If you’re running an online store, you need to have an SSL certificate to protect your customers’ data. There’s absolutely no way around it. Not only does having one help ensure your customers’ privacy, but it builds trust. And improved trust can lead to more sales.
Fortunately, obtaining an SSL certificate doesn’t require a significant amount of time or financial resources. In this article, we will explain what an SSL certificate is and how to get one for your WooCommerce store.
What is an SSL certificate?
↑ Back to topSSL stands for Secure Sockets Layer, a security technology that protects data passed between servers and web browsers.
An SSL certificate is a digital credential that authenticates a website and encrypts data sent between a site visitor and the host server. It’s essential for any site that processes or stores sensitive information such as credit card details, personal information, or login data.
When a visitor enters your site’s URL into their browser, the browser requests the SSL certificate from your server. The server then sends the certificate to the browser, which verifies it. Once the certificate is verified, the browser creates an encrypted connection with the server.
While site security has always been important, SSL certificates have become especially top-of-mind since Google made them a factor for search engine rankings.
How to identify a site with an SSL certificate
How do you know if a site has an SSL certificate? There are a few different ways.
Look at the address bar
One of the easiest ways to check if a site has an SSL certificate is by looking at the address bar. If you see a padlock icon next to the URL, that means the site is secure and has an SSL certificate. The URL will also begin with HTTPS:// instead of HTTP://.
For instance, when visiting WooCoommerce.com, a lock appears next to the URL in the address bar:
And if you click on the lock icon, you’ll see a dialog box that tells you clearly that your browser connection is encrypted:
You can then click the arrow icon next to “Certificate is valid” (this will vary based on your browser) to read information about the certificate, including the issuing authority and date it expires.
If a site does not have an SSL certificate, the URL will only show “http://” and there will be no lock icon. This means that the connection between your browser and the server is not encrypted, which could leave sensitive information vulnerable to interception.
Check the browser
In some browsers, you’ll also see a message that says “Secure” or “Connection is Secure.” This is another indication that the site has an SSL certificate.
If it doesn’t, you’ll receive a security warning page preventing access to the site. While you can click through, most people won’t. For example, in Google Chrome, the error looks like this:
Review privacy policies and terms of use
When you’re entering sensitive information on a website, you want to be sure that it will be kept private. One way to check for this is to look for a privacy policy or terms of use. These documents should state that the site will not share your information with any third parties. If you can’t find either of these documents, that’s a red flag and you should not enter any sensitive information on the site.
Why is an SSL certificate important?
↑ Back to topAn SSL certificate provides a number of benefits to website owners, especially those with online stores. It often provides a trust signal to prospective customers that a site is secure and safe.
Let’s explore a few of those reasons now:
- It helps secure visitor data. The most critical function of an SSL certificate is to secure data as it’s transmitted between your website and visitors’ browsers. This is especially important if you’re collecting sensitive information such as credit card or personal details.
- It builds trust. When visitors see that your site is secured with an SSL certificate, it provides confidence when deciding whether or not to enter payment information.
- It can improve search rankings. Even if a site doesn’t process or store sensitive information, it’s still best practice to use an SSL certificate. Google uses HTTPS as a ranking signal, which means that sites with SSL certificates are more likely to appear higher in search results.
What type of SSL certificate do you need?
↑ Back to topNow that we’ve explained what an SSL certificate is and why you need one, let’s talk about the different certificate types and validation levels that are available.
- Domain-validated (DV). This is the most common and affordable type of certificate. It only requires that you prove ownership of the domain name to validate your identity.
- Organization-validated (OV). This requires you to provide additional information about your organization, making it both more expensive and more credible than a DV certificate.
- Extended-validated (EV). This is the most expensive and credible type of certificate. It requires the greatest amount of information and documentation.
- Unified communications (UCC). This is a type of multi-domain certificate that can secure more than one URL at once.
- Wildcard certificates. You can use these to secure an unlimited number of subdomains under a single domain.
How to get an SSL certificate
↑ Back to topThere are a few different ways to get an SSL certificate for your site. We’ll explore two of them in detail:
1. Through your hosting provider
Many hosting providers include SSL certificates in their plans at no additional cost. The process of adding one to your site varies based on your host. Let’s take a look at an example with Bluehost.
- Log into your Bluehost account and click on My Sites at the left of the page.
- Find your website and click the blue Manage Site button.
- Open the tab tilted “Security,” and find the Security Certificate section.
- Toggle the Free SSL switch on.
You’ll then need to set up HTTPS on your site and ensure that all of your URLs are secured. Here’s how you can do this:
- Go to Settings in your WordPress dashboard. Update your WordPress Address and Site Address so that they start with https:// instead of http://. Click Save changes.
- Log out of WordPress, then log back in. This may happen automatically.
- Next, you’ll need to redirect URLs to HTTPS. Add this code to your .htaccess file through the cpanel file manager or via FTP.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
- Check your URLs and make sure they show HTTPS instead of HTTP. If you see any mixed content errors, move on to the next step.
- Use the Better Search Replace plugin to find all instances of your old URL and replace them with the new HTTPS version.
Now you’re good to go!
If your hosting provider doesn’t offer free SSL certificates, you may still be able to purchase one through their platform. Pricing and instructions will depend on your host.
2. With a free Let’s Encrypt SSL certificate
Let’s Encrypt is a nonprofit organization providing free SSL certificates. Their mission is similar to that of WordPress: to create a more open web.
There are several plugins you can use to activate your SSL certificate. Really Simple SSL, for example, has a built-in Let’s Encrypt wizard that will generate a certificate for your site with just a few clicks. It takes care of all the heavy lifting, too, automatically updating the URLs on your site to HTTPS.
Add an SSL certificate to your online store
Now that you know more about SSL certificates and how to get one for your store, you should take action right away! Talk to your host or explore the free options available and secure your visitors’ data and trust today.
If you’re looking for more ways to secure your site, check out our guide to protecting your WooCommerce store.
About
Great information, continue sharing!
Thanks for reading!
Just had to reference this for a client – TY!