#ill add a link to this post when its done and the headers will get a link to this post as well
Text
Made some matching s1 and s2 Jancy icons alongside three that has them both in the incredibly simple edit style of my own icon and header.
If you decide to use, please like or reblog. Don't claim as your own either because I will find you and I will politely ask you to not do that.
Headers
#I’m not much of an editor but I have a cold atm and I spent like two hours editing multiple images of them#let me know if you’d like to see the rest#also let me know if you’d like to see other ships or characters in this style too#i also have some jancy headers that ill post after this one#ill add a link to this post when its done and the headers will get a link to this post as well#do these even count as matching icons? idk as I said I’m not an editor I’m an artist#btw all of these were made in the course of three days and this post has been sitting in the drafts for that exact amount of time#i just added new ones as i went along#stranger things#jonathan byers#nancy wheeler#jancy#emily does some unimpressive edits
72 notes
·
View notes
Text
About Thomas More’s “Utopia”
I finished my reread of Utopia by Thomas More. The reason I reread it was more or less to refresh my memory in anticipation of future FFXIV patches. I had originally not thought much about the Ancients’ city being called “Amaurot,��� but ever since I read this post about Emet-Selch’s costume, I’ve wondered if there might be more influences from Utopia besides names.
This is honestly for my own benefit to go back to during future patches (where we’ll hopefully learn more about the Ancients’ society 🙏), but since I’m probably going to share it with other FFXIV friends regardless, I figured I’ll add some disclaimers:
FFXIV!Amaurot was called “Atlantis” in early development. So, some of the more... on-the-nose passages might just be a coincidence, albeit one the devs may happily use.
Related to the above point, it’s important to note that Thomas More himself coined the term “utopia” with this book. This is the granddaddy of fictional utopias. A lot of common tropes probably started here.
The headers (Book I, Book II - Of Their Magistrates, etc) come directly from the book, except for the Interludes. Interlude sections are of my own making, either linking related passages from different chapters or isolating certain sections of a chapter.
MISC.
Here’s a list of terms and names from Utopia.
Copying some of the most interesting ones:
Utopia – “noplace” in Greek (Eutopia would have been “happy place.”)
Mithra - name of Persian gnostic god and of Utopia's god (this one is discussed more later in this post)
Amaurot (name of a Utopian city) – “[made]* dark” (but I’ve read elsewhere that it means “foggy or phantom”)
Probably important to note that Utopia is satire.
Also, I find the visuals of FFXIV!Amaurot quite interesting when you compare it to Utopia. Art deco is not exactly the architectural style you might associate with proto-communism, heh.
BOOK I.
Raphael Hythloday is a philosopher and globe-trotter. He lived amongst the Utopians for five years.
Because of his worldly knowledge, More and Gillis (both of whom are real people, unlike Hythloday) suggest that he become a sort of counsellor to a king, an idea which he passionately refuses.
From Hades’ Tales from the Shadows story, we know that Hythlodaeus had initially been asked to become the new Emet-Selch. He refused, so the role went to Hades instead.
1. “I think my friends ought to rest contended with this, and not to expect that for their sakes I should enslave myself to any king whatsoever.”
2. “The change of the word,” said he, “does not alter the matter.”
3. “and if all other things failed, then they would fly to this, that such or such things pleased our ancestors, and it were well for us if we could but match them. They would set up their rest on such an answer, as a sufficient confutation of all that could be said; as if it were a great misfortune, that any should be found wiser than his ancestors; but though they willingly let go all the good things that were among those of former ages, yet if better things are proposed they cover themselves obstinately with this excuse of reverence to past times.”
4. “For you spoil and corrupt the play that is in hand when you mix with it things of an opposite nature, even though they are much better.”
5. “... for the same reasons you should not forsake the ship in a storm because you cannot command the winds.”
6. “in a complication of diseases, that by applying a remedy to one sore, you will provoke another; and that which removes the one ill symptom produces others, while the strengthening one part of the body weakens the rest”
BOOK II. OF THEIR TOWNS, PARTICULARLY OF AMAUROT
The island of Utopia is located somewhere in the New World, and because of its geography, it’s also fairly isolated.
