Security

HTTPS & SSL Security

HTTPS (HyperText Transfer Protocol Secure) encrypts the connection between your website and your visitors' browsers. Google confirmed HTTPS as a ranking signal in 2014, and browsers now actively warn users when a site is not secure.

What Is HTTPS?

HTTPS is the secure version of HTTP. It uses an SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificate to encrypt data transmitted between your server and your visitors. This prevents third parties from intercepting or tampering with the data.

You can tell a site uses HTTPS by the padlock icon in the browser's address bar and the https:// prefix in the URL.

Why HTTPS Matters for SEO

Google officially confirmed HTTPS as a ranking signal. While it is considered a lightweight signal, it can be the tiebreaker between two otherwise equal pages. More importantly:

  • Browser warnings — Chrome, Firefox, and other modern browsers label HTTP sites as "Not Secure", which can deter visitors and increase bounce rate
  • Referral data — when HTTPS sites link to HTTP sites, the referral data is stripped from analytics, making traffic sources harder to track
  • User trust — particularly important for e-commerce, contact forms, and any page collecting personal data
  • Core Web Vitals — some performance metrics require a secure context to be measured accurately

How to Enable HTTPS

Most modern web hosts provide free SSL certificates via Let's Encrypt. Here is how to enable HTTPS:

  • Shared hosting (cPanel): Log into cPanel → SSL/TLS → Install a free Let's Encrypt certificate
  • WordPress on managed hosting: Most hosts (SiteGround, Kinsta, WP Engine) provide one-click SSL activation
  • Cloudflare: Enable "Always Use HTTPS" in the SSL/TLS settings — free on all plans
  • Custom server: Use Certbot (certbot.eff.org) to install a free Let's Encrypt certificate

After Enabling HTTPS

Once your SSL certificate is active, complete these steps to avoid SEO issues:

  • Add a 301 redirect from all HTTP URLs to HTTPS in your .htaccess or server config
  • Update your canonical tags to use https://
  • Update your XML sitemap with HTTPS URLs
  • Update your internal links to use HTTPS
  • Submit the HTTPS version of your site in Google Search Console
# .htaccess — redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Mixed Content Warnings

Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets) over HTTP. Browsers block or warn about this. Fix it by updating all resource URLs to use https:// or protocol-relative URLs (//example.com/style.css).

Check your own website Run a free SEO audit and see if this issue affects your site.
Run Free Audit →