Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Migrate WordPress from HTTP to HTTPS

Irina Blumenfeld
April 19, 2016
Programming
1
1.4k

Migrate WordPress from HTTP to HTTPS

Slides from presentation at WordPress Orlando Meetup on how to migrate WordPress site from HTTP to HTTPS.

As more sites transition to HTTPS and Google giving preferred ranking to secure sites, it became important to properly install a TLS/SSL Certificate.
The process of moving to HTTPS can be intimidating starting from obtaining certificate to migrating all content to HTTPS.
Recently, Let’s Encrypt started offering Free TSL/SSL Certificates. CloudFlare offers Free TLS/SSL with HTTP/2 protocol support.

We discussed how you can obtain a Free TLS/SSL Certificate, make your content HTTPS friendly, and how to migrate existing content to HTTPS.
We also went over the benefits of serving your pages over secure connection, common problems with transition, and how you can test your certificate configuration.

Irina Blumenfeld

April 19, 2016
Tweet

More Decks by Irina Blumenfeld

See All by Irina Blumenfeld
The Power of Edge Functions
iblum
0
24
How To Make Your Website Stand Out In Search Results
iblum
0
550
How To Make Your Site Stand Out In Search Results
iblum
0
790
Speeding Up WordPress
iblum
1
840
Don't Let Images Weight Down Your Site - WCJAX
iblum
0
670
Getting to know Gutenberg
iblum
1
640
Don't Let Images Weigh Down Your Site
iblum
2
710
10 Steps To Take Before Launching a WordPress Website
iblum
0
990
Don't let images weigh down your site
iblum
0
390

Other Decks in Programming

See All in Programming
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
110
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
3
1.2k
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
200
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
520
AI時代におけるSRE、
あるいはエンジニアの生存戦略
pyama86
6
1.2k
as(型アサーション)を書く前にできること
marokanatani
10
2.7k
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
1
300
よくできたテンプレート言語として TypeScript + JSX を利用する試み / Using TypeScript + JSX outside of Web Frontend #TSKaigiKansai
izumin5210
6
1.8k
Jakarta EE meets AI
ivargrimstad
0
240
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.7k
イベント駆動で成長して委員会
happymana
1
340

Featured

See All Featured
The Cult of Friendly URLs
andyhume
78
6k
Writing Fast Ruby
sferik
627
61k
Building an army of robots
kneath
302
43k
KATA
mclloyd
29
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Raft: Consensus for Rubyists
vanstee
136
6.6k
What's new in Ruby 2.0
geeforr
343
31k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
110
GraphQLとの向き合い方2022年版
quramy
43
13k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k

Transcript

  1. MIGRATE WORDPRESS TO HTTPS IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https WORDPRESS

    ORLANDO MEETUP APRIL 2016

  2. WHAT IS HTTPS ▸ SSL first created in 1996 ▸

    SSL to TLS in 1999 ▸ Public and Private Keys @irinablumenfeld #wporl

  3. ▸ Authentication - am I talking to who they claim

    to be? ▸ Data Integrity - has anyone tampered with the data? ▸ Encryption - no more eavesdropping ▸ Better Ranking - Google gives preferred ranking ▸ HTTP/2 protocol support - (if host supports HTTP/2) BENEFITS OF HTTPS @irinablumenfeld #wporl

  4. HTTP1/1.1 - HTTP/2 HTTP1/1.1 HTTP/2 @irinablumenfeld #wporl

  5. HTTP/1.1 AND HTTP/2 COMPARISON Demo from Cloudflare Load Time: 1.95

    s Load Time: 0.33 s @irinablumenfeld #wporl

  6. SHA-2 Google, Microsoft and Mozilla will flag SHA-1 Certificates as

    Insecure on January 1, 2017 d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd 0f01ed56a1e32a05e5ef96e4d779f34784af9a96 SHA-1 SHA-2 @irinablumenfeld #wporl

  7. EXTENDED (EV) SSL @irinablumenfeld #wporl

  8. HTTPS as a ranking signal in https://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html @irinablumenfeld #wporl

  9. HTTP sites will be marked unsafe in Google Chrome https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure

    @irinablumenfeld #wporl

  10. https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure experiment in Chrome URL:
 chrome://flags @irinablumenfeld #wporl

