Hi Mike,
Not sure exactly what the issue is here but I’ll see what I can do.
1. You don’t need SSL certificates to secure your sites from hacking per se, you need a strong host and service like https://sucuri.net.
An SSL cert encrypts the data between the user and your site and let’s the user know that they are in fact giving their information to you and not some spoof. So it is a great idea for any site that asks for user information and allows users to login but it’s not 100% necessary.
2. An SSL Cert IS necessary if you are processing payments through your site however you are not doing that at the moment. You’re using PayPal standard which sends the user to the PayPal.com site to take care of payment, so an SSL cert isn’t required.
To move to PayPal Pro you do need an SSL cert, you also need to signup for the PayPal pro option with PayPal which is $30(ish) per month on top of fees. (FYI, we use Stripe.com for payments, much easier, works with WooCommerce as well).
Do you have a specific questions beyond these answers?
Good luck.
Ben
Thanks Ben, We signed up for PayPal pro and purchased the Woo PP Pro plugin an. We have SSLs on all 12 sites. But there are a number of tech personnel stating that a checkout system using multi-site can be hacked even if each site has its own SSL. We are told that the only solution is that each individual site must have its own IP address (which is impossible). I’d be very greatful if a wordpress admin or person with ecommerce multi-site experience would weigh in.
Well…. Yes. SSL makes the transactions secure, but that doesn’t make it impossible to hack. So technically they’re right. But saying everyone needs their own ip is not really accurate. In that the ability to hack multisite vs single site isn’t different.
Now that said, SHOULD you run a store on multisite? Only if you’re smart and careful. You share the code for themes and plugins, so you have to vet ALL OF THEM all the time, every time they update. You have a shared user base too, so allowing unrestricted registrations is not very smart.
But really that’s the same, single or multi site, isn’t it?
I run a store on my network. One site has 100% SSL, the rest only for login. It’s secure, and it’s no more at risk for hacking than a single site.
Thanks very much Mika for your thoughtful response. Have you ever used the aforementioned service https://sucuri.net
to which Frank made reference?
Mike
No, but I know those guys and if I was hacked and couldn’t fix it, I would hire them. 🙂
