When customers buy something from your store, they share their private data — name, email, credit card details — with you. As a merchant, you want to keep this vulnerable data secure from hackers, scammers, and data thieves.听That is crucial for building trust with your audience.
You can and should protect your customer data and increase the trust in your business with听HTTPS protocol and an SSL certificate.听Not only can those tools improve security and increase your trustworthiness, they can also help your store rank better in search engines.
If you sell online with 黑料门, you鈥檒l be pleased to know that your customer data is already protected. Yet, using an SSL certificate can have a few additional benefits.
In this post, we鈥檒l show you how the HTTPS protocol and SSL certificates work, and how you can get them for your website.
Understanding SSL Certificates and the HTTPS Protocol
On the internet, all data is transferred from device to device according to certain rules or protocols.
For websites, this protocol is called HyperText Transfer Protocol (HTTP). It transfers the data that your customers enter on your website to the server that hosts your website, and then it helps to send the response to the browser. For example, the user presses a button and a new page opens, or they fill in the email registration form and see the confirmation of a successful registration.
The problem with HTTP is that it doesn鈥檛 protect any data that鈥檚 transferred from browsers to servers. Any data going through HTTP is essentially “naked”.
A good analogy is to think of two students passing notes across a classroom. Any of their classmates can read, copy, or even replace the note. It鈥檚 the same with your customer data: a villain can steal credit card details and money from it.
That鈥檚 why a new protocol was created for protecting data: HTTPS (HyperText Transfer Protocol Secure). With HTTPS, all data transfers between a user and a web server are encrypted. This encryption is so complex that it is nearly impossible to hack and use the data.
In order to use the HTTPS protocol, your site first needs an SSL (Secure Socket Layer) certificate.
An SSL certificate is essentially a key for encrypting data. It protects data on three levels:
- Data encryption.听Hackers won鈥檛 be able to see what information a user entered on the site听or to听track user actions on a page. Think of it as a note written with a cipher —听it can only be read by someone who knows the key.
- Data integrity.听Hackers can鈥檛 replace or distort the transmitted data. Further, without knowing the key, it is impossible to write, edit,听or manipulate the data, just like in a ciphered note situation.
- Authentication.听SSL ensures that a user is on a trusted site and not on a hacker鈥檚 page. If just two participants know the key, they are sure to know from whom they received the note. A stranger cannot pass their own note and get the information by cheating.
You can see if a site is protected by an SSL certificate via the HTTPS protocol in the URL address. Most browsers indicate it visually in the form of a lock icon:
SSL certificates are distributed by special organizations — certification centers.
Who Should Use SSL (and Why)
SSL is required for sites where users were entering sensitive information —听such as credit card details.
But often, online stores only protect registration and checkout pages听with SSL, because those are the only places where听their customers share personal data. The rest of the website often works on the insecure HTTP.
Today, HTTPS is a must for every web page. There鈥檚 a number of reasons for it.
Browsers flag unprotected sites
Chrome and Firefox, two of the most popular browsers in the world, visually mark sites that don鈥檛 use SSL.
For now, only a gray information icon is visible. But in the future, browsers the security indicator to a red triangle for pages on HTTP. Your customers are used to seeing this as a “warning” indicator.
Consequently, not using SSL can make people afraid of buying from your website.
Using SSL improves rankings
Back in 2014, 听that it would consider using SSL as a ranking signal. This meant that sites听using听SSL would get a boost in search engine traffic.
Payment service requirements
A growing number of payment services have HTTPS as a requirement for working with them. For example,听听飞辞谤办蝉 only with HTTPS.
It increases trust
Concerns over payment security听is one of the top 10 reasons for shopping cart abandonment. When you add an听SSL certificate to your store, you visually communicate to users that their payment data are safe.
More trust, of course, equals more sales.
If you want your customers to easily find your store in search engines and trust you more easily, don鈥檛 put off switching to HTTPS.
How to Get an SSL Certificate and Switch to HTTPS
To switch to HTTPS, you first need to buy and install an SSL certificate on the website. This process can be either simple or more complex for some stores, depending on the kind of site you have.
1. You鈥檙e using an 黑料门 Instant Site
Anyone who has registered with 黑料门 gets a website with a
You might know this as the 黑料门 Instant Site.
If you use this site, then you already have an SSL certificate by default. An online store on an 黑料门 Instant Site conforms to the international standards for secure data transmission.
Try it right now —听head over to your Instant Site and look closely at the address bar in the browser. You will see a green lock icon with the message “Secure” next to the URL. Rest assured that your online store is secure.
Do you want to link your Instant Site to your custom domain (so听that it redirects to mysite.com and not mysite.ecwid.com)?
You get a free SSL certificate for this action as well. Just follow these steps:
- , then go to Settings 鈫 Instant Site and click on the “Change Address” button.
- Click on the “Use your domain” field and follow the instructions that appear
on-screen.
2. You鈥檝e added 黑料门 on your own website
You can set up an 黑料门 store on any site and be cool with customer data security. For example, this can be a WordPress blog, an Adobe Muse website, or your own static HTML page.
In case you鈥檝e taken this route, you don鈥檛 need to worry about the safety of your customers鈥 data at all. Since the data is transferred via our highly protected听servers, all the data is kept and processed on 黑料门鈥檚 own .
If you added 黑料门 to your own website that doesn鈥檛 have an SSL听certificate, your customers will not see the secure “lock” icon anywhere except during checkout, which they might find frustrating.
Here are a few ways you can buy and use SSL certificates for different website builders:
Wix:听You can use an听SSL certificate for free with Wix. You鈥檒l have to first enable this certificate by going into the settings, then .
Weebly:听you can .
