Tweet
Tweet

Slide 1

Slide 1 text

MIGRATE WORDPRESS TO HTTPS IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https WORDPRESS ORLANDO MEETUP APRIL 2016

Slide 2

Slide 2 text

WHAT IS HTTPS ▸ SSL first created in 1996 ▸ SSL to TLS in 1999 ▸ Public and Private Keys @irinablumenfeld #wporl

Slide 3

Slide 3 text

▸ Authentication - am I talking to who they claim to be? ▸ Data Integrity - has anyone tampered with the data? ▸ Encryption - no more eavesdropping ▸ Better Ranking - Google gives preferred ranking ▸ HTTP/2 protocol support - (if host supports HTTP/2) BENEFITS OF HTTPS @irinablumenfeld #wporl

Slide 4

Slide 4 text

HTTP1/1.1 - HTTP/2 HTTP1/1.1 HTTP/2 @irinablumenfeld #wporl

Slide 5

Slide 5 text

HTTP/1.1 AND HTTP/2 COMPARISON Demo from Cloudflare Load Time: 1.95 s Load Time: 0.33 s @irinablumenfeld #wporl

Slide 6

Slide 6 text

SHA-2 Google, Microsoft and Mozilla will flag SHA-1 Certificates as Insecure on January 1, 2017 d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd 0f01ed56a1e32a05e5ef96e4d779f34784af9a96 SHA-1 SHA-2 @irinablumenfeld #wporl

Slide 7

Slide 7 text

EXTENDED (EV) SSL @irinablumenfeld #wporl

Slide 8

Slide 8 text

HTTPS as a ranking signal in https://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html @irinablumenfeld #wporl

Slide 9

Slide 9 text

HTTP sites will be marked unsafe in Google Chrome https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure @irinablumenfeld #wporl

Slide 10

Slide 10 text

https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure experiment in Chrome URL:
 chrome://flags @irinablumenfeld #wporl

Slide 11

Slide 11 text

HTTPS ADOPTION Source: http://httparchive.org/ @irinablumenfeld #wporl

Slide 12

Slide 12 text

AREN’T THE CERTIFICATES EXPENSIVE? @irinablumenfeld #wporl

Slide 13

Slide 13 text

FREE SSL OPTION # 1 @irinablumenfeld #wporl

Slide 14

Slide 14 text

LET’S ENCRYPT letsencrypt.org @irinablumenfeld #wporl

Slide 15

Slide 15 text

LET’S ENCRYPT ADOPTION @irinablumenfeld #wporl

Slide 16

Slide 16 text

LET’S ENCRYPT TLS/SSL In cPanel - Security widget @irinablumenfeld #wporl

Slide 17

Slide 17 text

SNI - SERVER NAME INDICATION No Need for Dedicated IP Address @irinablumenfeld #wporl

Slide 18

Slide 18 text

1. Migrate Existing Content to HTTPS 2. Redirect all pages to HTTPS AFTER YOU INSTALL SSL @irinablumenfeld #wporl

Slide 19

Slide 19 text

MAKE A BACKUP @irinablumenfeld #wporl

Slide 20

Slide 20 text

LET’S ENCRYPT TLS/SSL ▸ Install SSL on the server ▸ Install Really Simple SSL plugin - Activate it

Slide 21

Slide 21 text

REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

Slide 22

Slide 22 text

REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

Slide 23

Slide 23 text

REALLY SIMPLE SSL PLUGIN @irinablumenfeld #wporl

Slide 24

Slide 24 text

▸ Images ▸ Javascript and CSS files ▸ Links ▸ Widgets ▸ Third Parties - Ads, Analytics ▸ CDN MIXED CONTENT @irinablumenfeld #wporl

Slide 25

Slide 25 text

MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

Slide 26

Slide 26 text

MIXED CONTENT PROBLEMS @irinablumenfeld #wporl

Slide 27

Slide 27 text

FIXING MIXED CONTENT BAD GOOD @irinablumenfeld #wporl

Slide 28

Slide 28 text

Don't link to insecure pages!!! BAD GOOD FIXING MIXED CONTENT @irinablumenfeld #wporl

Slide 29

Slide 29 text

HTTP/HTTPS ICONS @irinablumenfeld #wporl

Slide 30

Slide 30 text

REDIRECT LOOP bit.ly/redirect-loop @irinablumenfeld #wporl

Slide 31

Slide 31 text

FREE SSL OPTION # 2 @irinablumenfeld #wporl

Slide 32

Slide 32 text

CLOUDFLARE FREE FLEXIBLE SSL cloudflare.com/ssl @irinablumenfeld #wporl

Slide 33

Slide 33 text

▸ CDN ▸ Optimization ▸ Security ▸ DDoS Protection WHAT IS CLOUDFLARE??? @irinablumenfeld #wporl

Slide 34

Slide 34 text

CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 35

Slide 35 text

▸ Create an account on CloudFlare.com ▸ Change Nameservers in Domain Registrar (in DNS Settings)
 Example: bob.ns.cloudflare.com, lola.ns.cloudflare.com
 CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 36

Slide 36 text

▸ Choose Flexible SSL option CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 37

Slide 37 text

▸ In 24 hrs check if SSL has been issued (Free account) CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 38

Slide 38 text

Before SSL is issued: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 39

Slide 39 text

▸ Install CloudFlare Flexible SSL Plugin - Activate it In http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 40

Slide 40 text

▸ Install SSL Insecure Content Fixer Plugin - Activate it In http://yoursite.com/wp-admin: CLOUDFLARE FREE FLEXIBLE SSL

Slide 41

Slide 41 text

SSL INSECURE CONTENT FIXER

Slide 42

Slide 42 text

Browse to https://yoursite.com CLOUDFLARE FREE FLEXIBLE SSL @irinablumenfeld #wporl

Slide 43

Slide 43 text

TEST TOOLS - WHY NO PADLOCK? @irinablumenfeld #wporl

Slide 44

Slide 44 text

TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

Slide 45

Slide 45 text

TEST TOOLS - CHROME DEV TOOLS @irinablumenfeld #wporl

Slide 46

Slide 46 text

CLOUDFLARE FREE FLEXIBLE SSL In Page Rules section - new rule: *your-domain.com* @irinablumenfeld #wporl

Slide 47

Slide 47 text

CLOUDFLARE STRICT SSL @irinablumenfeld #wporl

Slide 48

Slide 48 text

VIEW SSL

Slide 49

Slide 49 text

VIEW SSL

Slide 50

Slide 50 text

UPDATE GOOGLE ANALYTICS https://support.google.com/webmasters/answer/6033049

Slide 51

Slide 51 text

HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

Slide 52

Slide 52 text

HSTS Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload” in .htaccess file HTTP Strict Transport Security (HSTS) http://bit.ly/enable-hsts @irinablumenfeld #wporl

Slide 53

Slide 53 text

HSTS HTTP Strict Transport Security (HSTS) https://hstspreload.appspot.com Request Preload - Only if you support HTTPS for the long term @irinablumenfeld #wporl

Slide 54

Slide 54 text

HSTS HTTP Strict Transport Security (HSTS) @irinablumenfeld #wporl

Slide 55

Slide 55 text

TEST SSL https://www.ssllabs.com/ssltest @irinablumenfeld #wporl

Slide 56

Slide 56 text

THANK YOU QUESTIONS? IRINA BLUMENFELD @irinablumenfeld #wporl https://www.netmagik.com/migrate-wordpress-to-https