SSL is an acronym of (Secure Socket Layer) and is commonly used on a website whenever confidential information is passed between the client and the server under the HTTPS protocol. Commonly, SSL is used for E-Commerce because you know, credit card data security is kind of important!

SSL额外的偏执博客！

SSL是（安全套接字层）的首字母缩略词，每当在客户端和服务器协议之间传递客户端和服务器之间传递机密信息时，通常在网站上使用。 通常，SSL用于电子商务，因为您知道，信用卡数据安全性是重要的！

But if it’s for commerce why really have it on a WordPress site that sells nothing? What the hell S? What are you doing wasting perfectly good money on a protocol that has no benefit to you what so ever!?!?!

但如果它是商业，为什么真正拥有它在一个WordPress网站上销售什么？ 怎么了？ 你在做什么在一个对你不利的议定书中浪费了什么浪费的

Benefits of SSL:

Overall Security. –

This site enforces the HTTPS protocol as of 09/25/16. Meaning that even if you are arriving to this site via standard HTTP traffic that any links you click on will bring you into HTTPS. What this does is it allows you privacy to my site regardless of what network you may be on. Firewalls, network administrators, and so on will not be able to see what you’re seeing. Those people would have to actually visit my site themselves to determine what’s going on.
No third party hijacking hilarity! – Whenever you log in to a public access point there’s a potential for that access point to inject banner ads and pop-ups during your visit. This is both shady and annoying. Especially if you have already paid for the Wi-Fi service like in a hotel or via your cable provider (Time Warner Cable and AT&T in my area are the worst about this). By having a HTTPS connection it is impossible for the public access point to inject ads to you the user visiting my website without breaking everything about the security layer. So in effect, you will see this site as it’s intended instead of through the banner-ad hell of some garbage Wi-Fi hotspot.
Search Engine Optimization (SEO) – Ugh, there are some terms on the net I wished were totally removed from the vocabulary. But according to Google. This apparently helps you rank better because Google trusts you. If they’re not even maintaining SiteRank scoring anymore. Is it really that important? We don’t know. We think SEO is a fraud. So take this “Advantage” for whatever grains of salt you want.
Newer internet protocols – There is an array of other reasons why Google is rewarding users for this. As well such as the introduction and roll-out of HTTP/2. Which is the first revision to the original HTTP 1.1 protocol in almost 15 years! Based on Google’s SPDY protocol it has been known that you can do HTTP/2 without SSL. But Google is making sure that browsers do not support it that way for a variety of reasons. People seem to be really hyped about it. But it will take many years before it is adopted down to the web-hosting level. This is mostly because customers even know if they want this on their site.
Mobile Client Support – WordPress does have a mobile client for android . However, the only way this client will work with your privately hosted website is if you have an SSL connection. With obvious reasons. Tablets/phones can be easily hacked over public Wi-Fi.

SSL的好处：

整体安全。 -

本网站截至09/25/16强制HTTPS协议。这意味着即使您通过标准的HTTP流量到达本网站，您点击的任何链接将带您进入HTTPS。这是什么是它允许您隐私，而不管您可能的网络如何。防火墙，网络管理员，等等将无法看到您所看到的。这些人必须实际访问我的网站，以确定正在发生的事情。
没有第三方劫持欢闹！ - 只要您登录公共接入点，就会在您访问期间将横幅广告和弹出窗口注入该接入点。这既阴暗又讨厌。特别是如果您已经在酒店或通过您的电缆提供商等Wi-Fi服务支付（时代华纳电缆和我所区域的AT＆T是最糟糕的）。通过HTTPS连接，公共接入点是不可能向您注入用户访问我的网站的广告，而不会破坏安全层的一切。因此，实际上，您将看到这个网站，因为它的意图而不是通过一些垃圾Wi-Fi热点的横幅广告。
搜索引擎优化（SEO） - ugh，有一些术语我希望从词汇中完全删除。但根据谷歌。这显然有助于您更好地排列，因为谷歌信任您。如果他们甚至不再维持Sineerank评分了。它真的很重要吗？我们不知道。我们认为SEO是一个欺诈行为。所以要把这个“优势”带到你想要的任何盐的谷物。
较新的互联网协议 - 有一系列其他原因为什么谷歌是奖励用户的奖励。以及诸如HTTP / 2的引入和推出。这是近15年来对原始HTTP 1.1协议的第一次修订！基于Google的SPDY协议，已知您可以在没有SSL的情况下执行HTTP / 2。但谷歌确保浏览器由于各种原因而不支持这种方式。人们似乎真的很高兴。但它需要多年前需要在网络托管级别之前。这主要是因为客户甚至知道他们是否希望在他们的网站上。
移动客户端支持 - WordPress确实有一个用于Android的移动客户端。但是，如果您有SSL连接，则此客户将与您私人托管的网站合作的唯一方法。有明显的原因。平板电脑/手机可轻松攻击公共无线网络连接。

In order to use SSL / HTTPS you must get a security certificate.

