WooCommerce / SSL on different subdomain (9 posts)

  1. wezcornell
    Posted 3 years ago #

    Hi All

    I wondered if anyone knew how to force SSL on WooCommerce's checkout/myaccount sections etc, when the main WP site is hosted on domain.com and the SSL cert is for secure.domain.com

    Is this possible? If not, is there a work-around/alternative plugin for SSL?

    Many thanks in advance



  2. royho
    Plugin Author

    Posted 3 years ago #

    From your description, it seems you're trying to use a FREE shared SSL. While this may work, it is highly recommended you get your own private SSL.

    You can try plugins like wp-https...Make sure you're only securing the checkout and not your whole site and make sure proper redirection is happening when going from a secured page to a non secured page. In addition, you may also need to fix any insecured items that may be on the page. You will know as browsers can show you if a site has insecured items, especially IE browsers.

  3. wezcornell
    Posted 3 years ago #

    Thanks Royho for your reply.

    We're actually using our own private SSL: secure.mydomain.com

    Our main website is on http://www.mydomain.com

    I have followed your recommendation of using the wp-https plugin, which seems to work very well. Using the "URL Filters" functionality in wp-https I was able to to setup "/checkout/", "/my-account/", "/order-tracking/", "/cart/" etc for WooCommerce's shop pages.

    I have also disabled "Force SSL" in the WooCommerce plug-in as it was suggested on WooCommerce's Known Conflicts page (http://wcdocs.woothemes.com/codex/integration/known-conflicts/#section-4) that this would interfere with wp-https.


    When placing items/products into WooCommerce's shopping cart and then clicking on Checkout, this seems to cause WooCommerce to 'lose' the products in the cart after it transfers to the secure cart page.

    Any ideas? Your help so far has been appreciated.

  4. royho
    Plugin Author

    Posted 3 years ago #

    I am not understanding. If you have your own private SSL, why do you have secure.mydomain.com? Usually only shared SSL is done this way. Thus I asked if you're using FREE ssl. It should just be https://www.yourdomain.com.

    Your products are dropping off because they are NOT the same URL. Even https and http is considered to be different.

  5. sd1111
    Posted 3 years ago #

    @wezcornell -- Did you find a solution to this problem? I am having the same issue.

  6. wezcornell
    Posted 3 years ago #


    I took the easy route :-) Our SSL (Extended Validation - green bar technology) certificate was for secure.domain.com, so I just hosted the WHOLE site on that domain. At first, I thought that this may have an impact on page load response times etc but with modern resources these days it's negligible.

    I've also noticed that users seem to trust the site a lot more with the whole site displaying the secure green bar/padlock.

  7. royho
    Plugin Author

    Posted 3 years ago #

    It is not a good practice to secure the whole site and it DOES impact load/resources. You just don't see it because you have minimal traffic.

    Take the time to do it right if possible.

  8. sd1111
    Posted 3 years ago #

    Thanks to you both for the information!

  9. itsricky
    Posted 2 years ago #

    Hey @royho - does this go for small sites too?

    What is a good solution to this problem - ie - maintaining the cart contents, but switching from the insecure page, and over to a fully secured page?

    Can this be done on the same domain, but switching the HTTP to HTTPS via wordpress or something?

    Please help - there's very few resources online for this kind of help.

    @wezcornell - how did you go with this - the site's been set up for a while now, are there any long term impacts from being wholly secured?

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WooCommerce
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic