Help articles Simple SSL

Can I use Simple SSL for an eCommerce site?

Simple SSL provides you with a domain validated SSL certificate issued through Let’s Encrypt™. If you’re wondering whether the level of security and encryption provided by a Simple SSL certificate is sufficient for an eCommerce site: the short answer is, “Yes.”

The long answer, however, is slightly more nuanced.

While the level of encryption that a domain validated SSL certificate offers is sufficient for just about any application, any time that you plan on handling sensitive user information such as credit card or bank account information on your website, it’s advisable to instead purchase an OV (Organization Validated) or, even better, an EV (Extended Validation) SSL certificate from a third-party provider rather than use a domain validated certificate.

There are two reasons for this recommendation:

First, Let’s Encrypt™ certificates do not carry any warranty or guarantees. Generally, OV and EV certificates purchased from third-party providers come with an extensive warranty and often even insurance in the unlikely event that anything goes wrong with the certificate.

Second, OV and EV certs carry a higher level of trust. Since anybody can get a domain validated certificate, these certs don’t do much to prevent spoofing. While they do encrypt user data, they don’t guarantee your users anything about the authenticity of your site or organization.

By contrast, OV and EV certs require much more than just a domain to obtain. There’s actually a strict vetting process that goes along with purchasing these certificates. Your site’s users can put a higher level of trust in your site knowing that it has one of these certificates. This is particularly true of an EV certificate, as it will have the green organization bar in the browser in addition to the standard padlock, such as on Target’s eCommerce site:

evcert

Again, just to reiterate: the level of encryption in a domain validated Simple SSL certificate itself is sufficient. Strictly speaking, you don’t need more than a regular domain validated certificate. There are many eCommerce sites that use them. But running a site that handles extremely sensitive user information isn’t a responsibility to take lightly, which is why we recommend the extra layer of security provided with an OV or, ideally, an EV cert whenever possible.


  • Organizations

    Everything you need to know about managing your team with our Organizations feature.

    8 Articles
  • Blueprints

    Learn everything there is to know about what Blueprints are, how to create them and how to make the best use of them.

    5 Articles
  • Simple SSL

    All there is to know about our free, automatically installed and activated SSL certificates.

    8 Articles
  • Staging

    How to get the most out of Staging, which allows you to duplicate a site, make changes, and then push those changes to the live site.

    6 Articles
  • Local by Flywheel

    Everything you need to know about our amazing, free local WordPress development software for Mac and PC.

    5 Articles
  • White Label

    Everything you need to know about our Whitelabel subscriptions for branding and reselling Flywheel.

    4 Articles
  • Getting started

    Everything you need to know to get your first Flywheel site up and running.

    8 Articles
  • Frequently Asked

    The most commonly asked questions, and a few we just think you should know.

    24 Articles
  • General Questions

    Questions that don't fit elsewhere, or those about Flywheel in general.

    56 Articles
  • Billing & Accounts

    Questions relating to payments, billing and managing your account on Flywheel.

    12 Articles
  • Domain Names

    Details about how to manage DNS and point your domain names at Flywheel.

    10 Articles
  • Database

    How to access your WordPress database to make changes and update content.

    3 Articles
  • Security

    Details about everything Flywheel does to makes your site so secure.

    12 Articles
  • Plugins

    Which plugins work best, which plugins work worst, and everything in between.

    7 Articles

Get in touch with us

Standard support hours are M-F 9am-5pm CDT and 24/7 emergency support.

WordPress experts

Try it yourself. It's free & takes less than 60 seconds. Sign up

× How to manage 50+ WordPress Sites

Here's a free ebook!

How to manage 50+ WordPress Sites