I have been seeing more and more websites showing up in Google search results recently with HTTPS prefix. This would normally be a good thing, however, in many cases the website itself hasn’t been migrated to HTTPS!
Many business owners and other website owners are shocked to notice:
- Their website is suddenly appearing as HTTPS in Google search results
- A sudden drop in organic rankings
- A drastic drop in traffic to their site in Google Analytics
- And/or also just as surprised to see a big security error in their browser when they try to click through to their website from Google search results (rare)
Why is Google showing my site as HTTPS in search results?
Assuming you are reading this and did not migrate from HTTP to HTTPS, you are probably wondering why Google has crawled an HTTPS version of your site and how it got there.
Let’s start with WHY Google is crawling the HTTPS version.
In 2015 Google announced they will crawl HTTPS by default. This means that if Googlebot discovers an HTTPS version of your website, they will begin crawling that instead of your HTTP site.
How did I get an HTTPS version of my website?
I know what you’re thinking. You didn’t purchase an SSL certificate.
You probably have a web host which uses cPanel. In cPanel version 56, cPanel began offering FREE cPanel-signed hostname certificates. These SSL certificates are cross signed by Comodo. I believe this was in response to Let’s Encrypt. As of cPanel version 58, cPanel added AutoSSL. In a WHM control panel, this feature could easily be turned on with a click, offering free SSL certificates to any domain hosted on a licensed cPanel. Then cPanel version 60 came out, and the free Comodo signed SSL certificate feature is enabled by default. This has resulted in tens of millions of SSL certificates being issued.
In February 2017, this has really kicked into high gear as more and more hosts upgrade to cPanel v60.
Potential problems with this surprise HTTPS “upgrade”
Webmasters who had no idea they migrated to HTTPS may notice these issues:
- A significant decrease in traffic in Google Analytics – This is due to the web property you have configured. You are looking at HTTP traffic, which does not show your HTTPS traffic. You need to configure an HTTPS property in Google analytics.
- A drop in rankings – This could be due to duplicate content issues. Google sees your HTTPS site in addition to your HTTP site.
- Errors in the search bar of their browser – AKA “no green lock symbol” or “Connection not secure” or “Parts of this page are not secure (such as images)” – this happens when elements of the page are still HTTP.
What do do if this happens to you
This article would be complete without actionable advice, right?
I would strongly recommend that you go with the flow and upgrade to HTTPS. It’s free. And, I have made this free guide for you: How To Upgrade WordPress to HTTPS and Not Break your SEO.
Alternatively you could configure an HTTPS to HTTP redirect to keep the search engines and users in check. Although if the cat is out of the bag, it is time to move to HTTPS. There would be additional steps to this because if people click the HTTPS site in search and they’re redirected to an HTTP site they’re going to get an error message which will scare them away.
If you still need assistance with this or other technical SEO problems feel free to contact me. You should not experience a loss of rankings OR traffic after an HTTPS migration assuming it went correctly. If you have a quick question please feel free to comment below.
Did Google suddenly index your website as HTTPS?
Did this happen to you?
Are you excited to learn of your new free SSL certificate?
Please tell us about it below.