How to Move a Magento Site from HTTP to HTTPS

Magento is a leading eCommerce platform, and CMS software built on open source technology.

It empowers over 200,000 online retailers to date and is growing by the year. One of every four online businesses uses Magento to sell products and services through the internet. As powerful as it is, Magento alone can’t fully optimize your selling process. You still have to protect your customers’ sensitive data from being intercepted by cyber attackers. To accomplish this you need to learn how to move a Magento site from HTTP to HTTPS.

And here’s where an SSL Certificate comes into play. This digital document is designed to encrypt personal information (names, addresses, credit card numbers) passed between your customers’ browser and your web server. Secure websites have the HTTPS communication protocol in their URLs, while unsecured sites the plain HTTP one.

If your Magento site is still on HTTP, you’re missing new customers, sales, and profits every day. And that’s because your site’s visitors are greeted by browser warnings, every time they enter your website. To address this critical issue, you have to move a Magento site from HTTP to HTTPS as soon as possible. This article will help you make a smooth transition.

The very first thing you should do is buy the right SSL Certificate for your online store. If you’re completely new to SSL, take your time, and browse our blog to learn the basics. Here are a few topics to get you started:

A technical overview of how SSL certificates work
How to choose the best SSL certificate for your website?
Why is an SSL Certificate important for your online store?

Don’t have time for reading? Use our highly intuitive SSL Wizard to find out what SSL certificate is ideal for your site.

After you buy your SSL Certificate you need to install it on your server. Each Certificate Authority provides in-depth, step by step installation guides for all the major platforms. You can find them here.

Now it’s time to get back and move a Magento site from HTTP to HTTPS. Below we’ve listed the most important things to do.

1. Change base secure URL

Log in to your Magneto Admin Panel. On the upper right corner click System > Configuration, and click Web under the General list. Simply add the HTTPS in front of the URL. Clear your Magento and browser cache. The site should now load with the HTTPS protocol.

2. Use 301 HTTP redirects

Now that you’ve set your site to use a secure connection, it’s time to take care of your unsecured links. 301 redirects are permanent redirects from one URL to another. They send visitors and search engines to a different URL, then the one initially typed into the browser. In our case, 301 redirects will drive traffic from HTTP to HTTPS. Magento has several extensions for quick 301 redirects.

3. Implement HSTS

HSTS (HTTP Strict Transport Security) is a useful webserver command that tells browsers to force HTTPS pages automatically. It also tells Google to display HTTPS URLs in the search results. HSTS goes along nicely with 301 redirects and ensures that your users browse in a secure environment.

4. Check your code for unsecured URLs

Perform a full scan of your code, and rewrite all the HTTP URLs to HTTPS. Not all URLs are generated dynamically, some are written as text in your code, and are easy to neglect. Make sure they get the HTTPS treatment as well.

5. Create a new sitemap

Once you’ve tidied up all your URLs, the next step is to generate a new sitemap. It will offer search engines relevant information to crawl. To climb the SEO rankings, your sitemap.xml needs to contain all your HTTPS URLs.

6. Check your Robots.txt file

Just like sitemap.xml, this file is also crawled by search engines. But here, you include pages that you don’t want to be visited by robots. Make sure there aren’t any HTTPS pages listed in the file.

7. Host all your content on your server

Images, videos, or documents that come from HTTP sources can break your HTTPS pages. To avoid this unpleasant situation, always host your media files on your website.

In conclusion, you can move a Magento site from HTTP to HTTPS  without a lot of hassle. The whole process isn’t as difficult as some may think. Just by following our 7 steps, you will get optimal results. Of course, complex systems require, professional configuration, so don’t hesitate to hire a Magento developer to assist you with a hassle-free transition.