Why HTTPS (SSL) is VITAL for any Magento store owner

Why HTTPS (SSL) is VITAL for any Magento store owner

Published: 6/18/2018

We've seen quite a few Magento websites that have been built several years ago and have been left untouched. Originally when Magento websites were built during the early periods of 2010-2013, there didn't appear to be the knowledge over the benefits and security related concerns over SSL (or TLS - any security encryption made through a browser) encryption on websites.

The changes in Websites vs SSL over the years

This has changed considerably over the past few years, with almost all websites being served to the user with SSL encryption. It is a rarity to see any e-commerce website that does not secure the entire front-end experience for the customer.

There were a few misconceptions over SSL encryption that have since been de-bunked. Developers used to say that SSL enabled websites are slower (incorrect) and Marketing companies used to be worried about the switch to SSL, considering that the website can then be viewed both securely and non-securely.

Over the past few years almost all developers now are in consensus when thinking about SSL encryption. That is, all websites should ideally be fully encrypted, whether they process personal information or not. This is so that you, as a user of a website are fully aware that the content you are viewing is encrypted.

When it does come to personal information, there is a growing awareness over users of the internet (especially since the Facebook scandal of 2018), that entering personal information is certainly not secure over the internet. But when personal information does have to be entered, through a Magento checkout for instance, many users will be subconsciously (or consciously) checking for the green SSL padlock in the URL bar of their browser.

If it's not there, you may find that many users will simply close their browser without entering their information, resulting in lost sales!

For most Magento store owners, there are two options for encrypting your website through SSL.

SSL Encryption in Magento

1. Encrypt only those pages where personal information is entered (not recommended)

Typically this involved the checkout and the administration panel for the site owner. This is perfectly acceptable, however it does produce a few problems for your Marketing. For instance, without the necessary precautions, you as the site-owner may end up with HTTPS and NON-HTTPS versions of your website appearing in search engines.

If you ever have a page that links to a secure version, without setting up your website properly you may find that users and search engines then continue to navigate your website with HTTPS enabled. This can be confusing for both Search Engines and your customers!

2. Encrypt all pages (recommended)

The other option is to make sure that all of your pages in your Magento website are served through HTTPS. Typically you would do this by configuring your server to redirect all users to the HTTPS version of every page, you would then make sure that your "Base URLs" in your Magento store are set to HTTPS. You would then make sure that you are linking all of your categories, pages and any internal links that you've manually added to the correct HTTPS version to avoid unnecessary redirects.

GDPR Policy on SSL

When the GDPR regulations came into effect in May 2018, they mentioned that all personal information must be encrypted. In order to this from a front-end perspective, you must use SSL encryption. Therefore it is imperative to enable HTTPS through your website in order to meet this requirement.

Is SSL breaking your Magento website?

Typically, enabling SSL across your entire Magento website should not adversely affect your website. The only occasions that might happen is when custom code or software has been included into your website that does not follow the policy of HTTPS-first.

This typically arises from Javascript or Images being included from your non-HTTPS domain name. In order to fix this you may need your web developer to make sure that the links provided in these scripts are changed to be HTTPS.

Conclusion

If you have an old Magento website, you may not realise what impact having a non-HTTPS website may be having on your sales, as well as your legal standpoint in relation to GDPR. Our best advice is to get HTTPS set up on your Magento website as soon as possible.