Amaurot is its capital.
The island has 54 cities. They are all more or less the same. Hythloday makes a point in saying that when he describes Amaurot, he describes the other Utopian cities as well.
There is no private property in Amaurot. Also, apparently the most beautiful of gardens can be found there.
BOOK II. OF THEIR MAGISTRATES
1. “It is a fundamental rule of their government, that no conclusion can be made in anything that relates to the public, till it has been first debated three several days in their council”
2. “One rule observed in their council, is, never to debate a thing on the same day in which it is first proposed; for that is always referred to the next meeting, that so men may not rashly, and in the heat of discourse, engage themselves too soon, which might bias them so much, that instead of consulting the good of the public, they might rather study to support their first opinions, and by a perverse and preposterous sort of shame, hazard their country rather than endanger their own reputation, or venture the being suspected to have wanted foresight in the expedients that they at first proposed”
BOOK II. OF THEIR TRADES, AND MANNER OF LIFE
Every citizen has a particular trade that they focus on - such as the manufacture of wool, masonry, carpentry, etc. There is no particular trade that’s held in higher regard than the others.
Trade often passes from parent to child, but if anyone’s skills are better suited to a different trade, they are moved to a family that deals in that trade.
The people all wear the same types of basic clothes. The only distinction in dress is between the sexes, and the married and unmarried.
They appoint 6 hours to work each day (3 before dinner, 3 after).
Despite the lower number of working hours compared to other societies, they find themselves with a “great abundance of all things among them.” This is due to the fact that no citizen remains idle.
BOOK II. OF THEIR TRAFFIC
They think that the greatest happiness of life comes from improving their minds.
None of their cities may contain above 6000 families, besides those of the country around it. No family may have less than 10 and more than 16 people within them. This rule is observed by moving children around, should it be necessary.
They have large, functioning hospitals. It’s said that their hospitals are so large that they may pass for little towns. They take care of their sick much more than other societies.
INTERLUDE. ON BUTCHERS
“There are also, without their towns, places appointed near some running water, for killing their beasts, and for washing away their filth; which is done by their slaves: for they suffer none of their citizens to kill their cattle, because they think that pity and good-nature, which are among the best of those affections that are born with us, are much impaired by the butchering of animals”
“Therefore all this business of hunting is, among the Utopians, turned over to their butchers; and those, as has already been said, are all slaves; and they look on hunting as one of the basest parts of a butcher’s work: for they account it both more profitable and more decent to kill those beasts that are more necessary and useful to mankind; whereas the killing and tearing of so small and miserable an animal can only attract the huntsman with a false show of pleasure, from which he can reap but small advantage. They look on the desire of the bloodshed, even of beasts, as a mark of a mind that is already corrupted with cruelty, or that at least by the frequent returns of so brutal a pleasure must degenerate into it.”
BOOK II. OF THE TRAVELLING OF THE UTOPIANS
If they have an over-plus of resources, they export it. They often do send out great quantities to other nations. They order a seventh of these goods to be given out to the poor of foreign nations; the rest are sold at moderate rates.
1. “There are no taverns, no alehouses nor stews among them; nor any other occasions of corrupting each other, of getting into corners, or forming themselves into parties: all men live in full view, so that all are obliged, both to perform their ordinary task, and to employ themselves well in their spare hours”
2. “And on the contrary, they think it a sign of a gentle and good soul, for a man to dispense with his own advantage for the good of others;”
INTERLUDE. ON THE VALUE OF GOLD
Linking this post again due to its relevance.
1. “But one who can judge aright, will not wonder to find, that since their constitution differs so much from ours, their value of gold and silver should be measured by a very different standard; for since they have no use for money among themselves, but keep it as a provision against events which seldom happen, and between which there are generally long intervening intervals; they value it no farther than it deserves, that is, in proportion to its use. So that it is plain, they must prefer iron either to gold or silver: for men can no more live without iron, than without fire or water”
2. “The folly of men has enhanced the value of gold and silver, because of their scarcity. Whereas, on the contrary, it is their opinion that Nature, as an indulgent parent, has freely given us all the best things in great abundance, such as water and earth, but has laid up and hid from us the things that are vain and useless.”