Since we’re hosting through AnubianHost the provider was able to get me this certificate in a matter of minutes. You can, of course, try to get your own certificate though the many providers out there. But it’s not a straight forward process if you go at it on your own. This, of course, caused a bunch of changes since I needed a dedicated IP and this very domain name needs to be the primary one that holds the SSL certificate. You can’t have multiple domains on one IP each holding their own SSL. It’s for this reason along with generating the certificate that this process will cost some money.
The clean-up of WordPress for SSL / HTTPS:

In the “Not so much fun.” Catagory of WordPress for me is all of the cleanup I had to do to legacy articles. Just to give you an example on the front page of my site. The logo within the page.

为了使用SSL / HTTPS，您必须获得安全证书。

由于我们通过Anubianhost托管，提供者能够在几分钟内给我这个证书。 当然，您可以尝试获得自己的证书，尽管许多提供商在那里。 但是如果你自己去过它，这不是一个直接的过程。 当然，这导致了一堆更改，因为我需要专用IP，并且这个非常域名需要是保存SSL证书的主要一个。 您不能在一个IP上有多个域，每个域都持有自己的SSL。 这是由于这个原因与生成此过程会花费一些钱的证书。
SSL / HTTPS WordPress的清理：

在“没有那么有趣”。 WordPress的Catagory对我来说是我必须为遗留文章做的所有清理.

This is no good. Because this will cause my website to get a “Mixed Content” SSL warning.

The way to correct this is to simply make relative linkage. Regardless if the user is visiting my site via HTTP or HTTPS. All data will be delivered according to the protocol used.

这并不好。 因为这将导致我的网站获得“混合内容”SSL警告。

纠正这一点的方式是简单地制作相对的联系。 无论用户如何通过HTTP或HTTPS访问我的网站。 所有数据都将根据所使用的协议提供。

At the time of this posting WordPress, CMS has no good way to easily migrate over from a traditional HTTP site to HTTPS. Sure, it gives the option to move your website name in the general tabs, which will help out things like the menus and widgets. But currently, there’s no way to change the data on the fly within the database of WordPress itself. (At least without inciting a lot of problems like some of the plugins out there)
Plugins:

You can use temporary solutions like WordPress HTTPS. However, HTTPS plugins for WordPress are like temporary band-aids. Ultimately you’re going to have to rip them off in order to get other plugins working (such as AMP) and in order to do that you’ll have to go through the hard work of finding every image that you use in your theme customization, your custom coding, your comments, and your pages and postings.
Manually fixing pages and articles within WordPress:

One way of fixing those pesky old articles is by editing each of your pages and blog entry points.

在这个发布WordPress时，CMS没有良好的方法可以轻松地从传统的HTTP网站迁移到HTTPS。当然，它可以选择在常规标签中移动您的网站名称，这将有助于更像菜单和小部件。但目前，没有办法在WordPress本身的数据库中暂停瞬间更改数据。 （至少在没有煽动大量问题，如其中一些插件）
插件：

您可以使用WordPress HTTP等临时解决方案。但是，WordPress的HTTPS插件就像临时乐队。最终，您将不得不迁移它们，以便获取工作（如放大器）的其他插件，以便这样做，您必须通过查找您在主题自定义中使用的每个图像的努力工作，您的自定义编码，您的评论和页面和帖子。
手动修复WordPress中的页面和文章：

修复那些讨厌的旧文章的一种方法是通过编辑您的每个页面和博客入口点。

You could go entry by entry and edit each of them. Select the Text tab to reveal all of the HTML code that is currently within your blog article. highlight and copy all of it.

您可以通过输入并编辑每个人来进入。 选择文本选项卡以显示博客文章中当前的所有HTML代码。 突出显示并复制所有内容。

Using a program such as NotePad++ (Or Gedit in Linux) you could go through and use the replace feature to find anything with the //www.s-config.com and replace it with just //www.s-config.com . Now it’s important to spell out the full domain name. Otherwise, you may over-write outbound links to sites that may or may not have HTTPS installed as of yet.

Once you are done modifying everything in NotePad++ you can copy all of the text and paste it back into your WordPress editor and save the updated page or blog article.

The manual method will catch all of your internal URLs. But it’s slow to almost impossible if you have a blog space with several thousand articles!
The htaccess file.

One thing that we need to do after you verified that your HTTPS is working 100 percent by making your first HTTPS page is to start forcing everything to go towards HTTPS. This is what I put into my .htaccess file.

Force HTTPS

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

SQL fixing your WordPress

Note: always backup your website prior to passing any commands in SQL. None of us on the net are responsible for any damage that you do.

Now for those with thousands of blog entries, you may want to take the SQL hacking approach with the following.

