Cendyn and Pegasus have merged. To learn more about this exciting news and how Cendyn can help you drive direct bookings, enhance brand loyalty and drive profitability visit cendyn.com.

Learn More

SEO checks to perform when switching to SSL on your hotel website

Google’s been pushing for some time that all websites use SSL (Secure Sockets Layer) to ensure higher levels of security across the web. More than half of the websites on the web have already done so, with the most visible result being that the site URL now reads https:// instead of the usual http://.

For the sites that haven’t yet switched, Google announced that they’ll start showing “This website is not secure” messages on any site that has a data-input form, even if it’s just a simple contact message form or newsletter subscription form.

Chrome Security Warning
Screenshot showing the kind of warning message Google will start showing on non-secure sites.

There’s always a bit of resistance when Google forcefully recommends web updates (see Google AMP), but in this case, SSL does make sense for most websites and is generally a win/win for consumers and businesses. Your website users feel safe, especially when it comes to entering sensitive information through your site. As for your hotel, it will get a slight SEO boost while also likely boosting the conversion rate at the same time.

When SSL goes wrong

A lot of articles have been written about how to implement SSL security on a website, especially with regard to SEO impacts, particularly to those hotels that already have a strong web presence established. Done incorrectly, you risk losing the organic search rankings you’ve worked hard to build up over the years, which ultimately will reduce the number of direct bookings through your website. Here are a few ways to check for issues with your SSL implementation, or warning signs that the switch to SSL may not have had the desired affects.

A drop in organic traffic and search rankings

The first tell-tale sign that something is not quite right with the SSL setup will be when you notice organic traffic decreasing when it shouldn’t be (e.g. it’s decreasing despite seasonal trends). If you notice a drop in traffic, you should try and pinpoint exactly where the organic traffic has dropped (which landing pages were affected). It should be possible to diagnose which page was causing the traffic loss, which should then allow you to check your organic search rankings (if you’re tracking them, which you should be). It could be that you’ve dropped a few positions for key search terms, resulting in fewer visits.

If the organic traffic drop indeed from the switch to SSL, then you’ll need to go through the following essential SEO checks, which have been roughly listed in order of priority:

SSL Check #1: Redirects

Prior to making the launch on SSL, you should have crawled your current site and built out a redirect file that would then be implemented on the server at the point of launch. Typically a rule is used which converts any previously requested URL and loads the SSL version, but that’s not always possible depending on your server and hosting environment.

Example htaccess file for auto-generated redirects:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

*Make sure to replace example\.com with the domain name you’re trying force to https. Additionally, you need to replace www.example.com with your actual domain name (source).

If the above isn’t possible, you may need to make a manual htaccess file containing static redirects. The method itself isn’t as important as making sure that permanent (301) redirects have been implemented, taking people from the old non-SSL page to the new SSL pages. If 301 redirects aren’t possible, then JavaScript (or Meta Redirects) should be a last resort.

To test if this is working or not on your website, just try visiting the old version of any of your website pages, and check that you’re redirected to the SSL version. To take this further, install the “Redirect Path” extension in Google Chrome and check that you see a 301 redirect being displayed.

Surrey Hotel 301 redirect
Screenshot showing a 301 redirect for The Surrey hotel, when accessing their old non-SSL URI (http://www.thesurrey.com/)

Don’t forget that non-webpages should be redirected too. That includes any resources hosted on your site (e.g. PDF files, self-hosted videos) and images.

Having 301 redirects are an essential part of the SSL switch as it tells search engines that the website has been moved elsewhere.

SSL Check #2: Canonical tags

Whereas redirects are an imperative to search engines, canonical tags are just a directive. That doesn’t mean they’re not important though. A canonical tag informs search engines which version of a URI is the preferred one in cases where it’s not clear.

Essentially, if there are two versions of webpages out there with similar content but different URI structures, the canonical tag tells search engines which version you want them to index. Without this, the similar pages would compete with one another for search ranking.

