WordPress.org

Ready to get started?Download WordPress

Forums

Using SSL on single page, using WP 2.7 (17 posts)

  1. Christiaan
    Member
    Posted 5 years ago #

    Is there a WP 2.7 compatible plug-in that will allow us to use https for our form submission page?

    We're meant to be going live in the next day or two and we want to stick with WP 2.7 if we can.

  2. Samuel B
    moderator
    Posted 5 years ago #

  3. Christiaan
    Member
    Posted 5 years ago #

    Thanks samboll, much appreciated. However the HTTPS for WordPress plug-in doesn't actually appear to be a plug-in for changing a page to https. It seems only to create a more compatible environment for https. Also it says it's only compatible up to 2.5

  4. Christiaan
    Member
    Posted 5 years ago #

    Does anyone have any more advice on this topic?

    To reiterate we're wanting to make one page (our form submission page) use HTTPS.

  5. Christiaan,

    What does your form submission code look like? It might be easier to make the form submission POST SSL based instead of the contact page.

    Protecting the page/submission for that is being sent by your server might not be really useful.

    But if you want to protect the data that the user transmits (which I am guessing is the sensitive part) then try changing your <form action="http://URL to <form action="https://URL

    Try it and see if that works.

  6. Christiaan
    Member
    Posted 5 years ago #

    Hi J, the form isn't public yet but we're using csforms II and, for the moment, we can't use SSL SMTP to send the submissions but I'm looking into using a plugin called Subrosa to encrypt them with a public key.

    Thanks for the tip about protecting the data rather than the page. I'm still very much a learner at this point. Because of this I'm going for the belt and braces approach.

    I'd also like to protect the page to give users the security that the page is definitely ours and not a phishing site.

  7. Christiaan,

    A friend of mine likes to ask people "What are you trying to accomplish?"

    If you want to keep the end user's contact data reasonably private, then the form submission should via SSL should protect the data in transit when sent back to your web server. That should cover the HTTP/HTTPS portion.

    Dunno about the phishing part; unless your web page is trying to look like someone else's then I think you'll be fine there.

    For the e-mail portion, you'd need to make sure that your mail system defers to SSL/TLS and that the receiver mail server does too. Ask your host company about that. If they say something along the lines of "Postfix/Sendmail... STARTTLS is supported... client and server side..." then you're probably good for that one hop. Subsequent SMTP hops, maybe not but that would be out of your control.

    If they reply back with "Huh?" then you might want to look into PGP'ing your e-mail. That's a loooong conversation about private/public encryption keys and you may be best served by just worrying about the HTTP/HTTPS portion :)

  8. Christiaan
    Member
    Posted 5 years ago #

    Yeah, as I said, we can't send using SSL SMTP for the moment because we don't have a hosting package that supports that. We're thinking of moving to such a hosting package but in the time being I am going to try encrypting the mail with S/MIME.

    With regard to phishing the point is somebody else could pretend to be us and trick people into submitting information via another website address. One way to mitigate that is to use https to protect our page so that users can be sure they're on the right webpage.

    We could force our whole website to https but we I don't want to slow down the other pages unnecessarily.

  9. dicedtomatoe
    Member
    Posted 5 years ago #

    Man, I figured it out. Finally!!
    I do believe it is a media temple thing, but at least I figured it out. In the wp-includes/cononial.php file you have to change 'HOST_NAME' to 'SERVER_NAME' on line 48.

  10. Christiaan
    Member
    Posted 5 years ago #

    Hi diced, I'm with Hostpapa, but your fix seems a bit strange in any case. How does that force a single page to https? How do you choose which page you want to force to https?

  11. dicedtomatoe
    Member
    Posted 5 years ago #

    Christiann, I use admin SSL to force it to use SSL on certain directories. I have no problem making that work. I was having a problem loading anything at all with HTTPS. I kept getting redirect errors. Now after that fix, I don't have any issues. I'm able to make the entire site just HTTP and when someone goes to the credit application page it is HTTPS. Check it out. Joplin USED CARS

  12. Christiaan
    Member
    Posted 5 years ago #

    I've added the need forcing individual pages to WordPress Ideas, vote for it here:
    http://wordpress.org/extend/ideas/topic.php?id=2138

  13. Christiaan
    Member
    Posted 5 years ago #

    Diced, the topic is not about forcing an entire site to HTTPS. I don't have a problem doing that either. The topic is forcing individual pages.

  14. dicedtomatoe
    Member
    Posted 5 years ago #

    I know that use admin SSL and type what directories that you want to be forced to use SSL. In the box called Additional URLs.

  15. jlheidecker
    Member
    Posted 4 years ago #

    Having trouble with Admin SSL and wordpress 2.8.4. Won't let me login to wp admin anymore. anyone able to get Admin SSL to work with 2.8.4?

  16. zzb
    Member
    Posted 4 years ago #

    Any update on this thread? I would like to use Admin SSL to secure a special contact page on a client's site, but from the Googling I have been doing it appears to be problematic with WP 2.8.4 +

    Any further information from anyone who has subscribed to this thread ??

  17. Christiaan
    Member
    Posted 4 years ago #

    Make sure you add your vote here zzb:
    http://wordpress.org/extend/ideas/topic.php?id=2138

Topic Closed

This topic has been closed to new replies.

About this Topic