8 replies to this topic

[susancalen]

I am facing a problem with one of the sites that I am doing SEO.

The site has been a shortwhile on a secure server causing Google to pick up many pages with https://. I noticed this problem and instructed my client to switch to http://. (The problem with having https:// is that when people click on the SERPs they get a pop-up that asks "DO you want to dislay the non-secure items?" and it's causing a bounce rate of over 70%!).

Now even though the site is running on http:// for over two months, Google still has many results with https://.

Does anyone know how I can changes the serps from https:// to http://

Thanks for your help!

Susan

[Randy]

What kind of server are you running on Susan? Linux/Apache or Microsoft IIS?

And are the pages also available via http? I'm assuming they are.

Lastly, is https required somewhere along the line? For instance, is there a secure checkout routine where https is needed?

If you're on a typical *nix/Apache server with .htaccess available to you there are a few different ways to approach it. First I would redirect https to http via a 301 so that whatever ranking power the pages have gets transferred properly. The easiest is probably to key on port 443, since that's the typical https secure port used by Apache. So if you wanted a blanket redirect from https to http it would look something like:

CODE

RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.yoursite.com/$1 [R=301,L]

If you need to allow https for some pages (eg cart checkout pages) you can either exclude them individually, or you could set up a second RewriteCond so that it only affected the search engine spiders by triggering on their user-agent strings. However if you need to use https you'll want to fix those non-secure references anyway.

As an aside, those usually pop up because somewhere in the code you're using an absolute link to an image, css file or javascript file somewhere, and the link is going to the non-secure address.

You can also use .htaccess to tell the spiders not to index any https content going forward. The way I do that on my sites is to create a separate robots.txt file just for ssl connections, then serve this file up to the spiders when they're accessing the ssl side of the site and request its robots.txt file. It's a pretty simple two-step process.

First create a new file, one I call robots_ssl.txt for sanity's sake, that simply contains a two line Disallow of everything. This robots_ssl.txt file looks like:

CODE

User-agent: *
Disallow: /

Then in my .htaccess for the site I have the following two line instruction to replace the normal robots.txt with my new one when something tries to access it via an ssl connection:

CODE

RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots.txt$ robots_ssl.txt

All of the above is for a Unix/Linux setup, with mod_rewrite enabled. If you're working with something else and can let us know the details someone can probably come up with a different solution.

[Jill]

Also, if you change your html code to where you point to the images and put them in the https directory, that should stop the pop up thingee.

[susancalen]

If you're on a typical *nix/Apache server with .htaccess available to you there are a few different ways to approach it. First I would redirect https to http via a 301 so that whatever ranking power the pages have gets transferred properly. The easiest is probably to key on port 443, since that's the typical https secure port used by Apache. So if you wanted a blanket redirect from https to http it would look something like:

CODE

RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://www.yoursite.com/$1 [R=301,L]

I will need to ask out tech guy what server they use.

About 301, we have about 5000 pages (since it's a shopping cart site), will the code above automatically do a 301 from https to http to all pages, or will it need to be done to every pages that was indexed with a https?

Thanks Randy and Jill for your great help!
Susan

[Randy]

Yes it'll do a 301 redirect for all https pages back to http automatically.

That's why it's important to make sure you exclude any pages where you need https to work. Like a shopping cart checkout page where you're collecting customer data. Often you can simply exclude those by the page's filename since the entire checkout procedure will use just one or two files. This assumes of course that you're doing checkout on your own domain and not using a shared ssl certificate or any of the 3rd party merchant processors.

[coopooc]

Randy, not to threadjack here but how could I accomplish this in IIS?

Anyone know?

[Jill]

coopooc there's info on how to do it with IIS in our 301 Redirect Forum.

[coopooc]

coopooc there's info on how to do it with IIS in our 301 [url=http://www.highrankings.com/forum/index.php?showforum=61]Redirect Forum[/url].

Thanks Jill. I'm digging through that forum now although nothing specific to this exact scenario has appeared in my initial searches.

[Randy]

I'm not sure since I don't run any IIS machines coopooc. If you had ISAPI filters installed it would probably be very similar to the above example, since ISAPI mirrors the functionality of *nix's mod_rewrite.

Without ISAPI at a minimum you'd want to look for a way to detect a hit to robots.txt using the standard SSL port of 443, then redirect/rewrite those to a robots.txt file that excludes spiders. That's what part of the above does. You may even be able to do that at the robots.txt file level if you set it up to run through the asp parser first.

If your site doesn't have the need to support https secure transaction (eg you use an off-site merchant program) you can simply 301 redirect any hit to any https secure page to its non-secure equivalent. Which way to approach it depends upon your exact need.

We've got several here to work with IIS hosting every day. Hopefully one of those folks will swing by with some better instructions.