If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
I made my form using the Form as a Service, but donors can't make a donation because my site is not on a secure server. Is there something I could do besides paying for a secure server because that costs around $1, 000.
I am not sure I understand the issue. You do NOT need a secure server for this - all you need is an SSL Key. You may buy an SSL key from your hosting company and install on the server that hosts your website. SSL keys range from $8/year to $100 - depending on where you buy it from.
Your form has to have https:// in its URL. If it is not a secure page it will NOT work. We will block all attempts for processing a payment when the page is not secure.
Please set up SSL for your site. You are using the API forms. The API is designed for programmers that want to fully customize every aspect of the platform. Our open API is extremely flexible but the resulting form, when released, has to be on a secure site. You can add SSL to your site by contacting your web hosting company.
If you are not able to set up SSL then we suggest you use our ready-made forms through Connect. Using the Connect widgets does not requires SSL since they are already set up with SSL and you do not need to make any changes to your site. You may want to review this KB article: http://help.clickandpledge.com/custo...rm-as-a-widget
Under no circumstances a credit card number may be collected through an insecure page. If you are not sure how to set up SSL for your API form please use our widgets. Hope the above article helps.
I got the SSL installed on the site, but now I need to have https://. I looked at tutorials about forcing users to access my page with https:// by adding code to my php page but I still get the alert.
"
The request has originated from an insecure page. The posting URL is: http://www.operationshoestring.org/donate/ PCI Standards mandate that personal information may only be transmitted over secure connection. Please add an SSL key to the site and post through a secure connection using https:// instead of http://
"
I added this code to the top of the php "<pre class="if($_SERVER['SERVER_PORT']!='443'){header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);exit();}
"></pre>"
Do I need to have SSL for the new Connect 2.0 forms? A potential donor wrote me today to say
"I tried to donate, but the browser [link] I got through this email says it isn't secure and I get a warning not to enter sensitive information."
This was at www.about-face.org/endmediamisogyny, and is set up using the new Connect 2.0 forms. There is nothing on Connect platform that states you need an SSL key.
She also said:
"I also tried to donate on your website, and I am getting an error message when I click "donate money" and I can't donate--there's no form available."
Connect 2.0 and all Click & Pledge forms are secure and encrypted with 256 bit encryption, as mandated by PCI. The issue you are reporting and the concern of your donor is in reference to your page and not Connect.
Naturally you have not added an SSL to your site (something we highly recommend), not for security but for this very reason, your donor's perception. Now see our form, which you have iframed.
As is illustrated above, the form is secure. The form is where the transaction takes place and as such all communication is secure & encrypted in transit.
I hope that makes the issue a bit more clear.
We highly recommend our clients to secure their site if they plan to iframe a page. This is not, as has repeatedly been stated above, for any security issues or concerns but for sole purpose of donor's confidence.
Another important point to keep in mind is the future of browsers. Google Chrome and Firefox are going to start pushing for all websites to be secure. It is the future direction of the web world. It is best if you add SSL to your site so Google and other browsers also do not penalize your site - I want to make sure you realize this is not a Click & Pledge issue but a general recommendation.
This was pretty unhelpful. It turns out that nonprofits can get a free SSL certificate that is well-respected at Let's Encrypt. Yes, your form is secure but it's no longer secure when iFramed and embedded on a site that is http:// only and not https:// . I figured all that out myself with very little help from this response. I did received your email a while afterward, but that was also not too helpful. If you are going to have embeddable forms, please at least warn your users so they don't make the same mistake I did (and many of us, probably). I suggest you: Create a dialog or line under the copy-able code that states that if that code is not embedded on a secure site (https:// not http://), then users will receive an error message stating that the site is secure and they may not make their donation. That's what happened to me, and I've lost donations because of it.
Comment