|
Note
The following applies mostly to legacy stores created under the 3dcart service. New Shift4Shop stores are typically automatically provisioned using https mode.
By default, your store only goes into secure SSL/HTTPS mode when there are specific actions taken by the shopper to complete an order. These are actions which typically would require security for PCI compliance (actions such as logging into their customer account, proceeding to checkout, entering billing/shipping information etc). However, it's entirely possible to configure your Shift4Shop site so that it uses HTTPS for the entire store (browsing products, reading blog articles, just viewing the home page, etc)
If you would like to configure your Shift4Shop store so that it uses HTTPS/SSL for everything you will need to do the following:
Important
Please do not attempt to make your whole site HTTPS until you have your domain's SSL certificate ordered and installed on your site. Doing so before the SSL certificate is installed can interrupt your store's access and prevent visitors from seeing your site.
Step 1: Purchase and Install a custom SSL
The custom SSL certificate will allow you to have your main domain used for HTTPs and completely move away from using the shared *.s4shops.com or *.3dcartstores.com URL for the store. Please click here for information on purchasing a custom SSL
Note
Purchasing, being issued, renewing and installing a custom SSL certificate can take some time, so please be sure this process is complete before proceeding with the next steps
Step 2: Change your robots_ssl.txt file
Since the default action of the store is to only use HTTPS mode under certain conditions, it's not necesary to have those areas indexed by search engines. Therefore, the default robots_ssl.txt file is written to prevent indexing of any kind. In this case however, you're looking to make your whole store use HTTPS, so you will need to edit the robots_ssl.txt file to allow indexing. Here's how:
- Log into your Shift4Shop Online Store Manager
- Using the left hand navigation menu, go to Marketing >SEO Tools
- Along the top of the page, you will see a series of tabs. Click on the Robots tab.
This page will have two distinct areas. Within the top half of the page, you will see the Robots.txt section containing your store's regular robots.txt file. It should look like this:
Sitemap: http://[store-url]/sitemap.xml
# Disallow all crawlers access to certain pages.
User-agent: *
Disallow: /checkout.asp
Disallow: /add_cart.asp
Disallow: /view_cart.asp
Disallow: /error.asp
Disallow: /shipquote.asp
Disallow: /rssfeed.asp
Disallow: /mobile/
Note
If the robots.txt file does not look like the above, you may click on the "Restore Default Robots.txt" link along the bottom of the window to revert it to default.
Within the bottom half of the page, you will see the Shared SSL Robots.txt section containing your store's robots_ssl.txt file. It should look like this:
# Disallow all crawlers access to all pages. SSL
User-agent: *
Disallow: /
- Copy the content from the robots.txt section (top) and paste it into the robots_ssl.txt section (bottom)
- Change the Sitemap URL in the robots.txt file to reflect your new secure URL. (i.e. change http:// to https://)
- Click "Save" at the top right to commit your changes.
This will allow search engines to index your site properly since it will all be HTTPS enabled.
Additional Information
The robots.txt file will still prevent indexing of certain pages like checkout.asp, add_cart.asp, view_cart.asp and others. This is because these are pages that require actions taken by real visitors (such as someone physically clicking the add to cart button on a specific product).
In other words, these are actions that cannot be performed by a bot and will result in an error if it was just randomly accessed during indexing. To prevent errors from being indexed, we disallow access to these specific pages.
Step 3: Update your store URLs
Next, you will need to update the URLs that the store uses for both main and secure modes.
From your Shift4Shop Online Store Manager, once again use the left hand navigation menu and:
- Go to Settings >General >Store Settings
- Under "Store Information" look for "Store URL and "Secure URL"
- Put your domain name in both fields
(be sure to use the proper https:// and www prefixes in both)
- Click "Save" at the top right to commit your changes
Important
Again, please do not attempt to make your whole site HTTPS until you have your domain's SSL certificate ordered and installed on your site. Doing so before the SSL certificate is installed can interrupt your store's access and prevent visitors from seeing your site.
Step 4: Review your site for unsecure elements
Lastly, you'll want to check your site for any possible elements that are hard coded to a non-secure URL
Normally, default Shift4Shop scripts and design elements are made using relative paths so that they work in both secure and non-secure modes. However, in some cases, you may have additional design that you may have done on your own (or through a 3rd party), or perhaps 3rd party scripts which contain references to non-secure URLs.
When a page contains non-secure elements is viewed in HTTPS/secure mode, the browser may sometimes generate a message stating that the page contains "Secure and non-secure items"
Therefore, you will want to review your site for any elements that could possibly be considered "non-secure" and generate this message. A good tool for checking your site's elements can be found at the "Why No Padlock" site.
Just enter your domain name into the whynopadlock site and it will review your site's various elements for any possible non-secure sections.
Note
You should enter a few different URLs from your site into the whynopadlock tool (i.e. your home page, specific category pages, and product pages) to check for various instances.
By following the above steps, your site will properly and completely be displayed in HTTPS mode only
After you've completed these steps, it is recommended that you create a new property within Google Search Console and Bing Webmaster Tools, for the HTTPS version of your site. This new property will replace the http and will require you to verify the website and re-submit your sitemap as the https:// enabled one.
Similar questions:
- How do I convert to HTTPS?
- Can I make the whole store secure?
- Do you have instructions on HTTPS conversion?
|