Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Why and how to use WordPress with HTTPS

6574ee7c61e5e961ba64928fad6615e5?s=47 Jan Thiel
September 19, 2015

Why and how to use WordPress with HTTPS

Lightning talk held at the WordCamp Europe 2015 about the benefits of HTTPS on WordPress Sites.

6574ee7c61e5e961ba64928fad6615e5?s=128

Jan Thiel

September 19, 2015
Tweet

Transcript

  1. The Missing Link Empowering WordPress with HTTPS

  2. HTTPS Validation Levels • Domain Validation – Encrypt the communication

    – No clue who you are talking to • Organisation Validation – Encrypt the communication – Basic authentification of communication partner • „Extended Validation“ – Encryption of communication – Extended authentification of communication partner
  3. What is HTTPS? • Usecases in the browser Browser Encrypting

    the data transfer (TLS) Browser Authenticate who you are talking to Domain Validation Org Validation Extended Validation Domain Validation Org Validation Extended Validation
  4. What makes it secure? • Used cypher suites (DES,RC4, RSA,

    DH, ECDH) • Used hash algorhythms (SHA-1 vs SHA-256) • Server configuration (SSLv3, TLSv1, TLSv1.1, TLSv1.2, Perfect Forward Secrecy) • Certificate provider („Root Certificat“ – Honest Achmet, Verisign, Comodo, Mozilla)
  5. WHY TO USE HTTPS?

  6. Security • Encrypt your communication • Safely log in to

    your WordPress
  7. SEO • Google loves HTTPS

  8. Trust • Customer feels save to enter personal data •

    Transport security for submitted form data
  9. HTTP/2 • HTTP/2 is the „future of the web“ •

    Major browsers and webserver will only support HTTP/2 via HTTPS
  10. FIXING THE MISSING LINK

  11. Expedition Preparations 1. Get a HTTPS Certificate and install it

    on your server
  12. Digging to the core • Deep down in the general

    settings… – Small but powerful: siteurl and home – Add the missing S
  13. Digging to the core • Deep down in the general

    settings… – Small but powerful: siteurl and home – Add the missing S 100% Core - 100% clean – 100% HTTPS
  14. Watch out for … • existing content • … plugins

    and themes with hardcoded http:// includes • … external includes you add with http:// • … ad networks with prehistoric http only
  15. … and make it better! • Migrate existing content with

    DB search and replace Plugins • Includes – External: https:// – Internal: Consider // instead of http:// • AdNetworks – Nag them to move to HTTPS or leave!
  16. HTTPS WordPress Core! HTTPSify your site now!

  17. The one last thing • https://letsencrypt.org/

  18. Questions or need help? Let‘s talk! Jan Thiel Jan@WeLoveWP.eu https://WeLoveWP.eu

    Icons made by Freepik from www.flaticon.com are licensed under CC BY 3.0