Menu
iThemes
WordPress Backup, Security & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • Kadence WP
    • Restrict Content Pro
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Maintenance
  • WordPress Security
  • WordPress Training Webinars
  • WordPress Tutorials
  • WPprosper

SSL for WordPress Ecommerce

Written by Ashley Hurney on May 14, 2014

Last Updated on January 25, 2017

goldlock-windowSecurity is always a hot topic, especially in ecommerce. Sensitive credit card numbers can easily get in the hands of the “bad guys” if your site is not secure.

If your ecommerce site uses Stripe or PayPal you already know that they use SSL on their end, when processing payments on your ecommerce site. That doesn’t mean that your site is fully protected. SSL certificates are needed because they encrypt communication between the server and the customer purchasing from your site.

How do you know you need an SSL certificate?

Ask yourself these questions:

  • Does my site sell ANYTHING?
  • Does a user have to log into my site?
  • Does my site interact with credit card numbers: collecting, processing or storing?
  • Golden rule: do you like your payment information to be kept confidential?

If you answered ‘yes’ to any of the questions above, you definitely need an SSL certificate.

What type of SSL certificate do you need?

Here’s a quick break down of the types of SSL certificates:

  • Extended Validation (EV) – The Certificate Authority (CA) does an extensive background check of the company/individual applying, so there is human intervention. Using third parties, the CA verifies the applicant owns the domain where the SSL will sit, verify applicant’s physical existence and check government records. Benefits: encryption, secure site seal, geolocation and other pertinent information on the business will be displayed when a user clicks the seal. This builds trust from your customers.
  • Organization Validation (OV) – Acquiring this type of SSL requires less of the background check portion. But the authority still checks to make sure the applicant is the rightful owner of the domain. Benefits: encryption of credit card data, secure site seal and some information about the company displayed. Again, having the extra information builds trust from your customers.
  • Domain Authenticated Validation (DV) – No extensive background check but the applicant must be the owner of the domain in application. This is typically automated. Benefits of this certificate are the encryption and the display of country code where the business operates.

How do you get an SSL certificate?

You can purchase SSL certificates from your hosting provider, in most cases. Beware of shared SSL certificates on some servers. This means you share a domain name with anyone else who wants to use SSL, and can get tricky. Shared SSL is not what you’re looking for.

In summary, your ecommerce site needs its own SSL certificate(s). Relying solely on your point-of-sale provider to be secure is not enough. You can never be too careful with sensitive credit card information.

I’d love to know your experience with SSLs on your own ecommerce site, or a client site. What tips can you share with us?

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
WordPress Vulnerability Report
WordPress Vulnerability Report – May 25, 2022
Website security matters to your business
Why Website Security Matters to Your Business
wordpress vulnerability report
WordPress Vulnerability Report – May 18, 2022
wordpress-website-hacked
How Do Websites Get Hacked?

Comments

  1. Havenswift Hosting says:
    May 17, 2014 at 1:48 am

    It should be obvious that a SSL is required when a site collects, processes or stores credit card details – in fact it is a PCI requirement.

    However we also agree with you, and have long pointed out to our customers, your first two points (A site that sells anything and where any user logs into the site) should mean that a SSL is also installed. This means ANY E-Commerce site and ANY WordPress site should use a SSL

    Reply

Respond

Click here to cancel reply.

Get updates on new themes & plugins plus special discounts

About iThemes

  • The Team
  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Hosting
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2022 All rights reserved | Privacy Policy

© 2022 All Rights Reserved.

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap