Did you ever had this question in your mind : Is SSL feature needed for all websites?

I can answer “It depends”. Because, if your site does not contain any sensitive data or it only contains static pages then not having SSL is not a big issue. But if your website is dynamic and it contains sensitive data then your website must have SSL.

Pro’s of SSL

1. Data Integrity : If website is in https then you can guarantee that data is not modified in between the transmission channel.
2. Identity Verification : Certificate guarantee that the information received by the browser is delivered by a right domain.
3. User Trust : Customer will appreciate if you consider the security of their data seriously.
4. Helps in SEO : Site with https is rank higher in google search.

Con’s of SSL

1. Content Displaying : Slower in https than serving it via http.
2. Cost of Certification : Certificates signed by well-known authorities can be expensive.
3. Browser Warning : If website is having mixed mode, i.e. some web pages are serving via http and some via https, then warning is shown by the browser on redirection.

In context of PayPlans, we have implemented SSL to secure payment information of user’s card details, cvv information etc. Previously our customers had issue related to browser warning message during redirection from https URL to http URL. Now, after this new implementation, if Payplan SSL is enabled then such warning will not shown by the browser.

How SSL is implemented in PayPlans?

Case 1 : Joomla Force SSL set to Entire Site and PayPlan SSL is Not Enabled

PayPlans is very adaptive in nature. If Joomla SSL is set to “Entire Site” then PayPlans templates are automatically converted to secure URL. It means all templates are redirected from “http” to “https” .

Case 2 : Joomla Force SSL is not enabled and PayPlan SSL is enabled

PayPlans handles these scenarios very well. If you don’t want your entire site in SSL but only PayPlans in SSL, then set the PayPlans’ Use Https (SSL) parameter to Yes as shown in the image below.

After enabling this setting, PayPlans’ Payment form is redirect to https URL and your sensitive information is secured during transmission process. However, when user completes payment process, then according to the payment gateway response he/she will redirects to different web-page it may be cancel-page, error-page or thanks-pages and URLs of these pages are in http.

And as we know that, browser shows warning when it redirects from https to http URL.

We handled such situation wisely so browser warning will not shown during the URL redirection.

Important Note: Joomla URLs change their behaviour according to the current schema. If current URL is in https and you redirect to some other web-page then automatically its URL gets converted to https. To avoid such situations, you need to complete the payment process first and after that redirect to other web-page .