I had SSL certificate on my site but still it has been hacked...how to prevent this from happening?

An SSL certificate protects users of your site from having their communications intercepted by a 3rd party. I think it is likely that when you say your site was hacked, this isn't what you're talking about. An SSL certificate does not validate the content of your site, nor does it prevent anyone from accessing it as intended or otherwise. Controls for these are outside the realm of SSL.

There is no warranty regarding SSL certificates other than potential civil liability. Unless your certificate itself was compromised by actions of the issuer, you have no case against them and no warranty is implied.

As far as figuring out what was insecure about your site, how you were compromised, or what needs to be addressed to fix it, you need to have forensic analysis performed on your compromised machine. A review of the website code for the site in question may also be in order.


SSL certificates don't do anything to prevent your site from being hacked, so you're not going to be able to claim compensation. If properly implemented, they prevent your users' traffic from being intercepted by third parties, which is not the same thing at all.

To stop your site from being hacked again, you need to employ or become an expert in Internet security -- there's no other way. There are so many different ways that your site could be vulnerable that I couldn't even begin to list them all here.


I've never heard of a warranty on SSL certificates, and even so, it wouldn't be that your site wouldn't be broken into - it'd be a warranty concerning the link between your server and your user's computer.

You may be thinking of those (ridiculous) "verified by XXX" logos you see on websites. Those are intended to give visitors confidence that the site is indeed secure, but again, they don't function as an assertion that nobody can break into your site, as much as an indication that the site is using SSL to protect communications.

There are other logos out there that sometimes show up on websites, sometimes from the same companies that sell certificates, that purport to speak to the security of the site itself, but even so I haven't heard of any of them warranting that claim. Far from it, usually - almost everyone inserts gigantic disclaimers in their license agreements.