I was wondering if it's really necessary to have an SSL certificate and therefore https for a webshop (WordPress & WooCommerce) where payments will only be handled via external payment gateways (their bank and paypal). But they do store personal information, account and login from their customers on their own web server. Is it for this reason alone wise or even recommended to have an SSL certificate to have their website over https?

Member Avatar


I.d get ssl anyway if you.re selling online in whatever way. It gives customers confidence. This ain.t so expensive any more.

No it isn't necessary but as diafol pointed it gives customers a good impression about the securities techniques the site uses , and more over (that I found more important also) really adds one more security layer. Having only that security layer doesn't say much but it is a plus if you have others as well. SSL trusted authorities , is a big joke , in fact the only thing they do is taking our money in order to be recognized by web browsers not as “self signed” but as signed by a trusted authority. This talk is on the way , and I believe that things will change over the next years about what a “trusted authority” (there are allready some open source implementations) over “self signed” means , maybe this is why some of them have already made their “services” (what are those really ?) cheaper.

Thanks guys... a decent SSL certificate is indeed pretty cheap nowadays, so money is not the issue here. I'm also trying to figure out what other steps I have to do... did some research and found subjects about caching & performance. Initially I read it is slower then http, but I also read, if configured right, https can even be faster for visitors with a modern browser. Anyway... I think I might just go for it with this client.

Actually, there would be an issue if and only if 1)your site takes critical information and passes it to the 3rd party (I guess you don't do that) and 2)your website is being targeted/monitored. I believe you don't handle any information when paying and your website is very unlikely to be targeted. Thus, real benefit for https over http is slim to none (besides, SSL has flaws by its nature).