Our MageCloud team has been working with eCommerce clients for up to 10 years and every time we face the similar issues in the area. So, we decided to add a new category to our blog – CHECKLIST for eCommerce Website of the most common mistakes that you should take into consideration when launching/while running your online business.
Let's start with a number one pain point – URL in the address bar and its behind-the-scenes issues such as HTTPS over SSL and 301 redirects.
Previously, we tried to make sense of HTTPS/SLL importance.
SSL certificate is a paragraph of numbers and letters that only your site knows, it seems like a really long password. When user visits your site via HTTPS, such a password is checked; if it matches, it automatically verifies that your website is really yours – and it encrypts all data flowing to and from it.user visits your site via HTTPS, such a password is checked; if it matches, it automatically verifies that your website is really yours – and it encrypts all data flowing to and from it.
SSL certificates are strongly required from websites capturing sensitive information like credit card data. But it’s recommended for any website to have SSL certificate installed.
As we mentioned before, security has always been “a top priority” for Google. In 2014 the search engine giant announced HTTPS as a ranking signal. Since October 2017, Google Chrome (new version 62) is showing “Not secure” caution sign when a visitor enters text in a form on an HTTP page or when checks any non-HTTPS page in Incognito mode. “Not Secure” caution sign in your address bar is going to kill your conversions.
In other words? Google has induced switching to HTTPS.
But, it's recommended to switch to HTTPS only if is economically justifiable for your commerce activities. For the ecommerce business, it’s the only option.
For this purpose, check the following steps to find out whether your site is a secure one and what is to be done if it’s not.
1. Verify that you have SSL certificate installed
You can quickly find out if the connection to the website is encrypted. There are several things to look for to know if the site is secure.
1. Open your browser and navigate to the website you wish to check. Check the URL bar (the left of the web address) and identify the security status: If it starts with “https” (the "s" stands for secure) instead of “http”, it goes to show your site is secured with SSL Certificate installed.
2. Look at the site identity button in the address bar of your browser. If site follows the security standards given by the browsers, you'll see a green padlock before the URL. The most commonly used browsers (Chrome, Firefox, Opera) show the padlock of a website in their own distinct way as well as the warning messages associated with them.
3. Really big websites, for the most part, focused on commercial business, usually have SSL with EV (Extended Variation) and their company's names appear in most browsers before the URL in green color.
To see the site's details and permissions, click the icon at the left of the address bar. You can view more detailed information about the connection's security status and change some security and privacy settings.
There are different services helping verify whether SSL certificate is correctly installed on your web server, whether it's trusted, valid and doesn't give any errors messages to any of your site users.
NOTE: Most of our first-time clients usually protect just a few pages such as login or cart checkout, but don’t have https on the whole site by default. Keep in mind to move all pages to https.
Even if you have SSL installed and is getting all the benefits, you should follow the prompts to check the possible issues.
2. Buy SSL certificate / use a free one
A website can be hosted on either VPS (Virtual Private Server) Hosting or Shared Hosting. Websites on VPS hosting have a unique IP address, while those on a Shared Hosting server share the same IP address. Nevertheless, SSL certificates can be installed for websites hosted on both types of web hosting services, but the procedure differs a bit.
If you have your site on shared hosting, you need to buy an SSL certificate either from your hoster or any third party vendors and ask your hosting provider to install it.
NOTE: In most of the cases, shared hosting accounts must purchase a dedicated IP in addition to the SSL certificate.
In case of using dedicated server hosting, you can use a free certificate from Let's Encrypt (not a sponsored link - just a really cool company). Let’s Encrypt SSL certificate can be installed with just a few lines of code. We can do it for you if need be.
3. Activate and install certificate
Make sure you bought SSL to cover both www and non-www. It is often the case that SSL serves a single option instead of both. It may cause some problems when a user makes mistakes in address input. If a user attempts to link – it’s not going to work.
For another thing, page should be verifiable by one address. You should choose the only one variant how to display your URL in the address bar:
EITHER https://domain.com OR https://www.domain.com
4. Update your site to use HTTPS
At that point, when you go to https://example.com you are likely to see it loading. It means, you’ve SSL successfully installed and the HTTPS protocol enabled. But there is more to come, cause your visitors aren’t protected yet and you need to make certain they’re accessing your site through HTTPS.
5. Crawl your website / update all of the links / set up 301 redirects
To use the HTTPS links, you should update all your site links to the target pages. Do this for all links on all pages. You’ll have to update every URL manually in your site and database if you haven’t been using relative URLs while hyperlinking.
Furthermore, you should update third-party hosted scripts and custom scripts to HTTPS versions.
Sometimes SSL is bought and installed, but no redirects are done. Thus, mind you set up 301 redirects from http to https version.
BY WAY of EXAMPLE :
· http://domain.com => https://www.domain.com
· http://www.domain.com => https://www.domain.com
· https://domain.com => https://www.domain.com
The redirects are significant part of migration. Mess-up at this step could hurt your search engine rankings.
6. Recheck all types of redirects to avoid double / multiple redirects
Take care of any mixed content warnings, using plugins or manual fixes.
7. Update HTTPS version in your CDN / robots.txt / Webmaster tools / Google Analytics
You should also update your social media links, canonical tags, email marketing software links as well as migrate social share counts.
8. Make a quick test to be sure everything works well
You can use different online tools to check whether SSL certificate is installed in a proper way.
That’s it! Now try to access your site via https://domain.com – your site should be secure!
Finally, let’s sum up the common issues to be avoided:
1) https://www.domain.com and https://domain.com are separate domains
2) all internal pages go to home page
3) multiple redirects
4) 302 redirect (temporary) instead of 301
5) mixed content
HTTPS has a minor impact on search engine rankings just now, though it is likely to have a huge effect a bit later. Thus, if your business can afford moving to the protocol, then, for sure, you should perform the migration.
With SSL certificate installed, you can sigh with relief knowing that any information submitted by your customers on your website will be encrypted and secure.