SSL FAQ

Is SSL set up on my website properly?

↑ Back to top

Use Qualys SSL Labs SSL Test to determine if your website/store is properly configured after installation of an SSL certificate. Enter your domain, and click submit.

It also grades the web server configuration and tells you what should be changed to be more secure. Typically these changes need to be handled by your web host.

Does SSL make my site PCI compliant?

↑ Back to top

It’s a step in the right direction, but SSL alone does not make your site PCI compliant. We have documentation on PCI compliance at: PCI DSS Compliance and WooCommerce.

My web host told me free/cheap SSL certificates are not secure.

↑ Back to top

SSL certificates come in many variations and prices, ranging from free to more than $1000/year. Unless your business has revenues high enough to warrant extras offered by the expensive SSL certificates, you do not need them.

The three most important pieces to consider are the:

  • Level of Encryption (256 bit is recommended)
  • Browser Recognition
  • Warranty

Compare two SSL certificates where one costs $10/year and the other costs $1000/year, and typically the only difference between the two as far as the three factors are concerned is the warranty and maybe browser recognition. Both SSL certificates most likely offer 256 bit encryption and 99%+ browser recognition.

You’re paying a higher price for brand name and insurance.

Where can I get a free or affordable SSL certificate?

↑ Back to top

You can buy affordable SSL certificates for less than $10/year.

Do I need a dedicated IP address for SSL?

↑ Back to top

No. A dedicated IP address is not required for HTTPS connections to a web server. However, there are a few catches.

  • Users running Windows XP or Internet Explorer 8 or older may see security warnings. Keep in mind that even Google has dropped IE8 support: http://support.google.com/a/bin/answer.py?hl=en&answer=33864
  • Web hosts running cPanel or other control panels that have not yet been updated to support this technology may require your site to have a dedicated IP address.

I get non-secure content warnings when I am on the SSL version of my site

↑ Back to top

This is typically caused by your website loading your logo or other images from HTTP URLs instead of HTTPS. Replace the http with https in your logo URL and any other URLs, and this will solve the issue.

Most assets will automatically update with HTTPS URLs by WordPress itself. But some hosting configurations with a reverse proxy break this functionality.

A properly configured reverse proxy and web server will pass along the connection type and require no changes to WordPress or any other PHP files, some web hosts may require a patch at the top of your wp-config.php file, and others such as Network Solutions do not have a proper fix due to their broken setup.

Can I force my site to always load via SSL?

↑ Back to top

This is not recommended because a constant SSL connection typically breaks any caching you configured, and this causes trouble when scaling a website.

On a small or average site, it may not ever be a real issue for constant SSL connections. If you have questions about this, speak with your hosting provider.

Why do direct post (DPM) payment gateways not require SSL even though credit card data is entered on my website?

↑ Back to top

A common misconception is that the page where credit card details are entered needs to be SSL secured. This is definitely a good thing to do to build trust with customers, but it is not necessarily required.

The page that must be SSL secured is the URL that credit card details are being posted to. With DPM gateways, the form is being posted directly to the payment gateway’s secure servers so your own web server never sees those details. Because your web server never handles those details, it does not require extra security.

Even though DPM does not require SSL, should I buy one?

↑ Back to top

Yes. If you are doing business online, then you should definitely invest in an SSL certificate to increase customer trust in your site/brand. Ultimately you must decide if the cost will benefit you.

Is WooCommerce compatible with the free SSL provided by CloudFlare?

↑ Back to top

No, it is not. If you are running the free SSL by CloudFlare, you may not be able to access your admin if WooCommerce is active.

Does WooCommerce support shared SSL certificates?

↑ Back to top

WooCommerce is built on WordPress, and shared wouldn’t work with WordPress. WooCommerce supports dedicated SSL certificates.

Questions and support

↑ Back to top

Do you still have questions and need assistance? 

This documentation is about the free, core WooCommerce plugin, for which support is provided in our community forums on WordPress.org. By searching this forum, you’ll often find that your question has been asked and answered before.

If you haven’t created a WordPress.org account to use the forums, here’s how.

  • If you’re looking to extend the core functionality shown here, we recommend reviewing available extensions in the WooCommerce Marketplace.
  • Need ongoing advanced support or a customization built for WooCommerce? Hire a Woo Agency Partner.
  • Are you a developer building your own WooCommerce integration or extension? Check our Developer Resources.

If you weren’t able to find the information you need, please use the feedback thumbs below to let us know.

Use of your personal data
We and our partners process your personal data (such as browsing data, IP Addresses, cookie information, and other unique identifiers) based on your consent and/or our legitimate interest to optimize our website, marketing activities, and your user experience.