How will Google’s new HTTPS and SSL rules affect WordPress websites

Google shook the webmaster world with its HTTPS announcement. Guest blogger John Feeney tells us what WordPress site owners should do to take advantage of Google’s announcement.

Google is constantly changing its algorithm to reflect what it believes to be the best ranking signals for websites in the search results. The search engine understands how important search traffic is to marketers, and in turn Google wants those marketers to use the best techniques available to promote their content.

So when Google told the search engine marketing world that the presence of HTTPS and SSL would now be used for ranking sites, this obviously rankled a few feathers and motivated some website owners to get off their butts to get it done. After all, Google asked nicely.

Google loves secure sites.

What Is HTTPS and SSL?

Before we get into how these new ranking factors affect search results, let’s take a moment to explain the terms.

HTTPS stands for Hypertext Transfer Protocol Secure. This strengthens a website’s privacy and adds an extra layer of security to the Web.

SSL stands for Secure Sockets Layer. This encrypts the link between a website server and a client. An SSL certificate secures the site, so your website shows as an https site.

HTTPS: The Good!

Let start off with the best part of this idea. By using HTTPS and SSL, your website is technically safer for users. That’s another good thing to tell people when they come to your site. “Hey! Glad you got here from Google. Due to our new HTTPS protocol, you will not be hacked. Even better, with our SSL certificate you can safely purchase products from our site.” Yeah!

HTTPS: The Bad!

Switching over can cost money. While the prices are not exorbitant, they do add up. GoDaddy pricing on SSL certificates start at $69. HostGator’s SSL certificates start at $39.95. Shop around to make sure you have the best certificate for your website’s needs. Remember if you have more than one site, you will spend more on the certificate.

Furthermore, the site’s speed does decrease slightly. Also some parts of the site can become more difficult to access.

HTTPS: The Ugly

Google immediately implemented this new change. However, they do not have a way to change the address of the website from HTTP to HTTPS. Right now, they are telling webmasters to use 301 redirects. However, why implement something without giving a way for web developers to quickly move their site over to the new standard?

In fact, many sites have seen a slew of SSL errors since Google made the changes to the algorithm.

How To Switch From HTTP To HTTPS

Are you ready to make the switch to a secure website? Then you’ll need to know how, and this part of the article helps you do that if you have a WordPress website. While the process is not as hard as it seems, sometimes snags do come up along the way. If you need some professional help with moving your site, contact a digital marketing agency like us (Shout Web Strategy).

Below we discuss three different ways to change a WordPress website’s security. While some of these strategies might work for other websites, keep in mind that the syntax and the process might vary from this.

First, you will need to get an SSL certificate. Most major hosts have SSL certificates available. While you might not want the cheapest one out there, you can get a good certificate for $20-$50.

Second, you have three options to change the links on your site to the new, secured website.

  1. Change your WordPress settings link
  2. Create an .htaccess redirect
  3. Use WordPress Plugins

WordPress Settings Link

The easiest way to change the links on your website is to go through WordPress General Settings. Go to your settings in the admin area. Then open up the General settings. You will see the default URL for your site. Change both the WordPress address and the Site Address by adding an “S” at the end of http. Reginald Chan has a simple explanation of how to do this on his Smart Internet Lifestyle blog.

.httaccess redirect

If you have the slightest amount of coding chops, you can copy and paste the redirect code for your new https access to your server. Below is the code from StackOverflow.Com. Remember that you need access to your .htaccess files, either through your cPanel or via FTP access (Filezilla, for example).

#redirect all https traffic to http, unless it is pointed at /checkout

RewriteCond %{HTTPS} on

RewriteCond %{REQUEST_URI} !^/checkout/?.*$

RewriteRule ^(.*)$$1 [R=301,L]

WordPress Plugins

A few WordPress plugins do exist to help you. Specifically, WordPress HTTPS and Yoast SEO both can help you move your site from HTTP to HTTPS. Note: Yoast, while a stable plugin, is not reliable for moving over your site. Double check that it went through.

