https:// and SSLs

Posted on    by

My host server sent an advisory several days ago informing of Google’s decision to mark non-HTTPS websites as “not secure”. So, as host server providers, they were offering free SSL for their domain users. There’s nothing on our web site here that elicits payment information from visitors, email addresses in comments are never visible, and no hidden advertising bits either as far as my constant scanning goes. Still, I reckon visitors will get that extra bit of confidence when they see a site is marked as ‘Secure’. So, I went about looking into ensuring that our blog is fully https:// compliant.

And that job of transiting to https turned out to be slightly more involved than just a couple of clicks on the hosting service dashboard. Specifically, our almost 20 year old blog now – wow we’ve been writing for this long?! – has a few thousand posts with all kinds of funky URLs embedded in it over the years, many of them likely dead links by now. And custom php scripts, many written and tweaked long before https was a thing. I reckon that’s one of the consequences of having a fairly heavily customized site that I can’t always recall why I made specifics code changes from years ago.

Still, long story short. After several hours of reading up, installing plug-ins to scan my WordPress databases for occurrences of non-compliance to https, running certificate and SSL checks using a whole bunch of facilities – including Qualys SSL Server Test, Why No Padlock, Symantec CryptoReport and SSL Checker – and reading their scanning results, I’m happy to report that our web site is https compliant, and with a few further improvement tweaks that can still be made. And for those, I’ll have to contact my host server’s technical experts to get some help on.

Hooray! Finally secure.

In the next week, I’ll also look into similarly securing the other three mostly dormant web sites in the subdomains: one on my past research, another on music, and a third on debating. And along the way, if you see see any page on this site that has unsecured content, do sound out and I’ll look into it immediately!