3. “... while they make their chamber-pots and close-stools of gold and silver; and that not only in their public halls, but in their private houses: of the same metals they likewise make chains and fetters for their slaves; to some of which, as a badge of infamy, they hang an ear-ring of gold, and make others wear a chain or a coronet of the same metal; and thus they care care, by all possible means, to render gold and silver of no esteem.”
4. “They find pearls on their coast; and diamonds and carbuncles on their rocks; they do not look after them, but if they find them by chance, they polish them, and with them they adorn their children, who are delighted with them, and glory in them during their childhood; but when they grow to years, and see that none but children use such baubles, they of their own accord, without being bid by their parents, lay them aside; and would be as much ashamed to use them afterwards, as children among us, when they come to years, are of their puppets and other toys.”
5. “This three ambassadors made their entry with an hundred attendants, all clad in garments of different colours, and the greater part in silk; the ambassadors themselves, who were of the nobility of their country, were in cloth of gold, and adorned with massy chains, ear-rings and rings of gold: their caps were covered with bracelets set full of pearls and other gems: in a word, they were set out with all those things that, among the Utopians, were either the badges of slavery, the marks of infamy, or the playthings of children.”
6. “The Utopians wonder how any man should be so much taken with the glaring doubtful lustre of a jewel or a stone, that can look up to a star, or to the sun himself ...”
BOOK II. OF THEIR SLAVES, AND OF THEIR MARRIAGES
They have no lawyers. They think it’s best for everyone to plead their own case and understand their own laws. Fortunately, their laws are few in number and easy to understand.
1. “If any man aspires to any office, he is sure never to compass it”
This also reminded me of Hades’ Tales from the Shadows story. Granted, it’s a very short story, but I didn’t get the impression that Hades actively pursued his office (Hythlodaeus obviously didn’t). It’s possible that none of the Convocation did if this bit from Utopia was worked in.
2. “THEY do not make slaves of prisoners of war, except those that are taken in battle; nor of the sons of their slaves, nor of those of other nations: the slaves among them are only such as are condemned to that state of life for the commission of some crime, or, which is more common, such as their merchants find condemned to die in those parts to which they trade, whom they sometimes redeem at low rates; and in other places have them for nothing. They are kept at perpetual labour, and are always chained, but with this difference, that their own natives are treated much worse than others; they are considered as more profligate than the rest, and since they could not be restrained by the advantage of so excellent an education, are judged worthy of harder usage”
3. “Another sort of slaves are the poor of the neighbouring countries, who offer of their own accord to come and server them; they treat these better, and use them in all other respects as well as their own countrymen, except their imposing more labour upon them, which is no hard task to those that have been accustomed to it; and if any of these have a mind to go back to their own country, which indeed falls out but seldom, as they do not force them to stay, so they do not send them away empty-handed.”
4. “For the most part, slavery is the punishment even of the greatest crimes; for as that is no less terrible to the criminals themselves than death, so they think the preserving them in a state of servitude is more for the interest of the commonwealth than killing them; since as their labour is a greater benefit to the public than their death could be, so the sight of their misery is a more lasting terror to other men than that which would be given by their death”
5. “If their slaves rebel, and will not bear their yoke, and submit to the labour that is enjoined them, they are treated as wild beasts that cannot be kept in order, neither by a prison, nor by their chains; and are at last put to death”
6. “They think leagues are useless things, and believe that if the common ties of humanity do not knit men together, the faith of promises will have no great effect”
BOOK II. OF THEIR MILITARY DISCIPLINE
I suppose it’s worth pointing out that a true utopia likely wouldn’t be possible unless the whole world was one. The Utopians despise war, but they train their military all the same.
1. “for the certainty that their children will be well looked after when they are dead, frees them from all that anxiety concerning them which often masters men of great courage; and thus they are animated by a noble and invincible resolution”
2. “... yet they do not rashly engage in war, unless it be either to defend themselves, or their friends, from any injust aggressors; or out of good-nature or in compassion assist an oppressed nation in shaking off the yoke of tyranny”
Emet, probably:
3. “THEY detest war as a very brutal thing; and which, to the reproach of human nature, is more practised by men than by any sort of beasts.”
