What is an SSL Certificate and do I need one for my WordPress eCommerce site?

If you’ve got an online store and you’re taking payments without users leaving your site you need to have an SSL certificate.

What is an SSL?

An SSL is how your web browser creates a secure tunnel to a Web site. In the case of an eCommerce site this is used during the checkout process to make sure that none of the private details of your customers can be seen by the outside world.

3175531142_449dcb34dd_o

You see this with the little ‘padlock’ and ‘https’ in your browser when you’re on a site secured by an SSL. If you want to see exactly what all browsers look like with a secure connection then you should head over to this great post by Expedited SSL which shows lots of browsers and how they look when making a secure connection.

Which type do I need?

There are 2 main types of SSL certificates you’re going to encounter.

  1. Standard or Quick
  2. Extended Validation

Quick validation certificates generally cost between $75 – $150 though you can find people selling them for more. This type of certificate tells the browser that it is in fact connected to the expected server. It really doesn’t assert anything about the trust worthiness of your company though.

A Quick/Standard SSL can be purchase and installed within a few hours if not faster since you just fill in a few fields and then get the certificate.

An Extended Validation certificate runs between $150 – $500 (or way more). In addition to asserting that you’re connected to the expected server securely this type of certificate asserts some things about your business. It asserts that you’re a real business with an address.

It can do this because when you got it you had to fill out a bunch of information about your business and then that information was validated by the certificate issuing authority.

Any business outside of a hobby should get an Extended validation certificate.

Where do I get one?

If your host can provide you with an SSL then just use the host. It’s going to be the easiest way to install it on your server and is usually entirely automated.

If you’re host doesn’t supply the SSL’s at all or doesn’t supply the type of certificate you need then I recommend you use GeoTrust to purchase your SSL certificate. They are a highly trusted certificate authority and they aren’t priced crazy high like some other providers.

photo credit: kaptainkobold cc