This is to catch all entries which are throughout your blog:

UPDATE wp_posts
SET post_content = ( Replace (post_content, 'src="http://', 'src="//') )
WHERE Instr(post_content, 'jpeg') > 0
OR Instr(post_content, 'jpg') > 0
OR Instr(post_content, 'gif') > 0
OR Instr(post_content, 'png') > 0;

This is to catch single quoted entries:

UPDATE wp_posts
SET post_content = ( Replace (post_content, "src='http://", "src='//") )
WHERE Instr(post_content, 'jpeg') > 0
OR Instr(post_content, 'jpg') > 0
OR Instr(post_content, 'gif') > 0
OR Instr(post_content, 'png') > 0;

And then the custom fields:

UPDATE wp_postmeta
SET meta_value=(REPLACE (meta_value, 'iframe src="http://','iframe src="//'));

This method will cover about %80 of the links on your site. Other links such as videos or music may have to be edited manually.
Final thoughts.

The simplest solution would’ve been me just getting a SSL certificate right away and starting the blog in pure HTTPS/SSL mode! But like many people who start down the road of owning a blog you have zero idea as to where it will end up and go. However, as annoying as it is to get SSL setup it’s worth it.

I’ve heard of the controversy over the speed of HTTPS that it’s slower and in some cases yes it is. If the browser is an older browser then there may be some issues in regards to establishing that socket layer first prior to transfer. For example, on my firefox, it can take up to a second to load. But if I load this site on my phone or tablet it’s almost instantaneous. Even under the worst-case scenarios I will still accept it over have no encryption what so ever. Understand that if this site goes to HTTP/2 then there is nothing I really have to prepare WordPress for. All of HTTP/2 is literally handled by the Apache web-daemon. But right now I’ve placed myself in a position to be ready for it! To be one of the few blogger sites that will take advantage of it because of our bizarre fascination with security and making sure no one is monitoring you including ourselves.

Until next time.

END OF LINE

使用诸如Notepad ++（或Linux中的Gedit）等程序，您可以通过替换功能使用//www.s-config.com查找任何内容，并用just //www.s-config.com替换它。现在拼出完整的域名很重要。否则，您可能会过度地写入可能或可能没有HTTPS的站点的出站链接。

完成后修改Notepad ++中的所有内容，您可以将所有文本复制并将其粘贴到WordPress编辑器中并保存更新的页面或博客文章。

手动方法将捕获所有内部URL。但如果您有几千篇文章的博客空间，它几乎不可能慢！
htaccess文件。

在验证后，我们需要做的一件事是通过制作第一个HTTPS页面的HTTPS工作100％，以开始强制迫使所有内容走向HTTPS。这就是我进入我的.htaccess文件。

＃Force Https.
RewriteEngine
Rewritecond％{https}关闭
Rewriteule（。*）https：//％{http_host}％{request_uri} [r = 301，l]

SQL修复您的WordPress

注意：始终在通过SQL中传递任何命令之前备份您的网站。我们净上没有人负责任何您所做的损坏。

现在，对于有数千个博客条目的人来说，您可能希望通过以下方式采取SQL HACKING方法。

这是为了捕获整个博客的所有条目：

更新wp_posts.
Set Post_Content =（替换（post_content，'src =“http：//'，'src =”//'）））
其中orstr（post_content，'jpeg'）> 0
或instr（post_content，'jpg'）> 0
或instr（post_content，'gif'）> 0
或instr（post_content，'png'）> 0;

这是为了捕获单个引用的条目：

更新wp_posts.
Set Post_Content =（替换（post_content，“src ='http：//”，“src ='//”））
其中orstr（post_content，'jpeg'）> 0
或instr（post_content，'jpg'）> 0
或instr（post_content，'gif'）> 0
或instr（post_content，'png'）> 0;

然后是自定义字段：

更新wp_postmeta.
set meta_value =（替换（meta_value，'iframe src =“http：//'，'iframe src =”//'））;

此方法将涵盖您网站上的大约80个链接。可能必须手动编辑视频或音乐等其他链接。
最后的想法。

最简单的解决方案是我刚刚立即获得SSL证书并以纯HTTPS / SSL模式启动博客！但是，像许多开始拥有博客的人一样，你有零想法，即将到达它的位置。但是，因为它是为了获得SSL设置，它是值得的。

我听说过HTTPS速度的争议，即它在某些情况下是较慢的。如果浏览器是较旧的浏览器，则在传输之前首先建立该套接字层可能存在一些问题。例如，在我的Firefox上，它可能需要达到第二秒钟才能加载。但如果我在手机或平板电脑上加载这个网站，它几乎是瞬间。即使在最糟糕的情况下，我仍然会接受它没有加密。明白如果这个网站转到HTTP / 2，那么我没有什么可以为WordPress做好准备。所有HTTP / 2都是由Apache Web-Daemon处理的。但是现在我把自己放在了一个职位上准备好了！成为少数博主站点之一，因为我们的奇异迷恋安全性，并确保没有人在监控你包括自己的情况下。

直到下一次。

Line +++结束

This post is first published by steem
Future growth trend

本帖 steem 首发
未来增长态势