The Internet has brought many amazing things, but the slowly eroding part of our life is to protect personal information. It is completely normal to share all kinds of information about ourselves on the Internet. I’m not only talking about how to tell everyone what they had for lunch today, but also about how to provide the best information for private maintenance. Not to mention the credit card number, bank account information, and the login credentials of dozens of websites that have been logged in today. Now is the time to protect this information. But this is not a daily proposition that consumers should pay more attention to data. As website owners, we are a bright future for you. The
If you work with sensitive information on the WordPress site, make sure that visitors and customers trust you. There are many ways to do this. However, in addition to avoiding becoming a fool who sells sensitive information to third parties (assuming you are not), the most important step is to learn how to add HTTPS and SSL to WordPress. What are HTTPS and SSL? You may have heard of these two abbreviations before. Otherwise, the unit has seen them. The
Every time you interact with a secure site (for example, the online banking portal), you will notice that the address on the browser bar is preceded by https:\/\/, rather than the regular http:\/\/. In addition, most of the latest browsers show small locks in the browser bar when they connect to these sites. The name of the entire company may be displayed. This means that the website you are currently visiting has taken measures to protect visitors’ traffic and personal information. The above tools are HTTPS and SSL. They help make communications on the Internet more secure. The
HTTPS is an abbreviation for Hyper Text Transport Protocol security. Unlike ordinary HTTP, it uses SSL (secure socket layer) certificates to set up the connection between the browser and the server. After successfully establishing the relationship, the protocol establishes a connection between the two that only transmit encrypted information. That is, all plain text messages that Schmuck can read will be exchanged for character and numeric strings that no one can read. If hackers obstruct the exchange of information, encryption will make it more difficult to understand. Ah! The
The SSL certificate used for these connections is attached to the web site. Certificates are issued by a so-called certification authority (CA) and are unique to sites that use certificates. In theory, anyone can issue SSL certificates, but browsers believe that only the certificates of known institutions can be trusted. Therefore, the CA can ensure that you are visiting a legitimate site. Most of the latest browsers consider the connection unsafe, so if the certificates do not match, a warning will be issued. Oddball footnote: the encryption standards SSL and HTTPS are provided with different encryption standards. The oldest is Shao, which is no longer used. The follow-up product SHA1 is still in circulation, but it is being phased out. For example, Google Chrome will start issuing warnings to websites running the standard before the beginning of 2016. The
The current encryption standard for SSL protocol is Sha2. But at some point, you will make room on the currently developed Sha3. Interesting fact: SSL is actually no longer a valid name for a certificate. In the late 1990s, the technology was improved and its name was changed to TLS (Transport Layer Security). However, the abbreviation SSL seems to be fixed and has been used to this day. SSL and http
Why PS? To run e-commerce websites and accept payments, it is absolutely important to learn how to add HTTPS and SSL to WordPress. Cannot play with the customer’s financial information. The
However, pro coal can also be used to protect other information, such as login credentials, address data, and similar information that people try to keep confidential. As a website owner, HTTPS has become a ranking element of Google and other search engines, so you may consider adding HTTPS for more selfish reasons. Although the effect is not great at present, Google announced that the effect will increase over time. In addition, because we are talking about SEO, HTTPS is faster to load, so it helps ranking. Don’t you believe me? You can try it here. You don’t have to say that page load time is a ranking factor. The
Switching to HTTPS the first step in moving a website to HTTPS is to purchase an SSL certificate. Available from a variety of sources. A good starting point is that the hosting company usually provides additional certificates as part of the hosting package. But there are also many third-party suppliers. To find out who to consult, check the list of certification authorities included in Mozilla Firefox. Costs may vary by vendor, number of sub domains, and other factors. Unfortunately, if you run multiple websites, costs can increase very quickly. The
The cost factor is also one of the reasons why I am waiting for the upcoming free and open source certification agency let’s encrypt (automatic is one of its supporters). After deciding on the certificate, you must follow the instructions of the provider. This process varies from person to person, so I can’t tell you what to do here. Then, to implement the certificate and switch from the server side to HTTPS, you must negotiate with the hosting provider. This is why consulting vendors for certificates is probably the easiest option. All done? Very good. Now, make the changes you need for WordPress. The
