Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stoyan Stefanov:
HTTPS migration: a WordPress blog hosted on Dreamhost
Jan 09, 2017 @ 09:17:27

Stoyan Stefanov has written up a post sharing the process he followed to migrate a WordPress blog to HTTPS on the Dreamhost hosting service.

Now some folks reminded me recently that the Perf calendar was not yet migrated to HTTPS... True enough. I have to do it. Eventually. In any normal situation I'll procrastinate indefinitely, but since I had more pressing things to do and "Anyone can do any amount of work, provided it isn’t the work he is supposed to be doing at that moment"... I bit the bullet.

Below are the steps that worked for me with a WordPress blog, hosted on DreamHost. The steps are still relevant to any WordPress site, just using Dreamhost as an example and since Dreamhost makes many of the steps easy.

He breaks the process down into six parts, including a bit of testing at the end:

  • Setup free SSL certificate thanks to Let's Encrypt
  • Backup all the things (or just the blog's database or just the table with the posts)
  • Search and replace internal references (images and links) WP settings
  • Redirect http to https permanently in .htaccess
  • Test/tweak?

Each step comes with the code or configuration you'll need to set up HTTPS and some screenshots where necessary, like with the Let's Encrypt setup.

tagged: wordpress migrate https blog dreamhost letsencrypt tutorial

Link: http://www.phpied.com/https-migration-wordpress-blog-dreamhost/

TutsPlus.com:
Using Let's Encrypt SSL With Your WordPress Project
May 24, 2016 @ 12:53:11

The TutsPlus.com site has posted a tutorial for the WordPress users out there about using Let's Encrypt and SSL certificates to easily secure your installation.

For years, purchasing, renewing, installing and managing SSL certificates overwhelmed me with expense and complexity. Now, Let's Encrypt makes it fairly simple and free.

Let’s Encrypt is an emerging, free, automated, and open certificate authority brought to you by a California public benefit corporation called the Internet Security Research Group—it also has nonprofit status. [...] In this tutorial, I'll walk you through installing Let's Encrypt on a few of my websites, including my WordPress consulting website, http://lookahead.io, soon to be https://.

You'll need a be a bit comfortable working at the command line to use the Let's Encrypt client, but they walk you through each step of the process explaining everything along the way. They start with a basic list of features the Let's Encrypt service provides and the requirements you'll need to get started. Screenshots of the setup wizard are included and the "one small difference" you'll need to make when using it with WordPress. They link to the SSL Labs site to help you verify the certificate is working as expected and finish with setting up the auto-renewal of the certificate via a simple cron job.

tagged: wordpress letsencrypt install setup configure ssl certificate free

Link: http://code.tutsplus.com/tutorials/using-lets-encrypt-ssl-with-your-wordpress-project--cms-22303

Niklas Keller:
Let's Encrypt with PHP
Mar 16, 2016 @ 13:05:32

The introduction of the LetsEncrypt free SSL certificate service has made making your site SSL only a much easier process than ever before. They've made it even easier by allowing automation around certificate setup and renewal. In this post to his site Niklas Keller shows you how to use a PHP implementation of a tool to setup/refresh your certificates automatically.

Let’s Encrypt, the free and automated CA, started late last year into their public beta. They offer a pretty comprehensive client to automate the process of getting SSL clients and installing them. It will soon be moved to a new home at EFF.

If you’re already using PHP and don’t need / want the automatic installation of your free certificates or don’t want to install Python, here’s a client for you. kelunik/acme-client is able to issue and renew certificates using your already running webserver (e.g. Nginx or Apache). It’s using the http-01 challenge to prove your domain ownership / control to Let’s Encrypt.

He shows how to use the client to set up a new LetsEncrypt account (if you don't already have one) and issue a certificate through a few command line calls. He then shows how to automate the process to check your certificate expiration and load the updated certificates. He also includes an example of the command to revoke a certificate, just in case.

tagged: letsencrypt ssl certificate client acme example refresh issue revoke

Link: http://blog.kelunik.com/2016/03/13/letsencrypt-php-client.html