Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

WordPress Ecommerce with WordPress and WooCommerce Setting Up WooCommerce WooCommerce General Settings

Mario Rodriguez
Mario Rodriguez
15,345 Points

What is the risk of setting woo commerce on a small site without SSL certificate?

What is the risk of setting woo commerce on a small site without SSL certificate?

Tim Knight
Tim Knight
28,888 Points

Hi Mario,

I would say there are two big risks to consider when not having an SSL certificate. Consider the following two scenarios:

Using PayPal for External Payment

In the case of using WooCommerce with PayPal you don't necessarily need an SSL, but I would say that many consumers look for the safety of SSL even during their shopping experience. So the risk in this case would be that users wouldn't feel their payment information was safe because they wouldn't get far enough in the process to see the transition to PayPal's SSL.

Using an External Payment Process

WooCommerce let's you use several different types of external payment processors. I believe WooCommerce actually forces the system to have SSL installed before you can enable one of these add-ons. If it didn't, you'd be risking sending credit card information in plain text and risking the payment security of your customers. Additionally, if you were able to enable WooCommerce for these processors without SSL you'd risk your ability to process your payments with Visa or Mastercard. From what I understand part of PCI requirements include transaction security just as much as storage (which is typically handled by the processor). In the case that you were not sending the information securely your merchant could disable your account for failure to comply with basic PCI requirements.

Again both of these are speaking generally. I believe that WooCommerce however will not allow you to enable external payment systems without SSL enabled.

3 Answers

Zac Gordon
STAFF
Zac Gordon
Treehouse Guest Teacher

If you don't use SSL you will only be able to use payment gateways that take people off of your site to make the payment. Payment gateway don't let you process payments on your site without SSL, it just won't work.

Mario Rodriguez
Mario Rodriguez
15,345 Points

Thanks for teaching me Tim. I truly appreciate it.

Ashley Martin
Ashley Martin
2,429 Points

I have heard that google's algorithm favors sites with SSL certificates over ones that don't. Another benefit to having SSL.