Good day RTania,

I am not sure I understand the issue. You do NOT need a secure server for this - all you need is an SSL Key. You may buy an SSL key from your hosting company and install on the server that hosts your website. SSL keys range from $8/year to $100 - depending on where you buy it from.

For example: https://www.servertastic.com/ssl-instant/

You should ask your hosting company about how to add SSL to your website.

For example: http://www.wpbeginner.com/wp-tutoria...-in-wordpress/

I hope that answers your question.

Good day!

Your form has to have https:// in its URL. If it is not a secure page it will NOT work. We will block all attempts for processing a payment when the page is not secure.

Please set up SSL for your site. You are using the API forms. The API is designed for programmers that want to fully customize every aspect of the platform. Our open API is extremely flexible but the resulting form, when released, has to be on a secure site. You can add SSL to your site by contacting your web hosting company.

If you are not able to set up SSL then we suggest you use our ready-made forms through Connect. Using the Connect widgets does not requires SSL since they are already set up with SSL and you do not need to make any changes to your site. You may want to review this KB article: http://help.clickandpledge.com/custo...rm-as-a-widget

Under no circumstances a credit card number may be collected through an insecure page. If you are not sure how to set up SSL for your API form please use our widgets. Hope the above article helps.

I got the SSL installed on the site, but now I need to have https://. I looked at tutorials about forcing users to access my page with https:// by adding code to my php page but I still get the alert.
""

I added this code to the top of the php "<pre class="if($_SERVER['SERVER_PORT']!='443'){header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);exit();}
"></pre>"

Any help will be appreciated.

Good day!

Please see below:



You should review the issues on your page that is causing the warning.

As for the PHP code - we do not make programming recommendations. I did a search and came across the following: http://davidwalsh.name/force-secure-page-php

Not sure if that will help but you may want to review it as reference.

Hope that answers your question.

Do I need to have SSL for the new Connect 2.0 forms? A potential donor wrote me today to say

"I tried to donate, but the browser [link] I got through this email says it isn't secure and I get a warning not to enter sensitive information."
This was at www.about-face.org/endmediamisogyny, and is set up using the new Connect 2.0 forms. There is nothing on Connect platform that states you need an SSL key.

She also said:
"I also tried to donate on your website, and I am getting an error message when I click "donate money" and I can't donate--there's no form available."

This is related to http://www.about-face.org/support-us/donate-money/
Sometimes the form takes a while to appear on the page as an iframe. This is an ongoing problem.

All very inconvenient during an end-of-year campaign!

jenberger

Connect 2.0 and all Click & Pledge forms are secure and encrypted with 256 bit encryption, as mandated by PCI. The issue you are reporting and the concern of your donor is in reference to your page and not Connect.

It is best if I explain in more detail.

Your donor has visited YOUR page at http://www.about-face.org/support-us/endmediamisogyny/ and sees the following:



Naturally you have not added an SSL to your site (something we highly recommend), not for security but for this very reason, your donor's perception. Now see our form, which you have iframed.




As is illustrated above, the form is secure. The form is where the transaction takes place and as such all communication is secure & encrypted in transit.

I hope that makes the issue a bit more clear.

We highly recommend our clients to secure their site if they plan to iframe a page. This is not, as has repeatedly been stated above, for any security issues or concerns but for sole purpose of donor's confidence.

Another important point to keep in mind is the future of browsers. Google Chrome and Firefox are going to start pushing for all websites to be secure. It is the future direction of the web world. It is best if you add SSL to your site so Google and other browsers also do not penalize your site - I want to make sure you realize this is not a Click & Pledge issue but a general recommendation.

I did a quick search and the following site discusses this issue with some clarity: http://fortune.com/2016/09/08/google...ttps-security/

Please let us know if we can be of more assistance and I hope I have provided some insight on how to think of this issue.

Let us know if we can be of more assistance.

This was pretty unhelpful. It turns out that nonprofits can get a free SSL certificate that is well-respected at Let's Encrypt. Yes, your form is secure but it's no longer secure when iFramed and embedded on a site that is http:// only and not https:// . I figured all that out myself with very little help from this response. I did received your email a while afterward, but that was also not too helpful. If you are going to have embeddable forms, please at least warn your users so they don't make the same mistake I did (and many of us, probably). I suggest you: Create a dialog or line under the copy-able code that states that if that code is not embedded on a secure site (https:// not http://), then users will receive an error message stating that the site is secure and they may not make their donation. That's what happened to me, and I've lost donations because of it.