Google will be changing the way it displays and informs users about unsecured pages on websites this October 2017. Do you know if your Magento site is or will be ready? Chrome will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode. The new warning is part of a long-term plan to mark all pages served over HTTP as “not secure”.
Chrome currently owns a 76.7 % market share; so on average, 76/100 visitors to your site, use Chrome as their browser. Users seeing this 'NOT SECURE' message will likely go elsewhere. It is important to install an SSL certificate on your server and force all of your web pages to use the HTTPS (secure) protocol.
Having an SSL is also a positive factor for organic search rankings. Google is changing the way their search algorithm views HTTP/HTTPS traffic from a reward ranking to a punitive ranking. Magento sites that are currently using HTTPS will continue to get the SEO boost, but Google is now blacklisting non-HTTPS websites that allow password fields and credit card forms to be filled. This is also expanding to affect all pages of your Magento site.
Not only is HTTPS more secure, it’s also faster and will likely give your site the needed boost.
Here’s a simple checklist to get your Magento site entirely HTTPS:
- Purchase a certificate from any CA (Certificate Authority) like Verisign, Geotrust, Godaddy, etc if you don’t already have one on your site
- Enable SSL on Apache or NGINX
- Enable Secure URL’s in your Magento backend, go to System / Configuration / Web. Find Secure section and enter your URL with HTTPS into Base URL field
- Set Use Secure URLs in Frontend and Use Secure URLs in Admin settings to Yes and click save.
- Go to Magento cache to clear it; go to System / Cache Management and click the button for Flush Cache Storage.
- Lastly, since you’re all set with Secure URL’s in Magento, you will want to set up a permanent redirect from HTTP to HTTPS on a server in Apache or NGINX. Using a server redirect will reduce the load on the server since it’s not relying on Magento.
After you have made all changes, you will be want to thoroughly test your site and scan your site for any hard coded absolute URLs or code looking for the HTTP URL instead of a https URL. This will surely cause your site to perform poorly for your customer.
Ready to get your Magento Site up to speed and secure via HTTPS, please contact us today to get started with a free analysis.