A couple months ago I added an extra layer of security to this site by adding SSL encryption. However, it wasn’t on by default so we weren’t really getting the full benefit.
Then this weekend I saw an article to that point explaining that Life Is About to Get a Whole Lot Harder for Websites Without HTTPS.
Well, with that I decided to turn on HTTPS by default. And turns out it was a lot easier to do than I expected, with just three quick steps:
- Login to your WordPress panel
- Use the SEO by Yoast plugin, which I conveniently already had installed, to locate and access your .htaccess file
- Finally, edit the file by adding the following:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Easy enough.
Going forward www.jeffsteinke.com should always automatically load securely. To tell that it’s working just look in the URL bar. For example, Chrome will show a Secure tag like this:
And I suppose I’m also curious…are there any downsides to forcing all site traffic to use HTTPS? Granted this site is about 99% content with little to no form entry or data being transferred but still, what’s the harm in adding this extra layer of security? Let me know your thoughts…