Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress and SSL

203 views

Published on

This is a slide deck from a talk I gave at the Melbourne WordPress Meetup about SSL/HTTPS. It covers the basics on what it SSL is, if you should be using it, and how to enable it on your WordPress site.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WordPress and SSL

  1. 1. SSL/HTTPS What, When and How! Chris Burgess – Melbourne WordPress Meetup 2017 @chrisburgess chrisburgess.com.au
  2. 2. Overview • What is SSL? • SSL growth • When should you use SSL? • Cost of an SSL certificate • Enabling SSL in WordPress • Common pitfalls • Benefits • SSL tools • Further reading
  3. 3. https://wptavern.com/more-than-50-of-web-traffic-is-now-encrypted
  4. 4. HTTP Requests 2011-2017 http://httparchive.org/
  5. 5. SSL by Default 2016-2017 https://trends.builtwith.com
  6. 6. What is SSL? (via Wikipedia) • HTTPS (also called HTTP over TLS,[1][2] HTTP over SSL,[3] and HTTP Secure[4][5]) is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.
  7. 7. The Difference Between HTTP and HTTPS Traffic http://stackoverflow.com/questions/33934408/intercept-html-form-post-data
  8. 8. When Should You Use SSL? • Ecommerce sites • Whenever dealing with sensitive data • When user trust matters
  9. 9. When Should You Use SSL?
  10. 10. Enabling SSL • In theory, changing your home and site URL in WordPress should be enough: define('WP_HOME','http://example.com'); define('WP_SITEURL','http://example.com'); • In practice, we sometimes need some extra help
  11. 11. Forcing SSL for Logins // Force SSL all WordPress define( 'FORCE_SSL_LOGIN', true ); define( 'FORCE_SSL_ADMIN', true );
  12. 12. Mixed Content
  13. 13. WooCommerce
  14. 14. cPanel SSL Management
  15. 15. cPanel SSL Management
  16. 16. Cost of an SSL Certificate • $10 to $10,000 • Average cost $50 - $150 for single domain • Wildcard (for multiple subdomains) can cost a little more • Let’s Encrypt is free!
  17. 17. WP Force SSL
  18. 18. Easy HTTPS Redirection
  19. 19. Really Simple SSL
  20. 20. Mixed Content Report @ Why No Padlock https://www.whynopadlock.com/
  21. 21. SSL Checker @ SSLShopper https://www.sslshopper.com/ssl-checker.html/
  22. 22. SSL Server Test @ Qualsys SSL Labs https://www.ssllabs.com/ssltest/
  23. 23. Mozilla SSL Configuration Generator https://mozilla.github.io/server-side-tls/ssl-config-generator/
  24. 24. OpenSSL Testing • You can also use OpenSSL for testing, example: > openssl s_client -connect example.com.au:443 -servername example.com.au -status
  25. 25. Let’s Encrypt https://letsencrypt.org/
  26. 26. Ranking Boost (2014) http://searchengineland.com/google-starts-giving-ranking-boost-secure-httpsssl-sites-199446
  27. 27. Ranking Boost (2014)
  28. 28. A Basic SEO-friendly SSL Migration Checklist • Add https variants in Google Search Console • Check and fix any hard coded resources that would cause mixed content warnings, ideally use relative rather than absolute URLs • Update internal links to https variant • Ensure 301 redirects are in place for all http URLs • Update sitemap links (but do not replace old sitemap until 301s are indexed) and robots.txt (if used) • Test all URLs are accessible, fetch and render with Googlebot • Configure the web server to send SSL headers (optional)
  29. 29. Further Reading https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
  30. 30. Further Reading • https://wptavern.com/more-than-50-of-web- traffic-is-now-encrypted • http://www.wpbeginner.com/wp- tutorials/how-to-add-ssl-and-https-in- wordpress/ • https://moz.com/blog/seo-tips-https-ssl • https://chrislanauze.com/design- development/wordpress-meetup/how-to- configure-https-on-wordpress-683/
  31. 31. Thanks! Chris Burgess – Melbourne WordPress Meetup 2017 @chrisburgess @chrisburgess chrisburgess.com.au

×