Community Support Forums

[dvpro]

I will put something on the EE site.

This may be a lame question but I cannot find anything that addresses it specifically. For WP sites needing secure transaction processing, what are the ramifications if the site has been installed as http and then a SSL cert and dedicated IP are applied versus without reinstalling WP as https?

Two of the sites where we have installed WP as https and THEN we added the SSL cert and IP seem to work fine for secure transactions. However, the admin sections have the added overhead of https.

[Jason Caldwell]

This may be a lame question but I cannot find anything that addresses it specifically. For WP sites needing secure transaction processing, what are the ramifications if the site has been installed as http and then a SSL cert and dedicated IP are applied versus without reinstalling WP as https?

Well starting with an http installation is the most popular way. Then as you said, add a dedicated IP and the SSL certificate to enable the use of SSL over the https protocol. Once that's in place, you should only need to use s2Member's instructions, as seen below.

For the benefit of other readers...
taken from our FAQ at s2Member.com.

Do I need an SSL certificate to use PayPal® Pro or Authorize.Net®?

If you're using s2Member's Pro Forms, then yes. In order to comply with PayPal®, Authorize.Net® and PCI Compliance policies, as set forth by major credit card companies; you will need to host all of your Pro Forms on an SSL enabled site. Please check with your hosting provider to ask about obtaining an SSL certificate for your domain. Please note... when you create Pro Forms using the Form Generators provided by s2Member; you'll be supplied with WordPress® Shortcodes, which you'll insert into Posts/Pages of your choosing. These special Posts/Pages will need to be displayed in SSL mode, using links that start with ( https:// ). In other words, when you link to these Posts/Pages, you'll need to make sure your links start with https://.

You can skip the SSL certificate during Development/Sandbox testing. SSL is not required until you officially go live. Once you're live, you can add the Custom Field s2member_force_ssl -> yes to any Post/Page. s2Member will buffer output on those special Posts/Pages, converting everything over to https:// for you automatically, and forcing those specific Posts/Pages to be viewed over a secure SSL connection; so long as your server supports the https protocol. This will help you eliminate the dreaded Secure/Insecure errors in Internet Explorer®. If your server runs SSL over a special port number, or your server requires the port number to actually be in the URL ( i.e. HOST:port ), you can set s2member_force_ssl -> 443; or to whatever port you need.

Is WordPress® compatible with SSL enabled?

Yes, WordPress® is indeed compatible with SSL enabled ( https:// ). However, not all themes/plugins are designed to behave properly with SSL enabled. For instance, some WordPress® themes/plugins embed links to images, scripts, and/or style sheets; all starting with http://, instead of https://, ( or just //: - which is cross-protocol compatible ). For this reason, you should be very careful when choosing a WordPress® theme/plugin to use with s2Member Pro. Otherwise, your visitors could see the famous "Secure/Insecure" warnings in Internet Explorer® browsers.

A good web developer can fix this minor issue with ease,
but novice site owners are advised to get help from a professional.

*Tip: All themes available at PriMoThemes.com include full support for SSL enabled Posts/Pages. Also, with s2Member installed, you can add the Custom Field s2member_force_ssl -> yes to any Post/Page. s2Member will buffer output on those special Posts/Pages, converting everything over to https:// for you automatically, and forcing those specific Posts/Pages to be viewed over a secure SSL connection; so long as your server supports the https protocol.

[dvpro]

We have two other sites that were installed from scratch as https (with SSL cert and dedicated IP) and they seem to work fine using the Wordpress HTTPS plugin to force SSL. The downside - or upside for some - is that the admin sections are all SSL and take more time to load.
However, on a different site, the problem with s2 and Event Espresso remains. What is interesting is that Event Espresso's own version of Wordpress HTTPS works for s2 but not for the EE pages.