Old WordPress SSL Setup demands tips, tricks and planning to implement and not harm SEO. What we have described is industry’s standard, unlike using cheeper hosting, PHP dependent redirection like written in many websites.
They can be popular and easy method but, know it very well; they has inherited risks of becoming PHP ( Read Apache2 ). First Extended Validation Certificate is not required by the most – simple logic to understand – Google usually uses non-EV but wildcard SSL certificate for their own usage. It is about insurance not really about the method of encryption. Self Signed SSL will do the same work, but as it invokes warning, we ask to avoid for using self signed on public pages.
You can see our SSL Certificate by clicking the padlock icon telling “HTTPS” on the address bar :
WordPress SSL Setup Tips, Tricks and Planning – Sales Pitch Does Not Work
If you are a client of Rackspace, ask them whether we are telling you the wrong. It is the brand of Certificate Issuing Company, the grade/reputation of IP a Server Provider which matter most. Secondly, if you follow his method, your all Social Sharing count will go away. The only way to redirect is from either Apache2 configuration file (best) or
.htaccessfile. You must keep the Social Sharing Count to older higher one and selectively redirect http to https url. Yes, 301 redirection possibly do not harm the SEO but at least DMOZ bot flags the 301 redirection and automatically can delist – quite dangerous, you must inform the Editors on any Officially accepted DMOZ Editors’ network. Practically that above URL is a landing page to either send traffic to
vps.net as affiliate or make to buy his products. Please read our articles on SSL or if you can not trust us, you can on Wikipedia.
I think this is good must be logically said with data and analysis – that is what for the
journals are published. EV certificate will be used by login page to very important page like Rackspace Cloud Account Login Page :
We can show you, it is possible to retain the number of social Likes, shares even if the HTTPS address is used by our method. His method will change all the calls to get executed by the HTTPS version of files – you can do it, you’ll see, even HTTP url has all zero count. Why we will loss the 3K+ natural Pinterest share stat like in this post ? You can use our commands, methods on all standard web hosting service provider – Rackspace, Digital Ocean, Amazon, Dell, HP, Fuzitsu, Akamai to PaaS like Heroku, OpenShift – there will be no difference. Essentially HTTPS is a protocol. We only save the files on server, how we will server; which protocol we will use, that depends mostly on practical aspects. Actually the path of SSL material should be different from non-SSL. Otherwise via non-secured port 80, the content can get contaminated with malwares and pushed via port 443. All good website uses multiple servers behind as nodes and a load balancer in front. We can selectively serve the readymade pages as HTML via port 443 to enhance security. Load this page with HTTPS url and think why the counters remaining the same :
Frankly, its nothing – we are using the certificates on the Rackspace’s load balancer ! Simply think, why you’ll make a stuff too much complicated when you have some easy way to use? Why there is alert or the pad lock is not appearing can be tested here :
This the result of debug :
Only change you need to do is – use the HTTPS FQDN of the Rackspace Cloud Files container, if used as CDN. This will ensure serving of Encrypted static materials to automate the SSL migration.
WordPress SSL Setup Tips, Tricks and Planning – It Is Redirection, Nothing Else
So, except the blog is new, there is no need to anything for the sake of WordPress only. Nothing. You will plan how to fix the points, like we should change the static materials URLs to secured one – best way is to wget the whole website, manually edit the source code and place on a different server (there are automated ways – obviously it is different topic), open port 443 of this new server (node behind the loadbalancer) and add rules to redirect. There are lot of changes which are needed. Google has many subdomains where both HTTP and HTTPS both works. It is not couple of days work. You should change the url in all webmasters’ accounts.Advertisement
Practically if we had fixed the static materials urls to
https – this page would go
https without trouble. As long HTTP 2.0 is not becoming the standard, we can work a bit plan-fully , taking the needed time.
WordPress SSL Setup Tips, Tricks and Planning – OK, Only WordPress Part
Old non encrypted website is old. You should plan about newer part. You can install WordPress on different path of the same server like
/var/www/ssl/ and nicely craft the category pages, many links slowly – it is a huge work. This will ensure that new posts are always of newer secured installation, when people / visitors will share, they will share the HTTPS one. Also you have to change the url in syndication tools, Twitter card – lot of works. There are more external work – these can be planned by a Cloud Consultant like we have on Rackspace. We will not know what can create an issue for a different protocol on a device and browser we never saw. Ordinary visitors will fly away if they face any security prompt – they are really dangerous to read. To force HTTPS, you only need to add these on
wp-config.php file :
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
// change the url from ours to yours
The last two lines are forcing the
/wp-admin/options-general.php page’s WordPress Address (URL) and Site Address (URL). There is a Plugin that Rackspace managed installs on WordPress sites – Root Relative URLs Plugin :
All bigger websites who runs multiple WordPress (impossible to guess from outside) uses this plugin. What SEO can be related to a static file?
Try to avoid Plugins like WordPress HTTPS (SSL) which mainly uses PHP. 301 redirection is not the right way to serve a page – you can check this url on
# webpage test
This is what the bots will also get while crawling from another website – past was, essentially past.
There are hundreds of websites to help you how to use .htacees or Apache 2 config file to rightly redirect if at all needed.
Converting a website to HTTPS (SSL) is difficult than using a new WordPress with HTTPS (SSL) by default. Take that, you’ll have to serve the new content from a different website – http and https is not the same, PHP redirection can badly fail; it is mandatory to check the error logs regularly.
You should change the hand coded http urls to https to avoid 301 redirection within your own website (it is bad, quite bad – you are not directly giving link juice on your own website, may be Google can forgive for links from other websites but its bad to have 301 on own website). It is called MySQL replace function :
We can easily replace all the embedded, hand coded post urls by running sql queries :
# search this website with mysql to get results
# which will guide you to use mysql from command line
# login to mysql server
mysql -h hostname -u username -p database name
# mysql interactive mode will start
# changes the stuffs in wp_options table
update wp_options set option_value = replace(option_value, 'http://yourpress.com', 'https://yourpress.com');
# changes links in wp_posts table
update wp_posts set guid = replace(guid, 'http://yourpress.com', 'https://yourpress.com);
# changes links in wp_post content table
update wp_posts set post_content = replace(post_content, 'http://yourpress.com', 'https://yourpress.com');
There is WordPress plugin, but it can dangerous to run sql queries being within WordPress. Always take backup for any step – backup of servers, backup of FTP and backup of MySQL database. No backup is a backup unless it is tested to be rightly working. Also, many supplies information about
// which are not right, that is called hierarchical part of the URI :
Try to load a non-https webpage appending
# will not load on GET request as there is no corresponding HTTPS url
# It does not work because
# does not exist
# similarly it will not work
But with both HTTP and HTTPS :
scheme-relative prevent warnings like that of self signed SSL certificates when ran from script; historically in CGI Scripting, also read these :
We want to tell you – try to avoid this for CDN or static files.