Why and how to use WordPress with HTTPS

Slide 1

Slide 1 text

The Missing Link Empowering WordPress with HTTPS

Slide 2

Slide 2 text

HTTPS Validation Levels • Domain Validation – Encrypt the communication – No clue who you are talking to • Organisation Validation – Encrypt the communication – Basic authentification of communication partner • „Extended Validation“ – Encryption of communication – Extended authentification of communication partner

Slide 3

Slide 3 text

What is HTTPS? • Usecases in the browser Browser Encrypting the data transfer (TLS) Browser Authenticate who you are talking to Domain Validation Org Validation Extended Validation Domain Validation Org Validation Extended Validation

Slide 4

Slide 4 text

What makes it secure? • Used cypher suites (DES,RC4, RSA, DH, ECDH) • Used hash algorhythms (SHA-1 vs SHA-256) • Server configuration (SSLv3, TLSv1, TLSv1.1, TLSv1.2, Perfect Forward Secrecy) • Certificate provider („Root Certificat“ – Honest Achmet, Verisign, Comodo, Mozilla)

Slide 5

Slide 5 text

WHY TO USE HTTPS?

Slide 6

Slide 6 text

Security • Encrypt your communication • Safely log in to your WordPress

Slide 7

Slide 7 text

SEO • Google loves HTTPS

Slide 8

Slide 8 text

Trust • Customer feels save to enter personal data • Transport security for submitted form data

Slide 9

Slide 9 text

HTTP/2 • HTTP/2 is the „future of the web“ • Major browsers and webserver will only support HTTP/2 via HTTPS

Slide 10

Slide 10 text

FIXING THE MISSING LINK

Slide 11

Slide 11 text

Expedition Preparations 1. Get a HTTPS Certificate and install it on your server

Slide 12

Slide 12 text

Digging to the core • Deep down in the general settings… – Small but powerful: siteurl and home – Add the missing S

Slide 13

Slide 13 text

Digging to the core • Deep down in the general settings… – Small but powerful: siteurl and home – Add the missing S 100% Core - 100% clean – 100% HTTPS

Slide 14

Slide 14 text

Watch out for … • existing content • … plugins and themes with hardcoded http:// includes • … external includes you add with http:// • … ad networks with prehistoric http only

Slide 15

Slide 15 text

… and make it better! • Migrate existing content with DB search and replace Plugins • Includes – External: https:// – Internal: Consider // instead of http:// • AdNetworks – Nag them to move to HTTPS or leave!

Slide 16

Slide 16 text

HTTPS WordPress Core! HTTPSify your site now!

Slide 17

Slide 17 text

The one last thing • https://letsencrypt.org/

Slide 18

Slide 18 text

Questions or need help? Let‘s talk! Jan Thiel [email protected] https://WeLoveWP.eu Icons made by Freepik from www.flaticon.com are licensed under CC BY 3.0