Posted on 2 Comments

WordPress security and SSL

This is a follow up to my original post on SSL and WordPress security.

Here’s the article from blogaid.net (If you’re on mobile, sorry but the site will be a bit difficult to view. Pinch and zoom and you’ll be able to read it)

Now, let’s break down what MaAnna Stephenson has written:

WordPress security and SSL
from BlogAid.net

Yes, Google moves cheese.  It’s something that most folks have come to understand.  Let’s rephrase that to a bit more of a  pragmatic application and just say that Google adapts its search results to find the correct content.  It needs to be clearly understood that if Google did NOT (I’ll use her term here) “move the cheese”, then I could easily make any site quickly rank for terms like Britney Spears butt, Russian internet hack, How do I SEO.  Thankfully – and much to the demise of some web folks – Google DOES indeed adapt its search results to find the one that we are ACTUALLY looking for.

Screenshot 2014-08-07 12.00.08
from BlogAid.net

Right now, anyone using the idea or notion of “switching to SSL will make you rank better” is completely full of it.  So, in this part, I fully agree with the article.  Now here’s where things get a bit …eh, well just read on.

SSL WordPress and security
Your whole website being encrypted. Does anyone need that? Really?

Please tell me I did NOT just read that.  For most folks, their WHOLE site can be secured quickly and easily.  Furthermore, the reason that a whole site gets wrapped in the SSL is way, Way, WAY too lengthy – if you offer downloads of marketing material / free reports / mp3 files / images / pdf / docx, the list is endless; and most of the time, that content is entered as a post_type or something similar. In other words, most people do indeed build their whole site within WordPress.  In any instance, if there is content or information moving from point A to point B, it is now wrapped in an SSL! “SSL is a minor factor in keeping your site safe” then “It’s more about keeping your site visitor safe.” WHAT?!?!? How in the world does a person come to the conclusion that there is even a minute differentiation between keeping a site safe and the visitors safe? So if you’ve got a site with malicious code on it, injected by an insecure transmission, that got jacked when someone clicked “Download my Free report on why furry kittens are so adorable” your visitors are no longer safe.  Bottom line.  Your site IS your visitors.  Corporate site built on WordPress or Furry Kitten Blog, or Download my …whatever… Please never forget that your site amounts to jack squat if it get’s blacklisted.  And please understand folks, there is no opinion to the fact that an SSL does help keep visitors and your site safe.

from BlogAid.net
from BlogAid.net

Ok this is where I decided to stop doing my corporate work, and take some personal time to write this clarification post.  Look folks, a simple 301 redirect gets you on your way.  Period.  There’s a great deal of sub.domains floating around on various corporate sites that are still ranking yet are 301 redirected to another url.  Someone type in campaign.verizon.com (or, you could just click the link). Does anyone see that linking to an IronMan campaign? Nope! It sure doesn’t (but at one point when IronMan came out, it did).  And this also goes back to the ability to know where the ‘cheese was moved’.  When a new campaign is launched, that domain becomes active, proper SEO is done, and when it’s not being used for an active campaign, that url gets 301’d back to the correct url of http://www.verizon.com/home/fios. Stating that changing a permalink is “not a little thing” is a bit subjective.  I’d have to say  that changing a permalink is “a thing“, and either you do it correctly or you don’t.  But don’t make people fearful of an SSL with this type of justification.  It’s just not right.  Yep it’ll take Google a while to re-index the new site, but again, please understand what a 301 redirect does.  It passes around 95% of “link juice” straight to the new url.  Again, fear aside. That’s what it does.  Once it is done re-indexing, you’ll be even better off than before!

