3

SECURITY RISK: Serve ALL shops over SSL (HTTPS), not just paid ones

So the issue is that shops on the free tier are insecure, and there's no way to force visitors to use a secure connection. At the same time, visitors are expected to enter their credit card information, which is a huge problem for their security. Transmitting sensitive data like that over HTTP is a security risk and could put open visitors up to risking their credit card information.

As a customer who is using a strikingly domain to serve up my wedding website, I want to know if there's a way that I can enable SSL on my Strikingly domain on the free tier to protect my friends and family.

As a web developer, myself, I want to know if Strikingly intends to continue exposing their customers to this security risk on the free tier. This definitely affects whether I can recommend Strikingly in the future.

I think the responsible thing for Strikingly to do is to either disable the store on free tier accounts or enable SSL on Strikingly domains and redirect all traffic to SSL.

As it is, I have to go back and tell my friends and family who have used the store that they should be careful and watch their credit card statements and their credit scores carefully in the coming months.





1 comment

  • Avatar
    Happiness Officer
    Official comment

    Hello, Brian! We're aware of this issue and we'll be fixing it soon. We don't have a specific ETA yet but we'd definitely let you know! 

Please sign in to leave a comment.