Is HTPPS essential

[Guest]

Hi

 

I am looking in to prestashop as an alternative to ECWID that we currently used (looks like you have easier translations - and we a re looking to build a German site, italian site etc to try and get some small domestic customers)

 

ECWID handles all security issues on their servers. Obviously Prestashop would be on our own server

 

So

 

What security measures do I need. We will ONLY be accepting payment from PayPal (or similar payment systems) so all security for the actual payment is handled by them

 

Does that mean I don;t need https (which frankly I know nothing about)?

 

Any advice please

[gkontos]

https ensures that all the information that a users exchanges with your shop during registration, sign in and order are not transmitted in clear text. This is a good security feature to have even if you don't process credit card info.

 

A certificate signed by a valid CA ensures that you are who you say you are. So, when I place an order in your eshop I know by the certificate that it is really your store that takes the order. That part is more important although people don't realize it yet.

[Guest]

Thanks for the reply. Looks like I better look into this a bit further then

 

Does the https apply to the whole site, or do we indicate which folders / files need to be https - if so which ones for presta?

[gkontos]

You will choose it in the back office, preferences, enable ssl. That way the system will know which requests should be served encrypted.

[Guest]

Thanks, presumably I need to sort out with my host first - i heard getting https costs to buy a certificate?

[gkontos]

Thanks, presumably I need to sort out with my host first - i heard getting https costs to buy a certificate?

The start around 70$ a year

[Guest]

Just found out from our host (1&1) that we can add one

Dedicated SSL Certificate

 

for free via GeoTrust, but beyond that they seem to have little knowledge

 

If I apply for the certificate do all my web pages suddenly have https instead of http? I don;t want that, I want the prestashop to have https (or the relevant pages) and certain other pages / folders on the site. But there is no need for al pages to be htpps surely?

 

gkontos said that i can use the back office system to switch it on for prestashop

 

So some questions outside of that would be

 

Is there a reason why all pages should not be https?

How can I make some pages have https and others not?

 

I am guessing that the default is that even though I apply for and get the certificate, nothing actually changes ,and I then decide which pages to have https = but how?

 

All help on this would be gratefully received

[jhnstcks]

When you activate SSL in your back-end>preferences prestashop will automatically decide which pages uss https and which don't. By default the contact-form, login, my-account area and anything checkout related use https.

 

Using https on every page will slow your sites load speed down, as all the information has to be encrypted on the server, sent to your visitor then unencrypted on their pc.

 

Just a little warning about buying SSL certificates.......hosters might say that the certificate is free, which is probabaly true, you will also have to buy a dedicated IP address for your site, which can cost upwards of £25/year, and is unlikely to be free.

[Guest]

When you activate SSL in your back-end>preferences prestashop will automatically decide which pages uss https and which don't. By default the contact-form, login, my-account area and anything checkout related use https.

 

Using https on every page will slow your sites load speed down, as all the information has to be encrypted on the server, sent to your visitor then unencrypted on their pc.

 

Just a little warning about buying SSL certificates.......hosters might say that the certificate is free, which is probabaly true, you will also have to buy a dedicated IP address for your site, which can cost upwards of £25/year, and is unlikely to be free.

Thanks John - I will check into that dedicated IP thing - they are saying it is a dedicated SSL, but I will check

 

The main question I am struggling with is this

 

When I buy the certificate i can tell prestashop and it will sort it self out - but what about other pages, on the site? Prestashop is just one installation we have, as well a a standard html website. So, apart from prestashop, how do I determine which pages should be https and which should not be? Our main domain index page is our main website, not the prestashop installation

 

I am baffled

[jhnstcks]

Depends what software you are using for the other pages on your site.

[Guest]

Ok, lets say I have no software installed. Just simple html pages

 

Lets say we have two pages www.graphskill.co.uk/index.html and www.graphskill.co.uk/aboutus.html

 

When I have the certificate do they automatically switch from htpp://www.gra..... to https://www.gra.... etc or is there something I need to do?

 

What if i want https://www.graphskill.co.uk/index.html BUT htpp://www.gaphskill.co.uk/aboutus.html

 

?

[jhnstcks]

They won't use https unless you tell them too.

 

The only way I know of to direct these pages to use https, would be to use the htaccess file and use a 301 redirect to the secured page.

 

Unless these page are being used to provide sensitive data that you wouldn't want other people to see i really don't see the necessity to use https on these pages.

[Guest]

Thanks John, that now makes sense!

[kbrmin]

haylau, your site is similar to mine- I have html pages and then the prestashop linked for items to buy. I looked at your site and see that the home landing page is with https. How did you go about installing and configuring your SSL in the end? Any experience is appreciated as I really don't know where to start. It's worth buying the SSL/IP?

[Guest]

haylau, your site is similar to mine- I have html pages and then the prestashop linked for items to buy. I looked at your site and see that the home landing page is with https. How did you go about installing and configuring your SSL in the end? Any experience is appreciated as I really don't know where to start. It's worth buying the SSL/IP?

Hi

 

Htpps is not on the front page (the badge is there though). The process for me was straightforward really. I use 1&1 and in their control panel there was a button to press to get the SSL certification. I just followed the links. Once it was confirmed, I used the "Enable SSL" in Presta BO (preferences) and that sorted everything out

 

Basically when someone creates an account, logs in, or pays the SSL kicks in and gives https

 

Good luck