I rarely disagree with advice given by authors of articles that appear on Search Engine Land, but in this case, I wholeheartedly, and undeniably, disagree with some recent advice about HTTP and HTTPs sites. In a recent article, Daniel Cristo recommended that “if you’re running a blog, brochure site, news site, or any sort of information site where users don’t provide you with any personal information, I would recommend not using HTTPS.” He provides several reasons, which are completely false and unjustified, and generally gives advice that I disagree with.
Mr. Cristo, in the article, recommends that blogs, brochure sites, and news and informational sites not implement HTTPS. Let’s first look at the specific reasons why John Mueller, from Google, says the complete opposite of what Mr. Cristo recommends:
Some webmasters say they have “just a content site”, like a blog, and that doesn’t need to be secured. That misses out two immediate benefits you get as a site owner:
1. Data integrity: only by serving securely can you guarantee that someone is not altering how your content is received by your users. How many times have you accessed a site on an open network or from a hotel and got unexpected ads? This is a very visible manifestation of the issue, but it can be much more subtle.
2. Authentication: How can users trust that the site is really the one it says it is? Imagine you’re a content site that gives financial or medical advice. If I operated such a site, I’d really want to tell my readers that the advice they’re reading is genuinely mine and not someone else pretending to be me.
For me, I moved my site from HTTP to HTTPS because of those two reasons. Data integrity and Authentication. I don’t run a lot of ads on this site, but I want my visitors to know that it’s me writing, and no one else. But more importantly, Mr. Cristo suggests that it’s expensive to have a HTTPS certificate. Really?!? How is $30 a year expensive?
I want you, my websites visitors, to see that my site is HTTPS, and that I’ve invested the time, effort, and (small amount) of money to make my site HTTPS secure. I’m the real deal, and this site is not just some fly-by-night throwaway site. Sure, if you are going to put up hundreds of spammy blogs or sites, it might cost you more money, and therefore you would not want to invest in a certificate for every site.
In the Search Engine Land article, Mr. Daniel Cristo tries to sum it all up:
Long story short: if you make the switch, do it for the users and not because Google said it’s a ranking signal, because it really isn’t.
Yes, I agree that you need to move from HTTP to HTTPS because of your users: and by doing so you are telling them that they can trust your website (you know, the data integrity and authentication thing I mentioned earlier, also mentioned by John Mueller). But how can Mr. Cristo have any hard data yet about whether or not HTTPS is a ranking signal? And he says that HTTPS is NOT a ranking signal? Really?!?
Trust, authority, and data integrity, much more than HTTPS itself, are rankings signals. If you were to come to my website, a “blog” with articles, and you saw that my site is HTTPS rather than HTTP, would you trust it more? I probably would. And what about a website that is providing medical information and medical advice. If a site is HTTPS would you trust it more than a site that’s only HTTP (not secure)?
I liken the HTTP versus HTTPS “ranking signal” just like registering your domain name for several years. It shows that you have an invested interest in that domain name and your website if you register the domain name for 10 years versus only 1 year.
For me, what’s the bottom line, the “long story short” as Daniel Cristo puts it?
Why should you move from HTTP to HTTPS:
– Trust. I believe users will inherently trust sites more if they are HTTPS versus HTTP.
– Data Integrity.
– HTTPS is a search engine ranking signal.
– It’s not expensive (certs avail for free or $30 a year).
I don’t know where Dan Cristo came up with his advice, but it’s certainly the opposite of my advice. All sites should be HTTPS, at least if you are serious about your website. Period.