The first thing you need when creating a website aside from the choice of CMS and hosting is the SSL which can be simply explained as getting a certificate to show that your website is secured (or more technically, makes your website from http:// to https://).
This is important because unsecured websites may find it hard to rank and Google and other search engines may show notifications that your website is unsecured which may prevent users on actually going into your website even if they have clicked the link to your content.
But first you need to decide on whether you’ll use a www. version or a non-www. version because you’ll need it in the future when you set up your console and for this Global redirect setup.
When you’re done deciding, you can continue setting up your Magento website by following the steps below.
Click on STORES > Configuration
Click on Web (under General) > Base URLs (Secure)
Upgrade Insecure Requests is a security feature of Magento which means that users cannot access the HTTP version anytime (helps prevent hacking) and is also a great prevention so that Google won’t crawl and index the http:// content in case you have downtime when adding a new SSL.
Select Yes from Enable HTTP Strict Transport Security (HSTS)
Now when you set this to YES you NEED to note down when the website’s SSL will expire.
When you set “Enable HTTP Strict Transport Security (HSTS)” settings to Yes this means that you would always need an SSL for your website to be accessible to users.
If website loses SSL, then users cannot access it. This is good for SEO too since it basically signals that the Magento website prioritizes secure access, and can prevent http:// requests on your Google Search Console (which can lead to duplicate content when http version is indexed).
Select Yes from Upgrade Insecure Requests
When done, click on Save Config.
Global Redirects and configuring HSTS (HTTP Strict Transport Security) and Upgrade Insecure Requests are crucial steps in setting up a Magento 2 ecommerce website for several reasons:
- Enhanced Security: Configuring HSTS ensures that your website is accessed only through secure HTTPS connections. This prevents unauthorized access, data breaches, and interception of sensitive information exchanged between the user and the website.
- SEO Benefits: Search engines like Google prioritize secure websites over unsecured ones. By implementing HSTS, you signal to search engines that your website prioritizes security, potentially improving your search rankings and visibility.
- User Trust: With HSTS enabled, visitors to your website can trust that their data is encrypted and secure. This builds trust and credibility, leading to higher user engagement and conversions.
- Prevention of Duplicate Content: Enabling HSTS and Upgrade Insecure Requests helps prevent the indexing of HTTP versions of your website’s pages. This prevents duplicate content issues, which can negatively impact SEO rankings.
- Protection Against Hacking: Upgrade Insecure Requests ensures that users cannot access the insecure HTTP version of your website, reducing the risk of hacking and unauthorized access to sensitive data.
Leave a Reply