SSL (Secure Sockets Layer) is a web standard that secures your site by encrypting communications between the server and customers. Google prefers sites that are secured through SSL. You can tell when a site is secure as the URL will start with https:// (the S is the key indicator) and browsers give visual queues like this.
All of the checkouts in your Shopify store are done under the common URL checkout.shopify.com. This URL has been secured under a Shopify SSL cert for as long as I can remember.
But in the past, you used to have pay to get a SSL certificate for your store so that your customers would have the confidence that SSL provides. And you would have to go through the hassle of getting it set-up (which was never an easy process). Now, Shopify provides FREESSL for your site and the set-up is pretty easy. Here's the steps to go through to implement it:
- When you first launch your site, you won't yet have your SSL certs from Shopify. It takes anywhere from a couple of hours to a couple of days for Shopify to process them.
- On the Domains page, under Online Store in the admin navigation, you will see the status of your SSL certs in the Manage Domains section. The messaging is poor when it comes to why you don't yet have an SSL cert or when you can expect it to be done. But if they are not yet available, just keep checking back.
- When you have a cert for one of your domains, activate it.
- While all of your domains do not yet SSL, do not redirect all of your traffic to your primary domain. You don't want to be redirecting traffic between secure and non-secure domains within your store as it causes browser security warnings that could confuse or scare away your customers.
- Once all of your domains are secure with SSL, go ahead and redirect all of your traffic to your primary domain. This is in the Set your primary domain section of the same page we have been looking at. This is done for SEO purposes as your store will only appear under one domain and you won't get penalized for having duplicate content under different domains.
Now that your Shopify store is secure and using HTTPS, make sure that any content you are pulling into your store from other servers is also published over HTTPS. This includes:
- Social feeds
- Photos from blogs not hosted by Shopify