No More HTTP/HTTPS Drama with WP Force SSL
Sometimes things come in waves. This week, I had to deal with two sites that had both
https:// versions sitting side-by-side. In other words, typing in
https://site.com reveals a working SSL certificate, but just typing in
site.com takes you to
http://site.com, which is still just sitting there, parallel to the identical SSL version, but without SSL protection of any kind.
This is really bad for lots of things:
- Security! If site visitors go to the insecure version of the site and then do the kinds of things SSL certificates exist to protect—like enter payment details or personal information—you’re putting them in a gigantic and potentially disastrous security hole.
- Analytics and SEO. You’ve got two sites that are potentially getting traffic, making it very hard to trust the analytics and organic search information you’re getting for the SSL site.
- Irritation. You can be logged into
https://site.comand logged out of
http://site.comand have no idea what’s going on.
I bring this last point up because it’s how I realized that this problem existed on one of the sites I had to fix it for:WPShout. For some, reason our URL forwarding breaks every month or two, and so for the last week or two it’s been perfectly possible to type in
wpshout.com and end up at
http://wpshout.com. Why were we showing as logged-out all the time, we wondered? Now we know.
Okay, so it’s a really irritating problem, but the fix is very simple: WP Force SSL. Install it, activate it, and you’ll never have to worry that people are seeing the insecure version of your site ever again. I finally did this for WPShout yesterday (no idea why I waited), and it worked immediately.
SSL’s not nearly as easy as it should be, unfortunately, but WP Force SSL really does help.