SSL Security Announcement

All PhotoShelter websites now offer free SSL security.  SSL is a technology that ensures the privacy and security of connections to your website. This will allow visitors to navigate your website through a secure connection (via HTTPS). Up until now, only sensitive pages on your website were secure (such as login, e-commerce, billing, etc.), however with this SSL update, every page on your website will be HTTPS secure.

This is a huge security update and includes a host of benefits. We are using full site encryption which ensures that no one is able to intercept your traffic -- or worse, modify any content. This not only puts your site at the forefront of what’s quickly becoming the security standard for modern browsers, but it can also improve your SEO and add performance gains down the road.

Once SSL is enabled and live, you can verify that SSL is protecting a page by looking for a URL beginning with https://, instead of http://, and a padlock icon labeled as secure.

Screen_Shot_2017-04-20_at_4.06.35_PM.png

Timeline

  • April 2017 - you can now choose your SSL security preference (Yes or No) on the  security settings page.
  • May/June 2017 - PhotoShelter will enable SSL for anyone who is set to “Yes”. You will be able to switch back to “No” if needed until later this year.
  • Fall 2017 -  A site wide update will be made, where all PhotoShelter websites will transition to SSL (HTTPS).

NOTE: If you’ve added custom CSS and/or JavaScript code on your site, some of your pages may be subject to mixed content warnings once SSL is turned on. Scroll down to “Will my website be affected?” for more info.


Benefits of SSL

  • Visitors will see the secured icon as opposed to the “insecure” warning that some browsers, like Chrome and Firefox, have started showing. Eventually, these browsers intend to make the warnings more severe (e.g. showing "Not secure" in red).
  • It can also improve your SEO (See Google’s announcement stating SSL-secured websites would potentially rank higher in search results).
  • Having your site secured means that PhotoShelter can take advantage of the latest technology to maximize your site’s performance, add new features, and improve your visitors’ experience.

Enabling SSL

For the vast majority of our members, no action needs to be taken and this change will take place automatically. You can verify this by going to the security settings page and seeing if you’re defaulted to full site encryption (i.e. your preference is set to “Yes”). This means we are confident that the transition to SSL will not have any adverse effects on your site, and no further action is needed.  

Screen_Shot_2017-04-20_at_10.49.53_AM.png

My preference is set to No. Will my website be affected?

If your SSL Security preference is set to “No”, you fall under one of the following categories below and may be impacted by this security update. You should have also received an email as a precautionary measure. For example, you are:

  • Using custom header code that links to insecure code
  • Using manual customization (classic, legacy platform)
  • Using Graph Paper Press (classic, legacy platform)

Testing for mixed content

If you have made manual customizations on your site, it’s possible that some of the pages on your site may have mixed content browser warnings once the SSL update is implemented. This means some of the code that you or your designer added may be insecure (served over an HTTP connection). Since your full website will soon load over a HTTPS connection, a “not secure” browser warning may appear.

Screen_Shot_2017-04-20_at_10.10.20_AM.png

Test your site to see if adjustments need to be made by using the “Preview” link on the security settings page

  • If everything is displaying normally when served over HTTPS, you can proceed by changing your setting to “Yes”, and your site will be queued to move to a secure connection as soon as well make the switch.
  • If your site looks different than it normally does, the layout changes dramatically, or customizations you've added are broken, this means there is insecure code on your site that is being blocked when the page is secure. To avoid this, you should keep your preference set to ”No” while looking for ways in which you can load external content securely.

Troubleshooting tips

If you’re linking to CSS/JS hosted on your blog or another site, an easy first step would be to update any links to that code used in PhotoShelter to begin with “https://”, and see if those resources load. If they do, you’re good to go and can set your preference to “Yes”!

If that doesn’t work, it’s likely because the site where your CSS/JS is hosted does not support SSL. Consider upgrading that site to use SSL as well (contact your hosting provider for assistance). Once that site is secure, the updated “https://” links will work.

If switching your other site to use SSL is not an option, you could consider hosting your CSS/JS somewhere that does support SSL. Some free options include:

Please note that our client services team is unable to troubleshoot advanced customizations. If your website is heavily customized and you need additional assistance with this, you may want to try reaching out to our certified consultants. Their information can be found here.

NOTE: If you are still using our classic, legacy platform and/or Graph Paper Press, we want to remind you that these are no longer supported by PhotoShelter and therefore no further improvements will be made. While we do not have plans for them to be discontinued in the very near future, this would be a great opportunity for you to upgrade to our updated, responsive templates.  These templates are fully supported and are updated to today’s web standards. You’ll find making customizations much easier, and an overall modern website experience for both you and your visitors.    

Still have questions? Contact us.

Comments

Powered by Zendesk