Download to read offline
![EXPERTISE:
REDIRECTS IN .HTACCESS
https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
WRONG!!!
NOT A 301](https://image.slidesharecdn.com/everyone-screws-up-https-151020014404-lva1-app6892/85/Everyone-Screws-Up-HTTPS-14-320.jpg)
![EXPERTISE:
REDIRECTS IN .HTACCESS CORRECTED
# Force HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
</IfModule>](https://image.slidesharecdn.com/everyone-screws-up-https-151020014404-lva1-app6892/85/Everyone-Screws-Up-HTTPS-15-320.jpg)
![RISKS
“Moved from HTTP to HTTPS, now SEO is in the
ditch.”
“switched to the https version...After that the
ranking on Google dropped for almost every
keyword.”
“Huge drop [50%] in traffic after HTTPS move”](https://image.slidesharecdn.com/everyone-screws-up-https-151020014404-lva1-app6892/85/Everyone-Screws-Up-HTTPS-17-320.jpg)
Uploaded bypatrickstox
Everyone Screws Up HTTPS
This document discusses HTTPS, a protocol that encrypts communications between browsers and websites to secure data transmission. It notes that HTTPS helps prevent tampering, supports user identity verification and encrypted communication, and may boost search rankings. While HTTPS improves security, it requires technical expertise to properly implement, including obtaining certificates, enabling encryption at the server level, ensuring proper redirects, and avoiding common WordPress issues. The document outlines both benefits and potential risks of moving a site to HTTPS.
More Related Content
Similar to Everyone Screws Up HTTPS
Everyone Screws Up HTTPS
- 1.
- 2. WHAT IS HTTPS APROTOCOL MADE TO SECURE COMMUNICATIONS BETWEEN YOUR BROWSER AND A WEBSITE BY ENCRYPTING THE DATA, ENSURING THE DATA HAS NOT BEEN MODIFIED, AND AUTHENTICATING THE RECIPIENT.
- 3. WHY YOU SHOULDBE SECURE •IDENTITY VERIFICATION •ENCRYPTED COMMUNICATION •HELPS PREVENT TAMPERING AND MAN-IN-THE-MIDDLE ATTACKS •TRUST •NO LOSS OF REFERRAL DATA •GOOGLE RANKINGS BOOST?
- 4. USES HTTPS ASA RANKING SIGNAL http://googlewebmastercentral.blogspot.com/2014/ 08/https-as-ranking-signal.html *MAY STRENGTHEN OVER TIME
- 5. GARY ILLYES, GOOGLEWEBMASTER TRENDS ANALYST SAID: “If you're an SEO and you're recommending against going HTTPS, you're wrong and you should feel bad.” https://twitter.com/methode/status/633541668403 310593 MORE RECENTLY, GARY STATED HTTPS IS MORE OF A TIE-BREAKER http://searchengineland.com/googles-gary-illyes- https-may-break-ties-between-two-equal-search- results-230691
- 6. REASONS NOT TOGO SECURE •DOES NOT PREVENT HACKS •COST •EXPERTISE/RISKS
- 7. HTTPS DOES NOT SECUREYOUR WEBSITE •DOWNGRADE ATTACKS •SSL/TLS VULNERABILITIES HEARTBLEED, POODLE, LOGJAM, OH MY! •HACKS OF A WEBSITE, SERVER, OR NETWORK •SOFTWARE VULNERABILITIES •BRUTE FORCE ATTACKS •DDOS ATTACKS
- 8. SECURING •FORCE STRONG PASSWORDS •KEEPCORE AND PLUGINS UPDATED •SCAN FOR MALWARE •SFTP •FILE PERMISSIONS •STOP BOTNET ATTACKS http://codex.wordpress.org/Hardening _WordPress
- 9. COST? THE COST OFA CERTIFICATE DEPENDS ON THE LEVEL OF PROTECTION AND PROVIDER FREE: https://www.startssl.com/ https://letsencrypt.org/ Arriving Q4 2015
- 10. EXPERTISE: HTTPS AT THESERVER LEVEL •MOD_SSL NEEDS TO BE ENABLED •PORT 443 OPENED •PROPERLY CONFIGURED VIRTUAL HOST •SPDY (SPEED IMPROVEMENTS) •OCSP STAPLING (CUTS DOWN ON CHECKS) •SO MUCH MORE
- 11. EXPERTISE: HTTPS FOR WORDPRESS SETTINGS» GENERAL CHANGE WORDPRESS ADDRESS AND SITE ADDRESS TO USE HTTPS: THIS IS NOT ENOUGH AS IT ALLOWS LOADING OF BOTH HTTP AND HTTPS PLUGIN: https://wordpress.org/plugins/wordpress- https/
- 12. EXPERTISE: COMMON WORDPRESS PROBLEMS •NOTUSING RELATIVE URLS •FAILING TO CLEAN UP HARD CODED LINKS •DUPLICATION (HTTP AND HTTPS) •DEPRECATED FUNCTIONS THAT DON’T WORK WITH HTTPS •MIXED CONTENT (CONTENT LOADED FROM HTTP AND HTTPS) •CANONICAL TAG ISSUES
- 13. EXPERTISE: REDIRECTS SHOULD BE DONEAT THE SERVER LEVEL IN THE SERVER CONFIG FILE HTTPD.CONF https://wiki.apache.org/httpd/RedirectSSL MORE OFTEN THAN NOT REDIRECTS EITHER DON’T GET DONE OR GET PLACED IN .HTACCESS
- 14. EXPERTISE: REDIRECTS IN .HTACCESS https://wiki.apache.org/httpd/RewriteHTTPToHTTPS RewriteEngineOn RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] WRONG!!! NOT A 301
- 15. EXPERTISE: REDIRECTS IN .HTACCESSCORRECTED # Force HTTPS <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L] </IfModule>
- 16. EXPERTISE: OTHER .HTACCESS ISSUES •APACHEDEFAULTS TO 302 •CODE NOT PROPERLY PLACED •REDIRECT CHAINS •NOT TESTED
- 17. RISKS “Moved from HTTPto HTTPS, now SEO is in the ditch.” “switched to the https version...After that the ranking on Google dropped for almost every keyword.” “Huge drop [50%] in traffic after HTTPS move”
- 18. BUFFER SAW A90% DROP
- 19. TAKE THESE STORIES WITHA GRAIN OF SALT THEY LIKELY DIDN’T HAVE THE EXPERTISE TO IMPLEMENT HTTPS AND LIKELY WEREN’T SETUP TO TRACK PROPERLY
- 20. EVEN THE BESTOF US FAIL SOMETIMES
- 21.
- 22.