Do you want to install SSL on WooCommerce stores? If your answer is yes, keep reading this article. Here, we will show you how you can install SSL on WooCommerce stores to increase the security of your online business!
When you handle an online store, you must ensure the website has maximum security. You can use a WordPress security plugin like Sucuri or Wordfence to handle the threats by default. But that’s not all.
If you are not using an SSL certificate on your website, third-party people can access your website traffic and steal information. While you accept payments online, like credit card information and PayPal payments, this can lead to many worse things.
One of the best things you can do to secure your website traffic is to install an SSL certificate. If you are looking for a step-by-step guide, keep reading this article. Here, we will show you six methods to secure your WooCommerce store with an SSL.
First, let’s see what HTTP is and why you should use it on your WooCommerce store.
WooCommerce HTTPS: Everything You Need to Know
HTTPS stands for Hypertext Transfer Protocol Secure. It is a security protocol web browsers and servers use to ensure website traffic security.
The data transfer is more secure when the website uses an SSL certificate. No one between the customer and the server can access the data and steal sensitive information. This will help you secure your data transfer with minimal effort.
Most web hosting companies will give you a free SSL certificate when you sign up on their platform. You can use that to secure your website. However, other ways exist to get a free SSL certificate for your online store.
Now you know what WooCommerce HTTPS is and why you should use it on your online store. In the next section, we will move to the article’s core, listing the major methods you can use to install SSL on the WooCommerce store.
How to Install SSL on WooCommerce Stores
There are six methods you can use to install SSL on your WooCommerce store:
- Via a CDN Provider
- Hosting Provider’s SSL
- Via a WordPress Plugin
- Buying a third-party SSL Certificate
- Generating an SSL Certificate Manually
- Via WordPress Settings
1. Cloudflare (or any CDN)
If you are looking for a simple method to get an SSL certificate, check out the CDN method. CDN stands for Content Delivery Network, which will help you secure and optimize your website. CDNs serve the website’s files from multiple data centers based on the customer’s location.
The most popular CDN providers are:
- Cloudflare
- Stackpath
- KeyCDN
- Bunny.net
- CacheFly
And so on.
Most of these CDN providers will give you access to a free SSL certificate. If you are already using a CDN, check out this section. Here, we will show you how to get a free SSL from the CDN provider.
As the CDN, we will be using Cloudflare. The first thing you need to do is log in to Cloudflare and open the property.
If you check the left-hand side of the dashboard, you can see the SSL/TLS options.
Once you have opened the settings, you will see the SSL options. There are four options available.
- Off
- Flexible
- Full
- Full (strict)
Choose a mode based on your needs. In most cases, the Full mode would be enough.
From now on, all traffic will be served via your website’s SSL version. Within a short time, Cloudflare will also show you the data on the traffic you have received over SSL.
If you go to the edge certificates settings, you can see an option to enable force HTTPS.
Once you have enabled this option, the HTTP traffic will be redirected to the HTTPS version. If you scroll down, you can see an option called HTTPS rewrites.
You should enable the HTTPS rewrites.
This will help you fix the mixed content error in your WordPress website.
In the next section, we will show you how to use the SSL certificate provided by your hosting company.
2. Hosting Provider’s SSL
When you purchase a web hosting plan from any reputable platform, they will give you access to free SSL certificates. You do not need to pay for it; the SSL will instantly be installed on the domain.
Here are some of the web hosting companies that will give you free SSL certificates:
- SiteGround
- Bluehost
- GreenGeeks
- DreamHost
- HostGator
- Hostinger
- A2 Hosting
After completing the hosting purchase and linking your primary domain name, you must update your domain’s records with the hosting’s nameservers and IP addresses.
Once you have completed this, the domain will have a free SSL certificate installed. If you open the website’s cPanel, you can see the SSL settings there, too.
You can contact your hosting support team if you need help with the SSL configuration. You can contact most hosting provider’s support teams via live chat or support ticketing.
3. A Dedicated Plugin
You can get a plugin for almost every task. Thankfully, multiple plugins are available for handling SSL on your WordPress website or WooCommerce store. For this tutorial, we will use a plugin called Really Simple SSL.
The first thing you need to do is install and activate Really Simple SSL on your WordPress website.
If you haven’t enabled SSL on your domain, it will show you the warning on the plugin’s settings page.