  11. HTTPS ADOPTION Source: http://httparchive.org/ @irinablumenfeld #wporl

  12. AREN’T THE CERTIFICATES EXPENSIVE? @irinablumenfeld #wporl

  13. FREE SSL OPTION # 1 @irinablumenfeld #wporl

  14. LET’S ENCRYPT letsencrypt.org @irinablumenfeld #wporl

  15. LET’S ENCRYPT ADOPTION @irinablumenfeld #wporl

  16. LET’S ENCRYPT TLS/SSL In cPanel - Security widget @irinablumenfeld #wporl

  17. SNI - SERVER NAME INDICATION No Need for Dedicated IP

    Address @irinablumenfeld #wporl

  18. 1. Migrate Existing Content to HTTPS 2. Redirect all pages

    to HTTPS AFTER YOU INSTALL SSL @irinablumenfeld #wporl

  19. MAKE A BACKUP @irinablumenfeld #wporl

  20. LET’S ENCRYPT TLS/SSL ▸ Install SSL on the server ▸

    Install Really Simple SSL plugin - Activate it

  21. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  22. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  23. REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

  24. ▸ Images ▸ Javascript and CSS files ▸ Links ▸

    Widgets ▸ Third Parties - Ads, Analytics ▸ CDN MIXED CONTENT @irinablumenfeld #wporl

  25. MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

  26. MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

  27. FIXING MIXED CONTENT <script src="http://example.com/script.js"></script> BAD <script src=“https://example.com/script.js”></script> GOOD @irinablumenfeld

    #wporl

  28. <a href="http://example.com/bar"> Don't link to insecure pages!!! BAD <a href=“https://example.com”>

    GOOD FIXING MIXED CONTENT @irinablumenfeld #wporl

  29. HTTP/HTTPS ICONS @irinablumenfeld #wporl

  30. REDIRECT LOOP bit.ly/redirect-loop @irinablumenfeld #wporl

  31. FREE SSL OPTION # 2 @irinablumenfeld #wporl

  32. CLOUDFLARE FREE FLEXIBLE SSL cloudflare.com/ssl @irinablumenfeld #wporl

  33. ▸ CDN ▸ Optimization ▸ Security ▸ DDoS Protection WHAT

    IS CLOUDFLARE??? @irinablumenfeld #wporl

  34. CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  35. ▸ Create an account on CloudFlare.com ▸ Change Nameservers in

    Domain Registrar (in DNS Settings)
 Example: bob.ns.cloudflare.com, lola.ns.cloudflare.com
 CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  36. ▸ Choose Flexible SSL option CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld

    #wporl

  37. ▸ In 24 hrs check if SSL has been issued

    (Free account) CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  38. Before SSL is issued: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  39. ▸ Install CloudFlare Flexible SSL Plugin - Activate it In

    http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  40. ▸ Install SSL Insecure Content Fixer Plugin - Activate it

    In http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL

  41. SSL INSECURE CONTENT FIXER

  42. Browse to https://yoursite.com CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

  43. TEST TOOLS - WHY NO PADLOCK? @irinablumenfeld #wporl

  44. TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

  45. TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

  46. CLOUDFLARE FREE FLEXIBLE SSL In Page Rules section - new

    rule: *your-domain.com* @irinablumenfeld #wporl

  47. CLOUDFLARE STRICT SSL @irinablumenfeld #wporl

  48. VIEW SSL

  49. VIEW SSL

  50. UPDATE GOOGLE ANALYTICS https://support.google.com/webmasters/answer/6033049

  51. HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

  52. HSTS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload” </IfModule>

    in .htaccess file HTTP Strict Transport Security (HSTS) http://bit.ly/enable-hsts @irinablumenfeld #wporl

  53. HSTS HTTP Strict Transport Security (HSTS) https://hstspreload.appspot.com Request Preload -

    Only if you support HTTPS for the long term @irinablumenfeld #wporl

  54. HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

  55. TEST SSL https://www.ssllabs.com/ssltest @irinablumenfeld #wporl

  56. THANK YOU QUESTIONS? IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https