Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to SSL and Wordpress
Similar to SSL and Wordpress (20)
Recently uploaded
Recently uploaded (20)
SSL and Wordpress
- 1. SSL - Part Deux WPTODoers January 2017
- 2. Brief recap of December's presentation • SSL stands for Secure Sockets Layer. Source: www.digicert.com
- 3. Types and installation Dedicated: • not free (exception is letsencrypt.org) • one per domain • usually includes insurance • should be used for commercial ventures Shared: • free • host provider uses for multiple domains • perfectly fine for a blog Two types Notes: Have your host provider install it unless your are technically capable. Host provider will likely have limitations on what you are permitted to do.
- 4. How do I know a website is secure? Look for a website starting with https:// Chrome Firefox Secure sites: Not Secure sites: Chrome Firefox Edge Edge IE: IE:
- 5. How do I know a website is secure? Chrome example: click on the symbol Then you will see:
- 6. How do I know a website is secure? Chrome example: click on “Details” Then you will see: You will have to click on F5 to get this going
- 7. How do I know a website is secure? Then you will see: Click on view certificate details
- 8. Okay, the certificate is installed, now what do I do? • Six more steps • Will vary depending on your circumstances • No PhP or Java to finish this successfully (Yay!) So here we go.....
- 9. 1. Update the settings in your site's WP Dashboard
- 10. 2. Update your .htaccess file What's a 301 redirect? A 301 redirect is a command used to tell the search engines that a page has permanently moved, and that you want them to index the new page and drop the old one from their index. Think of it as a change of address card for the web. As long as everything is done correctly, a 301 redirect will ensure that you keep the rankings earned by the old page and prevent duplicate content that could arise if the engines were to index both versions of your site. Source: www.bruceclay.com Redirect your users to the new URL for your site by changing your .htaccess file in front of your wordpress site.
- 11. Updating your .htaccess file
- 12. Updating your .htaccess file
- 13. Updating your .htaccess file
- 14. Other options for completing a 301 redirect • Update your 301 redirects in Yoast (premium version) • Edit your .htaccess file manually (not recommended unless you really know what you are doing)
- 15. Test of course! 1. Clear your browser cache and purge your site cache if you have one. 2. Browse to your website. Check the symbol. 3. Not secure? Click View details. or test using www.whynopadlock.com. 4. Test all of the functionality on your site, links, buttons, images.
- 16. Clearing browser cache Chrome example click F5 button to clear and reload the current page OR
- 17. Clearing browser cache Click to clear
- 19. Using www.whynopadlock.com - example
- 20. 3. http:// reference check
- 21. 4. Do you use a CDN? What's a CDN? A content delivery network or content distribution network (CDN) is a large distributed system of servers deployed in multiple data centres across the Internet. The goal of a CDN is to serve content to end-users with high availability and high performance. Source: wikipedia
- 22. 4. Do you use a CDN?
- 23. 5. Update your search engine registrations are we there yet? ......
- 24. Updating your search engine registrations
- 25. Updating your search engine registrations
- 26. Updating your search engine registrations - no Yoast
- 27. 6. Update your privacy policy Make sure your visitors know SSL was a conscious act on your part and re-emphasize that you take your user's security seriously... extract from www.trickswithsticks.ca privacy policy “Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.”
- 28. BTW... I'm Peg Perry, B.Math, MBA, MCPM pegperry@gmail.com Avid knitter, proprietor of www.trickswithsticks.ca, moving on after a 40 year career in classic IT, ending with a speciality in CRM systems, fairly new to Wordpress but finding delight in all its possibilities. ......yup we're done! /30 THANKS!
Editor's Notes
- Welcome to part 2 of SSL My name is Peg Perry and this is a follow-on to Conrad's presentation from December Conrad looked at types of certificates and the steps needed to install on your host Today we'll look at the additional steps needed to fully implement SSL on a Wordpress site. There are pros in the room and they are welcome to chime in if I need some help This session is intended for beginning to intermediate wordpressors so feel free to stop me with questions as we go if something is not completely clear.
- For those who weren't here in December or need a refresher we'll start with a very fast recap of what Conrad covered previously = we need it as an intro for today's material SSL creates an encrypted pipe between the user's PC and your server. Aware users do not submit private information to non-secure sites: So an SSL certificate should be considered mandatory for commercial websites Google's direction is to move all sites on the web to a secure state. Will be a significant ranking factor for Google starting in 2017: so an SSL certificate is also highly recommended for non-commercial sites
- In December Conrad described two types of certificates, dedicated and shared Dedicated SSL gives you a dedicated IP so there must always be one domain per certificate. There are different levels of dedicated at increasing costs providing increased levels of insurance and security Installing an SSL certificate is not an easy process so it's best to have your provider do the install. Letsencrypt is a good solution for wordpress.com users. There is support documentation in the wordpresss.com support forums for that.
- Conrad explained that any user can check the status of any website and that different browsers have different ways of displaying the information on the status I've listed examples of what you see in a URL for a secure site and an insecure site here for the Chrome, Firefox Edge and IE browsers
- let's go through an example using Chrome - do demo if possible www.nixthetricks.com Click on the lock or i symbol to open a pop-up window which giving you a summary of the security status Then you can click on Details to get even more information This site warns you that it is not secure demo site is www.nixthetricks.com which is not secure
- When you click on on Details you get even more information on the right of the screen you can see each resource being used by the page Chrome has identified them with a green or red button, depending on whether they are secure or not
- Now let's look at a secure site which has a certificate Then click on view certificate to get the details of the certificate do the demo with tricks it's all perfectly transparent This is the same process you will use in your testing of your own certificate Different browsers do these steps differently so experiment with your favourite browser and figure out how it works
- That's pretty much what we covered in December. But whether it's a free or dedicated certificate, there are some additional steps that you need to do in the front end of Wordpress, in order to complete the implementation. Most of the guidance I've seen in forums refer to 2 additional steps but I have found that there are more than that Depending on your circumstances you may not need all of the six steps I'm going to outline here. The good news is that none of these require Java or php so you probably won't need any more expert help to complete the implementation.
