Magento Tutorials Secure HTTPS Magento Shopping Cart

« Back to Magento Tutorials

Want to secure all of your Magento forms automatically from spam bots and hackers? Check out NoBots Spam Blocker.

Although the shopping cart doesn't contain overly sensitive and private information, some users still feel happier knowing that their cart information is secure. Some analysts have even pondered whether this could increase conversion rates (I don't think it could hurt!). By default, the Magento shopping cart isn't protected by SSL and there is no easy option to enable this in the Magento Admin. Fortunately, it's quite easy to create a Magento extension to achieve this. Let's see how...

Fishpig_CartSecure

We're going to write a small extension that will force Magento to display your cart using SSL (assuming you have set a HTTPS URL as your secure frontend URL). This extension only needs two files, so go ahead and create them.

app/etc/modules/Fishpig_CartSecure.xml

<?xml version="1.0"?>
<config>
	<modules>
		<Fishpig_CartSecure>
			<active>true</active>
			<codePool>local</codePool>
		</Fishpig_CartSecure>
	</modules>
</config>

app/code/local/Fishpig/CartSecure/etc/config.xml

<?xml version="1.0"?>
<config>
	<modules>
		<Fishpig_CartSecure />
	</modules>
	<frontend>
		<secure_url>
			<checkout_cart>/checkout/cart</checkout_cart>
			<checkout>/checkout/cart</checkout>
		</secure_url>
	</frontend>
</config>

For this file, you will probably need to create a few directories found in the path as they most likely don't exist (unless you have already created some of the custom Magento modules we've discussed in our Magento tutorials!).

To get this working, refresh the Magento cache (and recompile the Magento compiler, if already enabled) and browse to your shopping cart! If it isn't working, check that you have enabled SSL URL's for the front end of your Magento site (System > Configuration > Web > Secure > Use Secure URLs in Frontend).

Make Any Magento Page HTTPS

The above extension will force the Magento shopping cart to use your secure URL, but can easily be adapted to force any Magento page to use SSL. To do this, simply add extra entries to the config.xml file you just created, using the same syntax as the checkout_cart option.