WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: Contact Form 7] HTTPS (secure form) (13 posts)

  1. dytekllc
    Member
    Posted 4 years ago #

    I would like to secure the forms on a website using Contact Form 7 via HTTPS (SSL). Is this possible or where might I go to hack the code to make the forms submit as HTTPS?

  2. Takayuki Miyoshi
    Member
    Posted 4 years ago #

    Yes, it's possible. You don't need any hacks or customizations for Contact Form 7. Just add 's' into the URL.

  3. dytekllc
    Member
    Posted 4 years ago #

    Thanks for the reply but how and where can that be done? Is there a file or setting somewhere that allows me to force https:// when the forms are visited?

  4. macuserX74
    Member
    Posted 4 years ago #

    I have the same Problem and i hope someboddy will post a short discription hov to setup a "Contact Form 7"-Form with SSL.

    I guess the Hosting-Provider gives you a URL and this URL goes somewehre into the Settings from Contact Form 7.

    THANK YOU for all replys.
    Sascha

  5. dytekllc
    Member
    Posted 4 years ago #

    It seems like it would be an easy thing to do. I have "rigged" my site (www.ticocreditofhickory.com) to now use HTTPS but it does the whole site as HTTPS once you click any of the links within the site. It took a bit of trial and error to get to that point.

    I know that there should be a file with CF 7 that the https://domain can be specified on the <form> tag. But where.

  6. macuserX74
    Member
    Posted 4 years ago #

    Hi dytekllc,
    this is better than nothing. Does the overall ssl (after someone klicked on a link) produce any problems?
    Greetings from Germany.
    Sascha

  7. dytekllc
    Member
    Posted 4 years ago #

    I think it does work fine at that point. I am not sure why there is not an easier method to accomplish this. Nearly every Plugin I have tried bombs or has some bad behavior tied to it.

  8. gjsoulman
    Member
    Posted 3 years ago #

    Does anyone know how to accomplish this (having the Contact 7 form post to a secure URL), other than switching the entire site to use HTTPS?

  9. webjunk
    Member
    Posted 3 years ago #

    In order to use httpS you need a Public Key Certificate. Some hosting providers give a "free" shared certificate but they generally give a warning to site visitors and are not really secure. Otherwise you need to purchase one for your domain. A dedicated IP is required and usually you will need your host to install it for you if not on a dedicated server.
    You can set pages to normal http and the form only to https BUT!!! any http within a secured (https) page will generate the error asking if they want to view unsecured items on a secured page.

  10. gjsoulman
    Member
    Posted 3 years ago #

    Hi webjunk -- I already have a secure site running with a certificate installed, my questions is how to either (1) display the form on an encrypted page without switching the entire WordPress site over to the HTTPS URL (per the earlier conversation), or (2) modify the Contact Form 7 embedded form to POST to a secure URL instead of to the default non-secure URL.

    Any suggestions on how to accomplish either of these two solutions?

  11. webjunk
    Member
    Posted 3 years ago #

    You need the link to the Contact Form to be https://
    That is for two reasons:
    1) It gives visitors the lock in the browser that shows it is secure so they feel comfortable. Now before people post that there is no information yet and ssl is stateless (all true) read:
    2) Potentially (but not common) a form session can be hijacked and change the submit location. If any private info (passwords, etc.) are within the form then the hijacked session will get the info.

    Additionally you need to change the "form Action=" within the php's to use https://yoursite.com/pathto/contact#wpcf7

    Then the submit form will send over a ssl connection.

    Think that's it but am on my first cup of coffee....

  12. frendeliko
    Member
    Posted 3 years ago #

    @gjsoulman

    1. Maybe you can install http://wordpress.org/extend/plugins/wordpress-https and Force SSL Exclusively checking the correct option.

    Then on the page you want ssl protected, check the Force SSL checkbox...

    2. I don't know if it's the best option but you can change the code by hand in php code as @webjunk said. The problem is that it won't be possible to upgrade if another version of CF7 shows up.

    ;)

  13. gjsoulman
    Member
    Posted 3 years ago #

    @webjunk: A belated thanks for your earlier suggestion -- I hardcoded my menu links to a custom HTTPS URL rather than to a WordPress page, which was an acceptable workaround, but wasn't ideal in that 1) those hardcoded menu URLs wouldn't change with the permalink slugs, and 2) subsequently navigating to other pages didn't revert back to HTTP. But, it did keep my client happy.

    @frendeliko: Your WordPress HTTPS plugin was exactly what I needed -- I switched the links back to pages, and used the Force SSL checkbox as you suggested -- works perfectly.

    Many thanks!

Topic Closed

This topic has been closed to new replies.

About this Topic