Use Qualys SSL Labs
SSL Test to determine if your website/store is properly configured after installation of an SSL certificate. Enter your domain, and click submit.
It also grades the web server configuration and tells you what should be changed to be more secure. Typically these changes need to be handled by your web host.
It’s a step in the right direction, but SSL alone does not make your site PCI compliant. We have documentation on PCI compliance at:
PCI DSS Compliance and WooCommerce.
SSL certificates come in many variations and prices, ranging from free to more than $1000/year. Unless your business has revenues high enough to warrant extras offered by the expensive SSL certificates, you do not need them.
The three most important pieces to consider are the:
- Level of Encryption (256 bit is recommended)
- Browser Recognition
- Warranty
Compare two SSL certificates where one costs $10/year and the other costs $1000/year, and typically the only difference between the two as far as the three factors are concerned is the warranty and maybe browser recognition. Both SSL certificates most likely offer 256 bit encryption and 99%+ browser recognition.
You’re paying a higher price for brand name and insurance.
You can buy affordable SSL certificates for less than $10/year.
No. A dedicated IP address is not required for HTTPS connections to a web server. However, there are a few catches.
- Users running Windows XP or Internet Explorer 8 or older may see security warnings. Keep in mind that even Google has dropped IE8 support: http://support.google.com/a/bin/answer.py?hl=en&answer=33864
- Web hosts running cPanel or other control panels that have not yet been updated to support this technology may require your site to have a dedicated IP address.
This is typically caused by your website loading your logo or other images from HTTP URLs instead of HTTPS. Replace the http with https in your logo URL and any other URLs, and this will solve the issue.
Most assets will automatically update with HTTPS URLs by WordPress itself. But some hosting configurations with a reverse proxy break this functionality.
A properly configured reverse proxy and web server will pass along the connection type and require no changes to WordPress or any other PHP files, some web hosts may require a patch at the top of your wp-config.php file, and others such as
Network Solutions do not have a proper fix due to their broken setup.
This is not recommended because a constant SSL connection typically breaks any caching you configured, and this causes trouble when scaling a website.
On a small or average site, it may not ever be a real issue for constant SSL connections. If you have questions about this, speak with your hosting provider.
A common misconception is that the page where credit card details are entered needs to be SSL secured. This is definitely a good thing to do to build trust with customers, but it is not necessarily required.
The page that must be SSL secured is the URL that credit card details are being posted to. With DPM gateways, the form is being posted directly to the payment gateway’s secure servers so your own web server never sees those details. Because your web server never handles those details, it does not require extra security.
Yes. If you are doing business online, then you should definitely invest in an SSL certificate to increase customer trust in your site/brand. Ultimately you must decide if the cost will benefit you.
No, it is not. If you are running the free SSL by CloudFlare, you may not be able to access your admin if WooCommerce is active.
WooCommerce is built on WordPress, and shared wouldn’t work with WordPress. WooCommerce supports
dedicated SSL certificates.