Announcement

Collapse
No announcement yet.

Secure server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure server

    http://www.operationshoestring.org/donate/
    I made my form using the Form as a Service, but donors can't make a donation because my site is not on a secure server. Is there something I could do besides paying for a secure server because that costs around $1, 000.

    Thank you

  • #2
    Good day RTania,

    I am not sure I understand the issue. You do NOT need a secure server for this - all you need is an SSL Key. You may buy an SSL key from your hosting company and install on the server that hosts your website. SSL keys range from $8/year to $100 - depending on where you buy it from.

    For example: https://www.servertastic.com/ssl-instant/

    You should ask your hosting company about how to add SSL to your website.

    For example: http://www.wpbeginner.com/wp-tutoria...-in-wordpress/

    I hope that answers your question.
    Regards,
    Click & Pledge Support Department

    On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

    Join us @ the educational webinars: https://clickandpledge.com/webinars/
    Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
    Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

    Comment


    • #3
      This is what somebody who tried to donate got. Could the SSL key fix this?

      Thank you

      Comment


      • #4
        Good day!

        Your form has to have https:// in its URL. If it is not a secure page it will NOT work. We will block all attempts for processing a payment when the page is not secure.

        Please set up SSL for your site. You are using the API forms. The API is designed for programmers that want to fully customize every aspect of the platform. Our open API is extremely flexible but the resulting form, when released, has to be on a secure site. You can add SSL to your site by contacting your web hosting company.

        If you are not able to set up SSL then we suggest you use our ready-made forms through Connect. Using the Connect widgets does not requires SSL since they are already set up with SSL and you do not need to make any changes to your site. You may want to review this KB article: http://help.clickandpledge.com/custo...rm-as-a-widget

        Under no circumstances a credit card number may be collected through an insecure page. If you are not sure how to set up SSL for your API form please use our widgets. Hope the above article helps.
        Regards,
        Click & Pledge Support Department

        On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

        Join us @ the educational webinars: https://clickandpledge.com/webinars/
        Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
        Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

        Comment


        • #5
          I got the SSL installed on the site, but now I need to have https://. I looked at tutorials about forcing users to access my page with https:// by adding code to my php page but I still get the alert.
          "
          The request has originated from an insecure page. The posting URL is: http://www.operationshoestring.org/donate/ PCI Standards mandate that personal information may only be transmitted over secure connection. Please add an SSL key to the site and post through a secure connection using https:// instead of http://
          "

          I added this code to the top of the php "<pre class="if($_SERVER['SERVER_PORT']!='443'){header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);exit();}
          "></pre>"

          Any help will be appreciated.

          Comment


          • #6
            Good day!

            Please see below:

            Click image for larger version

Name:	2015-09-27_15-59-55.jpg
Views:	1
Size:	90.5 KB
ID:	19417


            You should review the issues on your page that is causing the warning.

            As for the PHP code - we do not make programming recommendations. I did a search and came across the following: http://davidwalsh.name/force-secure-page-php

            Not sure if that will help but you may want to review it as reference.

            Hope that answers your question.


            Regards,
            Click & Pledge Support Department

            On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

            Join us @ the educational webinars: https://clickandpledge.com/webinars/
            Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
            Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

            Comment


            • #7
              Do I need to have SSL for the new Connect 2.0 forms? A potential donor wrote me today to say

              "I tried to donate, but the browser [link] I got through this email says it isn't secure and I get a warning not to enter sensitive information."
              This was at www.about-face.org/endmediamisogyny, and is set up using the new Connect 2.0 forms. There is nothing on Connect platform that states you need an SSL key.

              She also said:
              "I also tried to donate on your website, and I am getting an error message when I click "donate money" and I can't donate--there's no form available."

              This is related to http://www.about-face.org/support-us/donate-money/
              Sometimes the form takes a while to appear on the page as an iframe. This is an ongoing problem.

              All very inconvenient during an end-of-year campaign!

              Comment


              • #8
                jenberger

                Connect 2.0 and all Click & Pledge forms are secure and encrypted with 256 bit encryption, as mandated by PCI. The issue you are reporting and the concern of your donor is in reference to your page and not Connect.

                It is best if I explain in more detail.

                Your donor has visited YOUR page at http://www.about-face.org/support-us/endmediamisogyny/ and sees the following:

                Click image for larger version

Name:	2016-12-30_6-16-59.jpg
Views:	1
Size:	101.2 KB
ID:	29808


                Naturally you have not added an SSL to your site (something we highly recommend), not for security but for this very reason, your donor's perception. Now see our form, which you have iframed.

                Click image for larger version

Name:	2016-12-30_6-19-16.jpg
Views:	1
Size:	138.3 KB
ID:	29809



                As is illustrated above, the form is secure. The form is where the transaction takes place and as such all communication is secure & encrypted in transit.

                I hope that makes the issue a bit more clear.

                We highly recommend our clients to secure their site if they plan to iframe a page. This is not, as has repeatedly been stated above, for any security issues or concerns but for sole purpose of donor's confidence.

                Another important point to keep in mind is the future of browsers. Google Chrome and Firefox are going to start pushing for all websites to be secure. It is the future direction of the web world. It is best if you add SSL to your site so Google and other browsers also do not penalize your site - I want to make sure you realize this is not a Click & Pledge issue but a general recommendation.

                I did a quick search and the following site discusses this issue with some clarity: http://fortune.com/2016/09/08/google...ttps-security/

                Please let us know if we can be of more assistance and I hope I have provided some insight on how to think of this issue.

                Let us know if we can be of more assistance.
                Regards,
                Click & Pledge Support Department

                On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

                Join us @ the educational webinars: https://clickandpledge.com/webinars/
                Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
                Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

                Comment


                • #9
                  This was pretty unhelpful. It turns out that nonprofits can get a free SSL certificate that is well-respected at Let's Encrypt. Yes, your form is secure but it's no longer secure when iFramed and embedded on a site that is http:// only and not https:// . I figured all that out myself with very little help from this response. I did received your email a while afterward, but that was also not too helpful. If you are going to have embeddable forms, please at least warn your users so they don't make the same mistake I did (and many of us, probably). I suggest you: Create a dialog or line under the copy-able code that states that if that code is not embedded on a secure site (https:// not http://), then users will receive an error message stating that the site is secure and they may not make their donation. That's what happened to me, and I've lost donations because of it.

                  Comment

                  Working...
                  X