INSIGHTS 

Why HTTPS is important. 

Data security has become a major topic and due to the attention it is receiving, it has rightfully become a serious concern for all internet users. The easiest way to allay your customers' fear is to install an SSL certificate and enable HTTPS on all your pages.

Why is HTTPS important for your website?

Recently, major browsers have started adding alerts or even warnings in the address bar for websites, which are not secure. While there still is a significant segment of internet users which are likely to ignore these warnings, enough online shoppers will either be reluctant or even actively avoid spending money on an unsecure website. In other words, not having HTTPS enabled will cause you to lose sales. The benefits of having a secure website far outweigh the costs of implementation.

Google has also signalled that they are favouring secure sites in their search rankings and while the effect is small, there is no doubt that every little boost is important for your business.

While in the past it was considered sufficient if only the payment page was secure (the page where bank card details are entered), the rise in cases of Identity Theft and Social Engineering fraud has made it vital for all the pages of a website to be 100% secure. Bank card details are no longer the only thing hackers or other malicious entities are after. Email addresses, names, birthdays, phone numbers and location information are major targets and these can be entered in other areas of the website, not just the checkout or payment page (account sign-up, newsletter sign-up, etc...).

An email address or phone number will lead to a person's social media account. Depending on how careful that person is with what they are sharing, personal information can be extracted and used either to break into certain accounts (by answering security questions about family, pets, music preferences, etc...) or by impersonating them online.

Because of this, all data shared between a customer and your store should always be encrypted. Not only because you need to earn your customers' trust to keep them loyal to your store or brand but also because it is your legal obligation to do so.

Securing your PrestaShop store.

Once your SSL certificate is purchased and installed (your hosting provider should have you covered on that front) you can very easily activate HTTPS in your store.

If you are using PrestaShop 1.6, in your store's back-office go to Preferences → General, where the first two options are “Enable SSL” and “Enable SSL on all pages”. Choose YES for both. In PrestaShop 1.7, these two options can be found under Shop Parameters → General.

Mixed content warnings.

After SSL is enabled, depending on how your store is set up, it is possible to have mixed content warnings. This means that instead of the green padlock next to the address bar, you have a yellow padlock or one with an exclamation mark next to it. Upon clicking on it to get more information, a message will be displayed stating that the page contains both secure and non-secure items. More specifically, certain internal links or images on your website are loaded over HTTP instead of HTTPS.

Most commonly this occurs in menus, banners, CMS pages, sliders and custom HTML blocks. Below are some of the most common fixes for these issues:

  • Certain menu or “custom links” modules require the full address to be entered when adding a link to a category, a product or any page from the store. In this case, you will need to replace the http:// links to https:// links.
  • When adding links and images to a CMS page, custom HTML blocks or certain banners and sliders, the full path to the image is saved in the source code. If this was done prior to your website having an SSL certificate, they will have been saved as http and after the switch will cause a mixed content warning. You do not need to re-upload the images or re-create the links, just click on “View Source” in the editor, find the image or link and change it to https.
  • Follow the same process as mentioned above if you have similar issues in the content of your product descriptions or the Home Text Editor.
  • Do not hesitate to ask for help from a qualified team of developers if the number of links with issues is overwhelming or if certain items are hard coded into your store and require changes to your files for the issues to be fixed.

Back to Insights

Mailchimp stuff.

Registered in England & Wales. Company No. 7945108. VAT Registration No. 102 579 529.