Can I make my entire site HTTPS, and how do I do it properly?
By default, your store only goes into secure SSL/HTTPS mode when there are specific actions taken by the shopper to complete an order. These are actions which typically would require security for PCI compliance (actions such as logging into their customer account, proceeding to checkout, entering billing/shipping information etc). However, it's entirely possible to configure your Shift4Shop site so that it uses HTTPS for the entire store (browsing products, reading blog articles, just viewing the home page, etc)
If you would like to configure your Shift4Shop store so that it uses HTTPS/SSL for everything you will need to do the following:
Step 1: Purchase and Install a custom SSL
The custom SSL certificate will allow you to have your main domain used for HTTPs and completely move away from using the shared *.s4shops.com or *.3dcartstores.com URL for the store. Please click here for information on purchasing a custom SSL
Step 2: Change your robots_ssl.txt file
Since the default action of the store is to only use HTTPS mode under certain conditions, it's not necesary to have those areas indexed by search engines. Therefore, the default robots_ssl.txt file is written to prevent indexing of any kind. In this case however, you're looking to make your whole store use HTTPS, so you will need to edit the robots_ssl.txt file to allow indexing. Here's how:
This page will have two distinct areas. Within the top half of the page, you will see the Robots.txt section containing your store's regular robots.txt file. It should look like this:
# Disallow all crawlers access to certain pages.
Within the bottom half of the page, you will see the Shared SSL Robots.txt section containing your store's robots_ssl.txt file. It should look like this:
# Disallow all crawlers access to all pages. SSL
This will allow search engines to index your site properly since it will all be HTTPS enabled.
In other words, these are actions that cannot be performed by a bot and will result in an error if it was just randomly accessed during indexing. To prevent errors from being indexed, we disallow access to these specific pages.
Step 3: Update your store URLs
Next, you will need to update the URLs that the store uses for both main and secure modes.
From your Shift4Shop Online Store Manager, once again use the left hand navigation menu and:
Step 4: Review your site for unsecure elements
Lastly, you'll want to check your site for any possible elements that are hard coded to a non-secure URL
Normally, default Shift4Shop scripts and design elements are made using relative paths so that they work in both secure and non-secure modes. However, in some cases, you may have additional design that you may have done on your own (or through a 3rd party), or perhaps 3rd party scripts which contain references to non-secure URLs.
When a page contains non-secure elements is viewed in HTTPS/secure mode, the browser may sometimes generate a message stating that the page contains "Secure and non-secure items"
Therefore, you will want to review your site for any elements that could possibly be considered "non-secure" and generate this message. A good tool for checking your site's elements can be found at the "Why No Padlock" site.
Just enter your domain name into the whynopadlock site and it will review your site's various elements for any possible non-secure sections.
By following the above steps, your site will properly and completely be displayed in HTTPS mode only
After you've completed these steps, it is recommended that you create a new property within Google Search Console and Bing Webmaster Tools, for the HTTPS version of your site. This new property will replace the http and will require you to verify the website and re-submit your sitemap as the https:// enabled one.