Workshop Security HTTPS

Not so much about the physical security of the workshop, which is of course important, but about the protocol change I have made to the website. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. Google have for some time been promoting the use of HTTPS and give securely connected sites higher ranking.

The first thing you need is an SSL certificate, this has the encryption keys for the Secure Socket Layer communication setup. Fortunately even the cheapest 1&1 hosting package includes a basic SSL certificate and all I had to do to implement it was to activate it from the 1&1 control panel. The basic certificate is fine for a simple website but if you are implementing a world wide trading empire you will need to pay for something a bit more advanced.

That was the easy bit, getting the website in order is a little more tricky. To start with any internal links need either to be relative or non protocol specific that is they should look like //journeymans-workshop.uk/etc and not http//journeymans-workshop.uk/etc. Once this is done the website .htaccess file needs to redirect any calls to HTTPS this is so that all the old links scattered about the interweb end up in the right place. There are several different ways to do this and I just copied the code from the Apache site, the script conventions for these files is way outside my comfort zone! If you need to do this the code that needs to be added looks like this:-
<ifmodule mod_rewrite.c>
RewriteEngine on
# Begin Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# End Force HTTPS
</ifmodule>

What you should see in your browser
Browser View

With that done the next major job is to update the WordPress database so that the media links are right. WordPress stores all the links to photos as complete hyperlinks including the HTTP bit so these need changing. The easiest way to do this is with a plugin. I used Better Search Replace which is fairly simple to use and does a dry run before it alters the database. The image to the right shows the browser result when everything works but I put it in to test that the new images are stored with the correct protocol – it seems to work!

Next job is to sort out Google, as you can see I use their ads on the site and it just about pays for the hosting and domain fees. I had to re-write the XML sitemap with the new HTTPS addresses but also had to add the HTTPS version as a new site? I only have one set of files but for reasons best known to themselves Google want each version of the site shown separately. So you end up with:-
https://journeymans-workshop.uk/
https://www.journeymans-workshop.uk/
http://journeymans-workshop.uk/
http://www.journeymans-workshop.uk/
Which strikes me as a little odd but it seems to be what they want. Once this is done sit back and wait for Google to crawl everything. It is fairly difficult to check if all is working correctly and you need to keep clearing the browser cache to make sure you are looking at the latest version. Touch wood everything seems to be working. It is interesting to note the number of old links stored on the web, I was going to remove my old cign.org and cign.net sites but there are still loads of places that have these recorded.

Did I really need to do this – probably not but I learned a bit on the way and in theory my Google ranking should go up for what it′s worth.

Just a quick update, a few months after doing this I checked Google and there was absolutely nothing happening on any of the “sites” other than the https://journeymans-workshop.uk/ so I deleted the other three. Whether this was the right thing to do remains to be seen but I thought it was neater.