The ultimate outcome of the new security standards

The reality is that Google is making it tougher for websites to be listed on the first page of their website. Using an updated security profile is just one in a string of changes to ensure the highest quality sites get access to Google’s golden goose of traffic.

The HTTPS and SSL addition just make it easier for them to separate the winning from the losing websites in an ever changing battle of quality and rankings.

Furthermore, websites who use this standard have a higher rate of confidence from their readers – readers who care and search for secure payment. In that sense, Google only sped up the transition.

Guest blogger John Feeney is an employee of Shout Web Strategy. They believe that SEO is essential to every businesses success. Priding themselves on being Australia’s leading digital marketing agency, they can help grow your business by delivering more targeted traffic to your website. For more information visit



  1. Hey David!

    Thanks for sharing my article and highly appreciate it man. Are you deciding to change to HTTPS anytime soon?

    By the way, excellent article and top notch tips here.

  2. I personally think this was a great move by Google. I know a lot of people who are getting SSL certs to please Google but it’s important to note that this can also protect your visitors regardless if you have ecommerce or not.

    With that said I guess this can also help in determining who are serious with their blogs and who aren’t, at least to some extent. It only takes a few minutes (and a few $$/year) to implement SSL on a WordPress blog. If someone can’t be bothered to do this for their site then maybe their site isn’t that important to them.

  3. Hi Devid…

    Thanks for sharing the detailed tutorial on this complicated topic. But after what Google did with “Authorship” project I started doubting any of their new claims.

    Moreover “Authorship” was a FREE criteria but for HTTPS, as you have given the pricing it will a big blow for SMEs if after 2 years Google changes their criteria again…

    What say you?


  4. Karmakar.

    I say do it if it makes sense to you, whether to please customers or to deter hackers. It’s a move that makes sense for Google, at least for eCommerce sites. Why send someone to an unsecure site if there are secure sites selling the same thing? If you are doing monetary transactions on your site, you should have security in place, Google or no Google. I would not do it just for SEO, however.

    As for authorship…well, that’s a different matter. I’ll be sharing my theory on that one at some point soon.

  5. I think its brilliant, theoretically it will build trust and like you say, if it makes the customer more confident using an ecommerce site then its definitely better for business!! Thanks David.
    plus thanks for the codes!!

  6. Hi David,

    So if a person has a simple blogging site, it is or is not necessary to move to https to appease the google gods? I completely agree that any site that deals with personal information should be required to have an SSL certificate – and whoa to the consumer who deals with an ecommerce site that doenst have one, but if you arent collecting information, then why do it?

    What about if you are only collecting emails for a newsletter list (no name/address associated with it). WOuld you suggest getting SSL then?

  7. Aharilyn , to my mind that would depend on whether you have security concerns, too.

  8. Hi David, Which way would you recommend to go, if my blog of Paintings by Swav @ is on ? Cheers from Ireland

  9. Hi Swav. I am not making any recommendations on this.

  10. This is good for security but increases costs for small business. Is the fee for an SSL certificate a one of or annual?

  11. Will it effect the ranking of a normal site? is it better to just do it?

  12. I strongly believe that this is a real good move by Google. If you are a professional blogger or a serious business then this is your duty to protect your readers and buyers which you can not neglect. We all know the internet is so much vulnerable these days and making a site secured is the primary requirement just like designing, development or SEO.

    We are running a training business and right now we are moving our website to https. This is definitely a good and a positive move by Google.

    May be till now there are few problems but I am sure Google is going to fix them in no time.

  13. Hi Dave, I decided to leave my blog on for another while, because they might come up with the solution in the nearest future. Currently there is no chance to connect SSL certs with the blog on, because of no static IP… but on the other side, they should get some special deal from their hosting provider, which is go daddy. What do you think about it ?