Type in your suggestion - new feature or improvement idea

Redirect HTTPS to HTTP for Payments Only SSL setting

For sites that use the "Payments Only" setting for SSL and a custom domain, WA still allows users to access the non-payment pages using HTTPS. That seems convienient, but there are side effects to allowing HTTPS access to an HTTP page. First, if a user does try to access a non-payment page with HTTPS, they will get a browser certificate mis-match warning. As you know, the warning that modern browsers display can be quite scary to the average user. I think you will find this issue to be more common than you think, such as a new site where the site owner has moved from an older all https site to WA and used custom page urls on their key pages. Or hand typed URLs. The second issue this would solve is with Google Webmaster Tools. WMT searches sites that have certificate mis-matches (like my three WA sites) and emails the admin about once a month to warn them about the cert mis-match. This could cause concern with some admins that don;t understand that the mis-match is legitimate and expected. So I am suggesting that when a site is using the "Payments Only" SSL setting, any HTTPS requests be redirected (with .htaccess?) to HTTP. This is really only needed for custom domains, but wouldn't hurt for non-custom domains. Thank you WA for considering this enhancement. Others please comment if you agree.

2 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    DennisDennis shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Dmitry ButerinDmitry Buterin commented  ·   ·  Flag as inappropriate

        Thanks for posting.

        To summarize, let's say your site is http://www.abc.org and it's setup on Wild Apricot to redirect to https on payments only. Your secondary free WA domain is abc.wildapricot.org

        Currently if someone (actual visitor or Google WMT) tries (for some reason) to access the site as httpS://www.abc.org, WA would allow secure connection - but it would have to use Wild Apricot security certificate and some browsers display scary looking warning before they are allowed to proceed.

        So the suggestion is to silently redirect them to http://www.abc.org instead

        I would appreciate comments from others.

      Feedback and Knowledge Base

      Wild Apricot Inc. 144 Front Street West Suite 725, Toronto, Ontario, Canada M5J 2L7