Community Forum

Wine Direct website security out of the box, AKA https://


#1

What is Wine Direct’s approach to website security? Previously, I thought that Wine Direct-hosted websites were automatically redirected to https:// but recently I noticed that our website does not do this, and in some browsers shows an “insecure” warning (like in Chrome).

With Google getting reading to start punishing non-https sites, I’d like to get some feedback on this.


#2

Good catch! What’s up WD?

http://store.baldaccivineyards.com/Purchase


#3

Hi everyone! By default, your website will only have SSL on the Cart and Checkout pages. However, if you like, you can reach out to support and we can enable SSL on every page of the domain.


#4

It’s in your website settings. I will warn, if you are using any third-party services (like Google Fonts/TypeKit) and aren’t implementing the HTTPS version of it, you’ll have some certificate issues. So fix that first.


#5

Thanks @EdFarmCollective

@carisenranding So if I check “SSL Everywhere” under Website Settings will that be enough to enable SSL on all our site’s pages, or do we also need to update our live URL (and/or anything else)?


#6

Checking off ‘SSL Everywhere’ will enable it. No other setting changes needed as SSL is already setup for your cart, checkout and members pages, but as Ed mentioned, you will want to go through and double check that there aren’t any security issues because of fonts or images being brought in from an insecure domain.

After it’s been enabled, this is what you’ll see in the address bar on chrome:
Security issues
insecure

No issues
secure-url