4. “in opposition to the sentiments of almost all other nations, think that there is nothing more inglorious than that glory that is gained by war.”
5. “They would be both troubled and ashamed of a bloody victory over their enemies, and think it would be as foolish a purchase as to buy the most valuable goods at too high a rate. And in no victory do they glory so much as in that which is gained by dexterity and good conduct, without bloodshed”
6. “If this method does not succeed with them, then they sow seeds of contention among their enemies, and animate the prince’s brother, or some of the nobility, to aspire to the crown”
7. “for as they do not undervalue life so as prodigally to throw it away, they are not so indecently fond of it as to preserve it by base and unbecoming methods”
BOOK II. OF THE RELIGIONS OF THE UTOPIANS
There are 13 priests per town.
1. “And indeed, though they differ concerning other things, yet all agree in this, that they think there is one supreme Being that made and governs the world, whom they call in the language of their country Mithras.”
Mithras is an ancient Iranian god of light. Futhermore, according to Wikipedia: “Together with the Vedic common noun mitra, the Avestan common noun miθra derives from Proto-Indo-Iranian *mitrám, from the root *mi- "to bind", with the "tool suffix" -tra- "causing to". Thus, etymologically mitra/miθra means "that which causes binding", preserved in the Avestan word for "Covenant, Contract, Oath”.
It’ll be a missed opportunity if this name isn’t worked into the story, tbh.
2. “They have magnificent temples, that are not only nobly built, but extremely spacious; which is the more necessary, as they have so few of them; they are a little dark within, which proceeds not from any error in the architecture, but is done with design; for their priests think that too much light dissipates the thoughts, and that a more moderate degree of it both recollects the mind and raises devotion”
Lolz.
3. “They offer up no living creature in sacrifice, nor do they think it suitable to the divine Being, from whose bounty it is that these creatures have derived their lives, to take pleasure in their deaths, or the offering up their blood.”
Well, that’s certainly interesting within the context of FFXIV. A plainer way of saying this is, “we don’t sacrifice animals, because without them, we wouldn’t be able to live.”
4. “THERE are several sort of religions, not only in different parts of the island, but even in every town; some worshipping the sun, others the moon, or one of the planets: some worship such men as have been eminent in former times for virtue, or glory, not only as ordinary deities, but as the supreme God: yet the greater and wiser sort of them worship none of these, but adore one eternal, invisible, infinite, and incomprehensible Deity; as a Being that is far above all our apprehensions, that is spread over the whole universe, not by His bulk, but by His power and virtue; Him they call the Father of All, and acknowledge that the beginnings, the increase, the progress, the vicissitudes, and the end of all things come only from Him; nor do they offer divine honours to any but to Him alone.”
5. “... for this is one of their most ancient laws, that no man ought to be punished for his religion.”
6. “He judged it not fit to determine anything rashly, and seemed to doubt whether those different forms of religion might not all come from God, who might inspire men in a different manner, and be pleased with this variety;”
2 notes
·
View notes
Text
Version 310
youtube
windows
zip
exe
os x
app
tar.gz
linux
tar.gz
source
tar.gz
I had a productive week. A bunch of stuff is fixed, and I finished a first version of multi-file url downloading.
multi-file support
A limitation of the old download system is that it always assumed a single 'post URL' could only ever produce a single file. This week, I have added full support for multi-files-per-post-URL to the new downloader. If a new parser generates multiple 'downloadable' URLs, the file import queue will generate and insert new download objects for each. Tags and associable URLs should all be passed along to the children as appropriate.
As a result, I can finally roll out support for several sites that provide files in this way. I've updated the inkbunny post parser, and added twitter tweet and artstation post parsers, so all these should now be drag-and-droppable onto the client. The twitter parser only supports images--no videos yet. The inkbunny parser may put its multi-files slightly out of order, and in one of my tests it pulled the artist profile picture as well, so it may need some tweaking. IB have a proper API, but it requires some login stuff, so I will look at that again when I have the new login system done.
