Can I make my entire site HTTPS, and how do I do it properly? Posted by Gonzalo Gil on 01 December 2015 03:06 PM

By default, your store only goes into secure SSL/HTTPS mode when there are specific actions taken by the shopper to complete an order. These are actions which typically would require security for PCI compliance (actions such as logging into their customer account, proceeding to checkout, entering billing/shipping information etc). However, it’s entirely possible to configure your 3dcart site so that it uses HTTPS for the entire store (browsing products, reading blog articles, just viewing the home page, etc)

If you would like to configure your 3dcart store so that it uses HTTPS/SSL for everything you will need to do the following:

Step 1: Purchase and Install a custom SSL

The custom SSL certificate will allow you to have your main domain used for HTTPs and completely move away from using the shared * URL for the store. Please click here for information on purchasing a custom SSL

Step 2: Change your robots_ssl.txt file

Since the default action of the store is to only use HTTPS mode under certain conditions, it’s not necesary to have those areas indexed by search engines. Therefore, the default robots_ssl.txt file is written to prevent indexing of any kind. In this case however, you’re looking to make your whole store use HTTPS, so you will need to edit the robots_ssl.txt file to allow indexing. Here’s how:

  1. Log into your 3dcart Online Store Manager
  2. Using the left hand navigation menu, go to Marketing ->SEO Tools
  3. Locate and click on the link labeled “Edit Robots.txt File”

This page will have two distinct areas. Within the top half of the page, you will see the Robots.txt section containing your store’s regular robots.txt file. It should look like this:

Sitemap: http://[store-url]/sitemap.xml

# Disallow all crawlers access to certain pages.
User-agent: *
Disallow: /checkout.asp
Disallow: /add_cart.asp
Disallow: /view_cart.asp
Disallow: /error.asp
Disallow: /shipquote.asp
Disallow: /rssfeed.asp
Disallow: /mobile/

Within the bottom half of the page, you will see the Shared SSL Robots.txt section containing your store’s robots_ssl.txt file. It should look like this:

# Disallow all crawlers access to all pages. SSL
User-agent: *
Disallow: /
  1. Copy the content from the robots.txt section (top) and paste it into the robots_ssl.txt section (bottom)
  2. Click “Save” at the top right to commit your changes.

This will allow search engines to index your site properly since it will all be HTTPS enabled.

In other words, these are actions that cannot be performed by a bot and will result in an error if it was just randomly accessed during indexing. To prevent errors from being indexed, we disallow access to these specific pages.

Step 3: Update your store URLs

Next, you will need to update the URLs that the store uses for both main and secure modes.

From your 3dcart Online Store Manager, once again use the left hand navigation menu and:

  1. Go to Settings ->General ->Store Settings
  2. Under “Store Information” look for “Store URL and “Secure URL”
  3. Put your domain name in both fields
    (be sure to use the proper https:// and www prefixes in both)
  4. Click “Save” at the top right to commit your changes

Step 4: Review your site for unsecure elements

Lastly, you’ll want to check your site for any possible elements that are hard coded to a non-secure URL

Normally, default 3dcart scripts and design elements are made using relative paths so that they work in both secure and non-secure modes. However, in some cases, you may have additional design that you may have done on your own (or through a 3rd party), or perhaps 3rd party scripts which contain references to non-secure URLs.

When a page contains non-secure elements is viewed in HTTPS/secure mode, the browser may sometimes generate a message stating that the page contains “Secure and non-secure items

Therefore, you will want to review your site for any elements that could possibly be considered “non-secure” and generate this message. A good tool for checking your site’s elements can be found at the “Why No Padlock” site.

Just enter your domain name into the whynopadlock site and it will review your site’s various elements for any possible non-secure sections.