Is HTTPS necessary for eCommerce websites?

Chris Worner · Jul 6, 2016

While looking for a good hosting company, I noticed that there are a lot of sites didn't use HTTPS to support their services, meaning they don't have a secure connection. Is HTTPS necessary for big websites or ecommerce sites? can I use an eCommerce site without it?

LJSHost · Jul 6, 2016

Hi Chris

If your taking customer details or payments via an eCommerce site, yes an SSL cert is essential imo. I would never buy from a site that was not https.
Your customers would not be happy if their information was stolen whilst being entered into your website.

Although some payment providers such as PayPal do handle all the billing on PayPal's servers which are https. But to be honest just get an SSL cert, they are quite cheap.

HostPace · Jul 6, 2016

Chris Worner said:
While looking for a good hosting company, I noticed that there are a lot of sites didn't use HTTPS to support their services, meaning they don't have a secure connection. Is HTTPS necessary for big websites or ecommerce sites? can I use an eCommerce site without it?

Yes, It is 100% necessary for the eCommerce websites to have an SSL installed. If not, you will get hacked, credit card numbers will be stolen while in a transaction and you will lose the customers. Most of the potential customers won't enter their credit card number, for lack of the reassuring green padlock picture.

VirtuBox · Jul 7, 2016

Even with a not commercial website HTTPS should be used, as if it's secure your website and visitors, it also speed up it if you use HTTP2 / SPDY and other new web technologies

And with let'sencrypt you can do it on any VPS in less than 10 minutes

HyperHost · Jul 7, 2016

I agree with all that was said about. Https url encoded customers data, so sites that have clients account use SSL to secure info

RDO Servers · Jul 7, 2016

It depends.

Are you asking about the need for SSL when payments are handled on a different website (like PayPal)?
- If so, then no, a SSL is not necessary, but is recommended to build customer trust.

Are you asking about the need for a SSL when payments are handled on your website?
- If so, then yes, you need a SSL and more. If payments are handled on, stored on, or transmitted through your website, then you must be PCI-DSS compliant, which goes way beyond just having a SSL!

Chris Worner · Jul 9, 2016

LJSHost said:
Hi Chris

If your taking customer details or payments via an eCommerce site, yes an SSL cert is essential imo. I would never buy from a site that was not https.
Your customers would not be happy if their information was stolen whilst being entered into your website.

Although some payment providers such as PayPal do handle all the billing on PayPal's servers which are https. But to be honest just get an SSL cert, they are quite cheap.

HostPace said:
Yes, It is 100% necessary for the eCommerce websites to have an SSL installed. If not, you will get hacked, credit card numbers will be stolen while in a transaction and you will lose the customers. Most of the potential customers won't enter their credit card number, for lack of the reassuring green padlock picture.

I read these information on the internet but don't know how it is secure or store information in secure with https.

VirtuBox said:
Even with a commercial website HTTPS should be used, as if it's secure your website and visitors, it also speed up it if you use HTTP2 / SPDY and other new web technologies

And with let's encrypt you can do it on any VPS in less than 10 minutes

I read in a post on this forum that we can use free SSL with Cloudflare, does this work and I can try SSL from them?

RDO Servers said:
It depends.

Are you asking about the need for SSL when payments are handled on a different website (like PayPal)?
- If so, then no, a SSL is not necessary, but is recommended to build customer trust.

Are you asking about the need for a SSL when payments are handled on your website?
- If so, then yes, you need a SSL and more. If payments are handled on, stored on, or transmitted through your website, then you must be PCI-DSS compliant, which goes way beyond just having a SSL!

How if I use both ssl and non ssl on a site? just using SSL on checkout page

And a big note, I saw on my site when I used SSL, it loaded pretty slow.

LJSHost · Jul 10, 2016

Luxin Host said:
While I can see your point that only check out pages may need it .

How if I use both ssl and non ssl on a site? just using SSL on checkout page

An SSL cert for www.yourdomain.com will give your a secure connection to any page on www.yourdomain.com. If your checkout page is for example www.yourdomain.com/checkout.php the certificate will also encrypt this page.

