Regarding the assertion that "it's already secure", OpenCart is not a service that your are buying into. It's software that you need to install on your own server. SSL support is available (built in), but you are still responsible for obtaining SSL for your site.
The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.
Opencart.com Administrator / Quality Assurance Analyst / Programmer
1) Get an SSL certificate from your host for both the www and non-www version of your domain. They should offer free ones through either LetsEncrypt, cPanels Comodo. Else, pay for one
2) Make sure they work by visiting https://mysite.com and https://www.mysite.com
3) If they are not already, change your Opencart urls to use https:// in both config.php's and any multistore settings
4) In Opencart settings, navigate to the "server" tab and enable the SSL for checkout and account areas.
5) Go through account and checkout and see if things are https://
That is only part of it. If you want to enforce SSL for every page on your store and admin, you can either attempt to do this with server side redirects, or use an opencart mod.
If youre interested, we have a mod just for this purpose, its called SSL Everywhere. It repairs a bunch of things in Opencart, then forces https all over your store so you dont have to worry about it:
For 3.x - https://www.opencart.com/index.php?rout ... n_id=32053
For 1.5.x - https://www.opencart.com/index.php?rout ... n_id=19396
https://creadev.org | email@example.com - Opencart Extensions, Integrations, & Development. Made in the USA.
Users browsing this forum: No registered users and 8 guests