Sitewide HTTPS

Sitewide HTTPS means that all pages on your store are encrypted. Normally it is only required for pages that deal with private information, such as the checkout pages, to have HTTPS encryption. Secure pages will often have a padlock icon next to the address bar in certain web browsers.

Example of a URL of a page secured with an SSL certificate as it appears in the address bar of a web browser

By default, BigCommerce stores encrypt all pages where secure information is entered. Enabling sitewide HTTPS on your store can have benefits for SEO and increase consumer confidence.

Below we will outline what to expect when you switch to sitewide HTTPS and how to turn it on.

 

What is required for sitewide HTTPS? This feature requires a custom domain name and a dedicated SSL certificate. BigCommerce provides a free SSL certificate to all new custom domains, and offers paid SSL certificates with premium security and consumer trust features. See BigCommerce SSL Certificate Options to learn more.

What Changes with Sitewide HTTPS

Making the switch to sitewide HTTPS will change how search engines crawl and rank your store. There are some recommended actions to take to make sure search engines recognize and rank the HTTPS version of your store pages.

The following actions are taken care of automatically by the BigCommerce system:


 

Default HTTPChange from HTTP to HTTPSChange from HTTPS to HTTP
  • Default values for HTTP robots.txt and HTTPS robots.txt
  • HTTPS robots.txt Disallow: /
  • Default canonical set to HTTP URLs
  • Backup HTTP robots.txt and HTTPS robots.txt
  • Copy contents from HTTP robots.txt to HTTPS robots.txt
  • Leave HTTP robots.txt unchanged
  • 301 redirects for HTTP to HTTPS
  • Set canoncial to HTTPS URLs
  • Backup HTTP robots.txt and HTTPS robots.txt
  • Copy contents from HTTPS robots.txt to HTTP robots.txt
  • Leave contents in HTTPS robots.txt unchanged
  • 301 redirects for HTTPS to HTTP
  • Set canonical to HTTP URLs
 

Check for warnings! After you switch to sitewide HTTPS all elements in a page need to use https in the url or protocol agnostic urls (i.e. //cdn.examplesite.com/lib/script.js). We recommend using a service like JitBit SSL Checker to help identify content which isn’t secure.

Recommendations for Google

1. We recommend adding a new site to your Google Webmaster Tools account for the HTTPS version of your site.

2. In Google Webmaster Tools, navigate to your new HTTPS site.

3. Navigate to Crawl, robots.txt Tester and click on the Submit button. In the popup window, ignore steps 1 & 2, and click on the Submit button in Step 3. Google should immediately respond with a success message.

4. After you’ve submitted your robots.txt, then re-submit your sitemap.

After you switch your site to HTTPS, in Google Webmaster Tools, you should expect to see the number of crawled HTTP pages decrease while the number of crawled pages on HTTPS increases. This process can take up to two weeks or longer to complete, depending on the size of your store and how frequently Google crawls your site.

Recommendations for Bing

1.Verify the HTTPS version of your site in Bing Webmaster Tools.

2.Use the Site Move tool to tell Bing you have permanently moved your site to HTTPS.

Enabling Sitewide HTTPS

1. Go to Store Setup › Store Settings.

2. Scroll down to HTTPS and select Use HTTPS for entire site from the HTTPS Pages drop-down menu.

Site-wide HTTPS menu

 

Don't see this menu? If you don't see a drop-down menu under the HTTPS section, there should be messaging explaining what requirements are missing. If you have recently applied a new SSL certificate, it may still be propagating.

3. Save your changes.

Additional Resources

 

Go to Store Settings in my store

Was this article helpful?