As you can see in the screenshot, a button to activate SSL is available. You need to click on it.
Next, you need to choose a web hosting provider and activate the SSL certificate.
The process will take a couple of seconds. Once the tool has completed it, you will see a notification in the settings that says SSL is enabled.
You can also see several options to secure your website even further. Enabling these is optional, but it will give you more security.
In the next step, we will show you how to buy SSL certificates for your business.
4. Buying SSL Certificate
If you represent a huge brand, you can buy and use SSL certificates from other vendors. Namecheap, for example, is one of the best platforms for buying web hosting, domains, and SSL certificates.
You can see all the available options if you check the SSL tab.
As you can see in the screenshot, their cheapest plan starts at $11 a year, and the most expensive one costs $185.99 a year.
Namecheap is one platform for buying SSL certificates. Several other options are also available. You can pick an option based on your budget.
5. Generating SSL Certificate Manually
If you are an advanced user, you can use the Let’s Encrypt website to generate SSL certificates for your website.
You can generate an SSL certificate with or without shell access. As we mentioned in the beginning, this is only for advanced users. So, if you are not that techy, you should stick with any other methods mentioned in the post.
6. Manually Modifying WordPress Protocol
Our final method for you is to edit the WordPress SSL settings and modify the .htaccess file. In this section, we will show you how to do this.
If you check the WordPress settings, you will see an option to edit the URLs. There, ensure you’re using HTTPS protocol.
Next, add this code to your .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>On the other hand, if you are using NGNIX servers, check out use this code:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}Now, you need to add this code to your functions.php file.
define('FORCE_SSL_ADMIN', true);You can modify the files using a file manager plugin or an FTP client.
That’s it!
This is how you can add SSL to your website by editing the .htaccess file.
How to Force WooCommerce SSL Certificates
Forcing your WooCommerce SSL certificates is mandatory. This way, if someone visits your website using the HTTP protocol, the visit will be automatically redirected to the SSL version.
You can do it with the CDN or a plugin. As seen above (the Cloudflare section), you can enable this option directly from the CDN settings.
On the other hand, if you need a dedicated plugin, use WP Force SSL. First, install and activate the plugin on your website.
Under WordPress settings, you can see the plugin’s settings. From there, enable the force HTTPS option.
Once you have enabled this option, save the settings. The free version of WP Force SSL comes with limited configuration options. But if you have the premium version, you will get more features.
This way, you can force SSL.
Common WooCommerce SSL Issues and Troubleshooting Them
When you install and use SSL, you might face some issues. But don’t worry. All these issues are solvable, and you can sort them without any issues. This section will show you some common SSL issues and their fixes.
- Mixed content error – force SSL via the CDN settings or plugin settings
- SSL/TLS handshake failed – Validate your SSL certificate and recheck the configuration options
- Insecure content warning – Identify resources loading with HTTPS protocol and redirect them via HTTPS
- HTTPS redirection issues – You can use a dedicated plugin for HTTPS redirection. Or, you can tweak the .htaccess file for it
- SSL not trusted warning – Ensure your SSL certificate is issued by a valid certificate authority (CA)
- SSL certificate expired – Renew the certificate. If you are using SSL provided by hosting or CDN, they will be renewed manually
Now that you know the common WooCommerce SSL issues and how to fix them, the next section will show you the best WooCommerce SSL plugins you should try.
Bonus: Best WooCommerce SSL Plugins
Check out this section if you are looking for the best WooCommerce SSL plugins. Here are the best six SSL plugins you should check:
All these plugins come with an easy-to-use configuration option. Setting up them on your WordPress website or WooCommerce store won’t be challenging.
Conclusion
Handling a WooCommerce store is not an easy task. Since it is a customer-centric business, you must ensure the website is optimized for maximum conversions and has the best security standards.
Besides a security plugin, you should consider using an SSL certificate on your store. As this article shows, multiple ways exist to install SSL on WooCommerce stores.
The CDN or plugin method is fine if you need the best method with minimal configuration. Since most web hosting companies will also give you free SSL certificates, you can ensure compatibility.
Finally, if you represent a big business and need a unique SSL certificate, you can purchase it from providers like Namecheap or GoDaddy. You can choose a method based on your preferences and requirements.
Which method are you going to use for your SSL certificate generation?
Let us know in the comments!
