Paid Memberships Pro requires a valid SSL in order to process the membership checkout on your domain (if you are using an offsite payment gateway – PayPal Express, PayPal Standard or 2Checkout – an SSL is not required but highly recommended and can improve SEO).


Where can I get an SSL (and how much should I pay)?

If you don’t have an SSL, click here for information on how to obtain one.


What is an SSL?

An SSL is a digital “signature” by a trusted certificate authority. It allows visitors verify the identity of a secure site before they provide private information, such as their account password or billing information. It validates the HTTPS protocol, allowing the web browser to communicate private information with your secure website.


What is the SSL Seal Code?

If the SSL has been properly installed on your web server, you can place a “seal” that allows users to verify the security of the connection. Your certificate authority such as GoDaddy or GeoTrust provides a seal that a majority of web browsers already trust. As the website owner, you can include the SSL seal code on the Membership Checkout page so that visitors to your site know that their private information is safe.

If the code provided by your SSL issuer is basic HTML (a link and image tag), you can simply copy place this code directly into the “SSL Seal Code” field on the Memberships > Payment Gateway & SSL” admin page.

If the code provided by your SSL issuer includes the script, you must use custom code to display the seal. Allowing text fields in the WordPress admin to accept script tags exposes your site to security vulnerabilities, including cross-site scripting attacks.

Below is an example method to insert an SSL Seal provided by AlphaSSL:


Where to Find Your SSL Provider’s Seal Code

Here are links to the top SSL providers used by Paid Memberships Pro members. The page will have a block of code, either an image and link or a block of JavaScript, that you can use on your site using the appropriate method outlined above.




ssl_who_is_my_issuerDon’t know who your SSL issuer is?

If you don’t know who your SSL provider is, go to your website and click the “lock” icon in the browser’s URL field. This should give you the name of the issuer.


Other banners and verification images

Depending on your gateway, you may want to include other “powered by” or “verified” type badges, such as a PayPal or Stripe logo. We use Stripe as our payment gateway, so I also recently added a “powered by stripe” image to that page.

Here are some links to verified and banner images for various gateways and third party security providers:

You must embed these badges using a relative URL or the https protocol if you upload them to your site’s media library. If you don’t, you’ll be loading insecure content through an insecure connection (no green padlock!).

Again, note that if the provided “verified” banner or image is loaded via the script tag, you must use the custom code as outlined above to display the content. Allowing text fields in the WordPress admin to accept script tags exposes your site to security vulnerabilities, including cross-site scripting attacks.

Continue reading about SSL: How to Install Your SSL Certificate and Configuring WordPress to Always Use HTTPS/SSL