Using SSL and separating websites

[markyoung1984]

I currently have a .co.uk website using PHP and a login script.  I have implemented several security measures and have tailored my code to stop SQL injection and XSS (as far as I know).  The next step is to use SSL.  I have purchased an SSL certificate, but I'm not sure how it will fit into my design.

 

I have a main website where users can browse products, look at more detailed product and company information etc.  However, on there I have a login script where users can login and look at different information.  When users log in they can still see the same pages as before, but with some additional, previously hidden information.  How would I handle hyperlinks in this situation?  Would I have to use https all the time, even when a user is not logged in to achieve the desired result?  Would I need to create a subdomain, say users.mydomain.co.uk and have a copy of all the general files in there as well as on the root?  I really don't know how to proceed.

[Daniel0]

You should encrypt the connection whenever confidential data is being transmitted. This could be user login information, credit card information, etc. You could also opt to encrypt all connections. You must be aware that you need a dedicated IP address for your certificate if you need to use it across various subdomains then you'll need a wildcard certificate.