Is your E-commerce store HTTPS-positive?


Customer's trust is key to improving sales and other micro and macro-conversions, for every e-commerce company. But, it is not just about earning trust for your products; customers also need to trust your e-commerce portal since they would have to share their card, wallet or online bank account details to successfully order an item.

Gone are the days when visitors hardly noticed or were concerned about whether a site’s URL is secure or not. Today, with some critical payment information being shared on a Magento-enabled e-commerce platform and multiple hacking instances happening around the world, people are more cautious when buying online. So the latest industry standards dictate that an e-commerce platform has to provide a secure experience for the end consumers.

Reasons to Move Your Magento Store to HTTPS

The Hypertext Transfer Protocol (HTTP) set of rules are used by your website (server), to provide a response to the request generated by your web client (browser). However, this communication is prone to attacks by hackers who can easily compromise some critical data of your customers. And, just one instance of a customer’s information or payment data being hacked could put your entire store reputation at risk.

The ideal way to prevent such a scenario is to encrypt the information transferred between the browser and your website, using the Secure Sockets Layer (SSL) certificate, which is also referred to as Transport Layer Security (TSL). This is exactly what is done by Hypertext Transfer Secure Protocol (HTTPS). So, when a user sees your URL with HTTPS (instead of HTTP), they feel more secure and confident about the safety of their credit card information.

Furthermore, Google currently considers HTTPS as a paramount ranking factor, introduced with the 'HTTPS everywhere' announcement at 2014 Google I/O. This means that your Magento website stands a greater chance of coming up in top Google search results, if it operates on HTTPS.

And, as mentioned earlier, online users have become smarter and started noticing the HTTPS in their URL bar for any kind of website that exchanges content. The fact that HTTPS is so clearly visible to the users in the URL makes it really easy for any customers to spot the same.

Additionally, if a site uses HTTPS, there is a “Secure” message written just before the “https” in the browser URL bar, along with a lock symbol which indicates that the information is encrypted and secure. Yet, there could be an “i” mark, stating that “your connection to this site is not secure” if your website still uses HTTP.

How to Move Your Magento Store to HTTPS?

Follow the steps or action points mentioned below to switch your Magento shop from HTTP to HTTPS:

Buy an SSL Certificate You need to spend money to purchase a proper SSL certificate, with at least 1024-bit encryption, to get additional security with HTTPS. It serves the purpose of verifying that the website belongs to your company and provides a warranty.

Configure a Secure URL Go to the backend of your site and add a secure URL at System > Configuration > General > Web for the secure and unsecured sections as well. All you need to do is add HTTPS in front of your site URL and start using secure URLs. Also, get all the hard-coded URLs (i.e., the ones which are not generated dynamically or HTTP ones) refactored to HTTPS.

Set up 301 HTTP Redirects Use various Magento extensions to ensure all the visitors to unsecured links (URLs) are redirected to the HTTPS page with 301 HTTP redirects (server end).

Use the HTTP Strict Transport Security Feature Implement HTTP Strict Transport Security (HSTS) functionality that makes your website inform the browser of your site visitors to communicate it only by using HTTPS and not HTTP. So, even if a visitor enters HTTP in the URL bar, the HSTS implementation will ensure that it converts to HTTPS. This allows search engines, such as Google, to provide secure URLs in the search results.

Generate Sitemap with HTTPS URLs Once all the URLs are configured properly, generate a new sitemap to offer enough information for search engines to start crawling your store and make it climb up the indexing ladder. The sitemap.xml folder should only contain URLs with HTTPS.

Avoid HTTPS Files in Robots.txt The Robots.txt file is also crawled by Google and it contains web page URLs that should not be crawled or indexed. So, your developers need to ensure that no HTTPS URLs are present in this file.

Important Tips to Remember

Once your developers have moved your Magento store to HTTPS, you may see some surprising results. So, it is vital to remember a few key pointers, as noted below:

  • You are not going to see an instant rise in Google search engine rankings, after moving to HTTPS. It is an ongoing process that takes some time and requires effort from your end as well. In fact, you may even see a drop in the rankings during the initial period (after the HTTPS switch) or even when appropriate 301 redirects are not implemented. Bear in mind that the ranking depends on multiple factors and HTTPS is just one of those. You may also have to make your store user-friendly to build customer trust and get them to buy products from your site more often. But, if you take proactive efforts, you are likely to see a better search engine ranking at some point

  • Once you set up SSL encryption for your store, it is likely to use a lot of browser and server resources, which can possibly slow down your server connection and page load speed. To ensure a minimal impact on the page load speed, your development team must use Keep-Alive connections (for persistent connection) which enable the easy and quick transfer of files from the server to the browser, without interruption.

  • Once you turn on HTTPS for your entire online portal, while using Full Page Cache and Magento Enterprise Edition, the Cache is likely to stop working.

  • Ensure that the SSL certificate does not expire and keep your store updated with the latest security protocols. At all times, your store should be updated to the latest version or relevant patches should be applied for tight security.

  • Clubbing together the use of HTTPS with Content Delivery Network (CDN) would be a costly affair in comparison to regular HTTPS.

  • After the move to HTTPS, you will likely lose out on all the social media share counts for your e-commerce portal. However, some of the share counts can get transferred via API, after a while.

  • The initial period after your Magento store transitions to HTTPS is the time when you have to be patient and notice all the unusual behaviour (if any) of the tools used on the website. There is the chance that your site tools will be unable to generate an XML sitemap or fail to show up on Alexa ranking.

  • You may face a situation where your Google Adwords do not work as desired or you Google Analytics tracking is inaccurate. There may be a number of such problems that you can identify and resolve through careful observation. So, just keep your eyes open and be more vigilant as your main activity starts after you move to HTTPS.

We hope that the above information about making the switch from HTTP to HTTPS for your Magento store proves valuable to you. Feel free to share your feedback or input in the comments section below.

If you still need assistance, after reading our guide, get in touch with experienced e-commerce solution providers with a proven track record, to take you on the right path.

Speak to us today, to learn how we can help.