Unfortunately, configuring word press for HTTPS and SSL alone is not enough to add certificates. Word press needs to be further adjusted. The next step assumes that you want to use HTTPS at all locations on your site. This is usually a good idea. Save better than sorry. However, there are also some use cases that use secure connections only in part of the site. We’ll get it later. 1. backup! As with all major changes to the site, the first instinct is to create a backup. In this way, if something goes wrong, you can always return to the previous state. So do it now! I’ll wait for you. The
Male 2 The first thing to add SSL to the WordPress admin zone is to add HTTPS connections to all pages on the WordPress backend. In this way, when someone logs into your site, all data will be exchanged securely. To do this, WP config. You must add the following lines of code to your PHP file: Define (‘force_ssl_admin’, true); This code is \
I now assume that everything is normal and I can move on to the next step. 3. if the site address update management area is successfully moved to HTTPS, the same operation must be performed for other sites. To do this, you must first change the site address. Simply go to Settings > General and add http:\/\/ to the word press address (where it was installed) and the site address (the address that visitors entered in their browser). The storage is completed. You may need to sign in again later. To make it virtually safe for visitors to surf the site: Redirection must be set in htaccess. Most people should already have this file on the server (please check whether FTP shows hidden files). Otherwise, it is time to set this file. Publish the following lines in the htaccess file: Male rewriteengine on rewritecond%{https}off RewriteRule (.*) http:\/\/%{http\u host}%{request\u uri}[r=301, l] malenow all visitors will be automatically redirected to the secure part of the website. Much better? It is recommended to use SSL only in all locations of the HTTPS setting site on a single page, but there may be users who want to use SSL only on a single page. The use case is that only sensitive parts of a checkout form, shopping cart, or similar site are securely connected, and the rest remain unchanged. This goal can be achieved through the WordPress HTTPS (SSL) plug-in. You can select where HTTPS is used on the site. The plug-in has not been updated for some time, but according to a well-known source, it is still saved for use. In case of problems, ithermes security with similar functions is the alternative. Theoretically speaking, the above content should be enough to move the entire site to SSL. But things are not always easy. Here are some problem-solving skills. 1. mixed content warning occurs when the mixed content will continue to deliver part of the content over HTTP and the rest of the site will move to a more secure HTTPS. In this case, the latest browser will display a warning, and the user may think that the site is unsafe. This, of course, should be avoided. Use the free tool SSL check to check unsafe images, scripts, CSS files, etc. throughout the site. This information can be used to take corrective action. The alternative to checking a single page is why no padlock? . When surfing on your site, you can also find lock symbols in the browser bar. Displays a warning when you access an assembly that contains mixed content. 2. expired certificatewhen your certificate expires, visitors will receive a strong warning and be advised not to enter your website. This must therefore be avoided. Please ensure that the certificate is always updated on time. The same warning can also be provided for self signed certificates that have not been verified by an external authority. Another idea is to use a source that evaluates SSL certificates well. 3. when the domain name of the certificate does not match the website address, your website cannot be approved in the browser because the domain name of the certificate is different from that of the website. In this case, it must be solved by the domain agency. To determine if this error occurred, see why no padlock? Can help Another tool for server analysis is the SSL server test in the SSL lab. In addition, it is free to use and provides a lot of information about SSL configuration. 4. The CDN does not support SSL. Many w’s that use the content transmission network to improve the site speed
If you are one of the ordpress users, you must ensure that the CDN supports SSL before switching. Maxcdn is an example of good news about HTTPS. If you use another provider, please contact that provider in advance. If you decide to use maxcdn, there is an exclusive coupon code that provides a 25% discount. If you are running a word press website that processes and summarizes sensitive data, you will not be able to implement HTTPS. If there is no traffic encryption, the client information is too risky to be stolen. In addition to becoming a responsible service provider, the added security layer is also a positive signal for search engines. Therefore, if you do not serve customers, please at least rank. Note, however, that HTTPS is not the whole and final word press security. There are other measures that need to be taken to truly maintain the site safely. It is recommended to start high-quality security plug-ins, such as ithemes security, wordfedence or all in one WP security. It is also a good choice to consider charging services such as Sucuri. In addition, you can find many security articles in wpkube. Remember, an ounce of prevention has a pound of therapeutic value. Take WordPress security seriously. Visitors and customers will be grateful for this. Convert to https\/ssl? Do you have anything to add to the above? Please share your thoughts in the message.
