Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Why and how to use WordPress with HTTPS

Jan Thiel
September 19, 2015
Technology
0
280

Why and how to use WordPress with HTTPS

Lightning talk held at the WordCamp Europe 2015 about the benefits of HTTPS on WordPress Sites.

Jan Thiel

September 19, 2015
Tweet

More Decks by Jan Thiel

See All by Jan Thiel
WordPress Performance Optimierungen v2
janthiel
0
250
Performance, Security und Datenschutz bei der Einbindung von 3rd Party Code
janthiel
1
69
WordCamp Berlin 2017 - WordPress Architektur Grundlagen
janthiel
0
96
Mythbusters - WordPress Performance Optimierung
janthiel
0
200
WordPress Performance Optimierungen
janthiel
0
360
WordPress und HTTPS - SEO und Sicherheit mit HTTPS Zertifikaten
janthiel
0
660
Barrierefreiheit für Webseiten und Webanwendungen
janthiel
0
430
WordCamp Warsaw 2014 - Data Privacy and why you really should matter
janthiel
0
38
Mehrsprachigkeit in WordPress - WPML vs Multilingualpress Pro
janthiel
1
1.2k

Other Decks in Technology

See All in Technology
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
260
Reducing Cross-Zone Egress at Spotify with Custom gRPC Load Balancing Recap
koh_naga
0
210
障害対応をちょっとずつよくしていくための 演習の作りかた
heleeen
0
230
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
2
240
私が trocco を推す理由
__allllllllez__
1
250
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
0
310
LangSmith入門―トレース/評価/プロンプト管理などを担うLLMアプリ開発プラットフォーム
os1ma
3
330
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
550
LLM開発・活用の舞台裏@2024.04.25
yushin_n
1
350
JAWS-UG Bedrock Claude Night
yamahiro
3
610
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
170
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120

Featured

See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Infographics Made Easy
chrislema
238
18k
Clear Off the Table
cherdarchuk
84
310k
What's in a price? How to price your products and services
michaelherold
237
11k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
14
1.5k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Atom: Resistance is Futile
akmur
259
25k
Design by the Numbers
sachag
274
18k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
78
43k
Building an army of robots
kneath
300
41k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
121
39k

Transcript

  1. The Missing Link Empowering WordPress with HTTPS

  2. HTTPS Validation Levels • Domain Validation – Encrypt the communication

    – No clue who you are talking to • Organisation Validation – Encrypt the communication – Basic authentification of communication partner • „Extended Validation“ – Encryption of communication – Extended authentification of communication partner

  3. What is HTTPS? • Usecases in the browser Browser Encrypting

    the data transfer (TLS) Browser Authenticate who you are talking to Domain Validation Org Validation Extended Validation Domain Validation Org Validation Extended Validation

  4. What makes it secure? • Used cypher suites (DES,RC4, RSA,

    DH, ECDH) • Used hash algorhythms (SHA-1 vs SHA-256) • Server configuration (SSLv3, TLSv1, TLSv1.1, TLSv1.2, Perfect Forward Secrecy) • Certificate provider („Root Certificat“ – Honest Achmet, Verisign, Comodo, Mozilla)

  5. WHY TO USE HTTPS?

  6. Security • Encrypt your communication • Safely log in to

    your WordPress

  7. SEO • Google loves HTTPS

  8. Trust • Customer feels save to enter personal data •

    Transport security for submitted form data

  9. HTTP/2 • HTTP/2 is the „future of the web“ •

    Major browsers and webserver will only support HTTP/2 via HTTPS

  10. FIXING THE MISSING LINK

  11. Expedition Preparations 1. Get a HTTPS Certificate and install it

    on your server

  12. Digging to the core • Deep down in the general

    settings… – Small but powerful: siteurl and home – Add the missing S

  13. Digging to the core • Deep down in the general

    settings… – Small but powerful: siteurl and home – Add the missing S 100% Core - 100% clean – 100% HTTPS

  14. Watch out for … • existing content • … plugins

    and themes with hardcoded http:// includes • … external includes you add with http:// • … ad networks with prehistoric http only

  15. … and make it better! • Migrate existing content with

    DB search and replace Plugins • Includes – External: https:// – Internal: Consider // instead of http:// • AdNetworks – Nag them to move to HTTPS or leave!

  16. HTTPS WordPress Core! HTTPSify your site now!

  17. The one last thing • https://letsencrypt.org/

  18. Questions or need help? Let‘s talk! Jan Thiel [email protected] https://WeLoveWP.eu

    Icons made by Freepik from www.flaticon.com are licensed under CC BY 3.0