February 18, 2015
In order to accept credit cards on your site and be PCI compliant you must have an SSL certificate and use HTTPS on all pages that collect credit card information. HTTPS provides authentication for your web site and associated web server, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a customer’s browser and your server, which protects against eavesdropping and tampering with and/or forging the contents of the communication.
Purchase and / or Install an SSL Certificate
There are a number of companies you can purchase SSL certificates from including: Positive SSL & Rapid SSL, of course your hosting provider may also offer them for easy purchase. Once you’ve purchased an SSL certificate, you’ll need to work with your hosting provider to get it set up on your server.
Verify Your SSL Certificate is Installed Correctly
Once you’ve worked with your hosting provider to get the SSL certificate installed, you can verify that everything is set up correctly by using this SSL Checker.
Wordpress HTTPS Settings
Once your SSL certificate has been successfully installed, you’ll want to ensure that HTTPS is used on all the pages on your site that collect sensitive information. This can easily be done with the WordPress HTTPS plugin.
NOTE: After activating the WordPress HTTPS plugin go to the settings screen and in the General Settings section make sure that the Force SSL Exclusively option is unchecked.
Secure Pages on Your Website
Next, go to each page that needs to be secure and check the Secure post option in the HTTPS module. You’ll want to do this for any page you’re offering behind a pay wall.
Ensure That Your Pages Are Fully Secure
Once you’ve installed a plugin to handle HTTPS and you’ve configured which pages should use HTTPS, you’ll want to check and make sure there aren’t any insecure items being loaded on your secure pages as this will typically cause the browser to show a warning to the user informing them that the page is not secure. In some browsers, like Chrome, they’re more strict and will terminate rendering the page when an insecure item is encountered. You can use this tool to ensure that your pages are fully secure. If the report tells you that you have insecure items on your page, use this resource to fix the insecure items.