Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Why and how to use WordPress with HTTPS

Jan Thiel
September 19, 2015
Technology
0
320

Why and how to use WordPress with HTTPS

Lightning talk held at the WordCamp Europe 2015 about the benefits of HTTPS on WordPress Sites.

Jan Thiel

September 19, 2015
Tweet

More Decks by Jan Thiel

See All by Jan Thiel
WordPress Performance Optimierungen v2
janthiel
0
300
Performance, Security und Datenschutz bei der Einbindung von 3rd Party Code
janthiel
1
72
WordCamp Berlin 2017 - WordPress Architektur Grundlagen
janthiel
0
100
Mythbusters - WordPress Performance Optimierung
janthiel
0
240
WordPress Performance Optimierungen
janthiel
0
410
WordPress und HTTPS - SEO und Sicherheit mit HTTPS Zertifikaten
janthiel
0
750
Barrierefreiheit für Webseiten und Webanwendungen
janthiel
0
460
WordCamp Warsaw 2014 - Data Privacy and why you really should matter
janthiel
0
46
Mehrsprachigkeit in WordPress - WPML vs Multilingualpress Pro
janthiel
1
1.2k

Other Decks in Technology

See All in Technology
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
320
いざ、BSC討伐の旅
nikinusu
2
710
End of Barrel Files: New Modularization Techniques with Sheriff
rainerhahnekamp
0
290
20241108_CS_LLMMT
shigashiyama
0
260
製造現場のデジタル化における課題とPLC Data to Cloudによる新しいアプローチ
hamadakoji
0
220
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
1
430
組み込みLinuxの時系列
puhitaku
4
1k
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
28k
Team Dynamicsを目指すウイングアーク1stのQAチーム
sadonosake
1
280
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
240
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
2
890
フルカイテン株式会社 採用資料
fullkaiten
0
40k

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Faster Mobile Websites
deanohume
305
30k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
15
2.1k
The Cult of Friendly URLs
andyhume
78
6k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Writing Fast Ruby
sferik
627
61k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k

Transcript

  1. The Missing Link Empowering WordPress with HTTPS

  2. HTTPS Validation Levels • Domain Validation – Encrypt the communication

    – No clue who you are talking to • Organisation Validation – Encrypt the communication – Basic authentification of communication partner • „Extended Validation“ – Encryption of communication – Extended authentification of communication partner

  3. What is HTTPS? • Usecases in the browser Browser Encrypting

    the data transfer (TLS) Browser Authenticate who you are talking to Domain Validation Org Validation Extended Validation Domain Validation Org Validation Extended Validation

  4. What makes it secure? • Used cypher suites (DES,RC4, RSA,

    DH, ECDH) • Used hash algorhythms (SHA-1 vs SHA-256) • Server configuration (SSLv3, TLSv1, TLSv1.1, TLSv1.2, Perfect Forward Secrecy) • Certificate provider („Root Certificat“ – Honest Achmet, Verisign, Comodo, Mozilla)

  5. WHY TO USE HTTPS?

  6. Security • Encrypt your communication • Safely log in to

    your WordPress

  7. SEO • Google loves HTTPS

  8. Trust • Customer feels save to enter personal data •

    Transport security for submitted form data

  9. HTTP/2 • HTTP/2 is the „future of the web“ •

    Major browsers and webserver will only support HTTP/2 via HTTPS

  10. FIXING THE MISSING LINK

  11. Expedition Preparations 1. Get a HTTPS Certificate and install it

    on your server

  12. Digging to the core • Deep down in the general

    settings… – Small but powerful: siteurl and home – Add the missing S

  13. Digging to the core • Deep down in the general

    settings… – Small but powerful: siteurl and home – Add the missing S 100% Core - 100% clean – 100% HTTPS

  14. Watch out for … • existing content • … plugins

    and themes with hardcoded http:// includes • … external includes you add with http:// • … ad networks with prehistoric http only

  15. … and make it better! • Migrate existing content with

    DB search and replace Plugins • Includes – External: https:// – Internal: Consider // instead of http:// • AdNetworks – Nag them to move to HTTPS or leave!

  16. HTTPS WordPress Core! HTTPSify your site now!

  17. The one last thing • https://letsencrypt.org/

  18. Questions or need help? Let‘s talk! Jan Thiel [email protected] https://WeLoveWP.eu

    Icons made by Freepik from www.flaticon.com are licensed under CC BY 3.0