Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 8 of 8
  1. #1
    Senior Member RDesignista's Avatar
    Join Date
    Feb 2012
    Location
    Coconut Tree City
    Posts
    822
    Member #
    30921
    Liked
    123 times
    Hi, I was just wondering if someone could give me their opinion regarding forms in Wordpress, with SSL.

    So my client asked me to make an online loan application. I was ecstatic because I really wanted an opportunity to work on my HTML and PHP form skills. I think default forms are usually so butt-ugly that a little CSS skill can really do wonders.

    I knew right away that I would be needing to encrypt the form data. So, the contents are in a subdirectory, "/ssl". However, being in a subdirectory poses 2 problems:

    - you are breaking away from the Wordpress page template
    - if you try to link to things on your regular website, there will be error messages about partial encryption or that some resources on the page are not encrypted (basically, a properly encrypted page should have 100% of things loaded from https, even jquery library).

    I ended up putting some branding elements into the ssl folder as well, to make the form page look similar to the actual page. However, I'm just wondering if you guys would've done the same thing that I did. Or if you would've done it another way. Or if there is a way to do everything I described all via the Wordpress interface, because right now, my client can't edit the form.

  2.  

  3. #2
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    You do know that just calling a subdirectory SSL doesn't encrypt it ? Right ? Of course you do.

    Me personally, I'd just get a certificate, attach it properly to the site ( the whole site ), make all links to the online form to the SSL version of the form. Put a but of script on the page that makes sure its being called with the https:// or rewrite it so it is...

    Most SSL certs when properly applied DO NOT make it where your visitors has to use the SSL ... You can bounce back and forth between them.

    I have clients that have multiple request forms on their site ... They requested they be encrypted... So the entire site is http:// except if you access a form... Then it utilizes the https://

  4. #3
    Senior Member RDesignista's Avatar
    Join Date
    Feb 2012
    Location
    Coconut Tree City
    Posts
    822
    Member #
    30921
    Liked
    123 times
    Sorry, I forgot to mention that the client is using Yahoo hosting (which is not a great host btw) and that any files in public_html/ssl will automatically be setup with an SSL. The SSL is the one auto-provided by Yahoo, not a separate one. I suppose I should've asked if they wanted to pay for a domain validated SSL. And I suppose that I should start finding an SSL that I can trust and recommend to clients for situations like this :\.

    So I guess you're saying that it's easier to just get an SSL and attach it to the whole site by default, but have it de-activated, except for certain pages?

  5. #4
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    If it's that easy ... Then I'd give it a try.

    Any hosting provider that's even halfway decent is going to offer several SSL options

    I have a multi-site wildcard SSL on one of my servers when I need it.

    I've also bought the basic SSL package for numerous clients over the years and if you purchase then directly from the hosting provider, its a pretty simple process.

    Its not a matter of activating / deactivating

    All http traffic uses port 80 , all SSL traffic uses port 443 , unless our using SSL forwarding through a firewall ... Etc.

    Once the cert is applied and registered wih the domain... Its a matter of how you call the page. If you call the page using standard http:// its gonna be non-encrypted... If you cal a page using https:// that tells the server to use port 443 or encrypt any traffic ...

    Like I said, numerous clients requested this... I used the same form I used before... But I call it usin https:// and there's a small bit of scripting at the top of the page to redirect to page to https:// if someone tries to call the page with http:// also, your form processing script should be hi at the full URL using the https:// to call the processing.

  6. #5
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    If you're using the "shared" cert SSL ... Some people actually DO LOOK at it, and they won't understand ... Because your clients site name will NOT be on the certification anywhere. Many people will never look, but there are quite a few that do.

  7. #6
    Senior Member RDesignista's Avatar
    Join Date
    Feb 2012
    Location
    Coconut Tree City
    Posts
    822
    Member #
    30921
    Liked
    123 times
    Quote Originally Posted by Webzarus, post: 250471, member: 27723
    If you're using the "shared" cert SSL ... Some people actually DO LOOK at it, and they won't understand ... Because your clients site name will NOT be on the certification anywhere. Many people will never look, but there are quite a few that do.
    All I had to do was create a subdirectory named SSL and then drop files in for them to be secured! That's probably the only cool thing about Yahoo hosting so far. And yes, it is a shared SSL. And I know that Shared SSLs aren't very good looking at all, even though my client's domain is part of that shared SSL url and I put in a bit of effort to brand the page.

    I've been telling my client that I run into a lot of restrictions with Yahoo hosting (such as no htaccess and no html emails), so they're asking for a move to a new host when I have the time. I will probably ask if they'd be interested in getting a basic SSL as well. Do you have any recommendations for SSL? Or do you think whatever the webhost is partnered with is the best choice, since that would be a single login?

    Thanks for your input.

  8. #7
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    No recommendations as all SSL certs perform the same function. They validate the sites Identity to the end user while encrypting data being transmitted.

    That being said, If you have a client that requires SSL on their hosting package for one reason or another, this should be a consideration when choosing your host.

    Many "cheap" hosting providers don't offer a standalone standard SSL, many offer paid access to a shared SSL ( no different than what you have a access to for free now ), some are really cheap, but again, your clients website name will not be anywhere on the cert, it will typically be a cert issues to the hosting company, so any site on their server can utilize it.

    A standard SSL from a reputable company will run between 50-60 a year... So just make sure whomever you're considering using for hosting actually will allow you to purchase a 3rd party cert ( if they don't offer them ), and can install it and attach it to your individual hosting account.

    If you can find hosting that also sells and installs SSL certs onto their account, then that's the way I would go. And yes, I started using GD SSL certs a while back, their trust levels ( opinion ), is pretty high as I see many major corporations are using their branded SSL services, thawte, net sol, geotrust, verisign or I think now Symantec are just some of the others .

  9. #8
    Junior Member
    Join Date
    Jan 2016
    Posts
    1
    Member #
    52989
    I just came across your dilemma about providing SSL protection on WordPress pages hosted through Yahoo (or now Aabaco). I am rebuilding a small e-commerce site, and I'm tempted to keep it on Yahoo instead of moving to another host.

    It looks like you were successful in creating a subdirectory "SSL" and dropping files in there. It's been a couple years, but I wonder if you remember exactly what you did.

    I'm not sure which WP files to throw in the SSL folder and if moving those files will confuse the WP database or break links. Or maybe you've found a better way to use SSL with WordPress.

    Any insight would be appreciated, thanks!


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

ssl yahoo wordpress

Click on a term to search for related topics.
All times are GMT -6. The time now is 11:39 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com