Atelier Shiori

Much more than crafting Ice Cream.

This blog is in archive mode, since Ama Usa An has superseeded this blog. To read my new personal blog, click here (amausaan.tokyo)

Finally HTTPS

by
2015-12-20_15-31-35
See the green padlock? The traffic is now encrypted.

I have planned on switching to HTTPS for various reasons not because Google now gives a small boost for sites that implement HTTPS, which implements encryption. These days, people are worried about privacy and HTTPS fixes this by encrypting HTTP traffic with a SSL certificate. This insures that traffic is not being snooped by hackers.

While it’s not necessary to implement HTTPS to WordPress blogs, but it gives some benefit such as increased ranking, enabling Google Chrome notifications (since that requires SSL) and improving the security. Encrypting traffic gives a slight performance penalty, but it’s small given how powerful server processors are.

To get SSL, you can get it three ways: buying an SSL certificate (which is around $7-9 for a single domain and $30 for three domains at Namecheap), using Cloudflare or use Let’s Encrypt. I had to get a multi-domain certificate since separate certificates were not working with my site. If you just run one site on your server, this won’t be a problem.

For a VPS setup, you simply need to create another vHost pointing to port 443 and add the following to your vhost configuration (example uses Let’s Encrypt):
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.tld/fullchain.pem

And that’s it. After you have your HTTPS up and running, change your blog URL in Settings > General and add HTTPS to the blog URL. After that, install the WordPress HTTPS plugin to automatically redirect all the content to use HTTPS so you won’t have mixed content errors.

To maintain your search rankings, you should redirect HTTP to HTTPS automatically. Do this by adding the following to your .htaccess file:
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} ^(www\.)?yourdomain\.tld [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://yourdomain.tld/$1 [R=301,L]

This will allow search engines to direct current search results to HTTPS instead of HTTP and preventing the search engine indexing your content twice, which can reduce your search rankings due to duplicate content. If you did everything right, you should see a padlock or a green padlock on the address bar.

Category: Tag: , ,

About chikorita157

Author and Owner of Chikorita157’s Anime Blog and Kireina Yuri. If you want to learn more about me, see the “About chikorita157” page.

Reader Interactions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.