Installing SSL for WooCommerce Stores

Having an SSL Cert installed on your WooCommerce site is pretty much a must have these days.

Google ranks encrypted sites higher that un-encrypted sites. Some browsers have started putting warning icons on sites that don’t have SSL installed. https://blog.dnsimple.com/2017/01/changes-to-ssl-warnings-firefox-chrome/

On top of that, a lot of payment gateways make connecting to them via HTTPS mandatory.

If you aren’t encrypting the information moving between your server and your customers web browser, now is the time to get started.

What the hell is SSL and HTTPS and how do I get it?

Let’s start at the beginning. SSL stands for Secure Sockets Layer. It can also be called TLS or Transport Layer Security. TLS is a newer version but both are referred to as SSL.

HTTP or Hyper Text Transfer Protocol is the usual un-encrypted protocol computers use to connect to each other. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.

A SSL certificate enables the computers to communicate via HTTPS. SSL uses keys to ensure data is secure. A private key is on the web server. And a public one is generated for the web browser to start an encrypts browsing session. The two keys are needed to decrypt the information being sent.

When a website has a SSL cert installed it will show a padlock next to the browser address bar.

Keeping your customers information safe.

If you process credit card payments on your own web server then a SSL certificate is a must. You need it to be PCI compliant  without one you can be sued by a credit card company.

Even if you use a payment gateway that processes payments off-site having a SSL cert is a good idea. You are still sending information about your customers. Such as passwords, addresses and purchase histories.

How to enable it.

The good news is that it is pretty easy to set up. Most web hosting companies will offer it as an option. Usually it is a matter of buying a SSL certificate and choosing a domain to install it on. Usually SSL certs can be used on your primary domain and sub domains eg www.yoursite.com and store.yoursite.com but some can’t. So check first if you use a sub domain.

To use it on your WooCommerce site you need to change some settings. The easiest way is to just have it enabled for the checkout process.

This give you the minimum amount of benefit. Since the checkout pages are the only pages that collect and send private information.

However to get the full benefit of encrypting your website traffic it is better to do the whole thing.

You will need to change the url of your website. In the WordPress settings change the http:// part of your address to https://

Be aware, you can lock your site out of your own site by doing this. You might need to edit the .htaccess file too. And you might end up with mixed content warnings. Mixed content warnings are where some traffic is encrypted and some, like images or scripts, is not encrypted.

I find the easiest way to do it is using a plugin.

A great one is Really Simple SSSL https://wordpress.org/plugins/really-simple-ssl/

You just install it and it works. The are a few settings to change but you shouldn’t have to change anything as long as your site’s .htaccess file is editable. Some security plugins can prevent writing to the .htaccess file. So if it doesn’t work and you are running a security plugin, look for a setting to enable writing to the .htaccess file.

If you are still laving problems with redirects, mixed content or you get locked out of your site it’s probably best to get your web developer to do it for you.

Another point to remember is if you use Google Analytics or Web Tools, you’ll need to update them to the new https://yoursite.com address.