• This field is for validation purposes and should be left unchanged.

Illustrations Webinars

Understanding the Importance of HTTPS for Law Firm Web Security

Alex Valencia
Published   August 28, 2017

Host: Jordan Kasteler, WDW


We Do Web’s SEO and Marketing Director Jordan Kasteler gets to the bottom of Google’s upcoming October 2017 update regarding HTTPS. He shares the how, what, and why your law firm web content will need to make the change safely. It’s not just about meeting Google’s SSL requirements to improve your page rankings; it’s about protecting your clients’ information. For a brief understanding about the differences contact our team for a FREE content audit.


Jordan shares his HTTPS checklist to get ready for the update:


  • Conducting a 301 for all those old HTTP pages
  • Adjusting canonical tags
  • Updating internal links 
  • Making sure that your new HTTPS site has a robots.txt file in it
  • Updating your sitemap
  • Making sure your disavow file follows your new Google Search Console account
  • Adding an HTTP Strict-Transport-Security (HSTS)




Jordan Kasteler:

Hey, guys. I’m Jordan Kasteler, marketing director here at We Do Web Content. Today, I want to talk to you about HTTPS and Secure Socket Layers and what does this mean, and why it’s important for SEO. If you look at any URL in your web browser, you will see, at the very beginning, before it says WWW… Or maybe it doesn’t say WWW. At the very beginning, it says either HTTP or HTTPS. If it says HTTPS, that means it’s a secure site. It has an SSL certificate. SSL stands for Secure Socket Layer. But there’s also a TLS, which is a Transport Layer of Security. That often gets referred to as an SSL certificate. The technicalities don’t really matter. What you need to know is whether your site’s secure or not.

An SSL certificate provides a key to that site. Then, there’s trust authorities, like VeriSign, Thawte, Semantic, et cetera, that read that key and work together with the information that’s crossed between the website and the certificate to make sure that the information is safe and secure. When you’re shopping on an e-commerce site, it’s very important that you have and make sure that they have an SSL certificate and their browser says HTTPS when you go to check out, especially when you go to enter in your credit card information. You can ID whether a site’s secure or not by looking at the upper left-hand tab on most browsers. Next to where it says HTTP, either on the left or above it, you should see a little information box to tell you whether the page is secure or not secure. This is another good indicator to see if pages are secure.

Recently, Google just sent out an email to all webmasters saying, “If you take any form fields on your site, whether you ask for a name or an email address or any information, you must be an SSL-secure HTTPS site.” This is pretty mind-blowing to the industry because, really, SSL certificates have been reserved for commerce sites, sites taking credit cards. Now, Google wants to protect all sites where information has passed just because hacking has become so pervasive that Google really wants to crack down on it.

Google themselves went SSL, I believe, around 2013 or 2014. SEOs had a uproar over it because we lost a lot of data. We lost the keywords that people were typing in. The keywords were directly going to our analytics system when people would come to our sites. We lost that information. But it was Google’s move to protect information for people. Google wants all the world to be protected, all the web to be protected. What they’re going to do is a few things to usher us to do so.

Well, in 2014, they said, “An SSL certificate on your site… Moving to HTTPS will give you better rankings in Google.” Now, in studies, there hasn’t been that much lift. But if you look at some of the most popular sites and the most ranking sites on the web, they are using an SSL certificate.

Aside from rankings, right now, at least, look at conversions and how high your site converts because people feel protected when they’re on your site. They see those trust badges. They see that you’re a secure site. They see the HTTPS. People are more likely to convert on your site. It prevents hackers, at least to a degree, from being able to hack your site or steal information that people are typing in on a form. That’s one good thing. It prevents hackers and spammers. It’s good for progressive web apps.

It’s better for analytics, too, because if you have unencrypted pages transferring information to encrypted pages, there’s a loss of data that happens there. You could have a referral from an encrypted site going to a unencrypted site. It would no longer be a referral on Google Analytics. It’d be looked at as a direct page view. That’s something to look out for. Here’s some reasons SSLs can be bad. They decrease the income for AdWords advertisers sometimes and any advertisers. Now, I’ve heard this is mostly fixed. But there are still some issues with older servers out there, older servers that are running older ad platforms on older sites where this can be a loss of income for advertisers. I think it’s mostly a short-term thing. I’ve never experienced it myself. It’s all been hearsay for me. But from what I hear, this is mostly fixed. I wouldn’t stop there and not go to SSL just because of that. Just make sure your servers are up-to-date and proceed.

SSL can mean longer load times. It can mean longer handshakes with the servers. This is another thing that’s… goes against what Google said; is Google wants really, really fast sites. But I think the security and the conversion and the SEO benefit outweighs that small, small lag time you’re going to get with adding an SSL to your site. Again, it’s very small.

