SSL encryption adds a layer of security to your website that makes it harder for malicious actors to collect personal information submitted through forms on your website.

This post covers ways to obtain and install an SSL certificate.


Quick Note: When we refer to “SSL Certificates” in this post, we mean specifically a “third-party” SSL certificate. These are certificates that are validated by a trusted third party. You can also use what are called “self-signed” SSL certificates or “shared” SSL certificates, but only a third-party SSL certificate will avoid all browser warnings and fulfill all SSL-related gateway/PCI requirements.

Purchasing and Installing an SSL

Typically your hosting company is the best resource for obtaining an SSL Certification. Occasionally, your host may provide one free of charge or at a discount.

The details and cost of this are different for each host, but they will know exactly how to get your site served over HTTPS with a proper SSL certificate. Again, ignore “shared” or “self-signed” SSL options and make sure that you obtain a full trusted third-party SSL certificate.


Option 1: Generate a Let’s Encrypt SSL Certificate

In 2016, a new (and free) way to obtain “third party” SSL certificates was introduced called Let’s Encrypt. From the Let’s Encrypt about page:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Many web hosts are starting to offer Let’s Encrypt SSL certificates for free or at a reduced cost. If your host supports Let’s Encrypt, ask if they will set up the certificate for you. If your host won’t set it up, but you have SSH access to your web server (typical of dedicated or VPS-level hosting plans), you can generate the certificate yourself and setup your web server to use it.

Guide to Installing a Free SSL

Option 2: Purchase an SSL Certificate

If you don’t have SSH access to your web server and your host’s provided SSL is not optimal, you may be able to install an SSL certificate yourself (e.g. through a control panel).

For this approach, you can purchase an SSL certificate from a “certificate authority” for use on your site. You may also want to purchase from a certificate authority if you want a Wildcard SSL, SAN SSL or other advanced SSL.

Here are some place where you can purchase and download SSL certificates:

  • SSL For Free (Uses Let’s Encrypt. Free but must be manually renewed every 90 days.)
  • GoDaddy (Expensive, but lots of options. Affiliate link.)
  • RapidSSL
  • AlphaSSL (Sign up for a reseller account for discounts if you plan to purchase many certificates for clients/etc.

Now Tell WordPress to Use the SSL

After successfully installing and configuring your SSL, you will now want to consider telling your WordPress site to always load over SSL.

Read the Guide: Configuring WordPress to Always Use HTTPS/SSL


Comments (12)

Author’s gravatar

Jason, I did not fully understand the need to use SSL Certificate. I have one question.

Do I need to use SSL only for PayPal or FOR ALL payment gateways that support PMPro?

I want to use 2CheckOut.

Payment is through 2CheckOut (on their site) or data entry with credit card goes directly through PMPro? In other words, do I need to use SSL Certificate with 2CheckOut or not?

Thanks in advance

Reply
Author’s gravatar

SSL is strongly recommended for any on-site checkout. If you are using PayPal Standard or PayPal Express (both offsite) than it is not required only recommended. If you are collecting a user’s credit card data entry on your site SSL is 100% required.

Reply
Author’s gravatar

I’m using Authorize.net and I pasted the SSL Seal Code into the box so now the Authorize.net badge shows up on the checkout page, but the page itself isn’t showing any SSL protection. Is there more I have to do? What else is required? Thanks, Jeff

Reply
Author’s gravatar

If you are using an older version of PMPro, please upgrade to the latest version. A recent update fixed an issue with slashes being added to the SSL Seal text, which might affect things.

Other than that if the seal uses JavaScript and JS is broken somewhere else on the checkout page (sometimes plugins have issues etc, you can check with Google Chrome Debug Bar or Firebug) it will break all JS on the page including your seal and any JS that PMPro needs to run.

Hope this helps.

Reply
Author’s gravatar

Hi. I’m completely lost. Just bought Geotrust QuickSSL certificate because PMPro said it’s better than Paypal and now, yes, I have the https on the checkout page but not a single picture to say that the page is safe. I pasted the SSL seal code as requested by PMPro but nothing shows up.

Here is the page:
https://gomaman.com/membership-account/membership-checkout/?level=1

Here is the code I pasted:

I’m not a techie person. It’s gone too far for me but I’ve spent such a long time on this stuff that I really don’t want to cancel everything now.
If someone could help, that’d be really, really nice.

Many thanks,
Annette.

Reply
Author’s gravatar

Your code got stripped from your comment. If you become a paid member here, you can follow up in our member forums to get more help with this. (Although looking at your site, I see a GeoTrust seal there so maybe you figured it out.)

Reply
Author’s gravatar

Hi, I am getting an error in the member checkout page “Account is restricted” and does not go any further. My hosting company is Host Gator, do I hav eto get the SSL code from them? Please help me out.

Many Thanx
Sunil

Reply
Author’s gravatar

Unless you are using PayPal Express or Standard, you should get an SSL through your host. Good idea to get one even if you are using those gateways.

If that error is showing up after submitting the checkout form, it might be a gateway error and you need to do something with your gateway to fix. Also make sure that the gateway environment and api settings are correct.

If you need further help, please post to our member forums. Thanks.

Reply
Author’s gravatar

I am using PayPal express gateway. If SSL is not required, why do I keep getting a message that says the site is not configured for SSL support when I try to “buy” a paid account? I entered all the API info correctly.

Reply
Author’s gravatar

Make sure the “Force SSL” option on the payment settings page is set to “No”. Otherwise, there might be something else redirecting the checkout pages to the HTTPS versions of the URLs. If you post to the member forums, we can get more information to access your site, figure this out, and fix it for you.

Reply

Leave a Reply