Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Migrate WordPress from HTTP to HTTPS

Irina Blumenfeld
April 19, 2016
Programming
1
1.5k

Migrate WordPress from HTTP to HTTPS

Slides from presentation at WordPress Orlando Meetup on how to migrate WordPress site from HTTP to HTTPS.

As more sites transition to HTTPS and Google giving preferred ranking to secure sites, it became important to properly install a TLS/SSL Certificate.
The process of moving to HTTPS can be intimidating starting from obtaining certificate to migrating all content to HTTPS.
Recently, Let’s Encrypt started offering Free TSL/SSL Certificates. CloudFlare offers Free TLS/SSL with HTTP/2 protocol support.

We discussed how you can obtain a Free TLS/SSL Certificate, make your content HTTPS friendly, and how to migrate existing content to HTTPS.
We also went over the benefits of serving your pages over secure connection, common problems with transition, and how you can test your certificate configuration.

Irina Blumenfeld

April 19, 2016
Tweet

More Decks by Irina Blumenfeld

See All by Irina Blumenfeld
The Power of Edge Functions
iblum
0
28
How To Make Your Website Stand Out In Search Results
iblum
0
590
How To Make Your Site Stand Out In Search Results
iblum
0
850
Speeding Up WordPress
iblum
1
890
Don't Let Images Weight Down Your Site - WCJAX
iblum
0
720
Getting to know Gutenberg
iblum
1
680
Don't Let Images Weigh Down Your Site
iblum
2
750
10 Steps To Take Before Launching a WordPress Website
iblum
0
1k
Don't let images weigh down your site
iblum
0
420

Other Decks in Programming

See All in Programming
Java 24まとめ / Java 24 summary
kishida
3
510
The Evolution of the CRuby Build System
kateinoigakukun
1
740
RubyKaigi Dev Meeting 2025
tenderlove
1
690
SwiftUI API Design Lessons
niw
1
310
generative-ai-use-cases(GenU)の推しポイント ~2025年4月版~
hideg
1
340
タイムゾーンの奥地は思ったよりも闇深いかもしれない
suguruooki
1
770
By the way Google Cloud Next 2025に行ってみてどうだった
ymd65536
0
110
SwiftDataのカスタムデータストアを試してみた
1mash0
0
130
flutter_kaigi_mini_4.pdf
nobu74658
0
120
Empowering Developers with HTML-Aware ERB Tooling @ RubyKaigi 2025, Matsuyama, Ehime
marcoroth
2
830
音声プラットフォームのアーキテクチャ変遷から学ぶ、クラウドネイティブなバッチ処理 (20250422_CNDS2025_Batch_Architecture)
thousanda
0
340
サービスクラスのありがたみを発見したときの思い出 #phpcon_odawara
77web
4
700

Featured

See All Featured
The Cost Of JavaScript in 2023
addyosmani
49
7.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Music & Morning Musume
bryan
47
6.5k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
5
540
The Straight Up "How To Draw Better" Workshop
denniskardys
233
140k
Agile that works and the tools we love
rasmusluckow
329
21k
Practical Orchestrator
shlominoach
187
11k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
104
19k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k

Transcript

  1. MIGRATE WORDPRESS TO HTTPS IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https WORDPRESS

    ORLANDO MEETUP APRIL 2016

  2. WHAT IS HTTPS ▸ SSL first created in 1996 ▸

    SSL to TLS in 1999 ▸ Public and Private Keys @irinablumenfeld #wporl

  3. ▸ Authentication - am I talking to who they claim

    to be? ▸ Data Integrity - has anyone tampered with the data? ▸ Encryption - no more eavesdropping ▸ Better Ranking - Google gives preferred ranking ▸ HTTP/2 protocol support - (if host supports HTTP/2) BENEFITS OF HTTPS @irinablumenfeld #wporl

  4. HTTP1/1.1 - HTTP/2 HTTP1/1.1 HTTP/2 @irinablumenfeld #wporl

  5. HTTP/1.1 AND HTTP/2 COMPARISON Demo from Cloudflare Load Time: 1.95

    s Load Time: 0.33 s @irinablumenfeld #wporl

  6. SHA-2 Google, Microsoft and Mozilla will flag SHA-1 Certificates as

    Insecure on January 1, 2017 d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd 0f01ed56a1e32a05e5ef96e4d779f34784af9a96 SHA-1 SHA-2 @irinablumenfeld #wporl