And of course I have added a pixiv manga parser, which has been highly requested for a long time. This was fairly complicated, but I think I got all the referral URLs and tags lined up correct. It can even add 1-indexed page tags. Unfortunately, pixiv just changed my test login to the new (currently broken) JSON/javascript layout just today, as I did final testing. If it turns out pixiv have switched everyone over to the broken layout on the very day I finally roll out manga support, I think my head is going to explode, but even if so, I am confident the javascript layout is parsable--it'll just take a bit more work. I expect to have a fix for all pixiv users for v311 if another user doesn't post one sooner.
This multi-file parsing is a first version. There may be bugs, so please let me know. I also don't really like how the initial post URLs' file import objects get counted as 'successful' like a regular file, so I may make a new 'successfully parsed' type to distinguish them a bit and alter the file progress counts appropriately.
misc
The new 'x% in' video thumbnail generation works better and fails better now, including some better workflow and error-reporting when regen is manually started by the user. If you had some videos that failed to import or regen last week, please try them again and let me know if you still have problems.
The multiple watcher now has a 'check now' button.
I added a semi-crazy prototype checkbox to options->gui that puts all your page tabs on the left. It needs a restart to kick in. Test it at your own risk.
The new download system now informs the new network engine of file limits in your 'file import options'! So, if you say 'don't get gifs bitter than 32MB', and the server clearly identifies a newly started download as a gif with size 50MB, the download will be abandoned and a veto/ignored status set immediately! It also works with the regular min/max filesize as appropriate. Let me know if it goes wrong!
I cleaned up some file repository thumbnail sync and display code all around.
github
Github got bought by Microsoft, so I am considering migrating somewhere else. I only use Github as a file/code host and the workflow of syncing there is easy, so I may or may not go, or may just put it off and see what happens during the transition. I am interested in your thoughts on the whole deal and what you think of the alternatives.
full list
updated the inkbunny file page url class to acknowledge that inbunny pages can have multiple files
updated the inkbunny file page parser to handle multiple file urls (although they may be out of order and possibly sometimes include the artist profile image--this was not super easy)
added a parser for twitter tweets (only images supported atm, but it can handle multiple!) (hence tweet drag and drop now works!)
updated the artstation file page url class to redirect to a new api url class
wrote an artstation file page parser that also handles multiple file urls
updated/added pixiv file page, manga page, and mange_big url classes
updated pixiv file page parsers to be ok with manga links
wrote parsers for pixiv manga and manga_big pages to fetch manga files (with page tags)!
file import objects can now create semi-duplicate children for multi-file post urls and insert them just after themselves in the file import queue.
file import objects can now receive and remember referral urls. this referral url is associated with the file if appropriate. the watcher and simple downloader now uses this in addition to the multi-file post system
jumbled around some parameters and merged the two new file import url commands (import 'file' vs import 'post') into one single simple 'work on this url, thanks' call that is now used across the program
the parsing system's 'content parser' no longer fetches file urls and post urls, but 'download urls' and 'source urls'. this helps some pipeline logic and also lets post urls be download urls
when file import objects parse post urls as the urls to download, it now creates 1-n new import objects, just like if multiple file urls.
