Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo
- - - - -

Switching Site To Https - Http - Any Thoughts/ Advice Etc?


  • Please log in to reply
14 replies to this topic

#1 lister

lister

    HR 5

  • Active Members
  • PipPipPipPipPip
  • 426 posts

Posted 10 September 2014 - 06:37 AM

I am sure we are all agreed that HTTPS sites are now being recognized by Google as a ranking factor - just google it you'll see a ton of info...

Anyways - I want to switch to https - has anyone reading this done it and is it a world of pain or pretty seamless? I know that it is basically a .htaccess script but my question is that WordPress is a bit of a mess no? There are a gazillon links that all need to be https so that could be a gigantic headache....

The reason why I say gigantic headache is because all the SSL HTTPS stuff I have done in the past only works when EVERY link is 100% secure - then the certificate kicks-in and life is good....

Any feedback v welcome!! Thanks


  • Michael Martinez likes this

#2 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,325 posts
  • Location:Georgia

Posted 10 September 2014 - 10:11 AM

I am sure we are all agreed that HTTPS sites are now being recognized by Google as a ranking factor - just google it you'll see a ton of info...


Actually, Google said it isn't making much difference for anyone at this point.
 

Anyways - I want to switch to https - has anyone reading this done it and is it a world of pain or pretty seamless? I know that it is basically a .htaccess script but my question is that WordPress is a bit of a mess no? There are a gazillon links that all need to be https so that could be a gigantic headache....


It depends on how you publish your Website. If you are using components from different sources (such as plugins or addons or extensions etc.) then you have to make sure that each component works properly in HTTPS (many do not).
 

The reason why I say gigantic headache is because all the SSL HTTPS stuff I have done in the past only works when EVERY link is 100% secure - then the certificate kicks-in and life is good....


If you are thinking of doing this "for SEO benefit" there IS NO SEO BENEFIT yet.

Just because a million idiot bloggers have jumped on the latest buzz expression doesn't mean it will help or that you need to fuss with it.

I administer over 100 Websites. None of them are on HTTPS and none of them will make that move any time in the near future. They are doing just fine without it.

Edited by Michael Martinez, 10 September 2014 - 10:11 AM.

  • Jill likes this

#3 torka

torka

    Vintage Babe

  • Moderator
  • 4,825 posts
  • Location:Triangle area, NC, USA, Earth (usually)

Posted 10 September 2014 - 10:11 AM

Well, actually, that depends on what you mean by "we are all agreed." :) I will agree it's potentially recognized as a very minor ranking factor, under certain circumstances, maybe.

 

But certainly not enough of a factor right now that I need to drop everything and switch all my sites over. I've got a lot of other waaaay more important stuff on my plate to deal with before I get around to that.

 

Seriously, right now there are gazillions of website owners, bloggers and others out there who have never even heard of HTTP or HTTPS and would have no clue how to go about switching from one to the other. And many of these people run very useful, content rich, user-friendly websites. (You know, exactly the kind of sites that Google wants to show in their results.) So it would be stupid, crazy and counterproductive for Google to make it a major ranking factor right up front, downgrading all these excellent sites in favor of some crap site whose only claim to "greatness" is that the site owner knows how to redirect to HTTPS.

 

Of course, there are some SEOs who see this as a big business opportunity, so they've been pounding the HTTPS drum since the get-go. They know they can charge additional fees for converting client sites to HTTPS...

 

Way I see it, there have been plenty of other "ranking factors" where everybody's jumped on the bandwagon and gone crazy trying to implement, only to have the factors turn out to be not such a big deal in the long run. I already have HTTPS set up where I need security (credit card processing). I'm going to wait to see how this develops further before I expend the time/energy on making it happen sitewide. And by the time it becomes a necessity (assuming it ever does), there will undoubtedly be tons of mainstream-friendly tools and plugins that will largely automate the process.

 

My :02:

 

--Torka :oldfogey:


  • Mikl likes this

#4 chrishirst

chrishirst

    A not so moderate moderator.

  • Moderator
  • 7,718 posts
  • Location:Blackpool UK

Posted 10 September 2014 - 10:53 AM

More than ANYTHING the suggestion by Google that HTTPS might just be a ranking signal appears to have prompted a torrent of emails from various hosting companies that "NOW is the time to buy a certificate from us".

 

 

Although we had all better just ignore the fact that SSL certs ALSO REQUIRE a dedicated IPV4 IP address and there isn't enough of those to go around anyway.



