Showing that a store is secure
Security is one of the main things to consider when opening an online store. When shopping online, people use their most sensitive information: their names, addresses, and credit card details. That’s why you need to ensure that all the data in your store is processed in a completely secure way and can’t be accessed by violators.
In Ecwid your and your customers’ information is completely safe. Please, check our article about what we do to protect your customers’ data.
Nevertheless, we recommend to explicitly show that your website and online store are secure to your customers, so that they can feel safe when buying from you.
In this article:
The Chrome browser now marks all HTTP websites as not secure. It means that if a customer opens your website which uses HTTP connection (without 'S'), they will see a clear warning about it. Right now, you may already notice a grey "Not Secure" note in the Chrome address bar when you open an HTTP website:
Since Chrome is one of the most popular browsers, you risk losing potential customers. Users are not likely to place orders in a store that runs on an insecure website.
Since Google now clearly informs the users that an HTTP website is not secure and may even lower it in the search results, we want to ensure that all Ecwid merchants sell their products on trusted HTTPS websites.
We will display a warning "Your store runs on an insecure HTTP site", if your Store's web address is an http:// link:
- If your website uses HTTP connection
We strongly recommend switching your website to HTTPS protocol. By serving your site over HTTPS you are proving that anything you are delivering to your customers could not have been interfered with as the communication has been encrypted between the browser and the host.
- If your website uses HTTPS connection
Most likely, you have just missed the 's' in the link when entering the Store's web address (URL) in your Ecwid admin. We advise to double-check that you have provided a valid URL in the settings:
- From your Ecwid admin, go to Settings → General → Store Profile.
- Find the Store's web address field and click Edit:
- Edit the address and click Save.
Open your website in the Chrome browser now. Do you see the green 'Secure' badge? You may also notice that your store opens at the URL which begins with https:// That means your site is secure and there is nothing for you to worry about.
If you do not see the 'Secure' badge, check the link of your site. It sounds like the URL begins with http:// That means your site uses HTTP connection. It's time to take actions and switch your website to HTTPS to show your customers that it's safe to place orders there. Keep reading to find out how to do it.
Ecwid Instant sites use HTTPS connection by default. If you use only the Instant site, there is nothing for you to worry about: your store is secure, we've taken care of that. You will get the "Secure" badge.
By the way, you can also use your own domain name for the Instant site and keep it on HTTPS. See our article on how to do it: Connecting your domain to Instant Site.
Some site builders offer a simple way to enable SSL for your website. If you use a website builder, check out their Help Center or reach their support team to find out how to do it. Below are instructions we have found for some site builders:
If you own a self-hosted website, here are two options:
- Switch your website to HTTPS, using a third-party service, for instance, Cloudflare.
- Buy an SSL certificate from your domain registrar or hosting provider and install it to your website manually.
Note: After switching to a secure connection, make sure that all links in your website (links for images, videos, in scripts, including the Ecwid integration code, etc.) start with https://. This will ensure that your website and store on it are correctly displayed at your https:// domain.
I switched to HTTPS and now my store doesn’t show up. How to fix this?
If you’ve added the Ecwid integration code to your website quite a while ago, the store code can contain a link that starts with http://. After switching your website to HTTPS, make sure to replace the http:// link in your Ecwid integration code with the https:// link. Otherwise, there might be issues with store loading because of the mixed content error.
To replace HTTP with HTTPS in Ecwid integration code on your site:
- In your website editor, open the source code of the page where you've added your Ecwid store.
- Find there your Ecwid integration code.
- In the integration code, find the link that starts with http://.
- Replace http:// with https://. As a result, the Ecwid integration code will look like this (with your store ID instead of 1003):
- Save the page changes.
If you’ve added store extensions, like store search or additional shopping bag, to your site pages, ensure that links in widget codes added to your site also start with https://.
McAfee SECURE app allows you to show that your online store is safe to the visitors. You can add the McAfee SECURE Trustmark to your product pages, shopping cart, and checkout pages. The app also gets your site scanned for malware, viruses, and other malicious activities.
As a result, it allows increasing sales and conversions by reminding visitors that your site is a part of the SECURE web.
The McAfee SECURE app is paid with a free trial.
If you want your customers to feel even more safe, you can add a special SSL seal to your store on your website. You will need to have access to the source code of the website, so you can't add them to the Instant site. Find the seals and instructions on how to install them at the links below: