Google indexes HTTPS by default

  • Resolved ircf

    (@ircf)


    8 years, 4 months ago

    Hello,
    We recently activated Really Simple SSL on our WP network after having created a SAN SSL certificate.

    We didn’t want to move all websites directly to HTTPS for many reasons :
    – we didn’t want to have to check for every website mixed content issues
    – we didn’t want to re-generate and re-submit every sitemap to Google
    – we didn’t want to disrupt the SEO for every website, even if it’s temporary

    So we have started to activate SSL individually on some websites using the “Activate SSL”, and kept it disabled for the others.

    Unfortunately we discovered that Google began to reindex automatically ALL our websites with HTTPS, because they deciced in 2015 to do so automatically on certain conditions : https://webmasters.googleblog.com/2015/12/indexing-https-pages-by-default.html

    To fix this, we decided to disable the plugin from the network and only activate it for the HTTPS-ready websites.

    I think it would be great to discourage search engines from indexing HTTPS as long as the “Activate SSL” button is not enabled, for example by disabling the mixed content rewrite.

    Apart for this issue, it’s a really great plugin, thank you for your work ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Rogier Lankhorst

    (@rogierlankhorst)

    Thanks for the feedback, I’m going to do some research on this. Currently, the mixed content fixer activates when a page is loaded over https, which I think is good behaviour.

    As long as you don’t click “enable SSL”, no .htaccess redirect is inserted, which would 301 redirect the site, and the siteurl is not changed to https yet.

    So without enabling SSL, when a user visits the website over https, the mixed content fixer will activate, which makes your page secure (green padlock), but users will have to go to that https link explicitly. As long as no redirects have been in place, I expect Google not to start indexing the https pages: Google will have no information yet that this is available.

    In your case, Google did index your pages because a 301 redirect had been in place for a while.

    Summarizing, I would think that the current behaviour of the plugin is as you requested …unless you have activated the 301 redirect for a while and then turned it off again. In that case, it might be hard to get Google to “forget” the SSL links.

    I don’t think there’s anything to be done about that. I’ll have to do some tests to confirm this. Let me know what you think!

    Thread Starter ircf

    (@ircf)

    Hello,
    There is NO 301 redirect, for example : https://sgla.fr/
    The .htaccess is not appliable here because we use nginx.
    Google DID index the HTTPS websites without any hint, he just tried for it and because de HTTPS page is non mixed content, he decided to index it.

    Thread Starter ircf

    (@ircf)

    I agree this is a completely stupid behaviour from Google, but it is Google…

    Plugin Contributor Rogier Lankhorst

    (@rogierlankhorst)

    Ok, thanks for the input. In that case, this could only be achieved by deactivating the mixed content fixer. A solution could be if I make it so that it needs to be explicitly activated by the user when SSL is not enabled yet.

    Thread Starter ircf

    (@ircf)

    Thank you very much for your support and your reactivity !

    For now we added 301 redirects to nginx vhost config so that only specific websites should be redirected to https and the other ones to http. Hopefully Google will re-index everything as it should soon, we will surely migrate all websites to https in the following months.

    It might be great to integrate 301 redirects at PHP level (e.g. header(‘location:…’)) so your plugin would be apache/nginx agnostic, and make both redirects :

    if ssl enabled and current url is http then redirect to https
    else if current url is https then redirect to http

    So you could keep the non mixed content fixer enabled by default.

    Thank you again for your great work ??

    • This reply was modified 8 years, 4 months ago by ircf.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Google indexes HTTPS by default’ is closed to new replies.

Tags