When rolling out SSL on your hotel’s website, you need to make sure that the canonical tag is now referencing the SSL version of your URL. Things to check for here include ensuring the canonical tags are referencing the absolute URI, not the relative URI.

The Surrey Canonical
Screenshot showing The Surrey Hotel’s canonical tag, referencing the non-SSL URI despite being live on SSL (which will cause issues if not resolved—see below!)
Surrey Hotel SSL
A branded search in Google shows the old, non-SSL URL of the homepage is still indexed, likely a result of the misconfigured canonical tag (compare the URI vs the highlighted TripAdvisor result).

You can use a tool like Screaming Frog to check canonical tags in bulk on your website.

SSL Check #3: Internal links

Having done all the hard work in rolling out SSL, you’d think that the last place you’d expect to forget to update would be your own website. But many sites forget to update their own internal links, which still point to the old non-SSL version of their URIs.

This isn’t likely going to impact SEO performance too much, but it should still be resolved. Otherwise you are causing unnecessary bandwidth on your web host, for the search engine crawler, and a slower browsing experience for the user, all because of the avoidable redirect that will need to take place. Again, Screaming Frog’s crawler software can be used to easily identify these types of issues.

Screaming Frog Redirect Check
Screenshot showing a crawl of a hotel website which is launched on SSL but has several internal links still referencing the non-SSL pages, causing redirects to be needed.

At this point it’s also worth updating any owned-online platforms where you link back to your hotel website, such as social media profiles, to ensure they also link to your SSL site version.

SSL Check #4: Search Console

Within Google Search Console you’ll need to setup new Properties for your new URL variants, that means having both https://www.hotelname.com/ and https://hotelname.com entities. This is so you can monitor organic search performance and make changes to your organic setup. It makes sense at this point to create a Group where you can keep all properties belonging to your hotel in one place.

GSC property set
Setting up a Property Set within Search Console allows you to review performance of all site variants that exist.

When all is set up for your new SSL site you’ll be able to access Crawl Error reports, perform Fetch and Renders, submit new XML sitemaps, and a range of other essential SEO-focussed tasks.

SSL Check #5: Google Analytics

Although not always included as an essential part of the SSL setup, it makes good sense to update any Analytics tracking tools to reference your new URI. That may mean within Google Analytics and Tag Manager, or whichever tracking software is being used. Check this setup, and ensure that data is flowing as expected across your profiles, especially any e-commerce information.

SSL Check #6: XML Sitemaps

Another easily missed SEO task during the SSL rollout is the re-building and re-submission of any XML sitemaps. These will need to reference your new URIs, so use a tool like Screaming Frog to rebuild and upload to your site. Then submit again through Google Search Console, Bing Webmaster Tools, Yandex, Baidu, and any other platforms being used.

It makes sense to update your sites robots.txt file to reference the new XML sitemap too, just in case it links to the old one.

SSL Check #7: Misconfigured Certificate

At this stage it doesn’t hurt to get a web developer to recheck everything in relation to the SSL security certificate, having reviewed all the above SEO specific tasks. It never hurts to double check the setup. You can also easily check for issues by reviewing within Google Chrome, or by using a  web-based tool such as Missing Padlock.

Missing Padlock SSL Tool
Missing Padlock will check your website for insecure pages–vital for sites which should be on SSL

You can quickly check the security of your website within Google Chrome by hitting Ctrl+Shift+I on your keyboard to open the “Inspect Element” menu, and then selecting the Security tab.

Security check in Google Chrome
The website security check within Google Chrome; this site shows the “secure/valid HTTPS” status.
Nancy Huang

Nancy Huang

Nancy is the Senior Marketing Director at Pegasus and expert in strategic communication, brand development, and content marketing. She is an admitted travel junkie and loves finding amazing hotel deals when booking direct. Contact her at nancy.huang@pegs.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay on top of hotel distribution and marketing trends.

Sign up for Travel Tripper's newsletter to get the latest news, tips, and resources delivered to your inbox.