Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Migrate WordPress from HTTP to HTTPS

Irina Blumenfeld
April 19, 2016
Programming
1
1.3k

Migrate WordPress from HTTP to HTTPS

Slides from presentation at WordPress Orlando Meetup on how to migrate WordPress site from HTTP to HTTPS.

As more sites transition to HTTPS and Google giving preferred ranking to secure sites, it became important to properly install a TLS/SSL Certificate.
The process of moving to HTTPS can be intimidating starting from obtaining certificate to migrating all content to HTTPS.
Recently, Let’s Encrypt started offering Free TSL/SSL Certificates. CloudFlare offers Free TLS/SSL with HTTP/2 protocol support.

We discussed how you can obtain a Free TLS/SSL Certificate, make your content HTTPS friendly, and how to migrate existing content to HTTPS.
We also went over the benefits of serving your pages over secure connection, common problems with transition, and how you can test your certificate configuration.

Irina Blumenfeld

April 19, 2016
Tweet

More Decks by Irina Blumenfeld

See All by Irina Blumenfeld
The Power of Edge Functions
iblum
0
21
How To Make Your Website Stand Out In Search Results
iblum
0
470
How To Make Your Site Stand Out In Search Results
iblum
0
730
Speeding Up WordPress
iblum
1
720
Don't Let Images Weight Down Your Site - WCJAX
iblum
0
580
Getting to know Gutenberg
iblum
1
580
Don't Let Images Weigh Down Your Site
iblum
2
620
10 Steps To Take Before Launching a WordPress Website
iblum
0
930
Don't let images weigh down your site
iblum
0
350

Other Decks in Programming

See All in Programming
9年開発を牽引して見えてきた、共通化すべきものと個別でつくるもの ~プログラム言語~
shinout
1
630
オブジェクト指向は必要なのか / Is object-oriented needed?
kishida
31
21k
オブジェクト指向のリ・オリエンテーション~歴史を振り返り、AI時代に向きなおる~
hanyudaeiiti
9
5.4k
Folding Cheat Sheet #1
philipschwarz
PRO
0
200
ゆるい個人開発のススメ
kuroppe1819
10
890
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
940
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
150
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
200
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
24
7k
Swiftの型推論を学ぼう | Let's Learn About Type Inference in Swift
omochi
3
3.3k
Rubyでたのしむクリエイティブコーディング/Enjoy Creative coding with Ruby
chobishiba
1
160
Build with AI 2024 Seoul - 제로부터 시작하는 Flutter with Gemini 생활 - 박제창
itsmedreamwalker
0
180

Featured

See All Featured
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Testing 201, or: Great Expectations
jmmastey
27
6.3k
Gamification - CAS2011
davidbonilla
76
4.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.2k
KATA
mclloyd
14
12k
GraphQLとの向き合い方2022年版
quramy
29
12k
A Philosophy of Restraint
colly
195
16k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
114
18k
Documentation Writing (for coders)
carmenintech
59
3.9k
How STYLIGHT went responsive
nonsquared
92
4.8k
Art, The Web, and Tiny UX
lynnandtonic
288
19k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
5
1.5k

Transcript

  1. MIGRATE WORDPRESS TO HTTPS IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https WORDPRESS

    ORLANDO MEETUP APRIL 2016

  2. WHAT IS HTTPS ▸ SSL first created in 1996 ▸

    SSL to TLS in 1999 ▸ Public and Private Keys @irinablumenfeld #wporl

  3. ▸ Authentication - am I talking to who they claim

    to be? ▸ Data Integrity - has anyone tampered with the data? ▸ Encryption - no more eavesdropping ▸ Better Ranking - Google gives preferred ranking ▸ HTTP/2 protocol support - (if host supports HTTP/2) BENEFITS OF HTTPS @irinablumenfeld #wporl

  4. HTTP1/1.1 - HTTP/2 HTTP1/1.1 HTTP/2 @irinablumenfeld #wporl

  5. HTTP/1.1 AND HTTP/2 COMPARISON Demo from Cloudflare Load Time: 1.95

    s Load Time: 0.33 s @irinablumenfeld #wporl

  6. SHA-2 Google, Microsoft and Mozilla will flag SHA-1 Certificates as

    Insecure on January 1, 2017 d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd 0f01ed56a1e32a05e5ef96e4d779f34784af9a96 SHA-1 SHA-2 @irinablumenfeld #wporl