improved some file import object file association code
the new parsing system will de-dupe parsed urls
refactored the 'seed' code, which handles all basic file import objects, to the new ClientImportSeeds.py
added a new string transformation type, 'integer addition', for shifting page number tags up and down
fixed thumbnail generation for some videos that failed to do the new x%-in generation--it reverts more reliably just to the old frame 0 method
file reparsing popup now has a stop button
fixed an issue where extremely thin or wide (ratio > 200:1) images would not generate a full-size or resized thumbnail
the file reparsing/re-thumbnailing now reports errors better (including with full path) and does not abandon the larger job as it works
misc thumbnail generation code improvements
improved some thumbnail and file regeneration/moving code when the existing file has read-only status
the multiple watcher now has a 'check now' button
added a checkbox to options->gui that will put new notebook page tabs on the left
for all file download network jobs working in the new download system, the file import options for min size, max size, and max size (gifs) are now applied _during the download_! if the server tells the client the exact file size in the response headers, it will test max and min size before the content is actually downloaded--otherwise, it will test the max size as it downloads. if the server clearly says the file is a gif, the max gif size rules will also be tested in the same way
cleaned up some bandwidth announcement code--now, if bandwidth is due in less time than override time, that will now correctly be the status text
the bandwidth status no longer says 'in in' typo
fixed up some tag repair code from last week
the 'print garbage' debug function now dumps a whole bunch more data to the log
the thumbnail cache should now be a bit more stoic about missing repository thumbnails--it should now just present the hydrus default backup without error popup spam
the repository thumbnail sync will now get as thumbs in blocks as high as 10k at a time, rather than the old 100
hydrus network requests no longer generate web domain network contexts (and so won't have a default one-request-per-second bandwidth limit and should stream through thumbnails a bit faster)
hydrus network services are now willing to wait longer for bandwidth, so big thumbnail queues should keep working even if other bottlenecks pause them for a bit
hydrus network services will no longer sometimes have double-sync popups if synced from the advanced 'sync now' button in review services
changed the default global 'stop-accidents' bandwidth rule of 120rqs per minute to 512MB per minute. this only affects new users, but users trying to sync to large file repos might like to make a similar change manually
doing giant full file delete (i.e. purge from trash) jobs should now be a bit gentler on the gui
improved how the client deletes paths, clarifying in the code when and when not to allow recycle (usually disabled for thumb disposal)
switched the hacky text widgets on the popup system to a newer object. seems to still render ok, so lets see if it fixes some unusual layout issues some users have seen
if the temp folder cannot be created on boot, the client will continue anyway
fixed some url-domain text handling in db storage that was also breaking v309 update for some users
fixed some additional domain generation error handling at the db level
the list of url classes in the system:url panel is now the list of all url classes that are considered associable (before, it was file and post urls)
if a url class now api-links to itself or otherwise forms a loop with n other api url classes, the client will now throw an error (rather than lock up in an infinite loop!)
in the parsing ui, tag parse test results are now cleaned before being displayed
fixed misc url matching error reporting bug
when consulting the current file limit, the gallery page downloader will now try, when it has that number, to consult the total number of urls found it the current search (old behaviour is to only consult the number of _new_ urls, which lead to some bad edge-case workflows)
misc refactoring
next week
I am going to take a light week next week so I can shitpost E3. I will try and keep up with messages, but I'll only do a little fixing work. I will get back to regular schedule on the 16th, which means v311 will be on the 20th. I will make a 'No Release Tomorrow!' post on the 12th.
I am a little ill and completely exhausted, so an easy week is coming at a great time.
I am still really enjoying making hydrus. Thank you for all your continued support!
2 notes
·
View notes
Text
No One Told You Life Was Gonna Be This Way
Kabby social media AU, 3200 words, T
did u know that 1. it is @kane-and-griffin‘s birthday 2. she accidentally went viral for ranting about Friends and 3. once I start thinking about how A Thing (random example: Marcus Kane writing viral Friends tweets) would go down I cannot stop until I just write the thing
anyway happy birthday claire!!
Marcus Kane is, unfortunately, very familiar with the Nice Guy phenomenon.
It's an occupational hazard of writing science fiction, especially in the internet age; all he has to do is look for his most obnoxious fans, and he finds an unfortunately loud contingent of entitled mostly white men who believe that the world owes them women and happiness without any effort on their parts. It's something he tries to combat as much as possible, wherever he can, and he knows it works in some cases. For every reader who's turned against him for being an SJW cuck (whatever that means), he has another who's expressed appreciation for his opening them up to perspectives they hadn't considered and broadened their empathy and understanding.
That's what sci-fi should do, as far as Marcus is concerned. The heart of science fiction is acceptance and unity.
Which is why he tells Bellamy, "I need you to do one of those Twitter threads for me."
"For what?" Bellamy asks, wary. As Marcus's assistant, he seems to think his most important duty is talking Marcus out of interacting with social media. And he may be right.
"Ross Gellar."
It takes him a second. "The guy from Friends?" he finally asks.
"Yes. I want to explain to my followers why he's bad romantic lead and role model."
To his shock, the response is instant. "Okay."
"No arguments? No lecture on how that isn't what Twitter is for?"
"No, fuck Ross," he says. "What do you want to say? I'll make it happen."
