Having encryption for every page on a store is becoming more important for security and search engine rankings. BigCommerce stores have the option to enable sitewide encryption, also known as sitewide HTTPS. The instructions below cover the requirements and setup instructions.
By default, BigCommerce stores encrypt all pages where secure information is entered such as checkout or customer account pages.
What Changes with Sitewide HTTPS
Making the switch to sitewide HTTPS will change how search engines crawl and rank your store. There are some recommended actions to take to make sure search engines recognize and rank the HTTPS version of your store pages.
The following actions are taken care of automatically by the BigCommerce system:
- creating 301 redirects to send all HTTP requests to their HTTPS equivalents
- adjusting and backing up the search engine robots files
- appropriately setting the canonical URLs
|Default HTTP||Changes from HTTP to HTTPS||Changes from HTTPS to HTTP|
Check for warnings! After you switch to sitewide HTTPS all elements in a page need to use https in the url or protocol agnostic urls (i.e. //cdn.examplesite.com/lib/script.js). We recommend using a service like JitBit SSL Checker to help identify content which isn’t secure.
Requirements for Site-wide HTTPS
The two main requirements to implement site-wide HTTPS are:
Note that once the domain name is applied to the store, it will automatically receive our Encryption Everywhere free SSL certificate. Installing a dedicated SSL will override Encryption Everywhere. See BigCommerce SSL Options to learn more.
Enabling Sitewide HTTPS
1. Go to Store Setup › Store Settings and scroll down to HTTPS.
2. Select Use HTTPS for entire site from the HTTPS Pages drop-down menu.
Don't see this menu? If you don't see a drop-down menu under the HTTPS section, there should be messaging explaining what requirements are missing. If you have recently applied a new SSL certificate, it may still be propagating.
3. Save your changes.
Recommendations for Google
1. First, check SSL Robots.txt to make sure it’s not blocking Google bots from crawling. To allow Google to crawl, it should look like this:
User-agent: AdsBot-Google Disallow: /account.php Disallow: /cart.php Disallow: /checkout.php Disallow: /finishorder.php Disallow: /login.php Disallow: /orderstatus.php Disallow: /postreview.php Disallow: /productimage.php Disallow: /productupdates.php Disallow: /remote.php Disallow: /search.php Disallow: /viewfile.php Disallow: /wishlist.php Disallow: /admin/ Disallow: /__socialshop/ User-agent: * Disallow: /account.php Disallow: /cart.php Disallow: /checkout.php Disallow: /finishorder.php Disallow: /login.php Disallow: /orderstatus.php Disallow: /postreview.php Disallow: /productimage.php Disallow: /productupdates.php Disallow: /remote.php Disallow: /search.php Disallow: /viewfile.php Disallow: /wishlist.php Disallow: /admin/ Disallow: /__socialshop/
2. We recommend adding a new site to your Google Search Console (formerly Webmaster Tools) for the HTTPS version of your site.
3. In Google Search Console, navigate to your new HTTPS site.
4. Navigate to Crawl, robots.txt Tester and click on the Submit button. In the popup window, ignore steps 1 & 2, and click on the Submit button in Step 3. Google should immediately respond with a success message.
5. After you’ve submitted your robots.txt, then re-submit your sitemap.
After you switch your site to HTTPS, in Google Search Console, you should expect to see the number of crawled HTTP pages decrease while the number of crawled pages on HTTPS increases. This process can take up to two weeks or longer to complete, depending on the size of your store and how frequently Google crawls your site.
Recommendations for Bing
1.Verify the HTTPS version of your site in Bing Webmaster Tools.
2.Use the Site Move tool to tell Bing you have permanently moved your site to HTTPS.