Skip to main content

Get Your Store Ready for HTTPS

You probably received an email from Google announcing that starting in October of 2017, sites that cannot be accessed via HTTPS will be flagged in Chrome as not secure. This is part of Google's push to make the entire Internet secure. To answer this call, Yahoo is working hard on making HTTPS available to all stores and it should be available shortly; definitely well before the deadline set by Google. In some cases, stores will simply be able to flip a switch and make their site secure (conforming). However, other stores, most notably highly customized ones will need extra effort making sure they are ready for the switch.

What if your site is switched to HTTPS but it is not entirely secure?

If - when it becomes available - you switch your site over to HTTPS but not all parts of the site are secure, visitors to the site will still see a note informing them that the site is not secure. They may, and often will, also receive popups warning them of insecure content and asking if they want to continue - a sure way to turn the vast majority of visitors away.

What parts of the site can potentially be non-secure?

Once the switch is available, the main pages of the store will be secure. However, assets used inside the page also need to be secure. The product images - and indeed all images you upload into the editor will be taken care of. Other files linked from the "Files" area of the store editor will probably be secure, but that depends on how such files are linked into your site. If they use hard-coded non-secure (http:) links, then they will NOT be secure. Images used inside otherwise secure CSS and JS files may or may not be secure, again, depending on how those are referenced from within those files.
Also, forms used anywhere in the site (search, newsletter signup, etc.) all need to point to secure locations otherwise they will be flagged as non-secure. A notable example is the built in store search. If you are using the legacy yahoo store search you will have to upgrade to the newer version.
Finally, any third party scripts or tools your site might make use of, which are not secure, will have to be secured as well, but for those you'll most likely have to contact the vendor whose code it is. We will point those out to you if we find them in your store.

How can you find out what parts of the site will pose a problem?

You can start with third party tools such as customer reviews, customer account management systems, etc, by contacting the vendors those tools are from to make sure they can be upgraded to be secure. If you have the legacy Yahoo store search, upgrade it - or have it upgraded - to the new version. Don Cole of Your Store Wizards put together a testing tool that can alert you if your site is most likely to be ready or not for the switch. This tool is available here. But the most precise way to tell whether your site is ready to be secure or not is the yet-to-be-released HTTPS testing tool from Yahoo. This tool will temprorarily switch the store editor into secure mode so it will immediately show an expert what parts of the page or pages are not secure and, therefore, require attention.

What's next?

For your peace of mind, order our Secure Store Preparation Service now. We will process these in the order in which they are received, as soon as Yahoo Store's HTTPS testing tool is available. We will make sure all parts of the site are secure and ready for the switch, and we will identify any third party tool you may be using now that will need to be secured by the vendor who installed it (please note, we are not responsible for any charges third party vendors might assess for securing their own tools or add-ons.)

Comments

Popular posts from this blog

What is product-url anyway?

I keep having to field questions about the product-url field, and since it came up yesterday, I figured I'd try to clear up all the confusion about it.

So the name product-url suggests that whatever you type in there will become the URL of that product. Unfortunately, this is not the case, or rather, not in the intuitive way. The URL you enter there will be used as the URL for that product in Yahoo Shopping, on the built-in search results page, and on the shopping cart page, however, the URL you type in there DOES NOT actually change the physical URL of the page.
What is the URL of a page in a Yahoo Store? In any Yahoo Store built in the store editor, the URL of a page is the store's domain name and the page ID + .html. For example, in my store at www.ytimes.info, I have a page whose id is rtml101, thehrefore, the URL of that page is http://www.ytimes.info/rtml101.html.
Why would you want to change the URL? For SEO reasons, it is believed to be better to have a URL that includ…

Referencing Files from Yahoo! Web Hosting Securely

Now that hopefully most of you you have your stores secured (if not and need help, we offer a Secure Storefront Preparation Service here), you may have been faced with the question of how to reference files (images, CSS, JavaScript, src) if those files are stored on your Yahoo! store's web hosting account. Obviously using the old HTTP: method won't work, so something like this

< img src="http://site.ytimes.com/image.jpg" />

will not work. Nor can you simply change the http: part to https: , because as of this writing, only the store editor portion of a Yahoo! Store can be made secure, the web hosting portion cannot.

First a side note: if this sounds totally Greek to you because you have never heard of the web hosting part of your Yahoo! Store, you may have a legacy Yahoo! store account and not a Merchant Solution one. With a legacy store account you will only have the store editor part and no hosting account, in which case none of this applies to you.

The good n…

Really Quick Trick to Improve Page Load Speed of a Yahoo Store a Little Bit

With Google getting more and more aggressive about wanting web sites to be quick to load (particularly on mobile), we often find ourselves trying to find even the smallest of tweaks to nudge up that page speed score even if by a tiny bit. Here is a quick trick you can do completely on your own, without having to ask a developer, that will probably bump up your Google PageSpeed score by a couple of points.

First a short disclaimer: this trick is only applicable if you have enabled the Yahoo! Badge in your Store Manager, under Live Insights & App Gallery.

Before you start, you may want to check your site's Google PageSpeed (the home page is a good place to start) both as a benchmark, and also to get a glimpse at how fast (or slow) Google believes your site (or home page) is. Here is the link:

https://developers.google.com/speed/pagespeed/insights/
Ok, so if you did enable the Yahoo! Badge, your site includes a small Yahoo Live Store badge, much like this:


When you hover over the …