Secure HTTPS Magento Shopping Cart

Although the shopping cart doesn't contain overly sensitive and private information, some users still feel happier knowing that their cart information is secure. Some analysts have even pondered whether this could increase conversion rates (I don't think it could hurt!). By default, the Magento shopping cart isn't protected by SSL and there is no easy option to enable this in the Magento Admin. Fortunately, it's quite easy to create a Magento extension to achieve this. Let's see how...


We're going to write a small extension that will force Magento to display your cart using SSL (assuming you have set a HTTPS URL as your secure frontend URL). This extension only needs two files, so go ahead and create them.


<?xml version="1.0"?>


<?xml version="1.0"?>
		<Fishpig_CartSecure />

For this file, you will probably need to create a few directories found in the path as they most likely don't exist (unless you have already created some of the custom Magento modules we've discussed in our Magento tutorials!).

To get this working, refresh the Magento cache (and recompile the Magento compiler, if already enabled) and browse to your shopping cart! If it isn't working, check that you have enabled SSL URL's for the front end of your Magento site (System > Configuration > Web > Secure > Use Secure URLs in Frontend).

Make Any Magento Page HTTPS

The above extension will force the Magento shopping cart to use your secure URL, but can easily be adapted to force any Magento page to use SSL. To do this, simply add extra entries to the config.xml file you just created, using the same syntax as the checkout_cart option.

9 thoughts on “Secure HTTPS Magento Shopping Cart”

  • Simon Sprankel

    Thanks for the nice tip! Unfortunately, if I change the cart to https, the customer is redirected to the homepage once he deletes an item from the cart. Any idea how to prevent that and let him on the cart page?


  • steve snyder

    Nice to hear about this tool, would the SSL certificate installation work despite using any Magento tool? Also why would Magento not include this tool builtin as it is critical for shopping carts.

  • Daniel

    Thanks that worked great for me! You are a legend - you just saved my weekend.

  • Richard

    Works great but we seems not to get page cache working over ssl, is there a fix or tip you can give in this direction

    • BT

      Firstly you wouldn't want to cache the cart page as it's so dynamic that it probably wouldn't of any benefit. That being said, you should choose a full page cache extension that can cache correctly when you're using SSL or non-SSL. We develop Bolt which provides amazing speed and works with SSL and non-SSL traffic.

  • Deb

    Wouldn't it be easier, and accomplish the same thing, if you just added your https URL to the Unsecure Base URL of System -> Configuration -> Web, as well as the Secure Base URL? This seems to work perfectly in my short test.

  • David

    Thanks, works great, still.

  • Lacey

    Thanks, this works great!

Leave a Reply
Post your comment

FishPig Ltd