Good Morning,

I have a membership site and to date haven't been gathering information of the sensitive nature. But now I need to get SSN and DL etc...

We bought an SSL Cert, and now my challenge is this:

Do I secure only the pages that relate to gathering this information, or am I better off securing the entire site?

And the secondary question would be what changes need to be made to existing code in order to utilize the ssl?

:icon_idea:Any helpful hints would be greatly appreciated.

Thanks in advance.

Douglas Saferite

I prefer to have just the pages that need it to be encrypted rather than my whole site. Once you have SSL enabled on your host you should be able to just refer to the page using and reach the page while it is secure.

Remember that any scripts, images, etc that are in the code and using just http:// will cause the browser to throw a "warning" not an error. This is normal behavior but if you want to get rid of that message you need to change all these to use https:// in the code.

Thank you pixelsoul... I was beginning to think that nobody was paying attention, or planning on responding.

I think your suggestion is correct. That is pretty much where I was leaning. My main concern I guess is what changes would need to be implemented in the existing code.

Understanding exactly the 'intent' of ssl is helping to clear some of my concerns. I'm beginning to realize that SSL is just basically to secure the information if the member wants it secured. In other words, if they wanted to go to the page using http as opposed to https, the page would function the same, but without the security.. I am correct in that assumption, aren't I? That is what I've gotten out of my research so far...

Thanks again, and I guess I'll move forward now and see if I can break anything.


Your correct in your assumption about SSL.

SSL allows for communication over the HTTPS protocol to allow secure communication. Personally I would set it up some how so they had no option to get to the page using just standard HTTP. That would have to be done using redirects on the page and to detect whether they were using just HTTP and if so then redirect them to HTTPS instead. If you are using PHP you can use that to detect the address and then redirect the user accordingly.