$30 off During Our Annual Pro Sale. View Details »

Migrate WordPress from HTTP to HTTPS

Irina Blumenfeld
April 19, 2016
Programming
1
1.3k

Migrate WordPress from HTTP to HTTPS

Slides from presentation at WordPress Orlando Meetup on how to migrate WordPress site from HTTP to HTTPS.

As more sites transition to HTTPS and Google giving preferred ranking to secure sites, it became important to properly install a TLS/SSL Certificate.
The process of moving to HTTPS can be intimidating starting from obtaining certificate to migrating all content to HTTPS.
Recently, Let’s Encrypt started offering Free TSL/SSL Certificates. CloudFlare offers Free TLS/SSL with HTTP/2 protocol support.

We discussed how you can obtain a Free TLS/SSL Certificate, make your content HTTPS friendly, and how to migrate existing content to HTTPS.
We also went over the benefits of serving your pages over secure connection, common problems with transition, and how you can test your certificate configuration.

Irina Blumenfeld

April 19, 2016
Tweet

More Decks by Irina Blumenfeld

See All by Irina Blumenfeld
The Power of Edge Functions
iblum
0
14
How To Make Your Website Stand Out In Search Results
iblum
0
440
How To Make Your Site Stand Out In Search Results
iblum
0
700
Speeding Up WordPress
iblum
1
650
Don't Let Images Weight Down Your Site - WCJAX
iblum
0
550
Getting to know Gutenberg
iblum
1
560
Don't Let Images Weigh Down Your Site
iblum
2
580
10 Steps To Take Before Launching a WordPress Website
iblum
0
900
Don't let images weigh down your site
iblum
0
340

Other Decks in Programming

See All in Programming
ChatGPTをソフトウェア開発に活用する
fbei_ot
0
130
フロントエンドエンジニアも知っておきたい HTTP/3 で変わること
yahiru
17
9.7k
生成AI×ノーコード (スピーディーなアプリ開発の新時代)
knr109
3
4.3k
Foreign Function & Memory API ( FFM API )を用いたNativeライブラリ呼び出しと既存ライブラリの比較 ( JJUG CCC 2023 Fall )
hiroisojp
1
360
ニフティ開発インターンで使うAWS環境をできるだけ楽に構築した話 (LT) - NIFTY Tech Day 2023
niftycorp
0
100
Scala Left Fold Parallelisation - Three Approaches
philipschwarz
PRO
0
270
Vue & Vite Rustify
kazupon
4
760
Cloudflare Workers は楽しい!
codehex
8
2.2k
Postman CLI で Integration Test
codemountains
1
300
ABEMA モバイルアプリにおける 「アーキテクチャ」 / ABEMA Mobile Architecture (CA.swift #18)
akkyie
1
360
Expert Tech Talk!〜ニフティスペシャリスト対談〜 - NIFTY Tech Day 2023
niftycorp
0
120
Bun がメジャーリリースされたけど、本当にBun はNode.js に取って代わるのか?をAWS Lambda で検証してみた
smt7174
1
2k

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
0
280
The Brand Is Dead. Long Live the Brand.
mthomps
48
6.7k
How to train your dragon (web standard)
notwaldorf
71
4.8k
How GitHub Uses GitHub to Build GitHub
holman
467
280k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
Raft: Consensus for Rubyists
vanstee
130
6k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.7k
What the flash - Photography Introduction
edds
64
11k
Writing Fast Ruby
sferik
615
59k
In The Pink: A Labor of Love
frogandcode
135
21k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2k

Transcript

  1. MIGRATE WORDPRESS
    TO HTTPS
    IRINA BLUMENFELD
    @irinablumenfeld #wporl
    https://www.netmagik.com/migrate-wordpress-to-https
    WORDPRESS ORLANDO MEETUP
    APRIL 2016

    View Slide

  2. WHAT IS HTTPS
    ▸ SSL first created in 1996
    ▸ SSL to TLS in 1999
    ▸ Public and Private Keys
    @irinablumenfeld #wporl

    View Slide

  3. ▸ Authentication - am I talking to who they claim to be?
    ▸ Data Integrity - has anyone tampered with the data?
    ▸ Encryption - no more eavesdropping
    ▸ Better Ranking - Google gives preferred ranking
    ▸ HTTP/2 protocol support - (if host supports HTTP/2)
    BENEFITS OF HTTPS
    @irinablumenfeld #wporl

    View Slide

  4. HTTP1/1.1 - HTTP/2
    HTTP1/1.1 HTTP/2
    @irinablumenfeld #wporl

    View Slide

  5. HTTP/1.1 AND HTTP/2 COMPARISON
    Demo from Cloudflare
    Load Time: 1.95 s Load Time: 0.33 s
    @irinablumenfeld #wporl

    View Slide

  6. SHA-2
    Google, Microsoft and Mozilla will flag
    SHA-1 Certificates as Insecure
    on January 1, 2017
    d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd
    0f01ed56a1e32a05e5ef96e4d779f34784af9a96
    SHA-1
    SHA-2
    @irinablumenfeld #wporl

    View Slide

  7. EXTENDED (EV) SSL
    @irinablumenfeld #wporl

    View Slide

  8. HTTPS as a ranking signal in
    https://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html
    @irinablumenfeld #wporl

    View Slide

  9. HTTP sites will be marked
    unsafe in Google Chrome
    https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
    @irinablumenfeld #wporl

