Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Migrate WordPress from HTTP to HTTPS

Migrate WordPress from HTTP to HTTPS

Slides from presentation at WordPress Orlando Meetup on how to migrate WordPress site from HTTP to HTTPS.

As more sites transition to HTTPS and Google giving preferred ranking to secure sites, it became important to properly install a TLS/SSL Certificate.
The process of moving to HTTPS can be intimidating starting from obtaining certificate to migrating all content to HTTPS.
Recently, Let’s Encrypt started offering Free TSL/SSL Certificates. CloudFlare offers Free TLS/SSL with HTTP/2 protocol support.

We discussed how you can obtain a Free TLS/SSL Certificate, make your content HTTPS friendly, and how to migrate existing content to HTTPS.
We also went over the benefits of serving your pages over secure connection, common problems with transition, and how you can test your certificate configuration.

Irina Blumenfeld

April 19, 2016

More Decks by Irina Blumenfeld

Other Decks in Programming


  1. WHAT IS HTTPS ▸ SSL first created in 1996 ▸

    SSL to TLS in 1999 ▸ Public and Private Keys @irinablumenfeld #wporl
  2. ▸ Authentication - am I talking to who they claim

    to be? ▸ Data Integrity - has anyone tampered with the data? ▸ Encryption - no more eavesdropping ▸ Better Ranking - Google gives preferred ranking ▸ HTTP/2 protocol support - (if host supports HTTP/2) BENEFITS OF HTTPS @irinablumenfeld #wporl
  3. HTTP/1.1 AND HTTP/2 COMPARISON Demo from Cloudflare Load Time: 1.95

    s Load Time: 0.33 s @irinablumenfeld #wporl
  4. SHA-2 Google, Microsoft and Mozilla will flag SHA-1 Certificates as

    Insecure on January 1, 2017 d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd 0f01ed56a1e32a05e5ef96e4d779f34784af9a96 SHA-1 SHA-2 @irinablumenfeld #wporl
  5. 1. Migrate Existing Content to HTTPS 2. Redirect all pages

    to HTTPS AFTER YOU INSTALL SSL @irinablumenfeld #wporl
  6. LET’S ENCRYPT TLS/SSL ▸ Install SSL on the server ▸

    Install Really Simple SSL plugin - Activate it
  7. ▸ Images ▸ Javascript and CSS files ▸ Links ▸

    Widgets ▸ Third Parties - Ads, Analytics ▸ CDN MIXED CONTENT @irinablumenfeld #wporl
  8. ▸ CDN ▸ Optimization ▸ Security ▸ DDoS Protection WHAT

    IS CLOUDFLARE??? @irinablumenfeld #wporl
  9. ▸ Create an account on CloudFlare.com ▸ Change Nameservers in

    Domain Registrar (in DNS Settings)
 Example: bob.ns.cloudflare.com, lola.ns.cloudflare.com
 CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl
  10. ▸ In 24 hrs check if SSL has been issued

    (Free account) CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl
  11. ▸ Install CloudFlare Flexible SSL Plugin - Activate it In

    http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl
  12. ▸ Install SSL Insecure Content Fixer Plugin - Activate it

    In http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL
  13. CLOUDFLARE FREE FLEXIBLE SSL In Page Rules section - new

    rule: *your-domain.com* @irinablumenfeld #wporl
  14. HSTS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload” </IfModule>

    in .htaccess file HTTP Strict Transport Security (HSTS) http://bit.ly/enable-hsts @irinablumenfeld #wporl
  15. HSTS HTTP Strict Transport Security (HSTS) https://hstspreload.appspot.com Request Preload -

    Only if you support HTTPS for the long term @irinablumenfeld #wporl