![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Ugh! The Joys of HTTPS
Feb. 3rd, 2016 08:37 amSo Google are planning to implement a strategy that down rates your website in their searches and marks it unsafe if it isn't HTTPS, i.e. uses SSL so it is secure when talking to your browser.
In some ways this is good, in many, many ways, very, very bad. You should hear what some of my network and security expert friends have to say about it. There are so many problems with this when it comes to legacy systems.
Now really the only thing I can think of that needs to be secure on WittegenPress.com is possibly the comments section, but thanks to Google I now have to change over anyway. Luckily a company called Let's Encrypt are giving out free SSL certificates and Dreamhost have signed up to their scheme so they will automatically put one on your domain if you ask them to, making it much easier than it used to be. We used to have to pay for one if we wanted it to work without showing messages about the SSL certificate being self-signed, which is why we've never done anything about it before.
Still, changing over is a royal pain. Getting the host to use HTTPS is easy - I just change the base URL of the WordPress site, but now I am having to trawl through the whole site checking for mixed content. For those not in the know that means plugins or images that are being served over HTTP because they were put in with full URLs.
Our book table plugin is already showing a bug where some of the content is blocked thanks to the fact they didn't think of this. So we are waiting for them to fix it. It will be in the next update thank heavens. Still means I have to go through every single book and edit it - so not what I wanted to be doing today.
Thank you for listening to me rant, this post has been brought to you by the letters HTTPS and the number billion (as in the number of links I have to change). :P
For anyone interested I used this post to help me switch over:
https://css-tricks.com/moving-to-https-on-wordpress/
In some ways this is good, in many, many ways, very, very bad. You should hear what some of my network and security expert friends have to say about it. There are so many problems with this when it comes to legacy systems.
Now really the only thing I can think of that needs to be secure on WittegenPress.com is possibly the comments section, but thanks to Google I now have to change over anyway. Luckily a company called Let's Encrypt are giving out free SSL certificates and Dreamhost have signed up to their scheme so they will automatically put one on your domain if you ask them to, making it much easier than it used to be. We used to have to pay for one if we wanted it to work without showing messages about the SSL certificate being self-signed, which is why we've never done anything about it before.
Still, changing over is a royal pain. Getting the host to use HTTPS is easy - I just change the base URL of the WordPress site, but now I am having to trawl through the whole site checking for mixed content. For those not in the know that means plugins or images that are being served over HTTP because they were put in with full URLs.
Our book table plugin is already showing a bug where some of the content is blocked thanks to the fact they didn't think of this. So we are waiting for them to fix it. It will be in the next update thank heavens. Still means I have to go through every single book and edit it - so not what I wanted to be doing today.
Thank you for listening to me rant, this post has been brought to you by the letters HTTPS and the number billion (as in the number of links I have to change). :P
For anyone interested I used this post to help me switch over:
https://css-tricks.com/moving-to-https-on-wordpress/
