Magento2: I WANT HTTPS ONLY ON CHECKOUT AND LOGIN! NOT ALL PAGES

https is generally a positive rank signal for SEO reasons, as long as you 301 the http urls to https.

https://webmasters.googleblog.com/2016/11/heres-to-more-https-on-web.html
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https
https://plus.google.com/+JohnMueller/posts/PY1xCWbeDVC
https://plus.google.com/+GoogleWebmasters/posts/eYmUYvNNT5J

@joebordo, I hope Magento will never follow your wish. Your practice is so false, I don't even know where to argue first.

@Detzler what's your problem? Are you a child? why would you wish something like this?
If the option is there, anyone can use it the way they want it.
We have top positions, even if it drops 1 position for 3 months...we lose alot of sales. Those are high end value items over 1K, not just peanuts.

So what are you wishing for? SEOmoz confirmed my expeirence too. It takes 3- even 6 months for one to recover.

So as a user i should have the right to offer my client's a save secure login and checkout without being forced to put it on all pages.

If the option is there, everyone could use it the way it's right for their project.

Don't be a blind google slave. I understand it's good to have all pages https, but only if the website is new that one can do it just instantly..but if the business is running, and alot of people are counting on the money to pay their employees...50% down in sales is critical.

Next time , be productive.

@helloitsluke Hi Luke, thanks for your reply. I already read everything and i did already 3 switches.

The problem is if the site is not ranking that well...you don't see much of a drop...but if you are nr 1 nr 2 nr 3 that drop really affects the sales. And for it to take 3-6 months which is confirmed to fully recover is a big sacrifice.

Just the drop from first position to 2nd drops the sales 30%. If it drops 2 you can say googbye to 50%

So by the time it recovers...one loses alot of money. for like zero gains.

I don't understand why there is no option for one to choose what they want to do with their own project?

We have also alot of images ranked. Now all those images also have to become https...they all lose their positions too.

Most people have just read things on internet , but i have real first hand experience.

For new website's i would also use full pages, but every situation is different.

I just think it's crazy...now i have to hire another developer to fix this.

@joebordo, you short-termed solution specialist. Let's have a look from 3 perspectives:

Magento's POV:
Google announced some time ago that Chrome and their search engine will treat websites worse that don't use https. As you know, currently, Chrome shows an unsafe-icon left to the url bar on pages that contain form fields e.g. on checkout or login/registration page. In generell, that unsafe-icon leads the visitor to jump off your site. So those, who are still on http or on semi-https like you want to have, is encouraged to upgrade from http to https. (And you did it right.)

• For Magento, it doesn't make sense to implement a feature that is useless in near future.
• For Magento, it also doesn't make sense to implement a feature that is only used by tiny amount of shop owners. But if your feature request gets famous, they surely will implement it.
• For Magento, it is more beneficial to NOT fill up the software with unneeded functionality, coz it let the software grow to the instability.

Your POV
Your shop is on https. But you still want to be on http at the important pages for SEO. As I mentioned above, google will kill you. You are forced to upgrade to https anyway. What would happen if Chrome will show the unsafe-icon for all http pages from now on? Your conversion will decrease. And then, after some time of bad conversion, you will switch finally to https and have a second drop. So in a nutshell: You will have 2 problems instead of the current one.

My POV
If you experience this kind of ranking problem, keep using https and start optimising on it, instead of going back to the stone age.

• setup redirects
• Check the configuration in google search console
• @helloitsluke is absolutely right
• If you still want to have semi-https immediately then just develop it by yourself. Magento was a good choice coz it's extensible like a charm.

Best regards,
The Child

@Detzler
Like i said, you are just being a google slave. Google is showing that icon and it did not hurt our sales at all. It only hurts if your checkout and login pages are not secure.

Second, now it's summer...it's the season for our business for 3-4 months...i should be able to upgrade my magento 1 installation to magento 2 with checkout, login in HTTPS. Then after the summer upgrade the rest as it's out of season...now i'm forced to wait with magento 1 till the summer is over because of this...

Like i said...if you do some research you will see only a FEW sites are using https....

We are not talking about what is good or right and how to do business . We are talking about the fact that there should be just an option for the user to choose.

Every user has a different problem.

If you lost over half million's worth of sales...would you upgrade it blindly? If you already have the top positions....

Btw, that feature already was in magento. It's not a special feature...it was already there. Instead of just overriding and putting on al pages...they could just put " Secure url's Front end, Secure url front end all pages. That's it.

Having that option would not hurt anyone. It would not cost any development time...as it was already there.

I don't understand why we are arguing.

Actually, we shouldn't have this conversation if google did what they "claimed"...that those redirects pass all link juice and that it would not hurt but help the rankings...

Anyway, i did not meant to be disrespectful...but every situation is different...

I don't want to be the early adapter who pays's with hard earned cash...to change the web and make it "safe"...and i'm not talking about the previous https vulnerabilities and hartbleed...

Somebody is trying to sell certificates...

You're right, no sole software can cover all the needs of all the business owners. Thanks for the discussion. But for the magento's future software quality, I do dislike this feature.

-1 from me

@Detzler

I understand.
Actually i was hoping to complain and that someone would write some little code snippet that would allow me to do this, as i posted on other forums and no one helped. I thought's it's a simple fix.

On a sidenote, did you ever move a magento installation to full https on an established store? What are your expeirences if so? How long did it take you to get back your original rankings?

Cheers
the other child :p

ADD an option where the user can CHOOSE. Forcing people this route is not "open source" or friendly.
I want to be able to choose.

Actually i was hoping to complain and that someone would write some little code snippet that would allow me to do this, as i posted on other forums and no one helped. I thought's it's a simple fix.

The project is open source - you can add any feature you want.

@joebordo,

Having that option would not hurt anyone. It would not cost any development time...as it was already there.

Unfortunately this is not true as routing and a lot of URL-related stuff was rewritten from scratch in Magento 2. Continuation of semi-https mode support would leave a lot of room for MITM attacks and I believe safety was the main reason for such decision.

If such feature would be implemented as a part of core, in the future it would be not that simple to get rid of it due to BC policy. While it should be relatively simple to implement as a custom module for a particular merchant needs.

Thanks everyone for the reply. We decided to stay on magento 1 and make the move after the summer...to minimize the impact of sales.