ePublishing Knowledge BaseContinuumAdvancedCan our whole site be delivered through SSL (HTTPS) like Google suggests?

Can our whole site be delivered through SSL (HTTPS) like Google suggests?

You may have seen a lot of discussion recently about how Google is now tweaking their algorithms to give a boost to websites serving all their content through SSL (Why SSL? See What is HTTPS?). Can your ePublishing website deliver all content through SSL to take advantage of this potential search ranking boost?


Contact your Project Manager

Let your project manager know that you will want to convert your website(s) over to SSL. We will kick off a project to analyze your content for potential problems with converting it to SSL and help you solve those issues. Your Project Manager will schedule the final conversion date based on the number of issues we find.

We are here to make this process easy and there are some things that you can look for on your site before we begin. If you are able to address any of these issues before we start then the conversion to full-site SSL happen much faster.

Steps you can take to convert faster...

When we kick off the project, part of what we do is check for the potential issues listed below. Some of these things may require action on your part to correct so recognizing them before we begin can make the conversion go faster.

Check your website's plugins

This refers to plugins that you added to your website such as a Twitter feed display. Most commonly used plugins already work well over SSL but you will need to confirm that anything you embedded in your website through the admin tools (in an article, editorial content area, page manager, etc) can be delivered over SSL. If it can't, you will need to find a plugin that can be delivered through SSL or remove it. If you leave it in place many browsers will display a security alert which can be alarming and confusing to site visitors. The worst case scenario is that the browser will refuse to display the page at all because of that one unsecure plugin embedded on the page.

Look for content (images, etc) hardcoded to HTTP

In this step we are looking for content on a page that is using a URL that has the protocol (HTTP) and the domain name included in the link. An example would be displaying an image in an article using code that looks like...

<img src="http://www.myimagedomain.com/images/picture.jpg" />

The problem is the "http" part of the URL. If you deliver the article through SSL then that HTTP image link will cause an alert to pop-up or worse.

For images that exist on the same domain as the article, you should always use a "relative URL". This simply means don't include the domain name. For example...

<img src="/ext/resources/article-images/bigpic.jpg" />

For images that you are pulling from another website, you will need to verify that you can access the image using SSL (changing HTTP to HTTPS). If you can't or the SSL Cert that the 3rd party website is using does not meet Google's standards then you will need to replace, remove or move the image to your own server and use a relative URL.

Other content to watch our for includes

  • iFrames,
  • embedded video and
  • embedded JavaScript (e.g. an online 3rd party calculator) that pulls code or content from non-HTTPS URLs.

Links pointing away from your website do not need to be SSL. For example, a link within an article that will take a visitor to another website such as...

<a href="http://www.unicornsarelovely.com/rainbows">See Rainbow Unicorns</a>

However, all of your internal links – links pointing to content on the same website – should be relative as described above.

Verify that your ad solution can handle SSL

Google DFP handles SSL as long as the ad content you are supplying through DFP is coming from a secure source. AppNexus OpenAd Stream (OAS) can handle SSL similar to Google DFP, as long as they come through OAS from a secure source. An ad banner coming from a URL that starts with HTTP:// is going to throw an alert on your website even though DFP or OAS itself is using secure links to their code.

There are still ad service providers that cannot serve ads through SSL or charge an additional fee to do so. Please check with your ad service provider before starting the SSL conversion process. You may need to change ad service providers and update the code on the website before we can begin your SSL conversion project.

Learn about the inevitable (temporary) drop in search engine metrics

As unbelievable as it sounds, Google practically demands that you switch to full-site SSL and then temporarily penalizes you for doing so.

Read the full KB article: The Truth About Full-site SSL Conversion Search Engine Performance and Ranking Drop