- The first step is to navigate to your site's Dashboard and update the General Settings Does everyone here know how to find the General Settings on the Dashboard? If not, you will need help with all this and you should seek it out before doing any of this. Update both the Wordpress URL and the site address URL and save the new settings
- Sites have htaccess files that control access to the sites. However, Conrad found that it is not applicable to sites hosted on Siteground so skip this step if your host is Siteground. The file not part of your actual wordpress site, it sits in front of all the wordpress stuff. Think of it as the gateway to the site. So you access it from cPanel usually not wordpress itself. You need to redirect users and search engines to the new url for your site and you use the .htaccess file to do that In it you create 301 redirect records that specify the replacement URL for your old insecure URL
- Because you can really wreck the site by making wrong edits to this file, good host providers give you easy ways to edit the file safely Do the demo My provider has this set of tools available from its main menu, before I get to WP do the demo
- After selecting the .htaccess editor then I can choose the modification I need to make to the file,
- Then I can easily give it the options I need and it will format the syntax in the file for me correctly Note that I’ve redirected both www.tricks and tricks Google considers www.tricks and tricks to be two different sites when counting page views for ranking. I want them counted as one in order to move up in the search rankings.
- There are two additional options available to do this. The two basic steps generally required for every wordpress site are now complete. Next you need to test because.....
- You want to make sure that you see the secure symbol in your browser and that your site has not been broken by the changes. I’ll be explaining why this could happen in the next few minutes. Here are the steps to take when testing Start by clearing caches Cache, both in your browser and on your wordpress site is a set of pages that are served faster because they are already stored. You want to clear any pre-stored old pages so that you are testing all the latest changes you have made. Do you know how to clear your browser cache?
- here's how to do it in Chrome - do the demo Click F5 to reload the current page To completely clear the history, click on the dot dot dot at the far right of the screen A pop-up of options will appear Click on History and then history again in the next pop-up
- The blue screen shows the list of pages you've recently visited Click on Clear Browsing data and your stored pages will clear from the browser cache If you have also implemented a caching plugin such as W3Total Cache or WP SuperCache you should also clear that prior to testing. I'm not going to demonstrate that here because they all have different ways of being cleared.
- why no padlock is a great testing tool, particularly for Mac users works at the individual page level so you may need to run each page through it target pages with images, sliders and buttons first
- work through demo this will also give you results for images and bad urls as well as htaccess example shown here.
- Back to testing: First you need to validate all the internal references on your site Remember that every post, picture, page or custom post on your site has a url Every http:// reference in your site needs to now use its https:// version or the you will not see the lock symbol or your site will be broken. WP does a great job of converting the standard stuff, like Media items. BUT WP may not handle everything perfectly. Look at any references to Sliders, Features, Portfolio items, anything special you use on your site and verify they have been converted to https://. If not, edit the links and re save them. This is why complete testing is important.
- Now that you have taken care of the internal http references within your site, you need to take care of the external ones. Content delivery networks speed up your site by moving parts of your site, such as pictures, to faster servers that are distributed worldwide, closer to your site visitors. You need the CDN to both recognize your site's SSL certificate and serve up your content using SSL Remember that your SSL certificate only deals with the pipe between your visitor and your host provider's server. You need to have all of the external resources your site uses to be secure as well. That includes your payment service as well as your CDN service.
- Every provider's setup will be different so click into the settings for your provider and set them up. This is the example of Cloudflare and my own site. I know that my provider took a little bit of time to re-cache the secure images, so you may find that it takes half a day or a day for it to cycle through.
- Have your registered your site using Webmaster tools for Google, Bing and Yandex? Registering in the various Webmaster tools is an essential thing to do. It's critical for your search rankings to let Google, Bing etc. know you are out there by registering with them and supplying your sitemap to them to help them index your pages faster. It is recommended that you ensure all versions of your website have been registered with Google, Bing, etc. and reverify them.
- Do the demo The easy way to do the search registration is in the webmaster tools in Yoast Yoast provides a link to each of the engines. Click on the link and it will take you to the Search console. At the console acquire a unique key for your site. Once you have the key you store it in Yoast. Then you go back to the search console and verify your site. The search console will look for the key in the header record of your site
- This is the Google search console example You need to copy the string of text within the quotes, go back to Yoast and paste in into the Google API key field and save it and then go back to Google and hit the verify button. I found out two things as I was doing this: I needed to clear my cache I had a password on my site and I needed to get rid of that because it stopped Google and the others from verifying.
- If you don't have Yoast, no worries, my favourite plugin for this is All Meta Tags, which does the same thing and has the added benefit of allowing you to add your meta tags such as the ones needed for Pinterest or Google Plus to your site. The documentation associated to All Meta Tags tells you how to access the various tools.
- Last step is to update your privacy policy Every site should have a policy on a page called Privacy Policy and a link to the privacy policy should be displayed on the footer of every page of your site Why? Polite to let people know what your policies are with regard to their information and the existence of a privacy policy is a factor in Google and Bing's ranking of your site. Where do you get one? Google and you will easily find privacy policy generators
- So that's the complete set of steps to implementing an SSL Your steps may vary from this of course, depending on your circumstances Are there any further questions? Thanks so much for listening!