How Do I Get SSL?
Websites Hosted by MembershipWorks
For organizations that are hosting with us, you can easily purchase a SSL certificate through us that we automatically install and activate for you. The cost is just $9 per year. Here are the directions to purchase the SSL certificate:
- Point your domain name to your MembershipWorks website (see instructions in Help > Using WordPress > Migrating Your Domain & Going live) and make sure that your domain name is successfully pointing to your IP address before proceeding to the next step.
- Log into your MembershipWorks account as the main admin
- Go to Organization Settings and make sure the domain name listed in the Website field is the one you want on your website (note that there is a difference between the www. version of the website and the non-www. version; choose which version you want)
- Go to Organization Settings > SSL
- Click on “Buy a 1-year Comodo Positive SSL certificate”
Once the certificate is installed, you should go into WordPress Settings > General and update the URLs to “https:” from “http:”. If you are using a third-party theme, you may need to install a plugin to “force” the pages to load over HTTPS; we recommend “WordPress Force HTTPS” for that purpose.
Websites Not Hosted by MembershipWorks
You may already have an SSL certificate installed. You can tell when a page is secure in most browsers when the closed lock symbol is present in the URL bar:
For customers that are not hosting with us who need an SSL certificate, you will need to work with your Host and SSL provider to get directions on the best way to purchase and install one. Below are some general directions, but we do recommend you check with your host and SSL provider to ensure you have the latest information before proceeding.
Purchase a SSL certificate from a SSL certificate vendor, such as GoDaddy, Thawte, Digicert, GeoTrust, VeriSign and more. Note that your host may allow you to simply purchase a certificate through their site. Purchasing the certificate is just the first step to actually obtaining the certificate.
- Request – obtain a Certificate Signing Request (CSR) from your website hosting service, that you will need to submit to the place where you purchased the SSL certificate. The CSR will contain information about the domain you are requesting the SSL certificate from, so make sure the domain is correct – “www.test.com” and “test.com” are different domains. The process for obtaining the CSR will vary depending on your hosting service, so please check with your website host.
- Verification – after you submit the CSR, the SSL certificate vendor will need to verify that you are in fact the owner of the domain. This may involve sending a confirmation email to the domain registrant, or adding a file to your website or adding a record to your domain DNS. If you opted for an “Extended Validation” certificate, it will also involve performing a verification of your company or organization. This process varies depending on the SSL certificate vendor and type of certificate.
- Install – once verification is complete, the vendor will issue your SSL certificate. You can then install the certificate on your website server. Certificates may also be formatted a few different ways, depending on the type of server it is to be installed on. This process will depend on your website host.
- Activate – after your SSL certificate is installed, you still need to “force” your website visitors to connect via SSL to your website. You may notice that when you connect to a secure website the URL starts with “HTTPS://”, while with a regular website it starts with “HTTP://”. Most website server systems will allow your website visitors to connect either with “HTTP://” or “HTTPS://”, it is up to your Content Manage System (WordPress, Weebly, SquareSpace, etc) to force the connection to be over “HTTPS://” only. For WordPress, some themes (such as our themes) have built-in SSL support, otherwise there are also a number of plugins that do this, such as:
- WordPress Force HTTPS – forces the entire site to be SSL
- WordPress HTTPS – select only specific pages to be SSL Certain themes may have hard-coded resources that load over HTTP (any one component that does not load by SSL renders the entire page non secure), in which case you may need to have the theme developer fix any such issues.
You can learn more about SSL and why you need it here.
Learn More About SSL
What Does SSL Mean?
SSL (Secure Sockets Layer) is a way for your website visitors to communicate securely with your website server. SSL does 2 very important things:
- SSL encrypts the data sent between your website server and your website visitor. This is critical for such information as credit card numbers, passwords, and private user information. For example, if someone maliciously takes control of a Starbucks router where your member is connecting to your website from, even if they capture all the information sent by your member to your website, they cannot decipher what the data actually is because it is encrypted.
- SSL ensures that the data is coming from your website server, and no one can masquerade as your website. Without SSL, someone malicious can inject malicious code into your website, it would allow them to capture information such as credit card numbers, passwords, user information, or even install viruses on your member’s computer.
Why Do I Need SSL?
If you have a membership site, you will need SSL for these reasons:
- Protect credit card information when taking online payments. Without SSL you will be in violation of your credit card processing agreement, and that may make you liable for all fraudulent charges arising from any breach and your credit card processing privileges may be revoked.
- Protect sensitive information, such as passwords, private member data and more. Even if you do not process credit cards on your website, it is still important to secure user passwords and data. You may have noticed that in many high profile data breaches, actual credit card information may not have been released, but the release of other information such as passwords can still be very damaging. This is because many users re-use passwords across websites, a breach on your website may have larger consequences.
- Online security is important enough that Google and other search engines take SSL into consideration for ranking websites. So having SSL will improve your search engine optimization.