We are encouraging people to shift websites to https as best practice. The major browsers have been advocating this for some time. For example, Google’s first step in this direction in 2017 was to introduce a security warning in Chrome for any web pages containing input fields set for password or credit card, if that page is not served as https. Then in 2018, Google introduced the words 'Not secure' in the address bar for every page that is not served as https, regardless of whether the page handles private information or not.
This support article is intended to provide a non-technical explanation of website security and also explain our current policy regarding https.
Installing a security certificate allows a domain (website URL) to present as https which causes web browser software such as Google Chrome and Microsoft Edge to display a padlock or other symbol in the address bar to indicate that the site is 'Secure'. It also allows the website to avoid the ‘Not secure’ warning shown above.
Https introduces the benefit of encryption of data between the web browser software on your computer and the web server hosting the web page. It also means that the web page you are viewing does indeed belong to the domain name that is displayed in the browser address bar.
In relation to the Sporty platform, our current approach is to encrypt all pages residing under the Sporty domain (ie sporty.com.au and sporty.co.nz). We also use https for any back-end pages where a website administrator is logged in.
If you have your own custom domain name (web address URL) that you wish to serve securely via https, then a security certificate will need to be installed specifically for that domain name. Normally if you were to purchase a security certificate from a provider such as DigiCert.com or Thawte.com the cost is over US$200 per year plus the cost of a web developer to install the certificate on the server.
We offer https for custom domain names as a service for $150 + GST per year (not US dollars) per domain name, all inclusive. To order this service for your own domain name, please complete this order form.
NOTE: We do not currently support people procuring or installing their own TLS certificates. The cost incurred by Sporty does not typically relate to the certificates themselves. It relates to the development and ongoing maintenance of the platform backend server infrastructure as well as the installation and renewal of each TLS certificate. For example, some TLS certificates are free but only have a 90 day lifetime before they must be renewed/reinstalled. Although tools to automate this are improving, they are not quite there yet. We understand the desire to minimise costs and we are proud of the number of services we provide without charge. In the future, we expect to include TLS certificates as yet another free service. However, we must balance the cost of providing free services with the revenue that is necessary to make them possible.