One of the problems that has been concerning me for the last few months is the privacy online. I’ve already written about how to encrypt a hard drive, or discussed about the unsafety of passwords. Now it is finally time to make an improvement to the blog’s privacy. Starting from now, you may notice that the default way of accessing this website is via https, meaning that all the communication between you and the server is encrypted.

Let's encrypt

I was thinking in implementing secure HTTP, but I didn’t want to add an extra fixed cost. Recently, Dreamhost (my host provider) has partnered with Let’s Encrypt to offer a 1-click installation of certificates in any of the hosted websites. There are many reasons why to encrypt the communication between computers and servers; the obvious one is to avoid filtering of passwords when submitting a form. But it is not the only one; there is also a more global concern regarding NSA’s massive spying policies that in part can be obfuscated with such a simple 1-click act. In a more materialistic perspective, Google has announced that websites with https connections will be ranked better in search results.

Even if Dreamhost offers a 1-click activation of an https certificate, WordPress users like myself should follow the next steps in order to have it working properly.

After you check that works, you have to enter to the administration area of your blog, go to settings and change the site URL

Seure http

The next step is to change the .htaccess file as to ensure that all data will be transmitted through the encrypted channel. I assume that you know how to access your webhost and open files for editing. After whatever that may have been written by wordpress, add the following:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

And that’s it. Now every time someone enters to your website it will be automatically redirected to the secure http.

%d bloggers like this: