SSL is required for any WooCommerce site that is taking payment in the checkout. If you are sending the customer to a HOP (Hosted Order Page) such as PayPal Express, then it is not so critical. Even if it is not critical from a PCI Compliance and security perspective you should still consider using SSL on your site for two main reasons:

  • Customers Trust SSL
    • Increased Conversion Rate
  • Google rewards sites that use SSL
    • Improved SEO visibility

More Information on Google and HTTPS

What is SSL

SSL == HTTPS. When you visit a site that is preceded with HTTPS then this is site is being connected to via SSL encryption. Modern browsers will display the site has SSL normally with a green tick or green padlock box in the address bar in the browser.

SSL Certificates come in a variety of shapes and sizes. The message shown in the address bar will be different depending on which certificate you have purchased.

WordPress, WooCommerce, WP Engine and SSL

WP Engine has the option to buy an SSL certificate from the dashboard. This makes the setup considerably easier. However they have not fully automated the process of setting up a WooCommerce site on WP Engine. There are some items to consider:

  • Do not enable the Force HTTPS option in WooCommerce. We will force these pages using the WP Engine console. Please note that some Payment Gateway Extensions will display an (annoying) notice if you do not have this option clicked. Ignore.

  • Head to the SSL section in the WP Engine backend.

    • Tick the Force http:// for non-SSL pages
    • Tick Use SSL for WP-admin and WP-login

Add the following URLs to have their SSL forced:

  • https://domain.co.uk/checkout
  • https://domain.co.uk/cart
  • https://domain.co.uk/my-account
  • https://domain.co.uk/wp-login.php
  • https://domain.co.uk/wp-admin/(?!admin-ajax)

N.B Please change the domain.co.uk to your own domain.