Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Going SSL?


kymation

Recommended Posts

Now that Google has announced that SSL will count in your search rankings, how many of you are going to switch your stores to all SSL? And how many are going to get an SSL cert for the first time? (There are free/low cost SSL certs available.)

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Do you mean SSL everywhere, including index.php, product pages and the like?  What would the implications of this be regarding SEO for indexed pages and page ranking?

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

According to the linked blog posting, yes, everything should be HTTPS. As I read it, two otherwise identical pages, one HTTP and the other HTTPS, will have the HTTPS version ranked ahead of the HTTP version. Very little extra boost initially, but they might increase it. I suppose the first entry in your .htaccess will be to redirect http: entries to https: (301 status), which shouldn't get you dinged for duplicate content.

 

I think this is a bit of an overreaction to the NSA snooping, but when the 800 pound gorilla roars, you'd better listen.

Link to comment
Share on other sites

Google's action is minimally related to the NSA and more related to the overall insecurity of the Internet which is appalling.

Here's a link to test your site's SSL:

 https://www.ssllabs.com/ssltest/index.html

 

My question for the osCommerce security gurus is what is our best strategy for encrypting EVERY page?

The next related question is how best to handle the subsequent SEO implications.

It would be great if we could get a consensus on these questions and publish a How To doc.

Link to comment
Share on other sites

While I agree that HTTP was never designed to be secure, I do find it curious that Google didn't start encrypting its searches (at least from their home page) until after the shit hit the fan (Snowden). If someone is googling for how to build a pressure cooker bomb, frankly, I'd be happier if the intelligence community can easily know about it. Reasonable people may disagree, of course. It may be a moot point, as I wouldn't be surprised if the IC already has taps inside Google's data centers (they're known to have already tapped inter-center links). And of course, it's not impossible that Google is voluntarily cooperating with the IC, perhaps out of patriotism, perhaps in return for "certain considerations" (e.g., quashing antitrust actions, technology sharing).

 

How to encrypt every page?

  1. .htaccess 301 redirect any http: request to https:
  2. modify tep_href_link() to ignore the SSL parameter and always use SSL
  3. eventually remove the SSL parameter from tep_href_link calls

As long as you're going whole hog on SSL, you might as well do the whole site, rather than trying to pick and choose selected pages.

 

My two worries:

  1. the cost of SSL certificates/installation/related services will jump if there's a spike in demand
  2. system performance will suffer (more bandwidth consumed, encode/decode stream at both ends)
Link to comment
Share on other sites

I don't suggest that anyone make this change until the dust settles and it is known how much this will affect rankings. Google has stated that less than 1% of global queries will be affected for now, which is not much and will probably only apply, at this point to higher-ranking pages.

 

Keep in mind that most shops can't switch to pure ssl since the shops are not setup for it. So making the change is a bit more involved than changing the configure file.  I think making the change at this point is premature and cause more problems than it is worth if the site is converted to ssl. Concentrate on setting up the pages correctly so they rank better and just wait.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Using SSL throughout your store should be simply a matter of changing the configure file. I've tested this and don't see any problems. I would love to know what issues anyone is seeing after making the change. Perhaps we could get a code change into the next version of osCommerce if one is needed to accommodate this.

 

Google states that this currently only affects 1% of all sites. So, how do you know if your store is in the 1%? Google isn't saying. They do say they will be increasing the importance of this ranking factor in the future, but they don't say when. So, how long are you going to wait? Until you see a marked drop in your ranking?

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

@@kymation You can't have access to both secure and non-secure pages since that will cause a duplicate content situation. So you'll need to redirect all urls to secure pages to ensure that doesn't happen. Also, many sites have links to external sites that are not secure. That will break the ssl so all of those will have to be changed, assuming secure url's are available from those sites.

 

Google doesn't say less that 1% of sites, they say less than 1% of global queries. That is a huge difference.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

@@Jack_mcs  Right, so you'll also need to add an .htaccess rule to forward all of the non-SSL pages to SSL. This should not be difficult.

 

You're right that it says 1% of all queries. My mistake. So, again, is your store going to be in the results for that 1%? No way of knowing.

 

I agree that this is only one of more than a hundred factors that Google applies to the results, but it's a "set and forget" factor, which makes it particularly attractive to me.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

This .htaccess code works for me:

 

 

RewriteEngine on
 
# Redirect http to https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

 

Any improvements are welcome.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

i think it is better to just ssl for google (spidering only).

This is a total non-sens to "show" content to an audience in a https connection.

But that is my pov.

So let google think you have all links https'ed would be (for now) a good solution.

 

i just wonder what they try to achieve with it...

put bandage on a wounded that actually needs to be stitched?

Link to comment
Share on other sites

@@wHiTeHaT  Google checks their spider result using a non-spider user agent string. When the googlebot returns different results from the check, they assume you are spamming and give your pages a massive penalty. This is a really bad idea.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

@@kymation , yes perhaps , i am not really into this area.

 

But i think that for now this is just a notice, or a test drive.

It require sometime before this go become a standard , as it needs to get trending first.

 

Hosting company's will eventual go provide a 100% secure configured server.

 

Assuming they will in the first years ask an extra $ for it, until the service go be a standard, and hosting prices will be again as used to.

Perhaps with a increased price.

 

As we say in the Netherlands:

Let's look the cat out of the tree.

Link to comment
Share on other sites

It is not just a certificate what you need, much much more is need.

 

I've set this up on many sites. What you need is:

  1. A cert. Free or cheap from several vendors. Your host may charge a one-time fee for installing your cert.
  2. A dedicated IP address. This is included with some hosting plans; extra cost from others.
  3. SSL software on the server. If your host doesn't have this, you really need to find a better host.

It's not that hard at all.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

@@kymation The rewrite code you mentioned is not correct. The [R,L] should be [R=301,L].

 

This may be a simple thing for you but it won't be for many shop owners. As mentioned, any link to a non-secure site will be a problem. And I see time after time where shop owners use absolute url's since they are used to doing that in html sites. That means all of those links should be changed. Google even mentions this is a mistake in the page about changing to https.

 

With regards to whether this will affect a sites ranking, I don't think that is likely at this point. From the sounds of it, google is giving this the lowest impact of all of their ranking factors. I'm sure, unless they find a reason not to do it, that it's importance will rise but that will probably take a year or so. They did the same thing when they announced load speed would be a ranking factor. They announced it and then, due to the backlash, didn't say much about it. A year or so later, they made it clear that it was to be used.

 

And the issue of speed brings up something to consider. Since using full ssl will cause more of a load on the server, it is possible that the ranking of the site for speed will go down as a result of making this change. Which will affect your site more?

 

So, again, this isn't something most shops should rush into. I consider it a non-issue at this point.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Yes, a 301 redirect would be better than the default 302. That's what I get for trusting to memory. Thanks for the correction.

 

I hadn't thought about the effect on load speed. That's a good point. I wonder if Google has thought about it, and will take that into account for the sites using SSL. Of course if everyone were doing it, it wouldn't be an issue.

 

Maybe not exactly a non-issue, but something to consider for the future.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...