So Google just announced that they will be giving websites which use HTTPS on all pages a small ranking boost in the search engine. http://googlewebmastercentral.blogspot. ... ignal.html
We already have a SSL for the checkout pages etc which is all installed fine.
My question is how do I make it so that the whole website uses HTTPS? What is the fastest and cleanest way to do this?
Thank you
open config.php in folder admin and change all http to https
edit .htaccess and ad a rewrite rule just after Options +FollowSymlinks
Code: Select all
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
You also need to worry about multistores which means it should be open to take form of any dynamic domain, "shipped" in OC. So if all attached entities are SSL enabeled, and you still need to use ht, the alternative (that works on any domain on any port for any route) is this:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
at least he now has 2 alternatives to try, there will always be one that works.
Just read post on google, interesting enough, just ordered a ssl for my site.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Does the vQmod above (or editing url.php) work for ya?
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Dont get me wrong, im an HT kinda dude too, and your first suggestion is the most solid HT for bunches of stores
EDIT: tried it out, seems to preserve the single or multistores SSL/nonSSL settings nicely. A potential problem arises though with CKeditor putting in a hardline link to the base domain of the OC (like the one you admin on). So if a store 2,3, 4 share an info page, they need SSL img from a store 1 link, which may not have SSL -- lock breaker.
Also if you are using static/apps/media servers you should secure all their SSL else break your lock. To save costs think about 1 util subdomain like go.mybasedomain.com and use olde school subfolders and for all that extra stuff/apps/blogz...unlimited in 1 extra SSL.
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Anyone thinking of doing this and who uses webmaster tools I would highly recommend following this guide https://support.google.com/webmasters/a ... ls_en_post and using the move website tool from Google. If you don't, I think you can loose your ranking while it recrawls the https website.
Thanks again
in addition a 301 is used telling google that the old url is replaced by new url.
so you wont lose any ranking, its just a matter of time and all urls will be replaced with the new https urls.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
check out any product, change url back to http and you will be forwarded to same page but through https
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
https://www.aislings.co.uk/ new in stock 24.99 GBP female adult new in stock 23.99 GBP female adult new in stock 36.99 GBP female adult new in stock 36.99 GBP female adult new in stock 29.99 GBP female adult new in stock 43.99 GBP
If we remove the SSL from all pages except the checkout etc it goes back to:
Any idea why?
Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk
By default, the file manager dumps only a http:// reference into Ckeditor which means in SSL mode it will break lock in those spots. This just removes it, or optionally you can uncomment the bottom to make it more hardcore either or.
Here is a vQ snippet - Moderatly tested this time
Code: Select all
<modification>
<id><![CDATA[Adds dynamic src SSL support using a double slash. Optional strict http/https mode based on settings (not recommended).]]></id>
<version><![CDATA[1.0.2]]></version>
<vqmver><![CDATA[2.4.1]]></vqmver>
<author><![CDATA[CreadevDotOrg]]></author>
<file name="admin/controller/common/filemanager.php">
<!-- relative //www.url.com as SSL media mode -->
<operation info="make https conditional" error="log">
<search position="replace"><![CDATA[
$this->data['directory'] = HTTP_CATALOG . 'image/data/';
]]></search>
<add><![CDATA[
if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
$this->data['directory'] = str_replace('https:', '', HTTPS_CATALOG) . 'image/data/';
} else {
$this->data['directory'] = str_replace('http:', '', HTTP_CATALOG) . 'image/data/';
}
]]></add>
</operation>
<!-- strict http or https mode - careful this may cause future headaches for you
<operation info="make https conditional">
<search position="replace"><![CDATA[
$this->data['directory'] = HTTP_CATALOG . 'image/data/';
]]></search>
<add><![CDATA[
if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
$this->data['directory'] = HTTPS_CATALOG . 'image/data/';
} else {
$this->data['directory'] = HTTP_CATALOG . 'image/data/';
}
]]></add>
</operation> -->
</file>
</modification>
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
DL
This account is inactive. Look for us under the name 'EvolveWebHosting' and contact us under that username.
Thanks!
I think they expect it everywhere. And generally everything now besides content has a very small effect on ranking since there are many hundreds of ranking facets.cwswebdesign wrote:Be careful to not break the functionality of your site over this. So far, I've only seen that HTTPS will have a very small effect on your rankings and to me, it isn't clear if the SSL just has to be present for selected pages or the entire site.
Google has been full SSL on everything since 2010, released the SSL overclocking docs in preperation for more net load on hosts, and they say dont block them from ssl anything (like with robots). Besides ranking, its the de-facto now - more and more people are used to seeing the lock everywhere. Even for sites that dont need it everywhere like enterprise wordpress blogs with no "account" features, its seen all pages.
EDIT: Speaking of breaking things, another quirk -- if you use shared multistore sessions, all the multistores must be SSL too else the js wont work.
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Is it loading a CSS or JS or something via non-ssl? If so, the browser is prob denying it. Look at the source with and without SSL, its prob the same. Try this out to check for non-ssl elements being blocked:sytra wrote:I have been following this thread and have taken on board the recommendations above, my site now works full SSL except the google feed is now messed up.... If we remove the SSL from all pages except the checkout etc ...it goes back, Any idea why?
http://forum.opencart.com/viewtopic.php ... 11#p510402
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Hi, tried that and nothing shows up, the feed is one of UKSB's however I think they have now stopped doing it so will look at buying another one in the near future and give it a go again then.Dhaupin wrote: Is it loading a CSS or JS or something via non-ssl? If so, the browser is prob denying it. Look at the source with and without SSL, its prob the same. Try this out to check for non-ssl elements being blocked:
http://forum.opencart.com/viewtopic.php ... 11#p510402
Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk
Ah i see. Last thought: before you switch up feed mods, run it through your destination in a test both ways. Even if they dont look the same it could be the same code. Im theorizing if something or your browser putting off the style -- if its blocked cause of non-ssl request, you will prob see raw XML in single lines, non tabbed non linebroken (minified). As long as bots can pull the data all the same, it doesnt matter how pretty it lookssytra wrote:Hi, tried that and nothing shows up, the feed is one of UKSB's however I think they have now stopped doing it so will look at buying another one in the near future and give it a go again then.
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Can someone explain why the vQ for url.php was removed? Does it not work? I normally wouldnt touch system/engine but its had to be pliable. Currently running it live with 5 SSL multistores on a ton of mods since the post and it seems to function perfectly, with proper propagation as well as non-ssl fallbacks....everything you would need for a server agnostic SSL-always asset override.....its feeding SSL maps/feed, gracefully pulling off other non SSL multistores....please share wrong-doing...
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
A week later Google has indexed our entire site and all multistores as https, is showing it in SERPs with a prefix. In addition to the above thoughts about forcing https, google recommends NOT using htaccess for this. They recommend instead we should send a header to avoid too much redirecting. The best place to do this is in index.php and here is what it looks like, httpsmode for a year. The max-age acts like a cache -- for testing, set it to 5 seconds:
Code: Select all
$response->addHeader('Strict-Transport-Security: max-age=31536000');
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Users browsing this forum: No registered users and 266 guests