Norway


Finally, after much deliberation, I decided to move my blog to https. For the past few months I had encountered articles pointing that google gives a higher ranking for sites served over https. I had decided against https as I was afraid it may slow down by blog. However, the following message from google forced me to take the issue seriously and finally move to https.

To owner of http://www.codediesel.com,

Starting October 2017, Chrome (version 2) will show a ̵;NOT SECURE’ warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your include text input fields (such as or ) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ . …

The new warning is part of a long term plan to mark all pages served over HTTP as ‘not secure’.

Luckily during the same Godaddy was offering SSL certificates at a discounted price. So taking this as a sign I bought the SSL certificate and moved my blog to HTTPS. Surprisingly installing SSL on Godaddy was a breeze. There was no configuration involved and the SSL certificate was applied within a few minutes.

After SSL installation

Now that the certificate is installed, I needed to force all http traffic to use https instead. This was accomplished with a few lines in my sites .htaccess file. The redirect used was a 301 redirect, which indicates to search engines that the redirect is permanent instead of temporary and will cause search engines to index the https version of your site instead of the http.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

After changing the .htaccess file I changed the ‘ Address (URL)’ and ‘Site Address (URL)’ in admin settings page to https.

However I found that the browser was not showing the ‘green-lock’ icon for a secure page.

- not secure https - Switching WordPress to HTTPS

This was caused because some of the images on the pages were hard-coded to use http, due to which the browser was giving a ‘mixed content’ warning. Mixed content is when you visit a secure page (HTTPS) and if the HTTPS page also includes content retrieved through a normal HTTP connection the connection is than only partially encrypted. This is called a ‘mixed content’ page. Luckily for me I only had a few images manually hard-coded with a http scheme. So changing that to https was enough to make the browser display a ‘green lock’ icon.

- secure https - Switching WordPress to HTTPS

Site speed

My fears of https slowing down the site were ill-founded and I did not see much speed decrease after the https switch. Of course https adds another layer of so the speed is bound to get slow but not by a factor I thought.

So in conclusion, the switch to https was a smooth process and took around a few hours.

The post Switching WordPress to HTTPS appeared first on codediesel.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here