SSL makes me nervous.

I've never installed an SSL certificate, but I'd like to fully utilize the ProSites plugin and allow users to sign up for their own DIY website on my network. I've been reading all the SSL articles I can find and I'm still confused a bit. I'm using full domain mapping so they can mask their domain at the higher levels of my service.

At a minimum, I know I need SSL on my main site for the checkout process. My clients are mostly churches. Any businesses that end up on my network will likely use off-site checkout (like PayPal).

I'm thinking it would be good to have a wildcard SSL cert. I'm currently masking domains for the entire admin section, but if I did a wildcard SSL, I might consider changing that so that the login page and admin section are covered under my wildcard SSL. (I'm assuming SSL would make the login process more secure--correct?)

Also, I read conflicting information regarding wildcard SSL and domain masking. I've seen some comments (even here on WPMU dev) that say wildcard covers the subdomains but not the masked domain. Then I've read other comments (also here on WPMU dev) that claim wildcard SSL will cover mapped domains that are tied to the subdomains. So I'm really confused about that. If I had clients who wanted SSL, I want to make sure I know if I have to host them outside my network to make that possible or if they can be secured on my network.

I'm hoping to work very hard now at getting the entire ProSites signup feature working. After that, I'm going to consider adding the WHMCS platform to allow my users to purchase domains as part of the sign up process. I'm finding a ton of churches who are doing DIY websites on SquareSpace and I'm trying to build something that can directly compete with them, including offering templates. I think since I'm targeting a very specific niche that I can offer a much better feature set than SquareSpace does for them at similar price points. Most of them know that they will eventually upgrade to a wordpress site, so just having it on wordpress from the get-go will be a big win for many of them.

Thank you for your help!

  • Sajid

    Hello Mark,
    Hope you are doing good today :slight_smile:

    First of all, please let me clear that, in this era of Internet you just don't need SSL certificate if you selling some stuff on your site and handling some credit card transactions. It is now a requirement of your site since google will start penalize you if it is not SSL (yes they can do that). This means, less chances of appearing in google search results.

    More over, if your visitors are using Chrome Browser, they will also get a notification beside their address bar telling them your site is not secure.

    Okay now coming back to your questions.

    Yes, wildcard SSL certificate is only for main domain and subdomains of that domain. It does not cover your mapped domains hosted on your server. For this purpose, you may need Multi Domain (UCC) SSL certificate to cover all of your subdomains. Please read this blog post for more details: https://premium.wpmudev.org/blog/ssl-domain-mapping/

    Another option is using LetsEncrypt SSL certificate. These are totally free. But the only limitation is that you can only use one SSL for one domain and have to renew it after 90 days. Some modern hostings are now offering this feature out of the box and also have a cPanel plugin for automatic installation and renewal.

    Also, there is a plugin on WordPress.org that might do something like that and claim to do it for entire network (never tried it though). Here is the plugin link:
    https://wordpress.org/plugins/wp-encrypt/

    Take care and have a nice day :slight_smile:

    Best Regards,
    Sajid - WPMU DEV Support

  • Mark

    Sajid, Thank you!

    That plugin looks like a great alternative. I may have been wrong in some assumptions I was working with. Currently, my network would have one IP address. Although it's dedicated to my server, every site on that server shares that IP. (I'm using site ground cloud hosting, by the way.)

    I thought that each SSL cert had to be on a dedicated, unique IP address, with the exception of the multi-domain cert. From your suggestion, it sounds like I may be able to install the Let's Encrypt cert on multiple domains on my same network. (Or do I need to purchase multiple dedicated IPs from my host in order to give each mapped domain it's own IP?)

    Thank you for your continued guidance!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.