  7. EXTENDED (EV) SSL @irinablumenfeld #wporl

  8. HTTPS as a ranking signal in https://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html @irinablumenfeld #wporl

  9. HTTP sites will be marked unsafe in Google Chrome https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

    @irinablumenfeld #wporl

  10. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure experiment in Chrome URL:
 chrome://flags @irinablumenfeld #wporl

  11. HTTPS ADOPTION Source: http://httparchive.org/ @irinablumenfeld #wporl

  12. AREN’T THE CERTIFICATES EXPENSIVE? @irinablumenfeld #wporl

  13. FREE SSL OPTION # 1 @irinablumenfeld #wporl

  14. LET’S ENCRYPT letsencrypt.org @irinablumenfeld #wporl

  15. LET’S ENCRYPT ADOPTION @irinablumenfeld #wporl

  16. LET’S ENCRYPT TLS/SSL In cPanel - Security widget @irinablumenfeld #wporl

  17. SNI - SERVER NAME INDICATION No Need for Dedicated IP

    Address @irinablumenfeld #wporl

  18. 1. Migrate Existing Content to HTTPS 2. Redirect all pages

    to HTTPS AFTER YOU INSTALL SSL @irinablumenfeld #wporl

  19. MAKE A BACKUP @irinablumenfeld #wporl

  20. LET’S ENCRYPT TLS/SSL ▸ Install SSL on the server ▸

    Install Really Simple SSL plugin - Activate it

  21. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  22. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  23. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  24. ▸ Images ▸ Javascript and CSS files ▸ Links ▸

    Widgets ▸ Third Parties - Ads, Analytics ▸ CDN MIXED CONTENT @irinablumenfeld #wporl

  25. MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

  26. MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

  27. FIXING MIXED CONTENT <script src="http://example.com/script.js"></script> BAD <script src=“https://example.com/script.js”></script> GOOD @irinablumenfeld

    #wporl

  28. <a href="http://example.com/bar"> Don't link to insecure pages!!! BAD <a href=“https://example.com”>

    GOOD FIXING MIXED CONTENT @irinablumenfeld #wporl

  29. HTTP/HTTPS ICONS @irinablumenfeld #wporl

  30. REDIRECT LOOP bit.ly/redirect-loop @irinablumenfeld #wporl

  31. FREE SSL OPTION # 2 @irinablumenfeld #wporl

  32. CLOUDFLARE FREE FLEXIBLE SSL cloudflare.com/ssl @irinablumenfeld #wporl

  33. ▸ CDN ▸ Optimization ▸ Security ▸ DDoS Protection WHAT

    IS CLOUDFLARE??? @irinablumenfeld #wporl

  34. CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  35. ▸ Create an account on CloudFlare.com ▸ Change Nameservers in

    Domain Registrar (in DNS Settings)
 Example: bob.ns.cloudflare.com, lola.ns.cloudflare.com
 CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  36. ▸ Choose Flexible SSL option CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld

    #wporl

  37. ▸ In 24 hrs check if SSL has been issued

    (Free account) CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  38. Before SSL is issued: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  39. ▸ Install CloudFlare Flexible SSL Plugin - Activate it In

    http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  40. ▸ Install SSL Insecure Content Fixer Plugin - Activate it

    In http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL

  41. SSL INSECURE CONTENT FIXER

  42. Browse to https://yoursite.com CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  43. TEST TOOLS - WHY NO PADLOCK? @irinablumenfeld #wporl

  44. TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

  45. TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

  46. CLOUDFLARE FREE FLEXIBLE SSL In Page Rules section - new

    rule: *your-domain.com* @irinablumenfeld #wporl

  47. CLOUDFLARE STRICT SSL @irinablumenfeld #wporl

  48. VIEW SSL

  49. VIEW SSL

  50. UPDATE GOOGLE ANALYTICS https://support.google.com/webmasters/answer/6033049

  51. HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

  52. HSTS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload” </IfModule>

    in .htaccess file HTTP Strict Transport Security (HSTS) http://bit.ly/enable-hsts @irinablumenfeld #wporl

  53. HSTS HTTP Strict Transport Security (HSTS) https://hstspreload.appspot.com Request Preload -

    Only if you support HTTPS for the long term @irinablumenfeld #wporl

  54. HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

  55. TEST SSL https://www.ssllabs.com/ssltest @irinablumenfeld #wporl

  56. THANK YOU QUESTIONS? IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https