For WooCommerce stores, an SSL certificate plays a huge role in securing sensitive data for your users particularly their credit card details and other payment information. Having a secure WooCommerce store builds your customers’ trust. Without trust, the visitor will not convert. If you are serious about your e-commerce business, you should take the necessary steps to secure your site.

What is SSL?

SSL stands for secure sockets layer. It is a type of security that handles the encryption of data before they are sent to the internet. Encryption locks data to avoid unauthorized use. Data sent via SSL must be decrypted for the content to be readable.

Why is SSL a Requirement for Accepting Credit Card Payments?

Connections that use plain Hyper Text Transfer Protocol (http) are sending data in plain text. Data will pass through a lot of internet nodes and it is possible to intercept the data before it reaches the destination server. It is a security concern when sensitive data like credit card numbers are sent unencrypted.

Connections that check for an SSL certificate and encrypt data use https (secured http). Aside from encryption, SSL certificates also provide authentication. Trusted SSL providers will only issue an SSL certificate after several layers of identity checks. A green https address bar and a lock icon in it are the best indicators that a site has an SSL certificate and can be trusted. Your customers are less likely to fall for a scam because scammers will not have an SSL certificate in their sites. Also, users will see a warning in their browsers should they try to go to a website without proper SSL certificate using https.

Maintaining Your SSL

One downside of getting an SSL is the added administrative burden in terms of cost, paperwork, and third party verification. Once you get an SSL certificate for your e-commerce site, you must not neglect its renewal. Your WooCommerce store will get a red flag as an unsecure site if you have an expired SSL certificate. It’s scary enough that many users will tend to back off seeing your site as a security threat. If you neglect to renew your SSL, your organic traffic would suffer and you could be penalized by Google.

How to Choose an SSL Plan for WooCommerce

There are a lot of SSL plans available. An SSL certificate is generally priced depending on its scope and type of validation.

Scope of Validation

Basic SSL only provides security on the main domain. Wildcard SSL certificate secures a domain together with its sub-domains. If you have sub-domains like sports.example.com, shop.example.com, and news.example.com, go for a wildcard SSL certificate.

Types of Validation

Domain Validation

Domain Validation SSL certificate is cheaper than other certificates and issued within minutes. It only verifies the domain name and you do not need to provide any documents.

Organization Validation

This certificate validates that your business really exists. The validation process usually takes two to five business days. Your organization’s name will be displayed in the certificate which in turn earns your customer’s trust.

Extended Validation

An EV SSL certificate has the highest form of SSL certificate validation. Sites with EV SSL certification will have unique visual cues in them: a green https address bar and a lock icon in it. To get an Extended Validated SSL, an organization will have to complete a process defined by Certificate Authority (CA).

Choosing a reliable SSL certificate for your WooCommerce store is a matter of trust. You might choose to have an inexpensive yet relatively unknown certificate. Some of these inexpensive certificates are just as reliable as the expensive ones.

How to Acquire an SSL certificate

Installing an SSL on your e-commerce site can be really easy or quite frustrating, depending on your hosting provider. SSL installations require configuring the servers and hosting providers typically own the servers themselves.

There are two ways of getting an SSL certificate: buying from the hosting provider themselves or buying from a third party.

Buying from the hosting provider is the simplest way to get an SSL. The process differs from one hosting provider to another. But in most cases they will handle the installation themselves. All you have to do is fill out a form and accept the terms. In 1 to 2 days, you will get an email finalizing your SSL installation. Most of these SSL certificates are domain validation though.

If you want a higher type of validation, consider buying a certification from a third party. The process may vary with different SSL and hosting providers but here’s the general process that you need to follow:

• Prepare your validating documents. Ask for a separate dedicated IP address from your hosting provider. Shared IP addresses aren’t allowed in SSL.
• Generate the Certificate Signing Request (CSR) from your web hosting server. It is best to ask your hosting provider to generate the CSR. The Certificate Authority will create your certificate based on the information contained in the CSR.
• Submit the CSR and other validating documents to the Certificate Authority. Usually, your SSL provider will handle this for you.
• Have your domain and company validated.
• After receiving the SSL certificate, you need to upload it to your hosting account, then “turn it on” for the site you want to secure. Depending on the hosting server, you can do this in the cPanel. Alternatively, you can send a ticket on your hosting provider to do this for you.

If you are having problems with securing an SSL certificate it is best to get in touch with your hosting provider.

Now that you have a better understanding of SSL certificates, it’s time to get one for your site if you don’t already have one. If you have any other questions or if anything is not clear, let us know in the comments and we’ll do our best to help.