Why I’m Delaying Upgrading To HTTPS / SSL Thumbnail

Google and the SEO community have been encouraging website owners to convert from HTTP to HTTPS since 2014. The idea is to create a more secure internet so that hackers can’t steal passwords and information that users input online. It’s a good idea, but it’s not a thoroughly flushed out idea. As a result, it’s always better to wait until all the kinks are fixed before making any changes.

I thought long and hard about switching Financial Samurai to HTTPS when my private server administrator encouraged me to do so last November. But after reading every single authority article on the internet I could get my hands on about the topic since 2013, and going ahead and upgrading Yakezie.com to HTTPS, I’ve decided to hold off for now.

Here are my reasons. Perhaps they pertain to you. Also, feel free to share more reasons why a publisher should or shouldn’t hold off. If you’ve made the switch, I’d love to hear about any snags you experienced, and whether you saw any apples for apples improvement in traffic. 

Reasons Not To Switch To HTTPS / SSL

1) Your CPC/CPM advertisement will take a big hit. Based on my research, those who made the switch saw their Google Adsense revenue decline by as much as 50%. I spoke to the folks at Adthrive, and they said they’ve seen publishers experience a 30% to 90% decline in ad revenue. Depending on how much CPC/CPM ad revenue you make, this can be a significant loss of revenue.

The reason why there’s such a decline is because Google and Adthrive’s advertisers aren’t HTTPS ready, nor are Google and Adthrive’s respective platforms. Isn’t it weird that Google is encouraging HTTPS conversions, yet their own Adsense platform isn’t 100% converted/compatible? I’m not willing to lose that much in CPC/CPM revenue just for HTTPS.

2) You will likely break your site for at least a little while. When you do the HTTPS conversion, you’ve got to resubmit your sitemap, wait for Google to crawl your sitemap, make sure all the links within your post are HTTPS, and make sure all your redirects are redirecting properly. Even after switching to HTTPS, if you have a post where the SRC image you link to is from a non-HTTPS site, your browser will show a warning (mixed content issues). The warning is worse than if the browser just showed an “i” or nothing at all!

If you or your webmaster don’t fully understand what you are doing, you may lose your search rankings and traffic. The longer you leave any of your problems unfixed, the harder it will be to climb back to even. As a reference, my administrator is still working out kinks from November for clients he switched over.

3) Google might change its mind. Only about 30% of websites out there have converted to HTTPS. Remember Google+ or Google Authorship? They pushed the heck out of these two things only to retract. Imagine going through the conversion process, spending hours fixing all your links, paying for the certificate etc only to have Google say HTTPS doesn’t really matter because not enough sites have complied to go HTTPS. Google doesn’t control the internet. At the very least you’ll have a nice secure site. But what if it causes major losses in rankings and crawl issues because you didn’t catch all your links?

4) Your site isn’t asking for sensitive info. If you are a free blog that doesn’t ask for passwords, credit card info, and other sensitive info, then there’s no need to go HTTPS. I can easily see a situation where Google just requires e-commerce sites and the like to go HTTPS, but leaves the rest of us alone. If you have a forum, you may want to switch. But even still, I would hold off for a while longer.

5) There’s been no evidence of ranking improvements. Supposedly HTTPS is a weak ranking signal. Some say converting to HTTPS might give your site a 5% boost in organic search traffic. But from what I’ve read and seen, there hasn’t been such a boost yet. Even if your site does get a 5% boost in traffic, does that offset the 30% – 90% decline in CPC/CPM revenue? It won’t for me.

Here is an interesting graphic that shows the percentage of HTTPS websites showing on page one. Given ~30% of the sites have switched, showing 30% of the sites as HTTPS on page one is as expected. If there was a significant ranking signal improvement, there would be a much greater percentage than 30%.

HTTPS ranking results on Google Page 1

Holding Out For Now

Just like how it’s never a good idea never to buy the first year of a car redesign, it’s also never a good idea to be a guinea pig for a new web experiment that isn’t absolutely necessary. Google, like everybody else is making things up as they go along. They’re doing the best they can, but they don’t know how everything will work or should work. They just have an idea, and will A/B test everything until they come to the best logical conclusion.

I’m only going to convert Financial Samurai if browsers like Chrome start showing a warning sign or something egregious before going to HTTP sites. Indications are that sometime around Feb 1, the latest version of Chrome will show a warning sign on pages that take passwords and credit cards. But since Financial Samurai and most blogs do not take passwords and credit cards, I think we should be fine.

I’ve seen sites linked from Yahoo that when clicked, result in an ominous page that says “are you sure you want to continue?” That’s the bully move Google, Bing, Firefox, Safari, DuckDuckGo, and Chrome can implement to force change and make lives miserable for all website owners. I hope they never go this route carte blanche, but if they do, I’ll bite the bullet and upgrade that day.

Finally, given only about 30% of sites have switched to HTTPS, there’s still plenty of time before the tipping point occurs where Google starts giving more weight in their algorithm to HTTPS. That weight increase will probably occur after 50% of sites switch over, which will be sometime in mid-to-late 2018. Pay attention to the stats.

If browsers start making ominous warnings, then it’s time to switch. If your site is still pretty small, and you can edit all your posts within a day, then you can probably switch with no negative impact. But if your site has hundreds if not thousands of posts, I’d hold off if I were you. Do some pre-scrubbing work first before making the switch.

Good posts to read:

https://moz.com/blog/https-tops-30-how-google-is-winning-the-long-war

https://www.wired.com/2016/05/wired-first-big-https-rollout-snag/(they’ve been trying to get back to even after the switch for 6 months now!)

https://www.wordfence.com/blog/2017/01/chrome-56-ssl-https-wordpress/?utm_source=list&utm_campaign=011717&utm_medium=email

Information About HTTPS and SSL

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Updated 2/8/2017: The latest Chrome browser Version 56.0.2924.87 (64-bit) went live on 2/1/2017 and everything is working fine. There aren’t any ominous warnings for users saying those sites that are not HTTPS should not be viewed. All it shows is that if you click the “i” button, it’ll say not to input personal financial information. Given we are blogs, such a warning doesn’t matter to us because the vast majority of readers pay us nothing.