HomeSupportDocumentationEE4 DocsSecuring your registration and payment pages

Securing your registration and payment pages

Overview

If you will be offering on-site payment options (like PayPal Pro) we recommend using the WordPress HTTPS plugin to handle SSL-encryption on your site. This guide will help you set up SSL for Event Espresso.
[s2If current_user_can(access_s2member_ccap_vip_membership) OR current_user_can(access_s2member_level1)]

Notes:

Before you start, be sure you have a private (non-shared) SSL certificate installed for your domain.

If your site is hosted on WPEngine, please contact WPEngine support and they can help you set up your e-commerce pages to serve as https. The WordPress HTTPS plugin duplicates already existing WPEngine features and therefore does not work on WPEngine hosted sites.

Option 1: Setting up WordPress SSL/HTTPS

  1. Download and install theĀ WordPress HTTPS plugin.
  2. Go to the HTTPS tab in your WordPress admin menu.
  3. You will want to enable Force SSL Exclusively if you only want to load your site in SSL on selective pages. (If you want to enable SSL on all pages, do not use the Force SSL Exclusively option. Note, if you use SSL across the whole site it may affect page loading time.) Image
  4. Now you will need to Force SSL on the Event Espresso pages that handle checkout. Refer to the Page Settings in your Event Espresso General Settings to make sure you are updating the correct pages. The pages that need to have SSL turned on are also listed in Event Espresso>System Status. These are:
    • Main Registration Page
    • Auto Return URL
    • Notify URL


Image

  1. Now you can go to your event list and do a test registration. You should be able to complete the transaction with SSL.


Other notes:

If you have Multi Event Registration installed and are using the [ESPRESSO_CART_LINK] shortcode on pages and posts you’ll need to secure those pages as well.

If you are using the Members Integration plugin, you may want to enable FORCE_SSL_LOGIN or force SSL across the site to be sure that your members do not get logged out when the site they enter the SSL-encrypted pages. See Administration over SSL for more information.

Some WordPress theme authors and plugin developers hardcode “http” when linking to page resources like images and JavaScript files. This will usually lead to insecure content warnings. Theme files and plugin files may need to be altered to use the WordPress template tags get_home_url and site_url.[/s2If]
[s2If !current_user_can(access_s2member_level1)]

The page you are trying to access is reserved for VIP Members and registered Event Espresso users. Please purchase a support license for Event Espresso, VIP access or log-in. If you think you are receiving this message in error, contact us.

[/s2If]

Need more help?

  • Browse or search for more information on this topic in our support forums. Customers with an active support license can open a support topic and get help from Event Espresso staff.
  • Have an emergency? Purchase a support token and get expedited one-on-one help!
  • Go back to documentation for Event Espresso
Event Espresso - Staging Server