Securing your Registration and Payment Pages

Securing your Registration and Payment Pages

Overview

If you will be offering on-site payment options (like PayPal Pro or Authorize.net) then we recommend adding SSL-encryption to your site. This guide will help you set up SSL for your Event Espresso powered website.

Notes:

Before you start, be sure you have a private (non-shared) SSL certificate installed for your domain.

If your site is hosted on WPEngine, please follow this guide instead:
https://wpengine.com/support/securing-all-urls-with-ssl/
The plugins mentioned in this guide duplicate already existing WPEngine features and therefore should not be used on WPEngine hosted sites.

Option 1: How to secure your entire site with Really Simple SSL

  1. Download, install, and activate the Really Simple SSL plugin.
  2. That’s it! The switch to https will log you out of the site, so you’ll need to log back in.

Option 2: How to secure only certain pages of the site with WordPress HTTPS

  1. Download, install, and activate the WordPress HTTPS plugin.
  2. Go to the HTTPS tab in your WordPress admin menu.
  3. You will want to enable Force SSL Exclusively if you only want to load your site in SSL on selective pages. (If you want to enable SSL on all pages you can use the other plugin recommended in option 1)
    If you have Event Espresso 4 you will also need to secure the WordPress admin by checking the box with the label “Force SSL Administration”.
  4. Now you will need to Force SSL on the Event Espresso pages that display the ticket selector and handle checkout. You can set these with the URL Filters > Secure Filters fields on the HTTPS settings page.

    Image

    Refer to the Page Settings in your Event Espresso General Settings to make sure you are updating the correct pages. If you will be adding new pages that have the Ticket selector shortcode on them, you can force those pages to be secure from the page editor.

    Secure post

    The pages that need to be secured are also listed in Event Espresso>System Status/ Event Espresso>General Settings>Critical Pages. These are:

    • Main Registration Page/Registration Checkout Page
    • Auto Return URL/Thank You Page
    • Notify URL/Transactions Page

Image

  1. Now you can go to your event list and do a test registration. You should be able to complete the transaction with SSL.

Other notes:

If you have Event Espresso 4 you will also need to secure the WordPress admin by checking the box with the label “Force SSL Administration”.

Event Espresso 3 only: If you have Multi Event Registration installed and are using the [ESPRESSO_CART_LINK] shortcode on pages and posts you’ll need to secure those pages as well.

If you are using the WP Users integration, you may want to enable FORCE_SSL_LOGIN or force SSL across the site to be sure that your members do not get logged out when the site they enter the SSL-encrypted pages. See Administration over SSL for more information.

Some WordPress theme authors and plugin developers hardcode “http” when linking to page resources like images and JavaScript files. This will usually lead to insecure content warnings. Theme files and plugin files may need to be altered to use the WordPress template tags get_home_url and site_url.

If you have WooCommerce installed on your site you’ll need to ensure that you do not have any force HTTP/HTTPs settings turned on in the WooCommerce plugin.


Need more help?

Do NOT follow this link or you will be banned from the site!