O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

WordPress and SSL

637 visualizações

Publicada em

This is a slide deck from a talk I gave at the Melbourne WordPress Meetup about SSL/HTTPS. It covers the basics on what it SSL is, if you should be using it, and how to enable it on your WordPress site.

Publicada em: Tecnologia
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

WordPress and SSL

  1. 1. SSL/HTTPS What, When and How! Chris Burgess – Melbourne WordPress Meetup 2017 @chrisburgess chrisburgess.com.au
  2. 2. Overview • What is SSL? • SSL growth • When should you use SSL? • Cost of an SSL certificate • Enabling SSL in WordPress • Common pitfalls • Benefits • SSL tools • Further reading
  3. 3. https://wptavern.com/more-than-50-of-web-traffic-is-now-encrypted
  4. 4. HTTP Requests 2011-2017 http://httparchive.org/
  5. 5. SSL by Default 2016-2017 https://trends.builtwith.com
  6. 6. What is SSL? (via Wikipedia) • HTTPS (also called HTTP over TLS,[1][2] HTTP over SSL,[3] and HTTP Secure[4][5]) is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.
  7. 7. The Difference Between HTTP and HTTPS Traffic http://stackoverflow.com/questions/33934408/intercept-html-form-post-data
  8. 8. When Should You Use SSL? • Ecommerce sites • Whenever dealing with sensitive data • When user trust matters
  9. 9. When Should You Use SSL?
  10. 10. Enabling SSL • In theory, changing your home and site URL in WordPress should be enough: define('WP_HOME','http://example.com'); define('WP_SITEURL','http://example.com'); • In practice, we sometimes need some extra help
  11. 11. Forcing SSL for Logins // Force SSL all WordPress define( 'FORCE_SSL_LOGIN', true ); define( 'FORCE_SSL_ADMIN', true );
  12. 12. Mixed Content
  13. 13. WooCommerce
  14. 14. cPanel SSL Management
  15. 15. cPanel SSL Management
  16. 16. Cost of an SSL Certificate • $10 to $10,000 • Average cost $50 - $150 for single domain • Wildcard (for multiple subdomains) can cost a little more • Let’s Encrypt is free!
  17. 17. WP Force SSL
  18. 18. Easy HTTPS Redirection
  19. 19. Really Simple SSL
  20. 20. Mixed Content Report @ Why No Padlock https://www.whynopadlock.com/
  21. 21. SSL Checker @ SSLShopper https://www.sslshopper.com/ssl-checker.html/
  22. 22. SSL Server Test @ Qualsys SSL Labs https://www.ssllabs.com/ssltest/
  23. 23. Mozilla SSL Configuration Generator https://mozilla.github.io/server-side-tls/ssl-config-generator/
  24. 24. OpenSSL Testing • You can also use OpenSSL for testing, example: > openssl s_client -connect example.com.au:443 -servername example.com.au -status
  25. 25. Let’s Encrypt https://letsencrypt.org/
  26. 26. Ranking Boost (2014) http://searchengineland.com/google-starts-giving-ranking-boost-secure-httpsssl-sites-199446
  27. 27. Ranking Boost (2014)
  28. 28. A Basic SEO-friendly SSL Migration Checklist • Add https variants in Google Search Console • Check and fix any hard coded resources that would cause mixed content warnings, ideally use relative rather than absolute URLs • Update internal links to https variant • Ensure 301 redirects are in place for all http URLs • Update sitemap links (but do not replace old sitemap until 301s are indexed) and robots.txt (if used) • Test all URLs are accessible, fetch and render with Googlebot • Configure the web server to send SSL headers (optional)
  29. 29. Further Reading https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
  30. 30. Further Reading • https://wptavern.com/more-than-50-of-web- traffic-is-now-encrypted • http://www.wpbeginner.com/wp- tutorials/how-to-add-ssl-and-https-in- wordpress/ • https://moz.com/blog/seo-tips-https-ssl • https://chrislanauze.com/design- development/wordpress-meetup/how-to- configure-https-on-wordpress-683/
  31. 31. Thanks! Chris Burgess – Melbourne WordPress Meetup 2017 @chrisburgess @chrisburgess chrisburgess.com.au