SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
This is a slide deck from a talk I gave at the Melbourne WordPress Meetup about SSL/HTTPS. It covers the basics on what it SSL is, if you should be using it, and how to enable it on your WordPress site.
This is a slide deck from a talk I gave at the Melbourne WordPress Meetup about SSL/HTTPS. It covers the basics on what it SSL is, if you should be using it, and how to enable it on your WordPress site.
1.
SSL/HTTPS
What, When and How!
Chris Burgess – Melbourne
WordPress Meetup 2017
@chrisburgess chrisburgess.com.au
2.
Overview
• What is SSL?
• SSL growth
• When should you use SSL?
• Cost of an SSL certificate
• Enabling SSL in WordPress
• Common pitfalls
• Benefits
• SSL tools
• Further reading
5.
SSL by Default 2016-2017
https://trends.builtwith.com
6.
What is SSL? (via Wikipedia)
• HTTPS (also called HTTP over TLS,[1][2] HTTP
over SSL,[3] and HTTP Secure[4][5]) is
a protocol for secure communication over
a computer network which is widely used on
the Internet. HTTPS consists of communication
over Hypertext Transfer Protocol (HTTP) within a
connection encrypted by Transport Layer
Security, or its predecessor, Secure Sockets Layer.
The main motivation for HTTPS
is authentication of the visited website and
protection of the privacy and integrity of the
exchanged data.
7.
The Difference Between HTTP and
HTTPS Traffic
http://stackoverflow.com/questions/33934408/intercept-html-form-post-data
8.
When Should You Use SSL?
• Ecommerce sites
• Whenever dealing with sensitive data
• When user trust matters
10.
Enabling SSL
• In theory, changing your home and site URL in
WordPress should be enough:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
• In practice, we sometimes need some extra
help
11.
Forcing SSL for Logins
// Force SSL all WordPress
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );
16.
Cost of an SSL Certificate
• $10 to $10,000
• Average cost $50 - $150 for single domain
• Wildcard (for multiple subdomains) can cost a
little more
• Let’s Encrypt is free!
28.
A Basic SEO-friendly SSL Migration
Checklist
• Add https variants in Google Search Console
• Check and fix any hard coded resources that would cause
mixed content warnings, ideally use relative rather than
absolute URLs
• Update internal links to https variant
• Ensure 301 redirects are in place for all http URLs
• Update sitemap links (but do not replace old sitemap until
301s are indexed) and robots.txt (if used)
• Test all URLs are accessible, fetch and render with
Googlebot
• Configure the web server to send SSL headers (optional)
29.
Further Reading
https://www.feistyduck.com/books/bulletproof-ssl-and-tls/