SSL requires a lot of technical expertise to be able to install it. It’s not just one thing you can click on, and boom. There it is. There’s a lot of things you have to do for its compliance. It’s a big reason why people haven’t necessarily jumped on SSL as quickly because you have to have a pretty savvy tech team to do it. We do. We’re making all our clients SSL. It’s fun.

One problem with SSL is you could see a dip of traffic after implementing HTTPS to your site. Why? Well, Google sees HTTPS and HTTP as completely separate URLs. When you migrate over to HTTPS, Google sees completely new URLs on their site. They’re not smart enough to know that these were the exact same pages with the exact same age and trust and just treat them the exact same way. It shuffles things. They look at everything again. They want to reevaluate your site. If your site’s in good standing, you’ve done white hat SEO, you’ve done everything, you have quality content, you’re doing nothing that would upset a penguin or a panda algorithm, then you should be solid. However, if you’ve dabbled in the gray area, or if your site’s a little thin in some places, or there’s some outlying problem that you’ve managed to grandfather yourself over or keep maintaining your rankings over, Google might reevaluate your site and say, “Well, we’re going to bring you back down to where you should be.”

If you’re an affiliate marketer or if you’re just not confident in your site, if you have an SEO team that’s kind of shady, you’re not confident your site’s where it should be, maybe take a look at that first. Get a technical SEO audit. Make sure everything’s shipped shaped before you move over to HTTPS. Then, therefore, you won’t have that lull or that decrease in traffic when you move over.

Here’s some things to look out for you. You made the decision. You want to go to HTTPS. There’s some technical things that you should do to make sure that you’ve made a competent decision and everything goes smoothly. The first thing you want to do is 301 all those old HTTP pages to the new HTTPS pages, preferably using the HT access file. Then, you want to make sure everything else follows suit.

You have canonical tags on your site. You don’t want to leave them saying HTTP. You want them pointing to the new HTTPS version. Internal links on your site… They need to be pointing to the HTTPS versions of your links anyway. If not, there’s a redirect that’ll be in place, hopefully, that will pass the HTTP to the HTTPS. But then there’s a loss of value when you have all these redirects on your site. Redirects can slow down your site. Redirects in a slow-downed site can cause a decrease in conversions. So many reasons not to do those things. Just make sure everything’s HTTPS. That means making sure that your new HTTPS site has a robots.txt file in it, making sure that new robots.txt file has a site map in there and that site map reads all your HTTPS pages, getting set up with a new Google Search Console account that has your new HTTPS site in it, and making sure your disavow file follows your new Google Search Console account.

It’s a big mistake I’ve seen. People have spent many hours with their disavow file, trying to disavow all these links. What they’ve seen is as soon as they go to HTTPS and get a new Google Search Console account, all those links come back because they’re no longer disavowing. You need to make sure that that transfers with you. It doesn’t do it automatically. Same thing with site maps: that if you have any news or image or XML site maps in your Google Search Console account, move them over. Again, make sure those site maps are pointing to HTTPS pages. You’d want to add an HTTP Strict-Transport-Security (HSTS) is what that stands for, as a security measurement on top of your SSL. You can ask your hosting providers about that.

You’re all done. You’ve done all those things on the checklist. You might want to go back and re-audit alone. Re-audit for those hidden HTTP pages. Make sure they all resolve to HTTPS. Go back to directories, citations, social profiles that you own and update your URLs there so they’re pointing to HTTPS as well. Any links you can control, make sure they’re HTTPS. For everything that you do going forward, make sure that it reads HTTPS. That way, all the link value goes to one canonicalized version of a URL. There’s no confusion to Google. There’s no need for redirects, which can lose link value. Everything’s perfectly set in stone.

Now, you might be asking, “Well, I have all these old links that I’ve built. I can’t control them. Is it okay to leave them HTTP?” The answer is yes. Google can still redirect those links. Ideally, you would not make Google have to redirect and, therefore, not lose any link value. But it’s a small amount. If you can’t control it, you have old HTTP links, that’s fine. Just make sure they redirect properly to the HTTPS versions.

All right, guys. We’ll have an upcoming webinar talking more about HTTP and what you should do about it, technical things that you need to do to make sure that you’re proofed for the future of Google with so many things going on this year and next. Join us soon. Again, Jordan Kasteler, marketing director at We Do Web Content. Take care.


Let's get this conversation started!
Tell us a bit about yourself and someone from our team will contact you as soon as possible.
  • This field is for validation purposes and should be left unchanged.