WordPress.org

Ready to get started?Download WordPress

Forums

Fast Secure Contact Form
Feature Request: Submit Form with HTTPS (6 posts)

  1. fwchapman
    Member
    Posted 3 years ago #

    Hi Mike,

    I've just been reviewing the use of SSL on my sites, and it occurred to me that there are times when I'd like to submit form data securely using a form action based on HTTPS instead of HTTP. Would you please consider adding a configuration setting so that form administrators can choose between these two different ways of posting the form data?

    As always, thanks for considering my request!

    Best wishes,

    Fred

    P.S. I can use the WordPress HTTPS plugin to force HTTPS on the entire contact form page, but that's a brute-force solution -- not very elegant!

    http://wordpress.org/extend/plugins/si-contact-form/

  2. Mike Challis
    Member
    Plugin Author

    Posted 3 years ago #

    Because the form uses shortcode to load anywhere on any Page, Sidebar, or Post, it has no pre-awareness of what page it is on. It is a "plugin" to your page. Therefore I am not able to make a setting for controlling https or not. By the time it starts via the shortcode, half of the page is likely already printed to screen.

    WordPress HTTPS plugin can make the page https and the form is compatible with that.

  3. fwchapman
    Member
    Posted 3 years ago #

    Hi Mike,

    Thanks for your speedy reply! I must apologize for not explaining myself clearly. What I'm asking is actually very easy to do.

    I'm asking you to change just the form action, not the protocol for the entire page. By default, your shortcode inserts this code into the page:

    <form action="http://..." id="si_contact_form..." method="post">

    Instead, you could just as easily insert this code into the page:

    <form action="https://..." id="si_contact_form..." method="post">

    The only difference is that the first uses HTTP and the second uses HTTPS. If you add a configuration setting in the administrative back end, the administrator can decide which protocol to use for each form.

    Does that sound doable?

    Best wishes,

    Fred

  4. fwchapman
    Member
    Posted 3 years ago #

    P.S. Here are some high-traffic examples: Facebook, Twitter, and LinkedIn all have login forms on their home pages, but none of the home pages use HTTPS. Even so, all the logins are secure because the form actions use HTTPS to post the data. Using HTTPS on the whole page is overkill -- for security, only the form needs to use HTTPS. That's what I'd like to do with your contact form.

  5. Mike Challis
    Member
    Plugin Author

    Posted 3 years ago #

    Yes I can make a setting for that.

  6. fwchapman
    Member
    Posted 3 years ago #

    Thanks, Mike! This new security feature will be one more in a long list of strong selling points for your hugely popular plugin. Much appreciated! -Fred

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic