Tutorial

Set Your MemberGate Site So All Pages Are Secure
(Enable HTTPS Everywhere)

Google have started re-indexing sites that are not "fully secure" and penalizing them in 2 ways:

  1. On Chrome, their browser software which accounts for more than half of the global market, the site will be marked as 'unsafe' and visitors will not be allowed to access the page

  2. On Google Search, if the site fails the HTTPS check, the result will not be shown - no matter how well optimized it is

This is a serious update and FireFox are already supporting this push for a safer web as well.

MemberGate Infinity has already been updated to run to these newer standards.

 

Here's what you have to do to enable HTTPS Everywhere on your site:

Setting a MemberGate site so all of the pages are secure can be completed by checking one box and performing a site rebuild. 

This means that every page on your site can be secure - every page would be displayed as https with a 'secure lock' instead of http.


Set the Site So All Pages are SSL 

1. From under 'Master Settings' choose 'Edit Site Descriptions'

Edit Site Descriptions

2. Check the box next to the 'Full Site HTTPS' field

3. Press the 'Apply Style Changes' button at the bottom of the page

 

 IMPORTANT: ALL IMAGES, SCRIPTS, STYLESHEET TAGS, etc ALSO NEED TO BE CODED AS SECURE SO PAGES ARE SECURE

Please click on the next tabs above for more information.

IMPORTANT: ALL IMAGES, SCRIPTS, STYLESHEET TAGS, etc ALSO NEED TO BE CODED AS SECURE SO PAGES ARE SECURE

Images

The MemberGate software will take care of all images uploaded via any image placeholders (this would include any field that allows you to choose the image file from your local drive).

If an image is being uploaded and manually added to a page using 'File Upload' or through 'FTP' or even being used from a separate site, the address or path for the image has to be set so it can be displayed on a secure page. If the image path is not secure, the image will cause a security error on the page.

Images Stored on Your MemberGate Site

The images uploaded to your site can be added to your pages (either through html coding or using the Image Icon in the WYSIWYG editor using a relative path. In a relative path, the domain name can be omitted.

If the address of an image is:

<a href="http://www.mysite.com/public/imagename.jpg">http://www.mysite.com/public/imagename.jpg</a>
The domain portion (<a href="http://www.mysite.com">http://www.mysite.com</a>) can be removed.

The correct path for an image uploaded to your site would look like this:

/public/imagename.jpg

WYSIWYG Rich Text Editor example:

 

 

 

Images Stored on A Third Party Site

An image tag using the full domain for an image called mysecureimage.jpg on membergate.com would look like this:

 

   DO NOT USE

<img src="http://www.membergate.com/mysecureimage.jpg" />

 

To allow the image to be displayed as secure, the http:/ part of the domain can be removed from the path:

 

   DO USE THIS INSTEAD

<img src="//www.membergate.com/mysecureimage.jpg" />

 

Removing the https:  will load the image securely on HTTPS pages, and without HTTPS on non-HTTPS pages.

**NOTE: If using an image that is stored on an external site, that site also has to have an SSL certificate in order for the image to be secure on your site.

 


Using the WYSIWYG to Add an Image Stored on a Third Party Site

When using the WYSIWYG to add the uploaded image, simply add the full domain name into the source field without the http: as shown below:

 

IMPORTANT: ALL IMAGES, SCRIPTS, STYLESHEET TAGS, etc ALSO NEED TO BE CODED AS SECURE SO PAGES ARE SECURE

 Securing a Script

To add a script that will show as secure on an SSL page, the same path rules can be used as when adding the image above. Removing the http:/ protocol from the full domain path will load the script securely on HTTPS pages, and without HTTPS on non-HTTPS pages.

For example, the script:

 

DO NOT USE

 

Scripts Loaded on Your MemberGate Site

If the script is loaded on your MemberGate site, it can be updated to remove the http://www.yoursite.com like:

 

DO USE like this for a script loaded to your MemberGate site

 

Scripts Hosted on a Third Party Website

If the script is hosted on a third party website, the script can be updated to remove the http: - for example:

OK to USE for a Third Party Website

 *NOTE: As with an external image, the script source site MUST have an SSL certificate for it to be loaded securely - if it doesn't, it won't work anyway so shouldn't be used.

**In order for a site to be fully secure, an SSL certificate will need to be installed on your site.
**MemberGate does offer a full service SSL certificate which we will also install onto your site.
 

Order an SSL Certificate