As an eCommerce store owner, the security of your customer’s data and transactions is one of your top priorities. You might have already have heard about SSL certificates and HTTPS protocol, and how they can ensure security on your site. Moreover, several third party tools like payment gateway services mandate these for their integration on your site. Some of you might be wondering about all this hype around SSL certificates and thinking if it is really worth it. In this article, we will get into the details and explain why SSL certificates are worth for your WordPress WooCommerce store.
What is SSL?
SSL stands for Secure Sockets Layer, which is a security technology that ensures an encrypted link between your web server and a browser. This will make sure that all the data passed between the web server and the browser remains private and integral. As it has become a standard security feature, majority of eCommerce sites across the world uses it to encrypt their online transactions.
As the data is encrypted, it will be secure from any attempts by hackers to intercept it during the transaction. Thus, SSL helps you to consistently manage secure transactions on your website. In fact, this would provide an assurance to customers to initiate a transaction on your WooCommerce store.
Generally the SSL certificate will include your site’s domain name, your company’s name and address including city, state and country. The certificate will also contain details about the issuance authority and the time of expiry of the certificate. A browser, when connected to a site with an SSL certificate will check the validity of all these details. If the check shows that the site’s SSL certificate is not valid, the browser will display a warning to the end user alerting them that the site is not secure.
How it is relevant for a WooCommerce site?
You can use WooCommerce even on a site that does not have an SSL certificate. That is because WooCommerce, as an eCommerce platform offers a solution to help you handle your products and accepting orders. Moreover, if you are using a payment gateway like PayPal Standard, customers will be redirected to the secure site of the the payment gateway company for the transaction. If you are just starting out, this option can get you going without an SSL certificate.
However, as SSL certificate has become a standard of online security, it is preferable to get it for your site. It might be a determining factor for a lot of customers who would want to purchase from your store. It will create a perception of trust that would encourage your customers to initiate a transaction to your store. This is particularly relevant when you are still growing your customer base, and acquiring new customers.
How to get an SSL Certificate for your WooCommerce store?
There is no specific SSL certificate for your WooCommerce store. SSL certificate is installed at the server level, and doesn’t really involve with the setting up of your store using WooCommerce. So, how will you get this done? We will talk about the different ways you can get this done.
Purchase from a third party
You can purchase an SSL certificate from a range of third parties. When you purchase a domain name, chances are that you might get the SSL certificate bundled with it. If not, you can find independent sellers who exclusively sell SSL certificates. Though you can get the SSL certificate from independent resellers, it would be more economical to get it bundled with your domain name. A trusted authority to purchase SSL certificate is Comodo.
Get free SSL certificate through Let’s Encrypt
Internet Security Research Group (ISRG), a non-profit organization offers a free, automated and open source option for SSL certificate. Let’s Encrypt is a certificate authority, from where you can manage to get an SSL certificate for your site. To get this done, you have to demonstrate full control over your domain, which you can manage through ACME protocol. ACME or Automatic Certificate Management Environment makes sure that the interactions between the certificate authority and your web servers are managed at a lower cost.
Getting an SSL certificate through Let’s Encrypt is managed in two ways. Once scenario where you have access to Shell account and another where you don’t have access. If you are not sure about whether you have access to shell account or not, you can confirm this by asking your hosting provider.
If you have access to shell account, you can use the the Certbot ACME client, which will automate certificate issuance and installation without causing any downtime on your site. Without shell access, you are dependent on your hosting service to get an SSL certificate through Let’s Encrypt. Certain hosting service providers automatically set up this for all their customers (for example, WordPress.com).
A lot of hosting service providers offer Let’s Encrypt support. If your hosting service provider do support Let’s Encrypt; you can follow their documentation to get it done. Some of the popular hosting services that support Let’s Encrypt are:
What if hosting service doesn’t support Let’s Encrypt?
