Online Trick

The admin(s) of CSS-Tricks just recently took CSS-Tricks "HTTPS everywhere". That is, every URL on this site enforces the HTTPS (SSL) protocol. Non-secure HTTP requests get redirected to HTTPS. Here's some notes on that journey.

Why do it?

1. General security. When you enforce HTTPS, you're guaranteeing no information passed between the server and client can be intercepted and stolen or messed with in any way. That's great for a site like this that has a login system and accepts credit cards in some places and things like that.
2. The site as it is intended. I've heard of examples like hotel WiFi system and even ISPs that mess with HTTP traffic and do things like insert their own advertising code. Can't do that over HTTPS.
3. SEO. Google says you'll rank higher. Horse's mouth.
4. Prereq. I can't seem to find any good links on this, but I'm under the assumption that HTTPS is required for some/all of the stuff for SPDY / HTTP/2 - which everyone agrees is awesome and super fast. I want to make sure I'm ready so I can start moving forward on that.
5. Geek cred. Duh.

1. Get an SSL certificate

Not optional. This is how it works. I've done this a bunch of times in my life and it's never overly comfortable. You just need to follow instructions closely. I've bought them in the past from discount providers and actually had it work fine, but it's a more manual process.

CSS-Tricks is happily on Media Temple, and they provide SSL as a service, and I'm more than happy to pay for that to have it installed painlessly by professionals.

When the SSL certificate is installed properly, you should be able to visit your site (any URL) at either HTTP or HTTPS and have it come up fine. There may be errors on HTTPS though, and we'll get to that.


2. Start with the Admin

In WordPress-land, you might as well get HTTPS going in the admin area first. It's set up to handle it and there probably won't be any errors. (I keep saying "errors", I mostly mean "mixed content warnings" which I promise we'll get to.)

To force HTTPS in the admin area, put this line in your wp-config.php file at the root of your WordPress install:

define('FORCE_SSL_ADMIN', true);

Make sure you test that HTTPS is working properly first! Go to https://yoursite.com/wp-admin/ to check. Otherwise you'll be forcing URLs that don't work and that's bad. If you have trouble, remove that line right away.


All goes well, you'll get a secure connection:


3. Try to get one page working on the front end

The next step is to get your front end on HTTPS. Forcing it all right away is probably going to be tough, so just start with one target page. For me, it was the signup page for The Lodge. That page can take credit cards, so really, it had to be HTTPS. This was the motivator for me early on to get this set up.

There is a plugin that can help with this: WordPress HTTPS (SSL). With that plugin, you get a checkbox on Posts/Pages to force it to be SSL.



4. Mop up Mixed Content Warnings

What you're really trying to avoid is this:


That's like: "Hey nice trying being HTTPS but you aren't fully so NO GREEN LOCK FOR YOU!"

If you open the console, you'll likely get messaging like this:



In this case, it was some images being used in a CodePen embed with an HTTP src.

But it could be anything. HTTP <script>s, HTTP CSS <link>s, HTTP <iframe>s. Anything that ends up making an HTTP request that isn't HTTPS will trigger the error.

You just need to fix them. All.

5. Protocol Relative URLs! (or just relative URLs)

You know, those ones that start with //, like this:

<img src="//example.com/image.jpg" alt="image">

Those are your friend. They will load that resource with whatever protocol the current page is. And links that are just relative to begin with will be fine, like:

<img src="/images/image.jpg" alt="image">

I ended up finding them all over the place. I even had Custom Fields to fix:

Read Complete Post at: CSS Tricks

Thank you for patronizing Design Devta. I am sure your visit to us must be quite satisfying and in line with your expectations from us. Just in case, it's not as you expected from us or if you are facing any problem, kindly forward your feedback's directly to us by leave a Comment below or using our Contact form. And, get assured response from my side. Your feedback's and suggestions are extremely valuable to us. This Post is written by Harman Singh Hira. There is no any source so Copying or using this post for your own site is not allowed. If anyone do so get ready for facing DMCA. Please, if you like this post then share on your social networking sites. Assuring you of our best service always.