Hello,

It's not mandatory. but if you want to apply ssl on payment pages then you can apply it.
If you want to apply it on payplans payment pages only then you need to set Use Https (SSL) to Yes in backend PayPlans >> Configuration >> Advance.
Of if you have applied it to entire site then set above option to No.

Let me know if you have any query.

Perfect. SSL is already set-up in my site and I dont want to use it for the entire site just yet. The Payplan setting is very helpful. I will add that tonight. Thank you so much.

A quick question though, if I also want to enable SSL for Login page as well, I can just do that by setting it like this isn't it: Menu/ Menu item/ Metadata option/ Secure/ On

I read somewhere that Joomla doesn't allow ssl to be set for specific pages only and I need to install the Yireo extension. But then I saw the above Secure option in menu item setting. Although this question is not specifically related to Payplan, can you kindly share you thoughts on this please? Do I need to install the Yireo's SSL extension for this so just setting Secure to On for Login Menu item is enough if I also want the login page apart from Payplan subscription page to on Https as well?

Hello Neel,

Yes, you can use menu option Secure to apply ssl, if menu available for the page you want to apply ssl.
If you want to apply it on specific page then you need to use any extension that allow you to do that.

You need to consult with this Yireo developer regarding applying ssl to specif pages and see whether possible to configure certain page. Let me know if you have any query.

Thank you Manisha. I tried setting Use Https (SSL) to Yes in backend PayPlans >> Configuration >> Advance but the payment page was still served in http. I then installed Yireo's SSL Redirect extension and added com_payplan and it redirects all payplan pages to ssl. I am considering to enable ssl site wide since that seems to be a recommended option by google now-a-days.

Hey Neel,

Yeah, I think it's advisable that you enforce https on the entire site, http://take.ms/kW2HA if you already have a valid SSL certificate. I don't see any harm in doing that

Thank you Mark. I was in a Dilemma on that and was going back and forth. Its mainly because, I was planning to add Varnish page caching and varnish doesn't work with https. So I had to either: (a) enable https for login and form pages only and use varnish cache for other pages or (b) add Apache as reverse proxy to handle https and then checks with varnish and then sends back the encrypted response again.

but now I am thinking of enabling https for entire site and maybe usee Litespeed caching instead which seems more easier to configure than varnish that needs multiple layers. And I could have https for the whole site.

Thank you for the nudge. I now feel having https for all pages makes sense.

Hey Neel,

A decade ago, https doesn't really make sense because it is a little more hungry on the cpu of the viewer but today, I think those are no longer relevant so I think you should opt for having SSL all over the site.

On the bright side, you are moving forward and browsers will no longer annoy you or your client's with the "Insecure website" badge slapped on the address bar.

Good point. Thank you Mark. You certainly helped my Dilemma. I was confused on that for the past 2 weeks and couldn't make a decision. I appreciate your input. Cheers!

No problem Neel Have a great day ahead!