Apr27
0

WordPress is Finally Enabling Website HTTPS Encryption

Hacking, Security, Wordpress , Share this post

Encryption is the question on everyone’s mind these days. Apple is currently making waves and sparking protests by fighting a court order to help the FBI unlock an encrypted phone. In a letter to customers on February 16, Apple stated, “Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.”

A while back, Google took an equally strong stance on the importance of encryption. In short, Google has promised that it will begin ranking sites with HTTPS encryption ahead of those without it. In the aftermath of that news, almost every website on the internet has rushed to implement these changes.

Making these changes is all well and good when you can unleash your company’s dev team, but what about those sites that run on a CMS? According to a November 2015 report by W3Techs, 25 percent of all websites use WordPress, the most popular CMS, so this question is not insignificant.

Luckily for WordPress users, the CMS platform has also announced it will join the growing number of sites enabling HTTPS encryption to protect its users. Everyone from top WordPress developers to small and large businesses, to privacy-minded users are extremely excited about this new ability. And the luck doesn’t stop there – enabling HTTPS encryption is incredibly easy, and WordPress has published a User Manual to assist users in every step of the process.

After purchasing an SSL Certificate, users just need to visit Settings > General to make sure that the WordPress Address (URL) and Site Address (URL) are both HTTPS. If they are not, just add S after HTTP to make it HTTPS and save it:

image: http://cdn2.business2community.com/wp-content/uploads/2016/04/Configure-HTTPS-for-WordPress-600×410.png

Configure-HTTPS-for-WordPress

 

This will apply HTTPS encryption to your entire site. But for users who only need WordPress to enable HTTPS encryption on a few web pages, the process isn’t much harder. Simply use CNAME to create a redirect. For example:

Say your WordPress site is installed at:

http ://example-wordpress.com/

In this case, your login URL will be at :

http ://example-wordpress.com/wp-login.php

But let’s say you would prefer to have a secure HTTPS Login URL at:

https ://login.example-wordpress.com

To accomplish this, you will need a wildcard SSL certificate for the whole server and sub domains, or only for the sub domains. Make sure to obviously redirect the HTTP and HTTPS real login web page with .htaccess too, otherwise the normal redirection to wp-admin will not work.

But why is this important? Does HTTPS really matter? Sure, Google seems to think it does, but if you’re not SEO-minded about your website, why should you care about these updates?

There are actually a number of reasons to care about updating to HTTPS encryption beyond answering to the Google gods of SEO. The first, and most important, is general security. When you enable HTTPS encryption, you pretty much guarantee that no one can intercept, change, or steal any of the information that gets passed between the server and the client. This is basically a must for any site that has a login system or accepts credit cards and other forms of payment.

Additionally, enabling HTTPS ensures that visitors can use the site as it is intended. If you don’t enable HTTPS encryption, there’s very little to stop internet service providers or even something as innocent as a hotel wifi system from changing HTTP traffic and placing their own advertising code. This is virtually impossible over HTTPS.

Finally, enabling HTTPS encryption also gives your website a badge of credibility that can be hugely beneficial, especially for new businesses and websites. Users with any knowledge of the internet and its workings will feel more secure seeing the https:// proceeding their links instead of the formerly standard http://. It’s amazing how a simple “s” can take your website from the impression of “created by a 13 year old in her parents’ garage” to “real professional business site.”

Based on sheer ease, there’s no reason to avoid switching your site over to HTTPS encryption. But other reasons – such as SEO, professionalism, and increased security – should really leave you without a shadow of a doubt that HTTPS encryption is the way to go with your site. Let’s make the internet a safer place for everyone

About the Author

Wordpress Developer, Security Consultant, Blogger. Works in Edmonton Alberta Canada.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: