Has your website’s SSL certificate expired recently? Well, if it has, hopefully you’ll have renewed it by now, but you may have seen a change in user behaviour during that time.
At Hallam Internet, we regularly run tests on different search engine ranking factors to measure result fluctuations in SERPs. However, these are planned tests. The one we are discussing in this blog happened unintentionally.
HallamInternet.com is a secure website, but on the 11th February 2016, we found out that our SSL certificate had expired.
Don’t worry, we’ve now renewed it. But for a period of around 24 hours, our website didn’t have an SSL certificate.
So, being a digital marking agency, we thought we would take the opportunity to analyse any effects it had on user behaviour, and in turn rankings during that time.
First, what do users see if your SSL certificate expires? They get this pretty alarming message:
If you were to be presented with this message when accessing a site, would you still proceed?
For the purpose of the investigation, we decided to analyse only organic traffic, and the sessions when the homepage was the landing page. The reason for this is for consistency in user behaviour measurements. Two of the metrics that are more likely to be affected are the average session durations and bounce rate. We have taken a closer look at these.
Average Session Duration
On the below image, the average session duration on the 11th February is highlighted with a red circle. Unsurprisingly, it has the 2nd lowest time at 1min 08secs in the month of February:
However, as duration times regularly vary depending on day of the week, we decided to look at data from Thursdays specifically in 2016 to see if there were any significant differences. As you can see, the dwell time was lower on the 11th compared to the other dates analysed:
When you view the below graph, you can see that the bounce rate (sky blue line) on the 11th Feb remained unaffected. The bounce rate percentage reported was not out of the ordinary:
With the average session duration dropping, it would be natural to assume the privacy message was a contributing factor. However, for this to be true, the bounce rate would have increased as visitors would not have engaged with the page due to them failing to get past the privacy message.
User Behaviour Conclusion
Although we are having to dig quite deep to see any real changes in user behaviour, and taking into consideration that these fluctuations in the data may have nothing to do with the privacy message, it would be wrong to dismiss it altogether.
As user behaviour is a ranking factor for search engines, we decided to see if there were any changes in the organic visibility of the Hallam Internet website in the week following the SSL certificate expiration.
Does an SSL Certificate Affect Rankings?
In 2014, Google confirmed that having an SSL certificate will give your website “a minor ranking boost.” So we reviewed our organic visibility and rankings during this period to see if any negative effects were evident.
The graph below is from Search Metrics and shows a significant drop in organic visibility shortly after the expiration of the SSL certificate:
When looking at MOZ visibility and ranking graphs, we see similar drops:
Although user behaviour changed slightly during this time, it’s highly unlikely to have led to a visibility drop of this nature. So, could this be a result or punishment for no longer having an SSL certificate, albeit for only 24 hours?
For the purpose of the article, I would like to say ‘yes, this is almost certainly the reason’. Unfortunately, I cannot.
In reality, the change in organic visibility we witnessed is echoed by many other SEOs and is more likely to be the real-time changes made now that Penguin and Panda have been added to Google’s core algorithm.
The key takeaway is to try and avoid getting into this situation in the first place. We were fortunate, as were able to address the matter within a few hours. However, many business owners or marketing managers don’t have the luxury of being able to react quickly to these issues.
Every SSL certificate has an expiration date, and there are tools available that will ensure you are sent regular reminders when you approach that date.
Although user behaviour was not significantly affected on that particular day, it may have been a different story if the warning message was shown to visitors for a week, or even longer. It would be at this point when we would start being concerned about the effects on rankings.