ShopSite Knowledgebase



TIP: How do I make all my site pages secure?

Product: ALL
Version: ALL
Platform: ALL

I have an SSL certificate for my domain name installed on my hosting account where my ShopSite is located, how do I ensure that my pages are always accessed via an https:// secure URL?
There are a couple of steps for this.

1) In ShopSite 12 sp1 and newer, go to Preferences > Hosting Service and make sure the 4 URLs in the 'SSL/TLS Security Settings' are correct. Then check the 'Use SSL/TLS security in ShopSite Generated Pages and the order screen' checkbox in the 'Store Settings' section. Also, if your 'My Store URL' setting at the top of this same page isn't using https://, fix that as well. Click 'Save Changes' at the bottom of the page, then go to Utilities > Publish and click Regenerate. This will re-create all ShopSite-generated pages and .css files to use the https:// secure URLs for all links and image and .js and .css references on the store pages and in the shopping cart. If you are using Order Buttons on non-ShopSite generated pages you should also edit the HTML of those order buttons to go to the cart using an https:// URL as well.

1a) If after doing the above you still get a broken lock or security warnings on a ShopSite-generated page or cart screen when accessing it via https:// first make sure you have cleared the cache in your browser and refresh the page to make sure you are viewing the current version of the page, not an old version cached by your browser. If it still has an issue, it is likely that you have hard-coded an image (or .css or .js) reference in a text field for that page (or product) in ShopSite, or in a custom template if you use those. You will have to fix these references to non-secure objects in your custom HTML individually as encountered.

2) The ShopSite process listed above still does not FORCE shoppers to https:// URLs initially if they came into your site via a link that used http://. So in order to force redirect them over to an https:// URL you will need to use ReWrite code in a file called .htaccess in the document root of your site. See the following 3rd-party article on what you should put in your .htaccess file:
https://simonecarletti.com/blog/2016/08/redirect-domain-http-https-www-apache/
Note that the .htaccess code suggested in this article will ALSO redirect from a www. version of your domain to your domain without the www., or vice versa depending on which you would like to use (we recommend using the same version of your domain that is used by your Secure Shopping Cart URL in Preferences > Hosting Service). This is a good idea from a consistency and SEO standpoint. If you make a .htaccess file in your site's document root directory (or edit an existing one) and it doesn't work, contact your hosting provider about turning on .htaccess capability for your site.


Related Articles

No related articles were found.

Attachments

No attachments were found.

Visitor Comments

Article Details

Last Updated
11th of April, 2018

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF


User Opinions



How would you rate this answer?




Thank you for rating this answer.

Continue