#5 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 23 September 2014 - 04:47 AM

Have Google totally and utterly lost the plot?

Why on earth do people want to spend money on an SSL certificate for a public facing, non-sensitive data website?

 

Who ever came up with this idea at Google is a moron!

 

As Chris has mentioned it's now created a spew of spam trying to scare people into buying unnecessary technology and one can only assume Google has some vested interest in the SSL companies or it is to do with the way they steal data on peoples computer's, tracking, analytics and alike.

I have ALWAYS secured sensitive data / member's areas / usernames and passwords for logging in etc..  via SSL, but only on those sites that require it, if everything on a particular site is static, public facing, non-sensitive, doesn't take card payments or require anyone to provide a username or password, I am not paying for an SSL certificate just because some idiot at Google thinks I should.

 

Honestly, what is the internet coming too?

 

In fact I agree with Michael, if you are doing this for 'SEO' for no other reason than to try to manipulate your SE ranking, then this is black hat SEO. Doing something that has no benefit to your site, has no benefit to your users and has no relevance to the content on the site/page, forcing people to do it is unethical and therefor 'Black Hat'.


Edited by 1dmf, 23 September 2014 - 05:48 AM.


#6 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 24 September 2014 - 10:07 AM

I thought it only fair I come back and eat a little humble pie, regarding my slightly misguided comments. I would like to have edited my post but unfortunately I seem unable.

Having been discussing this with others more knowledgeable than myself, their is one thing using SSL does help stop and that's the 'fake site' -> 'man in the middle' attacks.

 

As the SSL is linked (as Chris points out) to a static IP, it helps to ensure that the server responding to the request is the server authenticated claiming to be the domain you are trying to reach and interact with you, not only encrypting the data transmission.

 

Of course it may still be possible to spoof IP's and I'm sure some hardcore hacker may be able to create a self signed SSL certificate spoofing the authenticity of the domain, after all the NSA implement this type of tactic using a 'race condition' to try to impersonate servers on the TOR network that is encrypted, so encryption and SSL certification can be spoofed, but I also know they work in partnership with ISPs and data centres to plug into the main internet backbone network to enable this.

I still believe doing anything just to increase rankings is unethical, and no matter of Google's 'good intentions', dangling a 'ranking' carrot in front of people and threatening to lesser your ranking if you fail to install SSL, or boost those with it is not the way to go about it.

 

Also if anyone saw the BBC2 Horizon program - Inside the Dark Web - IICAN and possibly other domain registrar governing bodies are meant to have implemented a major security upgrade mechanism to ensure this isn't possible, perhaps it has failed, or would never work or does this only work if you use SSL, the program wasn't very clear and perhaps it was simply a confidence boosting PR stunt?

 

On a plus note, the new free version of AVAST now includes tracking blocker as standard and knocks GOAN / Facebook and other tracking into a cocked hat :woot_jump:

 


Edited by 1dmf, 24 September 2014 - 10:14 AM.


#7 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,325 posts
  • Location:Georgia

Posted 24 September 2014 - 10:35 AM

Having been discussing this with others more knowledgeable than myself, their is one thing using SSL does help stop and that's the 'fake site' -> 'man in the middle' attacks.


That's just wishful thinking. Whoever told you SSL will prevent MitMs doesn't know what they are talking about. Google themselves fell prey to an MitM from China in August 2014, long after they switched to HTTPS.

HTTPS has always been a worthless, useless technology. It is widely used in ecommerce but even there it offers 0% protection to consumers, whose financial data is stolen by hackers all the time because they just break into the databases rather than try to sniff packets.

Your initial assessment of Google's recommendation was spot on: only a moron would do this.

#8 chrishirst

chrishirst

    A not so moderate moderator.

  • Moderator
  • 7,718 posts
  • Location:Blackpool UK

Posted 24 September 2014 - 11:24 AM

 

only a moron would do this.

Sadly, or perhaps fortunately for the purveyors of such nonsense, in this particular suite of  market sectors, morons are quite thick on the ground (pun entirely intended).



#9 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 24 September 2014 - 11:26 AM

Well I am just trying to be fair and honest and have an open discussion, and due to my Dyspraxia, my emotions can sometimes get the better of me and I sometimes wish I had been a little more cool headed before I rant.

