SSL and WordPress
When you’re doing anything with on-site e-commerce checkout where you’re collecting sensitive credit card data through your website, putting a SSL in place is mandatory. SSL certificates can be purchased through your site’s web hosting company or from a third party and come with a yearly fee. This fee is separate from any fees you’re paying to your payment gateway, as well as any fees involved in your shopping cart system itself. Your hosting company typically does the necessary work to put the SSL in place on your server for you if you purchase from them.
WordPress HTTPS for Forcing SSL Exclusively on Pages
Once the SSL has been installed, the best WordPress plug-in that I have found so far for working with SSL in WordPress is WordPress HTTPS. If you don’t want to put SSL on your entire site, this plug-in can be helpful with the “Force SSL exclusively” setting where it can be enabled only on the necessary pages (like checkout.)
SSL is Installed But My Padlock Is Showing as Insecure!
The part that can be the trickiest with SSL implementation is getting the fully secure padlock on the pages that you’ve selected to force SSL on. Occasionally there may be an image, Javascript or CSS file or similar that is still being called without the https, thus your pages are showing there is insecure content. To find out what specifically is causing the issue, you can examine the source code and look for non-https links or a handy tool that speeds this process is Why No Padlock. The results from that may help you remedy the issue. Another possible tool in troubleshooting the padlock absence is the iThemes Fix Non-SSL Links plugin. In general, I always recommend trying to solve the padlock issue without the help of a plug-in, if at all possible, but it is another route you can try if you find issues in doing so.
Overall, implementing SSL into your WordPress website is pretty simple once you’re aware of the right tools that can troubleshoot any pesky no padlock issues.