Hello, I need to add secure client registration form to one of my websites. The result of form submission should be an email with form information sent to predefined address. I understand that for forms to be secure (use HTTPS) I will need to get an SSL certificate, but my questions are regarding approach (I am planning to hire a developer on Elance to do this job for me): - is there some ready software that could be used for this purpose? - how much effort (e.g. # of hours) to build something like this for an experienced developer? Somebody recommended to use Fast Secure Contact Form for WordPress but I am not sure how I can make it work over HTTPS if I don't want to transition the entire site to HTTPS...? Any suggestions will be highly appreciated. Thanks, Jeff
A quick search on "https+only+one+page" gives this result (only the top four), all using .htaccess you can add to the one existing on your Wordpress install: http://stackoverflow.com/questions/...edirect-for-a-single-page-using-relative-urls http://stackoverflow.com/questions/22707060/https-for-only-one-page http://stackoverflow.com/questions/16152914/redirect-single-page-http-to-https http://stackoverflow.com/questions/7133599/redirect-http-to-https-for-one-page The Fast Secure Contact Form plugin that you mention doesn't seem to handle member registration, if you would want your clients to be able to login to your site. This will allow you to accept your client emails, though. However, if you need your clients to login to your site (I presume it is developed on WP), you will need a membership plugin.
Also, what is wrong with just moving the whole site to HTTPS? If you're worried about rankings / SEO, that is very easily handled via a redirect, and normally HTTPS is preferred simply because it adds a tad bit of security to stuff like logins and such. So, why not just move the whole site to HTTPS? It would involve maybe 3-5 lines in a .htaccess-file.
There's another advantage of using https on all pages: you will get correct statistic on your google analytics. Basically, if your URLs is clicked on another website with https (e.g https://forum.digitalpoint.com/), GA will consider this a direct traffic (if your website doesn't have SSL), or will correctly consider this a referral traffic (if your website has SSL). Here is a quote: source: https://megalytic.com/blog/understanding-direct-traffic-in-google-analytics
Re: , the problem is that with redirect it takes a while to restore the rankings/SEO, in some case it may take over a year even if all the things are handled properly. The problem with Google is that, while they are encouraging moving to HTTPS (they even promise better rankings), their algorithms drop your SERP with any innocent changes (e.g. adding internal link in the text) to target pages. According to some SEO blogs, after moving to HTTPS (performed strictly according to Google-endorced guidelines) the organic traffic dropped 80%, after 3 months it was at 50% and it fully recovered only after 6 months. As this is a commercial site with relatively high SERP, I just cannot risk the loss of traffic/clientele with move to HTTPS
That's interesting. Did not know that before. What about using both http and https at the same time? So, your visitors can visit your site both at http and https. You can add both versions in your webmaster tools, and after a year force redirect to https. What are your thoughts about it?
I am not sure, as I am concerned about duplicate content in the interim. At the moment, the best approach is probably what was suggested in the threads from your search "https+only+one+page", I will try to test these approaches next week. The main issue seems to be setting .htaccess the way that https redirect is not "sticky" i.e. when somebody switches away from https page they get back to http mode.
Except ssl certificate installed on your website and exclusively using https, you can insert validation token and post it along with form data and than validate it, to be sure that someone with different credentials used other user's form.