Are you ready to go https with your WordPress blog?
Securing WordPress with Protocol Relative
Here is a neat trick that will allow your blog to accept both HTTP and HTTPS using Protocol Relative with no insecure page errors.
Ive been running WordPress for many years and recently made the jump to TLS Encryption by using CloudFlare Free https.
CloudFlare and many others have disabled SSL because of a security vulnerability. The latest encryption protocol is “transport layer security” (TLS.)
The disadvantage of this is, many older browsers do not support it and will not connect to a TLS encrypted site. So if you go https with your blog you may be preventing others from viewing your articles.
I found a way to make WordPress easily accessible by both http and https protocols. That’s the ticket for taking advantage of a secure WordPress blog and at the same time not blocking any faithful followers of your articles.
This process can be tricky to implement, and after conversion your database will not be able to be reverted back. So do a full backup of your blog before beginning!
The most important task is to export your current database to disk before attempting to implement this mod. If your running under cPanel simply log in, navigate to MySQL and click on your blogs database. At the top you will see an export tab. Click it and export your database to disk. If something goes wrong during this process you can always re-import your good database to get your site back online.
You will need these two plugins. WordPress HTTPS and Velvet Blues Update URLs. Download these plugins and install, but do not activate yet.
Next verify https is available by adding https:// to your blogs url. If you just set up CloudFlare it can take up to 24 hours before your domains certificate is fully active. If you get an invalid certificate warning give it more time. Also check your cf settings to be sure that https is set to flexible mode.
Next activate WordPress HTTPS Plugin. Navigate to it’s settings and be sure your domain is displayed properly. Check proxy setting to auto. At this point your blog should be displaying properly in https. If you get insecure warnings ignore them for the time being.
Next is to add this code snippet to your wp-config file. Add it just above the line that says: /* That’s all, stop editing! Happy blogging. */
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
This forces WordPress Admin into https mode.
Verify you can navigate within your WordPress admin area. Ignore any insecure browser warnings. This is common when in your admin area.
Next activate velvet blues update urls plugin. We will be changing any urls within your database to Protocol Releative. This //url allows both http and https to access articles, media, etc, on your sire regardless of their protocol.
Click the thumbnail to your left to expand and show how i set up velvet blues update urls to make the needed database changes.
If all went well, you should be able to access your site by both http and https. A view of your homepage source code should show your pages with http and protocol relative views. If so you got it!
Some plugins might need manual intervention. One that i run is Simple-Press WordPress Forums. To make that one work in both protocols i had to go into my database and change it’s page url to protocol relative. Not a big deal if you are experienced in MySQL databases.
I also suggest changing your WordPress urls under general settings to https. This will force Yoast WordPress SEO to make your sitemap urls https. You do not want an https site with http sitemap urls.
WordPress https url setting. Do this so your sitemap generates https urls.
This setup is working well for us. It allows this blog to be available under both http and https protocols. A win-win combination!
One of our pages, Doc’s webcams, does not support https. Just added a link above the cam displays saying: These cams do not support encryption. Click here for non-secure page. that takes care of that little problem.
If you have questions comment below. 😉