I decided to finally make this site more secure by switching it to HTTPS instead of just HTTP. Up until a year or two ago, this would have been a somewhat tricky and non-free proposition. But now it was really quite easy. I intend to describe how I did it, in case anyone is interested in securing their own websites.
Before, you had to pay for an SSL certificate, then figure out how to install it on your website (involved a lot of cryptographic strings and configuration), and then get everything to point to HTTPS instead of HTTP. Now you can get the SSL certificate for free, and many hosts make it really easy to install.
So this is How I Set the Site Up for HTTPS
First off, I’m using Blue Host’s dirt cheap hosting. And it turned out, they actually made acquiring and configuring the SSL certificate really easy. Here is a video showing how to request it from BlueHost and then get it activated.
After that, I followed the instructions from this website to configure WordPress to make the most of it, although everything before “Configuring WordPress for SSL/HTTPS” was already handled by BlueHost for me. So basically, I just
- switched my site’s URL from http://deadeasyfamilyhistory.org to https://deadeasyfamilyhistory.org
- added a line of code to the wp-config.php file that they suggested
- updated the site’s .htaccess file with the code snippet they provided
The images were being served by my theme, Pinnacle, in the home page’s Icon Menu. It seems somehow the icons were still using images that started with HTTP, and they didn’t really give me an obvious option to switch them to HTTPS. So what do you always do when computers aren’t working? Restart and try again. So I removed the images and re-selected them. Then they used the HTTPS ones.
And now the site is secure. All-in-all, it probably took an hour or two.