HTTPS for the Checkout Page in WordPress Ecommerce

Using this plugin Admin-SSL.
Don’t be surprised if you can’t find this plugin’s config page. It gets installed in the Plugins menu after you activate it. You can switch it to be in the Settings menu but after you find it! Yeah, yeah, yeah, I know but whatever this plugin works!

Securing the Checkout Page
Go to http://yoursite.com/your wordpress folder/wp-admin/options-general.php?page=admin-ssl-config.
Use the Additional URLs box to put in the your order/checkout page. If you aren’t using(or can’t) use permalinks your URL might look like this: ?page_id=12. Except it won’t be 12, it will be the number id that your order/checkout page is. I was so used to being able to use custom permalinks that I was a bit lost when faced with what part of the URL goes there when I came across another server that had not set up mod_rewrite properly.

You can also change the location of your shoppingcart URL to https in Ecommerce>>Settings>>Admin but you will still need this plugin to convert all the URLs to https otherwise your little lock icon will be broken and the addressbar will not turn blue or green if you have spent the big $$$ for an extended SSL. These days online shoppers are warned over and over not to submit credit card numbers on non secure websites. So even if you have purchased and installed your own private SSL certificate and your web page is secure it won’t look like it with a broken lock icon!

I tried using the https-for-wordpress plugin – but you could remove the “s” and still view the order page. Admin-SSL will redirect back to https no matter what and only yhe pages you want to use https will use https. Even though any file or link URL in the document or on the page are auto converted to https, once a site visitor follows any of these links they are redirected back to http. Https-for-wordpress also was not able to convert every link from http to https, namely some files called by plugins in the header theme file.

You can translate trust into sales so it’s a good idea to spring for a proper SSL certificate if you plan on collecting CC numbers anywhere on your site.
The author of this plugin says it can be used for Shared SSL as well.

Monday Web Woe

Why can’t anything ever be easy? I knew changing hosts and setting up a new ecommerce website would be a challenge- especially because I had to use a new ecommerce solution that seemed to be very very beta. But I work with what I am given. The easy thing was customizing the free template to match the WordPress theme I custom made for the new site. Oh what a walk in the park compared to other stuff. I have encountered new things these past weeks: Private SSL, openssl,Dedicated IP,openbase,corporatese and sysadmins who might be drinking on the job.

Corporatese I can manage.I read 1984, I knew it was coming:the newspeak. I can imagine it comes as second nature to business school types. I went to art school and the jargon I picked up (to mock it) was just as full of hot air. In artschoolspeak the point was to sound like you were really saying something especially if you were talking about your work. In corporatese the point is not to let anyone know what you are talking about especially if you are talking about your work.

The ecommerce site launched like a tiny little dream with https all over the place. 2 days later the dream vanished and we found ourselves without a dedicated ip. Ssl certificates will not work without a dedicated ip address. It is as if we don’t have an ssl installed at all and are reduced to self signed. Browsers just love this.There is no way anyone is ever going to buy anything if they have to add an exception to do so.There is even a button on the error message that says Get me out of here! With an exclamation point and everything. Who is going to see that and say “oh, I don’t care but I want to buy the item anyway”.