At Buycraft security is a top priority. While we do everything we can to secure our infrastructure and your accounts, one of the things we’ve wanted to do more than anything was to offer SSL (https) across the whole Buycraft platform. Thanks to a recent innovation from Cloudflare this has now become a reality, with us being able to offer SSL on both subdomains and custom domains without the need for unsupported and potentially problematic workarounds.
This couldn’t have come at a better time, with Google recently announcing that they will be highlighting non-secure pages on the Chrome browser in from October 2017. Given Chrome’s huge market share, having https support on your store is likely to be a huge advantage over other insecure webstores.
The benefits of using SSL include security and higher conversions of your players from browsers to purchasers. Using HTTPS on your webstore will make sure that any information entered by the user is encrypted so that it can’t be interfered with while it is being processed and this keeps your customer's information safe and promotes your customers trust in you as a brand.
The recent update from Cloudflare called SSL for SaaS allows us for the first time to be able to provide truly secure SSL for custom domains on a scalable level.
We have been asked why we cannot allow customers to use a free SSL service such as Let’s Encrypt and the answer comes down to our dedication to the highest levels of DDOS protection. We partner with Cloudflare to provide the highest levels of DDOS protection available on the market, which is vital in keeping your webstores online and protected from some of the biggest attacks in the industry. Specifically, we invest heavily in CloudFlare Enterprise to make sure that every single one of our customers receives the highest level of DDOS protection available.
As a downside to this, Cloudflare had previously only allowed us to upload one primary SSL certificate per account (domain), meaning we cannot upload a separate SSL certificate for each CNAME (and even if we could, the administrative costs of doing so would likely be prohibitive). As such, the solution is to use this new feature which is only available to Cloudflare’s Enterprise customers.
In a perfect world we would be able to provide these certificates free of charge, however, there is a cost per certificate from Cloudflare which does not fit into the current Premium or Ultimate plans. We do however include it as standard in the Enterprise plan. Make sure that you are protected today by getting involved, you can start from the domains page in your control panel here.
Along with the developments from Cloudflare which are allowing us to provide SSL on custom domains we have also now released a feature which redirects all traffic to HTTPS on your webstore.
When you are making the change to supporting HTTPS on your webstore, you will need to make sure that your custom themes, templates and descriptions are linking to content that is served over HTTPS. Once there are no conflicts you can enable the redirect and make HTTPS default across your whole store.
This can also be used with your custom domains so long as you have purchased the SSL certificate for your domain and is also supported when using subdomains on all plans.
We'd just like to thank a few people for this feature including the team at Cloudflare and everyone who took part in our survey on this feature giving us the feedback we needed to make this happen. We've also emailed the winner of the free month of Ultimate draw from the survey so check your inbox!