Company Blog Support
Rochelle Yoshida


    Back to Top

    Order Form Security Updates


    About Order Form Security Updates

    Increasing Internet security standards require changes in the way ONTRAPORT order forms can be displayed. Effective April 30, 2018 all ONTRAPORT order forms must be hosted on a domain with a SSL certificate. 

    • All ONTRAPORT domains and hosted WordPress sites will be converted to SSL automatically. 
    • All order forms hosted on a non-ONTRAPORT domain must have a SSL certificate.
    • Order forms on sites that do not have a SSL certificate will be suppressed. In the place of the order form a warning image will be displayed:

      Non SSL site warning is displayed instead of the order form

    Quickstart: What You Need To Do

    • For websites or landing pages hosted with ONTRAPORT: Do nothing, ONTRAPORT has you covered!
    • For websites that you don't host with ONTRAPORT: Add a SSL Certificate to the website. 
    • For third party sites or services such as LeadPages or Clickfunnels with order forms: Check with the vendor to have a SSL certificate added.

    If your host cannot provide a SSL certificate, move your order form to a site that does have a SSL certificate. Otherwise, the order form will stop working after April 30, 2018.

    For developers using our /landingPage/getHostedURL API endpoint, we will return the https URL.

    The following sections provide more information.

    What is SSL

    SSL ("Secure Sockets Layer") is a method to encrypt the data flowing between your customer's Internet browser and your website. Without SSL, everything your customer types into your login, opt-in or order form is transmitted in plain text between their computer and your form, making it easy for a hacker to capture the data. All modern browsers automatically recognize when you have SSL enabled and will encrypt the data.

    In this context, we are using "SSL" to stand for both "SSL" and "TLS", the security protocols used when you add an SSL certificate to your website.

    When a website has a valid SSL certificate the browser URL bar displays a green lock, globe or other icon to show the site is secure and trusted by the browser.

    Secure browser address bar with lock icon

    More About Your ONTRAPORT Hosted Content

    ONTRAPORT will be adding SSL certificates to all hosted landing pages and WordPress sites in early 2018 to ensure they continue to work. Landing pages, including Legacy Landing Pages and ONTRApages, will automatically redirect to the SSL version of the site.

    WordPress sites may experience issues related to the change. For example, we cannot control any images you have linked from other non-secure sites, and these may show as "mixed content" and trigger warnings from the browser. We recommend you visit your ONTRAPORT hosted WordPress site when the SSL certificate has been added and check each page for warnings. Use the latest version of Chrome and Firefox in testing, as they are the most stringent with the new standards.

    If you are having trouble with SSL on a WordPress site we recommend installing the Really Simple SSL plugin.  It does not conflict with PilotPress and resolves most of the problems.

    More About Your Self Hosted Content

    Websites You Host Elsewhere

    Self hosted content includes websites you host with an outside host such as GoDaddy, WP-Engine, Knownhost or SiteGround. Check with your host to obtain a SSL certificate for your website. Prices vary, but are usually less than $100 per year (they are sometimes provided at no charge). 

    All ONTRAPORT resources such as forms, videos, images and even ONTRApages displayed by the ONTRApages plugin will automatically adopt the SSL certificate you install. 

    We recommend the Really Simple SSL plugin for your WordPress site if you experience problems after adding a SSL certificate. It does not conflict with PilotPress and resolves most of the problems.

    Landing Pages You Host Elsewhere

    For your landing pages hosted with other services such as LeadPages or ClickFunnels, be sure they are providing secure SSL domains. ONTRAPORT forms installed on non-secure domains will be disabled by ONTRAPORT and a warning image will be displayed instead.

    The ONTRApages WordPress Plugin and SSL

    The ONTRApage will inherit the web site's SSL certificate.

    If you have a WordPress site on a third party web host such as GoDaddy, WP-Engine, KnownHost or SiteGround, contact the web host to purchase an SSL certificate for your website. Order forms on ONTRApages imported via the ONTRApages Plugin will not display on a non-SSL site.

    ONTRAPORT Forms on Non-Secure Web Sites

    ONTRAPORT will be disabling order forms hosted on non-secure sites effective April 30, 2018.  This image will replace the order form:

    Warning notice for non-secure pages


    Articles in this section

    Created - Updated
    Have more questions? Submit a request


    Powered by Zendesk