SSL only encrypts the communications from the server to the client, and client to the server. This does not protect against vulnerable software exploits. All server software and web site php applications should be updated regularly and effective firewall use in place. Account access to the server should be limited and strong passwords enforced and changed often.
The primary purpose of a SSL certificate is to provide you (the "user" if you will) with non-forgeable proof of the identity of the website you are connecting to. Another purpose is to ensure the data exchanged between your browser and the site you are connecting to cannot be read, deciphered or decrypted by a third party who may be tapping in to the data exchange between your Browser and the remote server!