I have been seeing more and more websites showing up in Google search results recently with HTTPS prefix. This would normally be a good thing, however, in many cases the website itself hasn’t been migrated to HTTPS!
Many business owners and other website owners are shocked to notice:
- Their website is suddenly appearing as HTTPS in Google search results
- A sudden drop in organic rankings
- A drastic drop in traffic to their site in Google Analytics
- And/or also just as surprised to see a big security error in their browser when they try to click through to their website from Google search results (rare)
Why is Google showing my site as HTTPS in search results?
Assuming you are reading this and did not migrate from HTTP to HTTPS, you are probably wondering why Google has crawled an HTTPS version of your site and how it got there.
Let’s start with WHY Google is crawling the HTTPS version.
In 2015 Google announced they will crawl HTTPS by default. This means that if Googlebot discovers an HTTPS version of your website, they will begin crawling that instead of your HTTP site.
How did I get an HTTPS version of my website?
I know what you’re thinking. You didn’t purchase an SSL certificate.
You probably have a web host which uses cPanel. In cPanel version 56, cPanel began offering FREE cPanel-signed hostname certificates. These SSL certificates are cross signed by Comodo. I believe this was in response to Let’s Encrypt. As of cPanel version 58, cPanel added AutoSSL. In a WHM control panel, this feature could easily be turned on with a click, offering free SSL certificates to any domain hosted on a licensed cPanel. Then cPanel version 60 came out, and the free Comodo signed SSL certificate feature is enabled by default. This has resulted in tens of millions of SSL certificates being issued.
In February 2017, this has really kicked into high gear as more and more hosts upgrade to cPanel v60.
Potential problems with this surprise HTTPS “upgrade”
Webmasters who had no idea they migrated to HTTPS may notice these issues:
- A significant decrease in traffic in Google Analytics – This is due to the web property you have configured. You are looking at HTTP traffic, which does not show your HTTPS traffic. You need to configure an HTTPS property in Google analytics.
- A drop in rankings – This could be due to duplicate content issues. Google sees your HTTPS site in addition to your HTTP site.
- Errors in the search bar of their browser – AKA “no green lock symbol” or “Connection not secure” or “Parts of this page are not secure (such as images)” – this happens when elements of the page are still HTTP.
What do do if this happens to you
This article would be complete without actionable advice, right?
I would strongly recommend that you go with the flow and upgrade to HTTPS. It’s free. And, I have made this free guide for you: How To Upgrade WordPress to HTTPS and Not Break your SEO.
Alternatively you could configure an HTTPS to HTTP redirect to keep the search engines and users in check. Although if the cat is out of the bag, it is time to move to HTTPS. There would be additional steps to this because if people click the HTTPS site in search and they’re redirected to an HTTP site they’re going to get an error message which will scare them away.
Migration Migraine?
If you still need assistance with this or other technical SEO problems feel free to contact me. You should not experience a loss of rankings OR traffic after an HTTPS migration assuming it went correctly. If you have a quick question please feel free to comment below.
Did Google suddenly index your website as HTTPS?
Did this happen to you?
Are you excited to learn of your new free SSL certificate?
Please tell us about it below.
- Google “Pure Spam” Penalty Deindexes Sites March 6 2024 - March 12, 2024
- What Happened to ChicagoNow.com? - August 30, 2022
- The December 2021 Google Local Pack Algorithm Update - December 17, 2021
I have a website https://www.example.nl (With SSL Certificate) for my desktop visitors.
Besides that I use a mobile website http://m.example.nl for my mobile visitors. (Without SSL)
It isn’t possible to put a SSL certificate on my mobile website because it is host by a third party for mobile sites.
Both sites are working fine.
But: Google is redirecting my mobile website in the SERPS to https.m.example.nl instead of http.m.example.nl.
Therefore visitors who use Google to visit my mobile site won’t see my site.
I’ve used Canonical Tags on my mobile site to tell Google it should redirecting to http instead of https but this hasn’t worked.
Do you have other ideas?
Thanks in advance!
Acck.. That mobile website needs to die. 3yrs ago I wrote about how people using them should be penalized. (No offense).
Seriously though, those aren’t even an option these days. Scrap the 3rd party mobile site, make the existing site responsive, go to HTTPS exclusively. That is your only good option.
Thanks. I had not updated my page and it is suddenly showing up as HTTPS in Google. But when I click it I see it in HTTPS and it has an exclamation point over the lock. What is wrong with it?
TJ,
Please refer to my article: How To Upgrade WordPress to HTTPS.
Basically, just visiting the site in HTTPS without making changes to WordPress will result in error messages. Follow the instructions in my other post and install the plugin referenced. This will probably fix the error. Your theme is referencing things in HTTP, such as images, like the image logo, you social icons, and other pictures. Once you run the plugin it will force everything to work in HTTPS. This is just one issue which can arise from Google automatically indexing HTTPS WordPress websites.
Today I saw Google indexing my pages as https:// although I don’t use SSL. This explains it as I am on a server which uses cPanel. I checked with the hosting company and the upgrade did cause the “free HTTPS upgrade” to take place. Thank you