL has always slowed down website operation, and would be worse in non-checkout pages, as they contain images. Apparently ssl has since improved and is not as slow as it was.

Using ssl will also make customers think that there is data being handled that needs to be encrypted, which is not the case; it would make them think that you are taking payments on the website, for example.

Sarah

The theory behind having the whole site on SSL (HTTP in the URL) is that secure servers are more difficult to attack from hackers so less chance of malicious code being uploaded to the server - of course this is a service Google offer and will no doubt roll out even further if adding more weight to the algorithm.

As Sarah points out - if the bench mark is to always see the Golden Padlock then capturing credit card data on even a shared SSL certificate could see a resurgence - people assume they are safe but you are capturing the credit card details for later processing. Very dangerous.

Still - this SSL requirement is still and will be a very small percentage of the overall score for a site and would easily be offset by additional content, Adwords, on page SEO etc and keeping with HTTP for the main site and HTTP via a PSP for the checkout.

The original Google blog is here for anyone who wants to read it. http://googlewebmastercentral.blogsp...ng-signal.html

While it is a very lightweight signal at the moment, it sounds like it's definitely worth watching as Google are quite clear in what they'd like to see happen and it's not usually a good idea to ignore them.

Mike

I'd add a couple of points to this if you are thinking of switching. As Mike points out Google said that the signal effects fewer than 1% of queries, which is not the same thing as suggesting there will be an equivalent boost in rankings. I do expect Google to follow through on this though and rate websites which use SSL site-wide higher.

Having made the switch over to HTTPS for a couple of sites. I have not noticed a demonstrable difference in rank, perhaps a very marginal improvement but it is impossible to say for sure.

What I would stress is that there is a fair amount of work involved in switching over for anybody considering it. Not only do you have to redirect your existing URLs to their https:// equivalent and update your Google Analytics account to include the new version (because Google treats http:// and https:// as separate websites) separately but you also then need to look at getting your external backlinks updated as well. This last point is not essential if you have set up 301 redirects correctly, but is recommended as 301 redirects are less favourable from an SEO perspective than actual pure links to your store. (Having said that I believe Google have it in their algorithm to understand which links redirect because of migaration from http to https and you will weight such redirects accordingly).

The other point to mention is Site Speed. Current infrastructure is such that websites served over https:// are no longer slower than those served over http:// (they haven't been for some years). Having run tests I have actually seen improvements in website speed (time to download), although this is most likely on account of the fact that the websites are now on different shared servers hosting fewer shared resources (less traffic to server + better server optimisation = larger share of available server resource . . for now!).

One of the aims of Google and others is to get the web working faster. HTTPS alone does not achieve this but it does pave the way towards using services such as SPDY and HTTP 2.0 (a replacement for the current HTTP 1.1. protocol that works to serve web pages to web browsers). By operating SSL/HTTPS sitewide you clear one obstacle towards making your website run faster, which will not only improve your SEO but also improves customer experience. Nobody likes waiting for a slow website to download.

Personally, I would encourage switching to HTTPS/SSL site-wide. I suspect over time the majority of websites will switch over (although this will take time). By making the move now you get ahead of the curve. As a user, I certainly wouldn't be concerned by seeing a padlock in the browser bar, I would take it as a sign that the website takes security and privacy seriously.

If you do intend to make the move I would strongly suggest planning the process though: be sure to back-up files, run both http: and https: versions until you are sure the internal links work and put together a list of important (higher value) external backlinks that you need to update.

PS. This recent search metrics report suggests no difference in rankings between websites using HTTP and those using HTTPS http://bit.ly/httpsrankings As always with Google, the caveat is to add 'Yet' to that statement.