Is HTTPS necessary for eCommerce websites?

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
While looking for a good hosting company, I noticed that there are a lot of sites didn't use HTTPS to support their services, meaning they don't have a secure connection. Is HTTPS necessary for big websites or ecommerce sites? can I use an eCommerce site without it?
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Hi Chris

If your taking customer details or payments via an eCommerce site, yes an SSL cert is essential imo. I would never buy from a site that was not https.
Your customers would not be happy if their information was stolen whilst being entered into your website.

Although some payment providers such as PayPal do handle all the billing on PayPal's servers which are https. But to be honest just get an SSL cert, they are quite cheap.
 

HostPace

Active member
Registered
Joined
Apr 15, 2016
Messages
65
Points
8
While looking for a good hosting company, I noticed that there are a lot of sites didn't use HTTPS to support their services, meaning they don't have a secure connection. Is HTTPS necessary for big websites or ecommerce sites? can I use an eCommerce site without it?
Yes, It is 100% necessary for the eCommerce websites to have an SSL installed. If not, you will get hacked, credit card numbers will be stolen while in a transaction and you will lose the customers. Most of the potential customers won't enter their credit card number, for lack of the reassuring green padlock picture.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Even with a not commercial website HTTPS should be used, as if it's secure your website and visitors, it also speed up it if you use HTTP2 / SPDY and other new web technologies

And with let'sencrypt you can do it on any VPS in less than 10 minutes
 
Last edited:

HyperHost

Member
Hosting Provider
Registered
Joined
May 12, 2016
Messages
50
Points
8
I agree with all that was said about. Https url encoded customers data, so sites that have clients account use SSL to secure info
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
It depends.

Are you asking about the need for SSL when payments are handled on a different website (like PayPal)?
- If so, then no, a SSL is not necessary, but is recommended to build customer trust.

Are you asking about the need for a SSL when payments are handled on your website?
- If so, then yes, you need a SSL and more. If payments are handled on, stored on, or transmitted through your website, then you must be PCI-DSS compliant, which goes way beyond just having a SSL!
 

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
Hi Chris

If your taking customer details or payments via an eCommerce site, yes an SSL cert is essential imo. I would never buy from a site that was not https.
Your customers would not be happy if their information was stolen whilst being entered into your website.

Although some payment providers such as PayPal do handle all the billing on PayPal's servers which are https. But to be honest just get an SSL cert, they are quite cheap.
Yes, It is 100% necessary for the eCommerce websites to have an SSL installed. If not, you will get hacked, credit card numbers will be stolen while in a transaction and you will lose the customers. Most of the potential customers won't enter their credit card number, for lack of the reassuring green padlock picture.
I read these information on the internet but don't know how it is secure or store information in secure with https.

Even with a commercial website HTTPS should be used, as if it's secure your website and visitors, it also speed up it if you use HTTP2 / SPDY and other new web technologies

And with let's encrypt you can do it on any VPS in less than 10 minutes
I read in a post on this forum that we can use free SSL with Cloudflare, does this work and I can try SSL from them?

It depends.

Are you asking about the need for SSL when payments are handled on a different website (like PayPal)?
- If so, then no, a SSL is not necessary, but is recommended to build customer trust.

Are you asking about the need for a SSL when payments are handled on your website?
- If so, then yes, you need a SSL and more. If payments are handled on, stored on, or transmitted through your website, then you must be PCI-DSS compliant, which goes way beyond just having a SSL!
How if I use both ssl and non ssl on a site? just using SSL on checkout page

And a big note, I saw on my site when I used SSL, it loaded pretty slow.
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
Https has noting to do with securing stored information, it just means that the data you transmit is encrypted.

You can use the free SSL from cloudflare, but you will also need to setup Strict SSL so that it encrypts data from the user to Cloudflare, and from cloudflare to your server.

You can set whatever pages you want to use SSL or not, but it is best to use SSL on your entire site.

Using a SSL can cause a slight increase in loading time since the data has to be encrypted & then decrypted, but the speed difference should be minimal.
 

Luxin Host

Well-known member
Registered
Joined
Jun 26, 2016
Messages
543
Points
43
Luxin Host
Placing SSL on your check out page or your entire website is up to you as all SSL does is encrypt the data transmission. While I can see your point that only check out pages may need it however placing on every page can build a trust with your customer has he/she visits your website.
You should barely notice the increase in speed, I would say its worth it.
Also SSL does increase your google ranking so bare that in mind.
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
While I can see your point that only check out pages may need it .
How if I use both ssl and non ssl on a site? just using SSL on checkout page
An SSL cert for www.yourdomain.com will give your a secure connection to any page on www.yourdomain.com. If your checkout page is for example www.yourdomain.com/checkout.php the certificate will also encrypt this page.
 

