Browse by Topic

Sitewide HTTPS

Having encryption for every page on a store is becoming more important for security and search engine rankings. BigCommerce stores have the option to enable sitewide encryption, also known as sitewide HTTPS. The instructions below cover the requirements and setup instructions.

Example of a URL of a page secured with an SSL certificate as it appears in the address bar of a web browser

By default, BigCommerce stores encrypt all pages where secure information is entered such as checkout or customer account pages.

What Changes with Sitewide HTTPS

Making the switch to sitewide HTTPS will change how search engines crawl and rank your store. There are some recommended actions to take to make sure search engines recognize and rank the HTTPS version of your store pages.

The following actions are taken care of automatically by the BigCommerce system:

Default HTTPChanges from HTTP to HTTPSChanges from HTTPS to HTTP
  • Default values for HTTP robots.txt and HTTPS robots.txt
  • HTTPS robots.txt Disallow: /
  • Default canonical set to HTTP URLs
  • Backup HTTP robots.txt and HTTPS robots.txt
  • Copy contents from HTTP robots.txt to HTTPS robots.txt
  • Leave HTTP robots.txt unchanged
  • 301 redirects for HTTP to HTTPS
  • Set canoncial to HTTPS URLs
  • Backup HTTP robots.txt and HTTPS robots.txt
  • Copy contents from HTTPS robots.txt to HTTP robots.txt
  • Leave contents in HTTPS robots.txt unchanged
  • 301 redirects for HTTPS to HTTP
  • Set canonical to HTTP URLs
 

Check for warnings! After you switch to sitewide HTTPS all elements in a page need to use https in the url or protocol agnostic urls (i.e. //cdn.examplesite.com/lib/script.js). We recommend using a service like JitBit SSL Checker to help identify content which isn’t secure.

Requirements for Site-wide HTTPS

The two main requirements to implement site-wide HTTPS are:

Note that once the domain name is applied to the store, it will automatically receive our Encryption Everywhere free SSL certificate. Installing a dedicated SSL will override Encryption Everywhere. See BigCommerce SSL Options to learn more.

Enabling Sitewide HTTPS

1. Go to Store Setup › Store Settings and scroll down to HTTPS.

2. Select Use HTTPS for entire site from the HTTPS Pages drop-down menu.

Site-wide HTTPS menu

 

Don't see this menu? If you don't see a drop-down menu under the HTTPS section, there should be messaging explaining what requirements are missing. If you have recently applied a new SSL certificate, it may still be propagating.

3. Save your changes.

Recommendations for Google

1. First, check SSL Robots.txt to make sure it’s not blocking Google bots from crawling. To allow Google to crawl, it should look like this:

User-agent: AdsBot-Google
Disallow: /account.php
Disallow: /cart.php
Disallow: /checkout.php
Disallow: /finishorder.php
Disallow: /login.php
Disallow: /orderstatus.php
Disallow: /postreview.php
Disallow: /productimage.php
Disallow: /productupdates.php
Disallow: /remote.php
Disallow: /search.php
Disallow: /viewfile.php
Disallow: /wishlist.php
Disallow: /admin/
Disallow: /__socialshop/

User-agent: *
Disallow: /account.php
Disallow: /cart.php
Disallow: /checkout.php
Disallow: /finishorder.php
Disallow: /login.php
Disallow: /orderstatus.php
Disallow: /postreview.php
Disallow: /productimage.php
Disallow: /productupdates.php
Disallow: /remote.php
Disallow: /search.php
Disallow: /viewfile.php
Disallow: /wishlist.php
Disallow: /admin/
Disallow: /__socialshop/ 

2. We recommend adding a new site to your Google Search Console (formerly Webmaster Tools) for the HTTPS version of your site.

3. In Google Search Console, navigate to your new HTTPS site.

4. Navigate to Crawl, robots.txt Tester and click on the Submit button. In the popup window, ignore steps 1 & 2, and click on the Submit button in Step 3. Google should immediately respond with a success message.

5. After you’ve submitted your robots.txt, then re-submit your sitemap.

After you switch your site to HTTPS, in Google Search Console, you should expect to see the number of crawled HTTP pages decrease while the number of crawled pages on HTTPS increases. This process can take up to two weeks or longer to complete, depending on the size of your store and how frequently Google crawls your site.

Recommendations for Bing

1.Verify the HTTPS version of your site in Bing Webmaster Tools.

2.Use the Site Move tool to tell Bing you have permanently moved your site to HTTPS.

Was this article helpful?