Even if your hosting service provider is not supporting Let’s Encrypt, you can still manage to get this done manually. For this, you have to upload a particular file to your website to prove control. Then with the help of Cerbot, you can upload a certificate to your web server. However, it is a tedious process and might require multiple iterations to renew the certificate. Hence, it will be much easier for you to request your hosting service provider for Let’s Encrypt support. If your hosting service provider is refusing support for Let’s Encrypt, it’s better if you switch to one that offers support. Here is a list of popular hosting service providers for your WordPress WooCommerce site.
Different SSL certificates
When you try to get an SSL certificate for your site, you might come across different types.
Classification based on certificate validation level
Based on the certificate validation level, you can classify SSL certificates into a few types. Here is a quick look at some of the options.
Domain Validated (DV)
This is a basic encryption that you can get, which is ideal for blogs and other websites that do not collect personal information of users. To manage this type of SSL certificate, you need to validate your ownership of the domain. This is an economical option suitable for small websites.
Organization Validated (OV)
In this scenario, the entire organization is validated from a certificate authority. As such an SSL certificate contains the full details of your company name and address details, end users would find this kind of validation more trustworthy.
Extended Validation Certificates
These certificates offers the highest level of internet security standards. On major browsers like Chrome, Firefox or Internet Explorer, the address bar will turn green when a user visits a website with this EV certificate. The validation process for this kind of certificates, however, is a rigorous process. The certificate authority will do all sorts of background checks to validate that your company adheres to the guidelines set out by the Certificate Authority/Browser Forum (CA/B Forum). This might be a great option if you want to build instant trust with your customers. Many large online sites and banks use extended validation certificates.
Classification based on the certified domains
Based on the number of domains certified, there are further classification to SSL Certificates. Here is a basic idea:
Single domain certificates
As the name suggests, these certificates can be used for a single domain. Depending on the validation level, single domain certificates are available at different price points and expiration periods. It is an ideal option for small to medium sized businesses that manages only one website.
Wildcard SSL certificate
With a wild card SSL certificate, you can secure a single domain and all the sub domains associated with it. Even the sub domains you add in the future can be secured using this certificate. If you are a growing online company, a wild card SSL certificate can be really useful for you. You can manage the security of all your sub domains through just one certificate
Multi Domain SSL Certificate
If you are managing multiple domains, you can get a multi domain SSL certificate for up to 100 domains. This is a more efficient and cost effective way of managing SSL certificates, compared to getting multiple single domain certificates. More importantly, you can easily add or remove domains as per requirement. Also, it allows all your domains to have a single expiry date.
Unified Communication certificate
This is a type of SSL certificate that is used to secure Microsoft Exchange and Office communication. You will be able to include up to 100 domains in a single certificate without the need for having separate IP address for each website. This is another way to simplify SSL management for large enterprises.
Why your WooCommerce site needs an SSL certificate?
Though you can manage a WooCommerce website without an SSL certificate, it is better to have one. According to experts the marginal cost of getting an SSL certificate is totally worth the deal as it offers much more in terms of customer trust. Here is a quick look at the worth of an SSL certificate on a WooCommerce store.
Your site will be more trustworthy to users
Without an SSL certificate, browsers might warn users that your site is not secure. This is an absolute deal breaker for any eCommerce store, particularly new ones. On the other hand, when your site has an SSL certificate, it can instantly gain the trust of users. As a result, more users will be purchasing from your site as well.
When you have secured your site through an SSL certificate, the chances of conversion on your site also increases. To be able to set up certain payment options like Stripe, it is mandatory to have an SSL certificate for your domain. In fact, having an SSL certificate provides you an option to offer multiple payment gateways, which can influence the conversion rate.
You are validating your ownership of the domain
By getting an SSL certificate, you are in fact validating your ownership on your site. So, you can prove your ownership in case any one tries to copy your site.
Protect your customers’ data
You can protect your customers’ data from hackers online. If the data is breached, it can result in a very bad reputation for your store. Personal or financial data breaches can even take you out of business.
So, the additional cost you might incur for setting up an SSL certificate is totally worth the investment. It offers the much needed security cover for transactions on your site. More importantly, it might be an influencing factor on the your store’s conversion rate as well.