Hostissimus

New member
Registered
Joined
Jul 19, 2016
Messages
8
Points
0
For client confidence it is quite a must nowadays, especially on those pages, where client insert sensitive data, like CC details.
 

hostuto

Member
Registered
Joined
Apr 14, 2016
Messages
47
Points
8
https stands for security and for an ecommerce site is a must have
 

HostYouFast

Member
Registered
Hosting Provider
Joined
Jul 16, 2016
Messages
56
Points
0
Very important and good for you and your client....I will advance you get one...Its also available in your cpanel features now.
 

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
Placing SSL on your check out page or your entire website is up to you as all SSL does is encrypt the data transmission. While I can see your point that only check out pages may need it however placing on every page can build a trust with your customer has he/she visits your website.
You should barely notice the increase in speed, I would say its worth it.
Also SSL does increase your google ranking so bare that in mind.
2 years ago I bought a SSL certification on a shared hosting at Hostgator and they redirected me to Comodo to buy, its pretty complex and I don't know why I could not buy a ssl service at my hosting provider.

https stands for security and for an ecommerce site is a must have
For sure, that's reason why I asked this question and I am going to have ssl again on my sites.

Very important and good for you and your client....I will advance you get one...Its also available in your cpanel features now.
Does this feature include in all hosting offers for free? If no, how much does it cost monthly?
 

CyberHour

Well-known member
Registered
Hosting Provider
Joined
Sep 9, 2016
Messages
109
Points
0
Just want to make it clear that SSL is secure but again is not uber.
Remember the http://heartbleed.com ?

SSL is still open to man in the middle in some cases.

However it is still recommended to use SSL .

I am using http on my VPS, is there an option to enable https for my site? it's an external service and I need to pay it? if yes how much?
Get your self Let's Encrypt SSL its free https://letsencrypt.org :)

Cheers
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
You have to go in the Crypto tab :



Then you will see Origin Certificates, and you can create an SSL certificate to import in your server.



Last Step, you have to set the SSL to "Full Strict" and to check in the DNS tabs you are using the Cloudflare Proxy (orange cloud)


 

Attachments

amberhuntus

Member
Registered
Joined
Sep 15, 2016
Messages
28
Points
0
It is important for the eCommerce websites to have an SSL installed and use HTTPS support to provide secure and reliable experience to its users while transactions to protect information of the website users.
 

UWH-David

Member
Registered
Joined
Jan 18, 2016
Messages
45
Points
8
In this day in age with Google ranking https:// sites higher and the very affordable pricing of SSL certificates now there really isn't any reason you shouldn't do it.
 

Optimidia

Member
Registered
Joined
Oct 5, 2016
Messages
42
Points
8
With software such as Let's Encrypt which provide some reliable, secure and free SSL certificates there is no reason to not use one nowadays. They make sites just a tad bit slower but not something that is considered a problem. I would use an SSL on a site that uses form whether you are buying or not. Nowadays with the rampant leak of information it's better to have things over the web go as secure as possible.
 

Chris Worner

Well-known member
Registered
Joined
Apr 15, 2016
Messages
612
Points
28
In this day in age with Google ranking https:// sites higher and the very affordable pricing of SSL certificates now there really isn't any reason you shouldn't do it.
With software such as Let's Encrypt which provide some reliable, secure and free SSL certificates there is no reason to not use one nowadays. They make sites just a tad bit slower but not something that is considered a problem. I would use an SSL on a site that uses form whether you are buying or not. Nowadays with the rampant leak of information it's better to have things over the web go as secure as possible.
Thanks for your advice, I would keep these and will update SSL (https) for my sites in near future.
Because I have bad experience when used on a site in the past, it made site load slowly and required me do many configurations for my site or purchasing SSL service for it.
When I used a shared hosting and wanted to have SSL on my site, I asked my hosting provider and they contacted comodo.com to give me SSL service and its pretty complex when buying this service.
 

Optimidia

Member
Registered
Joined
Oct 5, 2016
Messages
42
Points
8
Look for a provider that offers Let's Encrypt. Your website will come with https:// by default and for free. Unless you are going for a Organization Validation (OV) or Extended Validation (EV) it should be more than enough.
 

tcoder

Member
Registered
Joined
Oct 11, 2016
Messages
27
Points
0
To accept credit cards, you have to be PCI Compliant.

There are different levels PCI, depending on what information you store and how you use the data.

So the answer is YES you need SSL to accept payments, unless you use a third party like paypal or a processors embedded form in an iframe.
 
Last edited:
Latest Threads
Replies
0
Views
42
Replies
0
Views
64
Replies
1
Views
88
Replies
1
Views
99

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top