All PhotoShelter websites now offer free SSL security. SSL is a technology that ensures the privacy and security of connections to your website. This will allow visitors to navigate your website through a secure connection (via HTTPS).
This is a huge security update and includes a host of benefits. We are using full site encryption which ensures that no one is able to intercept your traffic -- or worse, modify any content. This not only puts your site at the forefront of what’s quickly becoming the security standard for modern browsers, but it can also improve your SEO and add performance gains down the road.
Once SSL is enabled and live, you can verify that SSL is protecting a page by looking for a URL beginning with https://, instead of http://, and a padlock icon labeled as secure.
Benefits of SSL
- Visitors will see the secured icon as opposed to the “insecure” warning that some browsers, like Chrome and Firefox, have started showing. Eventually, these browsers intend to make the warnings more severe (e.g. showing "Not secure" in red).
- It can also improve your SEO (See Google’s announcement stating SSL-secured websites would potentially rank higher in search results).
- Having your site secured means that PhotoShelter can take advantage of the latest technology to maximize your site’s performance, add new features, and improve your visitors’ experience.
The majority of our members were automatically switched over to SSL security automatically with this release. You can verify this by going to the security settings page and seeing if you’re defaulted to full site encryption (i.e. your preference is set to “Yes”).
If the SSL Security option is set to "No" this means that either you chose to turn off HTTPS, or you have a manually customized site that may require edits in order to support HTTPS. To test if your site loads properly using SSL security, you can switch the option to "Yes" and then save. If there are issues, you can switch it back to "No" and read below how to update in advance of our site-wide move to HTTPS.
If your SSL Security preference is set to “No”, you fall under one of the following categories below and may be impacted by this security update. You should have also received an email as a precautionary measure. For example, you are:
- Using custom header code that links to insecure code
- Using manual customization (classic, legacy platform)
- Using Graph Paper Press (classic, legacy platform)
Testing for mixed content
If you have made manual customizations on your site, it’s possible that some of the pages on your site may have mixed content browser warnings once the SSL update is implemented. This means some of the code that you or your designer added may be insecure (served over an HTTP connection). Since your full website will soon load over a HTTPS connection, a “not secure” browser warning may appear.
Test your site to see if adjustments need to be made by using the “Preview” link on the security settings page.
- If everything is displaying normally when served over HTTPS, you can proceed by changing your setting to “Yes”, and your site will be queued to move to a secure connection as soon as well make the switch.
- If your site looks different than it normally does, the layout changes dramatically, or customizations you've added are broken, this means there is insecure code on your site that is being blocked when the page is secure. To avoid this, you should keep your preference set to ”No” while looking for ways in which you can load external content securely.
If you’re linking to CSS/JS hosted on your blog or another site, an easy first step would be to update any links to that code used in PhotoShelter to begin with “https://”, and see if those resources load. If they do, you’re good to go and can set your preference to “Yes”!
If that doesn’t work, it’s likely because the site where your CSS/JS is hosted does not support SSL. Consider upgrading that site to use SSL as well (contact your hosting provider for assistance). Once that site is secure, the updated “https://” links will work.
If switching your other site to use SSL is not an option, you could consider hosting your CSS/JS somewhere that does support SSL (GitHub, for example).
Please note that our support team is unable to troubleshoot advanced customizations. If your website is heavily customized and you need additional assistance with this, you may want to try reaching out to our certified consultants. Their information can be found here.
Note: If you're still using our Classic, legacy platform and/or Graph Paper Press, we want to remind you that these are no longer supported by PhotoShelter and therefore no further improvements will be made. While we do not have plans to be discontinued in the very near future, this would be a great opportunity for you to upgrade to our newer, responsive templates.