Partners Support Log In
Rochelle Yoshida


    Back to Top

    Order Form Security Updates

    About Order Form Security Updates

    Applies to: ONTRAPORT Plus and above.

    Increasing Internet security standards require changes in the way ONTRAPORT order forms can be displayed. Effective April 30, 2018 all ONTRAPORT order forms must be hosted on a domain with a SSL certificate.

    • All ONTRAPORT domains and hosted WordPress sites will be converted to SSL automatically.
    • If you were an Office Autopilot client and still have pages hosted on deprecated domains such as, please see the section Converting Office Autopilot Domains below.
    • All order forms hosted on a non-ONTRAPORT domain must have a SSL certificate.
    • Order forms on sites that do not have a SSL certificate will be suppressed. In the place of the order form a warning image will be displayed:

      Non SSL site warning is displayed instead of the order form

    Quickstart: What You Need To Do

    • For landing pages hosted with ONTRAPORT: Do nothing, ONTRAPORT has you covered!
    • For websites that you don't host with ONTRAPORT: Add a SSL Certificate to the website.
    • For third party sites or services such as LeadPages or Clickfunnels with order forms: Check with the vendor to have a SSL certificate added.

    Note: At the current time, WordPress sites hosted by ONTRAPORT cannot have a SSL certificate added to them and should not be used for e-commerce sites.

    If your host cannot provide a SSL certificate, move your order form to a site that does have a SSL certificate. Otherwise, the order form will stop working after April 30, 2018.

    For developers using our /landingPage/getHostedURL API endpoint, we will return the https URL.

    The following sections provide more information.

    What is SSL

    SSL ("Secure Sockets Layer") is a method to encrypt the data flowing between your customer's Internet browser and your website. Without SSL, everything your customer types into your login, opt-in or order form is transmitted in plain text between their computer and your form, making it easy for a hacker to capture the data. All modern browsers automatically recognize when you have SSL enabled and will encrypt the data.

    In this context, we are using "SSL" to stand for both "SSL" and "TLS", the security protocols used when you add an SSL certificate to your website.

    When a website has a valid SSL certificate the browser URL bar displays a green lock, globe or other icon to show the site is secure and trusted by the browser.

    Secure browser address bar with lock icon

    More About Your ONTRAPORT Hosted Content

    ONTRAPORT will be adding SSL certificates to all hosted landing pages in 2018 to ensure they continue to work. Auto-redirection will not be enabled, so you must use the https protocol in any links to the landing pages.

    More About Your Self Hosted Content

    Websites You Host Elsewhere

    Self hosted content includes websites you host with an outside host such as GoDaddy, WP-Engine, Knownhost or SiteGround. Check with your host to obtain a SSL certificate for your website. Prices vary, but are usually less than $100 per year (they are sometimes provided at no charge).

    All ONTRAPORT resources such as forms, videos, images and even ONTRApages displayed by the ONTRApages plugin will automatically adopt the SSL certificate you install.

    We recommend the Really Simple SSL plugin for your WordPress site if you experience problems after adding a SSL certificate. It does not conflict with PilotPress and resolves most of the problems.

    Landing Pages You Host Elsewhere

    For your landing pages hosted with other services such as LeadPages or ClickFunnels, be sure they are providing secure SSL domains. ONTRAPORT forms installed on non-secure domains will be disabled by ONTRAPORT and a warning image will be displayed instead.

    The ONTRApages WordPress Plugin and SSL

    The ONTRApage will inherit the web site's SSL certificate.

    If you have a WordPress site on a third party web host such as GoDaddy, WP-Engine, KnownHost or SiteGround, contact the web host to purchase an SSL certificate for your website. Order forms on ONTRApages imported via the ONTRApages Plugin will not display on a non-SSL site.

    ONTRAPORT Forms on Non-Secure Web Sites

    ONTRAPORT will be disabling order forms hosted on non-secure sites effective April 30, 2018. This image will replace the order form:

    Warning notice for non-secure pages

    Converting Office Autopilot Domains

    The following Office Autopilot domains will not have SSL certificates automatically applied. These are deprecated domains and should be replaced using the process outlined below:


    Pages hosted on secure domains do not need any action taken.

    Office Autopilot domain names

    How to Create Redirect Pages for Deprecated Domains

    You can choose to simply recreate your deprecated pages in ONTRAPORT using a new domain and delete the old pages. You can also use the following steps to redirect any visitors following the old links to your new pages.

    1. Using Firefox, go to the Pages collection, and select the legacy landing page hosted on the deprecated domain. Click Copy from the action bar and copy the page.

      click to copy the legacy landing page
    2. Open the copied page for editing. Click the Page URL link at the top and select a new domain to host the copied page on. Save the copied page.

      Click the Page URL link to host the copied page on a new URL
    3. Take a screen shot or copy the domain from the original page, or at least open the published page in a new window. You need the complete domain information for step 7. You must have the exact domain name so working from memory is a bad idea.

      Copy the old URL for use in the redirect page later
    4. Open the old page on the deprecated domain for editing and click the Page URL link. Select the button to un-host the page.

      unhost the old landing page
    5. Go to Administration > Legacy features and select "Redirects".
    6. Click the radio button for Use your own domain (the second radio button).
    7. Paste in the full domain name of the deprecated domain page from step 3.
    8. Select the copied page you created in step 1.

      Redirect Landing Page steps
    9. Save the redirect landing page form.

    People visiting the old domain will be redirected to the new domain now. ONTRAPORT will apply the SSL certificate to the new domains by the end of April, 2018.

    Articles in this section

    Created - Updated
    Have more questions? Submit a request