HTTPS Everywhere for Magento

06.22.15 Published by

HTTPS Everywhere is the practice of using an SSL certificate to secure and encrypt not only the cart, checkout and admin pages of your Magento site, but all the pages.

All Neoverve Magento Hosting Plans now support HTTPS Everywhere.

A non-secure page URL looks like this:
A page URL secured with SSL looks like this:

Notice ‘http’ vs ‘https’.

Why should you care about securing all pages, such as product pages, where no personal information or payment information is being submitted?

Reason #1. HTTPS Everywhere improves overall security in a few different ways:

  • HTTPS encrypts all the communication. Not just credit card number submissions, but URL’s and browsing too.
  • HTTPS with a commercial SSL certificate form a trusted certificate provider such as GeoTrust verifies the the website is actually the site on the server that it is supposed to be. It can’t be a phishing site.
  • HTTPS prevents unscrupulous third parties from using “Man-in-the-middle” attacks to steal information from you and your visitors.

Reason #2. Google

Google is pushing for HTTPS Everywhere adoption throughout the Web and now includes it as a ranking factor in their search results. Admittedly, it is not a silver bullet and won’t propel your site to page #1. But it is a factor. Google says they will likely strengthen the significance of HTTPS Everywhere over time to encourage adoption.

Reason #3. Google again

The referrer information is stripped away in Google Analytics when incoming traffic comes from an HTTPS site to an HTTP page on your site. Google Analytics reports this traffic as “Direct” even though it is actually referred traffic. Inaccurate analytics data is a problem for those of you who rely on it to make strategic decisions to improve your website. But with HTTPS Everywhere on your Magento site, the referrer information is preserved and properly reported in Google Analytics. This includes traffic sources using HTTP or HTTPS. Problem solved.

If you are unsure how your Magento website uses SSL, you can test its security level and configuration with the Qualys SSL Lab tool found here:

Neoverve has begun recommending and deploying most of our new Magento projects with HTTPS Everywhere. It adds a little more work and cost to a project, but we feel it is well worth it. Unfortunately, converting an existing site to HTTPS Everywhere is fairly complex. Each merchant will need to weigh the benefits with the cost.

Let us know if you’d like to make the switch to HTTPS Everywhere.

Categorized in: , ,