SSL Certificates and WooCommerce
In our last post, we briefly touched on SSL certificates and WooCommerce and how using a SSL Certificate can keep your store secure. In this article, we’ll go through what an SSL Certificate is, why you should have one for your store, and how to get an SSL Certificate.
What is a SSL Certificate?
SSL (Secure Sockets Layer) certificates, or HTTPS, allows a secure connection from a web server to a browser through encryption. A SSL Certificate is what applies the encryption. This is what can help keep you and your customer’s sensitive data safe from spying eyes. SSL can also be known as TSL.
Sites with a SSL certificate will usually have HTTPS before their URL and will most likely also have a little green lock that people can click on in the browser bar. When the green lock is clicked, your customers will be able to see your:
- Company Name
- Company Location
- How long the SSL certificate is good for
- Information about who the SSL certificate is from
If a customer is nervous about buying from a store they’ve never bought from before or if they just want to be extra cautious, this information will help them decide if the store is trustworthy.
SSL/TSL can also be used on non-financial sites to protect things like form submissions. Google is actually starting to use SSL/TSL/HTTPS as part of their ranking in their search engine. In order to keep everyone safe, Google is currently recommending people get a SSL certificate to change their URLs from HTTP to HTTPS and protect their sites so that everyone knows your site is safe and secure. Right now, Google is using SSL/HTTPS has a “lightweight ranking signal” but, it is highly probable that they will strengthen that in the future which could affect your ranking on Google.
Do I Need a SSL Certificate?
A lot of the information you just read, may make it seem like you absolutely need a SSL certificate in order to protect sensitive data. But, if you use an outside payment processor (such as PayPal), you might not actually need one. This is because the sensitive data becomes the payment processor’s responsibility.
But, if you do use an outside payment processor AND you also allow customers to create an account or require them to login to purchase your products, you should still have an SSL certificate on your site. This is due to the fact that if your customers create accounts, they most likely are storing their billing addresses and other data on their accounts and you will want to protect any sensitive information that your customers have saved on their accounts.
Again, the 2 circumstances that would get rid of the need for a SSL certificate on your site would be to use a outside payment processor and NOT allow your customers to create an account on your site or login to purchase products. Even if your store fits both of these criteria, you should still consider having a SSL certificate since Google is starting to use HTTPS as a ranking tool.
Where Do I Get a SSL Certificate?
Option 1: Purchase a SSL Certificate from a Third Party
You have several choices if you decide you’d like to purchase a SSL certificate from a third party. A lot of domain resellers will have this option when you purchase your domain and may even offer some kind of bundle. This is something to consider and ask about when you are first purchasing your store’s domain. If your domain reseller does not offer a SSL certificate, you can do a simple search to find many more options for purchasing one. During your search, you will want to consider what kind of SSL certificate you want/need for your store. For example, a basic SSL certificate usually only covers one domain but you can also purchase SSL certificates for multiple domains if you have them. Basic SSL certificates range from $30-$50 per year and multiple domain SSL certificates can go up to $300 per year.
Option 2: Get a Free SSL Certificate through Let’s Encrypt
Another (slightly more complicated) option that you have is to get a free SSL certificate from Let’s Encrypt which is a program through the Internet Security Research Group. Let’s Encrypt is still in its beta stages which could mean there are some bugs that haven’t been ironed out yet, but it is a free, open source option if you’re tight on money. Make sure to read up on the documentation for Let’s Encrypt so that you know all the ins and outs of what it will take to get your SSL certificate up and running on your site.
What Could Happen If I Don’t Get a SSL Certificate?
If you choose to not get a SSL certificate, you’re taking a giant gamble that nothing will ever happen to compromise your site and/or your store. You risk both you and your customer’s sensitive data when you don’t protect your site with a SSL certificate and this could cause you to lose customers – not to mention your Google ranking could be affected. Obtaining a SSL certificate will give you peace of mind knowing that you are protecting important information on your site and store and in return, you will be seen as a trustworthy store which will keep your customers coming back.
While SSL certificates can seem like a complicated and overwhelming subject, we hope that we have answered your questions about SSL certificates and WooCommerce.
If you have any questions about SSL certificates and WooCommerce or if you’d like to sign up for our WordPress Security Class or our WordPress eCommerce Class, please give us a call at 877-844-9931 or email us at firstname.lastname@example.org.