Speed and Cost of WordPress Security
from BlogAid.net

And this is the one that just kinda makes it all go downhill – fast.  I want to ‘tell the truth in love’ but, …well, this might not be too far from the truth. If you don’t have the capacity to stick an SSL on a site w/out the speed going to crap, then please find someone who will, because it can be done! Again, either it’s set up and installed correctly, or it’s not configured and running correctly.  Period. Will it slow a site down?  Yes, the worst I’ve ever seen is that the SSL handshake took about 500ms.  That’s a big deal to me.  On most sites, our team will have FB marketing pixels, AdRoll pixels, GA, another tracking js from who knows, and more.  So getting every millisecond out of a site is ABSOLUTELY critical.  Again, will it take longer? Absolutely.  But again, it’s being called a  “time drain hoop“?     wow. The Cost.  I’m not sure where folks are getting their SSL from – there’s a ton of places.  But a reputable hosting company has them, they’ll install it, and you’ll be good to go in less than 24 hours.  Oh, and what was my cost?

$25 / yr.  (insert waaahh wahhhhhh trumpet here!)

Again, I’m not sure what type of hosting atmosphere her article was referring to but I do what to point out some things for readers to note:  “An SSL certificate costs money.” Yes, it does.  $25. We’ve established that.  Now, “If you’re lucky, your host provides a shared one.” WHAT?!?!?!  Let’s rephrase that a bit: “If you’re hosting with a reputable company, they have a reseller account for Comodo, GlobalSign, VeriSign (or something equivalent), and your host will offer SSL’s for a very affordable amount.”

Does the SSL play nicely w/ your plugins?  Some do, some don’t.   This is a good thing to research.  Again, most of the reputable and common plugins work great w/ an SSL!!  And, let’s make no bones about this ~ making sure a plugin will run encapsulated in an SSL could / might / and probably will require you to put an ‘s’ into a url within the plugin.  If the plugin is running back and forth to a server that’s not secured, then turn it off.  But Brad… Nope. Stop right there.  Deactivate, delete, and go find a plugin that’ll work correctly over an SSL.  Again, no ‘Henny Penny’ needed.  Just deactivate, delete, and go find another one.

Look if you want to read the ‘Bottom Line’ run on over to the page over there, and check it out.

Here’s my bottom line right here:

thebottomline

I’m not waiting on Google to tell me jack about an SSL.  But it’s good to know that, if they ever give it more weight than >1% then, I’m ready. It’s also on my site, because $25 a year is a pretty good investment for my safety and yours.  It’s there on all the sites I’ve made for the last two years. Absolutely! And does it slow things down? Well, I just ran this through GTMetrix, and it doesn’t look to shabby for a personal site.

Screenshot 2014-08-07 14.03.46

Look, I don’t want to pick on any one person or site in particular here folks.  But you really need to be informed on a proper site, how it works, how speed happens, how security really happens, and how to keep your site secure with an SSL.

There’s not a big ‘Like Button’ on my Life.  But if you ever meet me in person, or get to know me a bit, you’ll find out that I’ll tell the truth.  And that’s what I want you to know as well! Yes, an SSL is one of many layers of security for your site.  I think everyone should get one.  If that’s not clear by now, let me know and I’ll clarify some more.  But what I don’t want, is for someone to read an article like the one I just read, and then decide NOT to get an SSL based on some ‘mis-information’.  If you can afford $25 a year, then you can – indeed – make your WordPress website secure with an SSL!

2 thoughts on “WordPress security and SSL

  1. Or, have you seen free games being advertised, only
    to find out when you download them, your computer becomes
    infected with malicious software. “There’s been a huge change in the way we prepare for war, and the soldiers we’re training now are the children of the digital age who grew up with Game – Boys,” stated
    retired Rear Admiral Fred Lewis, a 33-year U.
    You have to purchase a license to play Sim – Venture,
    and there are two accounts to choose from as
    an entrepreneur: Personal (non-student) or commercial.

  2. hi!,I really like your writing very much! share we keep up a correspondence more about your article on AOL?
    I need an expert in this house to unravel my problem.
    May be that’s you! Looking ahead to peer you.

Leave a Reply

Your email address will not be published. Required fields are marked *