For years now, PayPal has provided a simple low-cost solution for website owners to collect payments from customers online. One of the great things about PayPal is that you don’t need to have an SSL Certificate – but that’s about to change for some users and not everyone knows it yet.
For example, if you Google “need SSL for PayPal” today, you will get this outdated message:
While the above message is technically correct and applies to other third party solutions like 1Shopping Cart, Mijireh Checkout or 2 Checkout, as of September 2016 it won’t apply to PayPal Express with a WordPress Cart Plugin.
But how do you know if this new rule applies to your shopping cart and it’s PayPal configuration?
First, you need to understand the different types of PayPal integrations for website owners:
- PayPal Standard – Sends customer to PayPal to complete simple transactions.
- PayPal Express – Sends Customers to PayPal to complete transactions and then communicates with the referring website’s shopping cart, using an IPN (Instant Payment Notification), for more advanced transactions.
- PayPal Payments Pro – Requires an SSL Certificate because like Authorize.net with a Merchant Account, PayPal Pro collects payment information from the customer on your website and transmits it to PayPal via an IPN.
Simply put, if you have set up an IPN with PayPal and tied it into your shopping cart, you will need to have an SSL (Secure Sockets Layer) installed on your website or use one of the alternative services listed above. If you aren’t using PayPal Express you really don’t have anything to worry about.
If you have PayPal Express Setup, what’s the next step?
If you aren’t technical, contact your webmaster or Virtual Assistant and find out what you need to do to keep processing payments after September 2016. If you are technical or just want to understand the process – keep reading.
Your first step is to obtain an SSL Certificate and have it installed on your website.
Depending on your hosting company the costs and processes may vary. On companies like HostGator, if you are on certain shared hosting plans your certificate is included free with your account. On other companies, you may need to purchase a certificate from companies like GoDaddy, Comodo or Positive SSL, just to name a few.
I have an SSL now what?
While it may seem simple to update your shopping cart to use SSL (HTTPS://), it’s a little more complicated than just adding an “S” to your shop and thank you pages. You will also need to ensure elements in your pages are using secure (SSL) connections or your customers will see an insecure warning message like “this page contains some insecure elements“. That means all content on your site including images, scripts, embeds like YouTube will need to use HTTPS:// instead of HTTP://.
Another consideration is whether your entire site should use HTTPS:// or just the cart. Since Google announced that it would be using HTTPS:// to assign a slight ranking boost you may want to take this opportunity to update your entire site to use SSL.
Either way (shop only or entire site), talk to an SEO Expert, Webmaster, Virtual Assistant or do a little research on Canonical URLs first; you will need to ensure that the search engines understand that you aren’t duplicating content.