Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BigWP: Delivering the news over HTTPS

14,231 views

Published on

HTTP is dead. Here’s why, and what you need to know to migrate to HTTPS.

Delivered to the BigWP Meetup NYC on September 15, 2015.

Detailed guide: https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-OME/edit

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BigWP: Delivering the news over HTTPS

  1. 1. Delivering the news over HTTPS
  2. 2. Paul Schreiber@paulschreiber
  3. 3. HTTP1991–2015
  4. 4. HTTP1991–2015
  5. 5. HTTP
  6. 6. HTTPS
  7. 7. A Call to Action If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015. —Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014
  8. 8. setup
  9. 9. $  sslmate  mkconfig
  10. 10. https://mozilla.github.io/   server-­‐side-­‐tls/   ssl-­‐config-­‐generator/
  11. 11. HSTS
  12. 12. HTTPS enabled
  13. 13. HTTPS enabled HTTPS default
  14. 14. HTTPS enabled HTTPS default HSTS
  15. 15. HTTPS enabled HTTPS default HSTS HSTS preload
  16. 16. content
  17. 17. content
  18. 18. ads
  19. 19. analytics
  20. 20. CDNs
  21. 21. fonts
  22. 22. content 😕
  23. 23. https://github.com/   bramus/mixed-­‐content-­‐scan
  24. 24. <script  src="//google.com/…   <script  src="https://googl…
  25. 25. <script  src="//google.com/…   <script  src="https://googl…
  26. 26. performance
  27. 27. 2008 HTTPS is slow
  28. 28. 2008 HTTPS is slow 2015 HTTPS is fast
  29. 29. Many graphics from The Noun Project Tombstone by Jakob Wells. Money by Nick Levesque. Shield by Wayne Thayer. SEO by Azis. Gauge by Dalpat Prajapati. Scribble by Michael Chanover. Lock with keyhole by Brennan Novak. Warning by Icomatic. Error by Anas Ramadan.
  30. 30. problems
  31. 31. problems
  32. 32. solved problems
  33. 33. NoHTTPS? ask nicely.
  34. 34. NoHTTPS? SoundCite placehold.it
  35. 35. mixedcontent
  36. 36. mixedcontent $  mixed-­‐content-­‐scan
  37. 37. mixedcontent Content-­‐Security-­‐Policy:      upgrade-­‐insecure-­‐requests
  38. 38. mixedcontent Content-­‐Security-­‐Policy-­‐ Report-­‐Only:  default-­‐src   https:  data:  'self'   'unsafe-­‐inline'  'unsafe-­‐ eval';  report-­‐uri:   https://myserver.com/log-­‐ tool/
  39. 39. mixedcontent

×