Redirect HTTPS to HTTP for Payments Only SSL setting
For sites that use the "Payments Only" setting for SSL and a custom domain, WA still allows users to access the non-payment pages using HTTPS. That seems convienient, but there are side effects to allowing HTTPS access to an HTTP page. First, if a user does try to access a non-payment page with HTTPS, they will get a browser certificate mis-match warning. As you know, the warning that modern browsers display can be quite scary to the average user. I think you will find this issue to be more common than you think, such as a new site where the site owner has moved from an older all https site to WA and used custom page urls on their key pages. Or hand typed URLs. The second issue this would solve is with Google Webmaster Tools. WMT searches sites that have certificate mis-matches (like my three WA sites) and emails the admin about once a month to warn them about the cert mis-match. This could cause concern with some admins that don;t understand that the mis-match is legitimate and expected. So I am suggesting that when a site is using the "Payments Only" SSL setting, any HTTPS requests be redirected (with .htaccess?) to HTTP. This is really only needed for custom domains, but wouldn't hurt for non-custom domains. Thank you WA for considering this enhancement. Others please comment if you agree.
Dmitry Buterin commented
Thanks for posting.
To summarize, let's say your site is http://www.abc.org and it's setup on Wild Apricot to redirect to https on payments only. Your secondary free WA domain is abc.wildapricot.org
Currently if someone (actual visitor or Google WMT) tries (for some reason) to access the site as httpS://www.abc.org, WA would allow secure connection - but it would have to use Wild Apricot security certificate and some browsers display scary looking warning before they are allowed to proceed.
So the suggestion is to silently redirect them to http://www.abc.org instead
I would appreciate comments from others.