We can all appreciate that a site taking sensitive information such as Credit card information should be secure.
What is SSL?
SSL is a secure connection for websites. It means that the information sent and received will be encrypted making it almost (never say never), impossible for anybody to read the information as it transfers across the internet.
Google started to the move to Total SSL
Google came to the conclusion that ALL sites should be SSL if they take any data because ALL data is private. To ‘nudge’ the world to follow, it started lowering the search rankings of non-SSL sites. It also started putting insecure warnings on its browser google chrome.
I thought SSL was Expensive?
It is true that till recently you needed to purchase an expensive SSL certificate for your domain name, and this included some proof of ownership hoops to jump through. You also needed a dedicated IP address for your website which also cost and the certificate needed to be renewed annually.
However, there are now ways to share a generic SSL certificate with thousands of other sites nad not need your own dedicated IP address. I still recommend a dedicated SSL certificate for sites that process the Card data themselves (as opposed to handing it over to Paypal or another card processor), indeed the rules for from card processors demand it.
The new, cheap solution
Let’s Encrypt is a free, automated, and openCertificate Authority.
For this reason, it is being adopted by all quality WordPress Hosting Services and you should ask your host how you setup your site. We are currently hosted with Siteground and the option has been added to the security section of their cPanel controls. You simply choose a site and the SSL certificate is installed. You can even, and I recommend, forcing the site to be totally SSL from now on.
Possible Issues
You may find your site changing from http://domainname.com to https://www.domainname.com. If you have a lot of links into your site, you may want to look at setting up redirects. Speak with your SEO expert. But, the forceSSL option does re-direct people to the new pages for you. You can install a force SSL plugin if your host does not provide that feature. Our let’s encrypt package offers it in the Cpanel options.
Do you directly include images, CSS, Javascript or other content from other sites? – All these need to be SSL too otherwise you will see browser warning and error message which will undermine the whole idea of being more secure. If you use a CDN service then check out how they can provide the content as SSL.
What if your hosting package does not include let’ encrypt?
Tell them you are moving hosts if they don’t provide it.
Can I test it out first?
Sure, if your hosting package allows? Setup a new site with your host, copy across your main site data and then add the SSL.
