Switch Entire Magento Store Over to HTTPS

by Geoff Jackson · Published May 21, 2015 · Updated May 26, 2015

Since Google made the announcement that serving your website’s web pages over a secure protocol (HTTPS) will become a ranking factor back in August 2014 , many brands have made the necessary changes to serve their entire website over HTTPS (as opposed to just pages that contain potentially sensitive data like checkout, login and account URL’s).

We still don’t consider this critical as how it weighs up as a ranking factor is still relatively minor but over the next few years, it is probably fair to say that we can expect this to be strengthened as a ranking factor but let’s face it, there is certainly no harm in serving all pages of your website to your customers securely.

If you’re running a Magento store, follow the below steps to switch over to an all-HTTPS Magento store.

First up, we need to configure Magento to run all the time on HTTPS so navigate to the following location in your Magento back office:-

System > Configuration > GENERAL > Web

Open up the ‘Unsecure’ and ‘Secure’ tabs from the accordion and modify the ‘Base URL’ in each to include the HTTPS protocol like the below:-

With these now in place, every page on the frontend of your Magento store should be loading on HTTPS.

Next though, you’ll need to ensure that anyone accessing your web pages on the old HTTP URL’s get redirected to the HTTPS counterparts by inserting this in your Magento root .htaccess:-

###################################################
## Redirect all URL's to HTTPS plus handle www
###################################################

    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Ensure the above is inserted somewhere shortly after RewriteBase /

As with most things Magento, there will of course, be a number of ways of implementing the necessary to serve your entire Magento store over HTTPS. You may also find that the above rewrite rules in the .htaccess file conflict with existing rules.

If you run into any difficulty or want to share your thoughts or experience, please leave us a comment below. You can learn more about website SSL and what to expect with this recent algorithm change over at Search Metrics’ HTTPS as a ranking factor – how to handle it.

Tags: https ranking factors ssl

Geoff Jackson

Geoff Jackson (more commonly known by his online pseudonym zigojacko) is the founder of Design Haven and The Clubnet Group which hosts numerous agencies including the most widely recognised of them, Clubnet Digital, a full service digital marketing and creative design/development agency. He also has a personal blog but it doesn't get updated as much as he'd like.

Subscribe to Design Haven UK

Yechiel says:

April 26, 2016 at 5:26 pm

Great. for me i also add RewriteRule ^/?$ “https\:\/\/www\.adcs\.co\.il\/he/” [R=301,L]

because i need /he default.

but in this rule it make to much redirection.

any idea?

Reply
- Geoff Jackson says:
  
  September 6, 2016 at 11:21 am
  
  Thanks for stopping by to leave a comment Yechiel, sorry I must have missed this one previously.
  
  Is your Magento store installed in the sub directory /he?
  
  Reply