    View Slide

  10. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
    experiment in Chrome URL:

    chrome://flags
    @irinablumenfeld #wporl

    View Slide

  11. HTTPS ADOPTION
    Source: http://httparchive.org/
    @irinablumenfeld #wporl

    View Slide

  12. AREN’T THE CERTIFICATES
    EXPENSIVE?
    @irinablumenfeld #wporl

    View Slide

  13. FREE SSL
    OPTION # 1
    @irinablumenfeld #wporl

    View Slide

  14. LET’S ENCRYPT
    letsencrypt.org
    @irinablumenfeld #wporl

    View Slide

  15. LET’S ENCRYPT ADOPTION
    @irinablumenfeld #wporl

    View Slide

  16. LET’S ENCRYPT TLS/SSL
    In cPanel - Security widget
    @irinablumenfeld #wporl

    View Slide

  17. SNI - SERVER NAME INDICATION
    No Need for Dedicated IP Address
    @irinablumenfeld #wporl

    View Slide

  18. 1. Migrate Existing Content to HTTPS
    2. Redirect all pages to HTTPS
    AFTER YOU INSTALL SSL
    @irinablumenfeld #wporl

    View Slide

  19. MAKE A BACKUP
    @irinablumenfeld #wporl

    View Slide

  20. LET’S ENCRYPT TLS/SSL
    ▸ Install SSL on the server
    ▸ Install Really Simple SSL plugin - Activate it

    View Slide

  21. REALLY SIMPLE SSL PLUGIN
    @irinablumenfeld #wporl

    View Slide

  22. REALLY SIMPLE SSL PLUGIN
    @irinablumenfeld #wporl

    View Slide

  23. REALLY SIMPLE SSL PLUGIN
    @irinablumenfeld #wporl

    View Slide

  24. ▸ Images
    ▸ Javascript and CSS files
    ▸ Links
    ▸ Widgets
    ▸ Third Parties - Ads, Analytics
    ▸ CDN
    MIXED CONTENT
    @irinablumenfeld #wporl

    View Slide

  25. MIXED CONTENT PROBLEMS
    @irinablumenfeld #wporl

    View Slide

  26. MIXED CONTENT PROBLEMS
    @irinablumenfeld #wporl

    View Slide

  27. FIXING MIXED CONTENT

    BAD

    GOOD
    @irinablumenfeld #wporl

    View Slide



  28. Don't link to insecure pages!!!
    BAD
    GOOD
    FIXING MIXED CONTENT
    @irinablumenfeld #wporl

    View Slide

  29. HTTP/HTTPS ICONS
    @irinablumenfeld #wporl

    View Slide

  30. REDIRECT LOOP
    bit.ly/redirect-loop
    @irinablumenfeld #wporl

    View Slide

  31. FREE SSL
    OPTION # 2
    @irinablumenfeld #wporl

    View Slide

  32. CLOUDFLARE
    FREE FLEXIBLE SSL
    cloudflare.com/ssl
    @irinablumenfeld #wporl

    View Slide

  33. ▸ CDN
    ▸ Optimization
    ▸ Security
    ▸ DDoS Protection
    WHAT IS CLOUDFLARE???
    @irinablumenfeld #wporl

    View Slide

  34. CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  35. ▸ Create an account on CloudFlare.com
    ▸ Change Nameservers in Domain Registrar (in DNS Settings)

    Example: bob.ns.cloudflare.com, lola.ns.cloudflare.com

    CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  36. ▸ Choose Flexible SSL option
    CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  37. ▸ In 24 hrs check if SSL has been issued (Free account)
    CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  38. Before SSL is issued:
    CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  39. ▸ Install CloudFlare Flexible SSL Plugin - Activate it
    In http://yoursite.com/wp-admin:
    CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  40. ▸ Install SSL Insecure Content Fixer Plugin - Activate it
    In http://yoursite.com/wp-admin:
    CLOUDFLARE FREE FLEXIBLE SSL

    View Slide

  41. SSL INSECURE CONTENT FIXER

    View Slide

  42. Browse to https://yoursite.com
    CLOUDFLARE FREE FLEXIBLE SSL
    @irinablumenfeld #wporl

    View Slide

  43. TEST TOOLS - WHY NO PADLOCK?
    @irinablumenfeld #wporl

    View Slide

  44. TEST TOOLS - CHROME DEV TOOLS
    @irinablumenfeld #wporl

    View Slide

  45. TEST TOOLS - CHROME DEV TOOLS
    @irinablumenfeld #wporl

    View Slide

  46. CLOUDFLARE FREE FLEXIBLE SSL
    In Page Rules section - new rule: *your-domain.com*
    @irinablumenfeld #wporl

    View Slide

  47. CLOUDFLARE STRICT SSL
    @irinablumenfeld #wporl

    View Slide

  48. VIEW SSL

    View Slide

  49. VIEW SSL

    View Slide

  50. UPDATE GOOGLE ANALYTICS
    https://support.google.com/webmasters/answer/6033049

    View Slide

  51. HSTS
    HTTP Strict Transport Security (HSTS)
    @irinablumenfeld #wporl

    View Slide

  52. HSTS

    Header set Strict-Transport-Security
    "max-age=63072000; includeSubDomains; preload”

    in .htaccess file
    HTTP Strict Transport Security (HSTS)
    http://bit.ly/enable-hsts
    @irinablumenfeld #wporl

    View Slide

  53. HSTS
    HTTP Strict Transport Security (HSTS)
    https://hstspreload.appspot.com
    Request Preload -
    Only if you support HTTPS for the long term
    @irinablumenfeld #wporl

    View Slide

  54. HSTS
    HTTP Strict Transport Security (HSTS)
    @irinablumenfeld #wporl

    View Slide

  55. TEST SSL
    https://www.ssllabs.com/ssltest
    @irinablumenfeld #wporl

    View Slide

  56. THANK YOU
    QUESTIONS?
    IRINA BLUMENFELD
    @irinablumenfeld #wporl
    https://www.netmagik.com/migrate-wordpress-to-https

    View Slide