  7. EXTENDED (EV) SSL @irinablumenfeld #wporl

  8. HTTPS as a ranking signal in https://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html @irinablumenfeld #wporl

  9. HTTP sites will be marked unsafe in Google Chrome https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

    @irinablumenfeld #wporl

  10. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure experiment in Chrome URL:
 chrome://flags @irinablumenfeld #wporl

  11. HTTPS ADOPTION Source: http://httparchive.org/ @irinablumenfeld #wporl

  12. AREN’T THE CERTIFICATES EXPENSIVE? @irinablumenfeld #wporl

  13. FREE SSL OPTION # 1 @irinablumenfeld #wporl

  14. LET’S ENCRYPT letsencrypt.org @irinablumenfeld #wporl

  15. LET’S ENCRYPT ADOPTION @irinablumenfeld #wporl

  16. LET’S ENCRYPT TLS/SSL In cPanel - Security widget @irinablumenfeld #wporl

  17. SNI - SERVER NAME INDICATION No Need for Dedicated IP

    Address @irinablumenfeld #wporl

  18. 1. Migrate Existing Content to HTTPS 2. Redirect all pages

    to HTTPS AFTER YOU INSTALL SSL @irinablumenfeld #wporl

  19. MAKE A BACKUP @irinablumenfeld #wporl

  20. LET’S ENCRYPT TLS/SSL ▸ Install SSL on the server ▸

    Install Really Simple SSL plugin - Activate it

  21. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  22. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  23. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  24. ▸ Images ▸ Javascript and CSS files ▸ Links ▸

    Widgets ▸ Third Parties - Ads, Analytics ▸ CDN MIXED CONTENT @irinablumenfeld #wporl

  25. MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

  26. MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

  27. FIXING MIXED CONTENT <script src="http://example.com/script.js"></script> BAD <script src=“https://example.com/script.js”></script> GOOD @irinablumenfeld

    #wporl

  28. <a href="http://example.com/bar"> Don't link to insecure pages!!! BAD <a href=“https://example.com”>

    GOOD FIXING MIXED CONTENT @irinablumenfeld #wporl

  29. HTTP/HTTPS ICONS @irinablumenfeld #wporl

  30. REDIRECT LOOP bit.ly/redirect-loop @irinablumenfeld #wporl

  31. FREE SSL OPTION # 2 @irinablumenfeld #wporl

  32. CLOUDFLARE FREE FLEXIBLE SSL cloudflare.com/ssl @irinablumenfeld #wporl

  33. ▸ CDN ▸ Optimization ▸ Security ▸ DDoS Protection WHAT

    IS CLOUDFLARE??? @irinablumenfeld #wporl

  34. CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  35. ▸ Create an account on CloudFlare.com ▸ Change Nameservers in

    Domain Registrar (in DNS Settings)
 Example: bob.ns.cloudflare.com, lola.ns.cloudflare.com
 CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  36. ▸ Choose Flexible SSL option CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld

    #wporl

  37. ▸ In 24 hrs check if SSL has been issued

    (Free account) CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  38. Before SSL is issued: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  39. ▸ Install CloudFlare Flexible SSL Plugin - Activate it In

    http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  40. ▸ Install SSL Insecure Content Fixer Plugin - Activate it

    In http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL

  41. SSL INSECURE CONTENT FIXER

  42. Browse to https://yoursite.com CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  43. TEST TOOLS - WHY NO PADLOCK? @irinablumenfeld #wporl

  44. TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

  45. TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

  46. CLOUDFLARE FREE FLEXIBLE SSL In Page Rules section - new

    rule: *your-domain.com* @irinablumenfeld #wporl

  47. CLOUDFLARE STRICT SSL @irinablumenfeld #wporl

  48. VIEW SSL

  49. VIEW SSL

  50. UPDATE GOOGLE ANALYTICS https://support.google.com/webmasters/answer/6033049

  51. HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

  52. HSTS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload” </IfModule>

    in .htaccess file HTTP Strict Transport Security (HSTS) http://bit.ly/enable-hsts @irinablumenfeld #wporl

  53. HSTS HTTP Strict Transport Security (HSTS) https://hstspreload.appspot.com Request Preload -

    Only if you support HTTPS for the long term @irinablumenfeld #wporl

  54. HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

  55. TEST SSL https://www.ssllabs.com/ssltest @irinablumenfeld #wporl

  56. THANK YOU QUESTIONS? IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https