 

As I am not an expert on this, and as SSL is meant to authenticate you are who you say you are, I can see it may help from the box standard wishful hacker from easily spoofing identification.

 

But as mentioned having watched the Horizon documentary, I know that this isn't the solution otherwise they wouldn't have 3 monthly 're-encryption' ceremonies and spend a small fortune upgrading the domain name system to try to stop MitM attacks due to a massive security flaw they found in the entire mechanism.

 

Though I believe this is simply confidence boosting PR, because if people knew the real truth about how dangerous and insecure buying stuff online is, no one would do it, though it might bring back the high street and mall shopping, so not necessarily a bad thing!

 

I'm no Google fan boy (you all know that!)  and didn't want to sound over bias about something I am simply interested in, not expert in, and welcome all input regarding this current fiasco not just G!'s bullying, carrot dangling, monopolistic spam creating latest SSL comments, but the whole SSL / Encryption / data protection issue.

 

Though it's nice to be told I got something right for a change :lol:



#10 chrishirst

chrishirst

    A not so moderate moderator.

  • Moderator
  • 7,718 posts
  • Location:Blackpool UK

Posted 24 September 2014 - 04:04 PM

 

As I am not an expert on this, and as SSL is meant to authenticate you are who you say you are

Not really, 'standard' SSL only 'certifies' that the domain name in the URL is the same as the domain name that the certificate was issued to and the certificate was issued by a 'known' provider, who's 'key' (root certificate) is already registered by the browser and operating system you are using.

 

I could generate a certificate pair, send you a public key to install, then any certificate I generate would be accepted by your browser(s) as 'secure'.



#11 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,325 posts
  • Location:Georgia

Posted 24 September 2014 - 10:03 PM

SSL is worthless. It was never providing any real value to anyone except the companies that profit from selling certificates and SSL-compliant software.

In theory your credit card information could be stolen by your Internet service provider or employer, whose computers your traffic goes through; but legitimate companies would have been shut down for doing that long before now.

Also, we have seen tens of millions of credit card accounts compromised over the past several years. The banks cancel the accounts and issue new cards. SSL is just a waste of time and resources.

#12 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 25 September 2014 - 03:34 AM

So now the big question is why is Google doing this? If there is no security benefit to end users and never has been, there must be some ulterior motive?

 

As an aside does SSL create a tunnel, so all packets travel the same route during transmission, or do all packets get flung all over the place as is the nature of the internet, so sitting in one place packet sniffing doesn't mean you get to see all packets in the transmission anyway? 



#13 chrishirst

chrishirst

    A not so moderate moderator.

  • Moderator
  • 7,718 posts
  • Location:Blackpool UK

Posted 25 September 2014 - 08:26 AM

 

So now the big question is why is Google doing this?

I'm going to stick with my original thought that Google are preparing to become a  root certificate authority provider and SSL issuance provider.

 

I mean if Google are going to give better rankings for using SSL, then having a Google issued SSL certificate MUST be "even MORE better".


Cynical???

 

 

ME??????

 

 

I don't understand what gives you that idea. .... ...


Edited by chrishirst, 25 September 2014 - 08:25 AM.


#14 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 25 September 2014 - 09:14 AM


Cynical???

 

 

ME??????

 

 

I don't understand what gives you that idea. .... ...

 

Not only are you a cynic (as am I) , but you are also a comedian!

 

Google are preparing to become a  root certificate authority provider and SSL issuance provider.
Google === Security :roflmao:

#15 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 26 September 2014 - 05:29 AM

Well it seems there are many people in the industry that are also claiming that SSL helps to authenticate that the server you reach was the resource you were trying to reach...

http://devproconnect...208512&NLL=5342

 

Is DevPro a reputable source for this sort of stuff?

 

I also found this article...

 

http://devproconnect...ics-ssl-and-tls

 

I'm confused, does TCP/IP no longer use sockets to connect? Whats this HTML5 web sockets?

 

Secure Socket Layer === Transport Layer Security

Isn't it just two different acronyms to mean the same thing?

 

OK in cryptogopghy you can have MD5 / SHA / Blowfish etc. etc.. , but it's still called Encryption?

 

If DevPro is to be beleived, the bottom line is EVERYTHING must run over SSL/TLS (whatever), and Google will allow this to be a way of perfoming legitimate black hat SEO to increase rankings!


Edited by 1dmf, 26 September 2014 - 05:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

We are now a read-only forum.
 
No new posts or registrations allowed.