Hostissimus · Jul 19, 2016

For client confidence it is quite a must nowadays, especially on those pages, where client insert sensitive data, like CC details.

hostuto · Jul 19, 2016

https stands for security and for an ecommerce site is a must have

HostYouFast · Jul 20, 2016

Very important and good for you and your client....I will advance you get one...Its also available in your cpanel features now.

Chris Worner · Jul 21, 2016

Luxin Host said:
Placing SSL on your check out page or your entire website is up to you as all SSL does is encrypt the data transmission. While I can see your point that only check out pages may need it however placing on every page can build a trust with your customer has he/she visits your website.
You should barely notice the increase in speed, I would say its worth it.
Also SSL does increase your google ranking so bare that in mind.

2 years ago I bought a SSL certification on a shared hosting at Hostgator and they redirected me to Comodo to buy, its pretty complex and I don't know why I could not buy a ssl service at my hosting provider.

hostuto said:
https stands for security and for an ecommerce site is a must have

For sure, that's reason why I asked this question and I am going to have ssl again on my sites.

HostYouFast said:
Very important and good for you and your client....I will advance you get one...Its also available in your cpanel features now.

Does this feature include in all hosting offers for free? If no, how much does it cost monthly?

CyberHour · Sep 17, 2016

Just want to make it clear that SSL is secure but again is not uber.
Remember the http://heartbleed.com ?

SSL is still open to man in the middle in some cases.

However it is still recommended to use SSL .

tlhIngan said:
I am using http on my VPS, is there an option to enable https for my site? it's an external service and I need to pay it? if yes how much?

Get your self Let's Encrypt SSL its free https://letsencrypt.org

Cheers

VirtuBox · Sep 29, 2016

You have to go in the Crypto tab :

Then you will see Origin Certificates, and you can create an SSL certificate to import in your server.

Last Step, you have to set the SSL to "Full Strict" and to check in the DNS tabs you are using the Cloudflare Proxy (orange cloud)

amberhuntus · Oct 4, 2016

It is important for the eCommerce websites to have an SSL installed and use HTTPS support to provide secure and reliable experience to its users while transactions to protect information of the website users.

UWH-David · Oct 5, 2016

In this day in age with Google ranking https:// sites higher and the very affordable pricing of SSL certificates now there really isn't any reason you shouldn't do it.

Optimidia · Oct 5, 2016

With software such as Let's Encrypt which provide some reliable, secure and free SSL certificates there is no reason to not use one nowadays. They make sites just a tad bit slower but not something that is considered a problem. I would use an SSL on a site that uses form whether you are buying or not. Nowadays with the rampant leak of information it's better to have things over the web go as secure as possible.

Chris Worner · Oct 11, 2016

UWH-David said:
In this day in age with Google ranking https:// sites higher and the very affordable pricing of SSL certificates now there really isn't any reason you shouldn't do it.

Optimidia said:
With software such as Let's Encrypt which provide some reliable, secure and free SSL certificates there is no reason to not use one nowadays. They make sites just a tad bit slower but not something that is considered a problem. I would use an SSL on a site that uses form whether you are buying or not. Nowadays with the rampant leak of information it's better to have things over the web go as secure as possible.

Thanks for your advice, I would keep these and will update SSL (https) for my sites in near future.
Because I have bad experience when used on a site in the past, it made site load slowly and required me do many configurations for my site or purchasing SSL service for it.
When I used a shared hosting and wanted to have SSL on my site, I asked my hosting provider and they contacted comodo.com to give me SSL service and its pretty complex when buying this service.

Optimidia · Oct 11, 2016

Look for a provider that offers Let's Encrypt. Your website will come with https:// by default and for free. Unless you are going for a Organization Validation (OV) or Extended Validation (EV) it should be more than enough.

tcoder · Oct 12, 2016

To accept credit cards, you have to be PCI Compliant.

There are different levels PCI, depending on what information you store and how you use the data.

So the answer is YES you need SSL to accept payments, unless you use a third party like paypal or a processors embedded form in an iframe.

Is HTTPS necessary for eCommerce websites?

Well-known member

Well-known member

Active member

Well-known member

Member

Well-known member

Well-known member

Well-known member

New member

Member

Member

Well-known member

Attachments

Well-known member

Well-known member

Attachments

Member

Member

Member

Well-known member

Member

Member

Sponsors

Tag Cloud