Joomla, WordPress, Drupal:听you鈥檒l need to buy an听SSL certificate from your domain registrar or a hosting provider and install it on your website using the instructions (you鈥檒l probably need a developer):
Follow the instructions below to learn about the different types of SSL certificates and where to buy them.
Types of SSL certificates
Essentially, there are 3 types of certificates. They differ in speed of issuance and the extent of the seller鈥檚 inspections.
1. Certificates With Domain Validation (DV)
The simplest option. Once you buy a DV SSL certificate, you鈥檒l get a link to verify the domain ownership on your listed email address.
DV is issued almost instantly. It is also the cheapest听option,听with some sellers even offering it for free.
2. Certificates With Organization Validation (OV)
To get an OV SSL certificate, you need to confirm the existence of your corporation or LLC, by giving the
An OV SSL certificate can take
3. Certificate With Extended Validation (EV)
An EV certificate can be recognized by the name of the company on a green background near the website address. You might have seen them on financial websites:
Before an EV SSL can be issued, the certifying authority carries out a thorough check. It can take
This certificate is best suited for banks and payment systems.
DV, OV, EV
An SSL certificate will cost around $50/year. Some providers sell more expensive variants, but you should avoid overspending. The basic data security offered remains the same, regardless of whether you buy a $50 or a $150 SSL.
Although some providers offer free SSL certificates, they are severely “watered down” variants without听any benefits. You should not buy the first one you see.
SSL certificates are issued by “trust centers”. Some of the more popular trust centers are:
- Comodo
- Symantec
- Digicert
- Geotrust
You can buy certificates issued by these centers from domain registrars, hosting websites,听and SSL resellers. In addition,听there are also free certificates.
Below, we鈥檒l help you understand the options better.
1. Buy an SSL certificate from domain registrar or hosting service
Most domain registrars and hosting services sell SSL certificates as well. In some cases, the registrar might even issue a free certificate as a gift or purchase.
Buying from a domain registrar or a hosting service works great since it makes it easy to switch from HTTP to HTTPS.
Here are some popular options:
听鈥 $57/yr per website听鈥 free to $49,9/yr听鈥 starts from $9/yr听鈥 $12,95/yr鈥 free SSL when buying hosting
If your domain registrar or web host also offers SSL certificates, we recommend buying one from them, even if it is slightly more expensive. This will save you hours when it comes time to install the certificate and switch to HTTPS.
2. Get a free SSL certificate
If your web host/registrar does not sell SSL certificates or if your budget is limited, you can opt for a free certificate. Free certificates come in only one flavor —听Domain Validation (DV). That听is enough to protect the data.
We recommend the following services:
Cloudflare
听offers free SSL certificates with up to 15 years of subscription. Apart from data protection, it has other benefits like basic protection from DDoS听attacks and the automatic speeding听up of your website.
There are disadvantages as well:
- It works only in new browsers. If your customers use older browsers听(older than Internet Explorer 11, Firefox 2, Opera 8, Google Chrome v5.0.342.0, Safari 2.1, Mobile Safari for iOS 4.0, Android 3.0 (Honeycomb), Windows Phone 7), they won鈥檛 see “https”听on your website.
- One general certificate protects several sites at the same time. Though, it will protect your website just like an individual one.
- Cloudflare will ask you to use their own server data听and your website traffic will be going through the Cloudflare servers,听which may cause a decrease in听loading speed (though not necessarily).
These drawbacks are not critical,听and in general, Cloudflare is optimal for those who are not ready to spend money on an SSL certificate but want to start protecting their customer data. If you choose between remaining on HTTP or getting an听SSL certificate from Cloudflare, we recommend you to choose the second option.
To get an SSL certificate from Cloudflare, 听and follow .
Let鈥檚 Encrypt
This is a free service without Cloudflare鈥檚 cons, but it has its own limitations.
听offers certificates for three months only, so you鈥檒l have to set up automatic renewal, which will require access to your website鈥檚 server settings (available on 听hostings like Amazon AWS, Linode, Digital Ocean). That means you鈥檒l likely need a system administrator.
There are two options for getting an听SSL certificate from Let鈥檚 Encrypt:
- Manually on 听via the
Semi-automatically or automatically (depending on your online store鈥檚 server software) via .
3. Buy an SSL certificate from a reseller
If you don鈥檛 want to spend time on adjusting a Let鈥檚 Encrypt certificate and don鈥檛 feel like using Cloudflare, you can buy an听SSL certificate from one of the resellers:
Choose any reseller you like, and remember that there鈥檚 not much sense in buying the most expensive option since they will all protect your website just fine.
How to Not Lose Traffic When You Switch to HTTPS
When you switch from HTTP to HTTPS, the site address changes for search robots (from 听鈫&苍产蝉辫;https://yoursite.com). This can negatively affect your rankings in search engines.
Read 听for maintaining your ranking,听and even making it better. We strongly recommend you read them to avoid losing customers if you install an听SSL certificate on your own. You can also ask the support team of your site builder if these conditions were met with their HTTP 鈫 HTTPS migration.
***
Let鈥檚 sum up our recommendations:
- If you use 黑料门 Instant Site, you鈥檙e fine: the entire website is on HTTPS.
- For Wix and Weebly websites, enable your SSL certificate in settings.
- If you sell on your own website, check with your domain/hosting provider if you have an SSL certificate. If no, request for it.
- If your domain/hosting provider doesn鈥檛 sell SSL certificates, get a free one on 听Cloudflare or buy it from a reseller.
听
- Data Privacy in Ecommerce: Emerging Trends and Best Practices for 2024
- The State of Ecommerce Payment Security
- How to Use HTTPS Protocol and SSL Certificates to Protect Your Online Store
- Ecommerce Fraud: How to Protect Your Store From Online Shopping Scams
- How To Protect Your Online Store From Cyber Threats