Marcus clucks his tongue. "I'll write up a statement."
*
Marcus Kane @kanemarcus
Last week, while ill, I watched Friends on Netflix for the first time. So, a thread on friendship, romance, Joey Tribiani, and Ross Gellar.
O @o-so-cool reblogged
Sometimes my brother's boss is pretty okay.
raven @queenreyesthefirst reblogged
brb adding @kanemarcus to non-sucky white dude sci-fi authors and shipping him with @scalzi
Finn Collins @finnishfirst reblogged
this is kind of interesting but way too hard on ross. he does a lot of good things! see thread
Bellamy @bradburybell reblogged
this is not nearly hard enough on ross
Clarke Griffin @clarkegriffin reblogged
Relevant to your interests @ark-abby
*
"So here's what I think happened," says Bellamy. He's brought Marcus a coffee without being prompted, so whatever it is must be bad.
Marcus takes a sip of the drink. "When?"
"With your Twitter rant."
"Ah. I assume there are a lot of protests from the louder, stupider portion of my fanbase about how I've allowed the liberal fake media destroy my mind and masculinity?"
"Yeah, there are some of those. But, uh--it went way past your fanbase."
"Excuse me?"
"This is your most retweeted post ever. Not even close. It's viral. You've got people fighting you, people telling you it's a revelation, and about a thousand new followers already. In the last day."
He frowns. "Is Friends really still that popular?"
"Apparently." He shrugs. "Clarke says you made Buzzfeed and a couple of the other aggregator sites too. She and Raven have been texting me updates. They think it's hilarious."
"What does that mean?"
"Honestly? I don't fucking know. I told you when you hired me I'm not actually good at this stuff. I tried to warn you."
"You did." He takes another sip of coffee. "So, what do you think happened?"
"My sister retweeted it, and she spends about ninety percent of her time thinking about her social media brand, so she's got a ton of followers. Then Raven picked it up from her, her tech friends got a hold of it, and after that--" He shrugs. "You got out of your niche and into broader Twitter, and I'm not going to be able to find anything useful in your notifications for weeks. It's all Ross/Joey shipping discourse. Clarke's words, not mine," he adds.
"Should I be concerned?"
"I don't know. I guess we'll find out if it actually sells more books. And Clarke thinks we should try to leverage it into more publicity, she's got an idea for that."
Marcus hasn't actually met most of Bellamy's friends, but he references them enough that he knows who they are. Octavia, sister, Raven, ex-girlfriend, Clarke, current girlfriend. He also knows that all of them are more familiar with social media than Bellamy is, so he's not surprised that he consulted them.
Mostly, though, he still can't believe anyone really cares about this.
"An idea to leverage the Friends discourse?"
Bellamy shrugs. "Apparently this fit into an ongoing conversation she's been having with her mother. Abby Griffin? She writes for Ark AV. She did that think-piece about what mainstream science fiction gets wrong about female characters."
"Ah," says Marcus. He remembers the article, which had been harsh but ultimately fair, and an interesting take, once he'd gotten over the initial hurt of being used in a not entirely positive light. "I didn't know that was Clarke's mother."
"Yeah, I figured I'd tell you later. Once I didn't think you were going to call her up and argue with her about how much better you've gotten."
"And now you don't think I will?"
"Honestly, I don't care. I just want to see you guys fight about Friends," he says. "That sounds awesome."
"So, you have no ulterior motives here. Just looking out for my best interests."
"Obviously."
"If she's Clarke's mother, I assume she's local? Or will I be fighting her on a podcast?"
"We were thinking Starbucks on Saturday. Caffeine and lots of witnesses."
Marcus finally lets himself open up Twitter, now that he's had enough coffee. He almost always has some notifications when he looks; he's a public figure with a passionate fanbase, he's used to people trying to talk to him on Twitter. That's why he has a Twitter in the first place. But the number of notifications has never been so high, not in his memory. And, as Bellamy said, it really is a lot of passionate Friends discourse, both for and against his opinions. It's an overwhelming amount of love, hate, and passion. Like discovering an entirely new world.
He thought he understood fandom, but apparently he has a long way to go.
"Starbucks would be fine," he tells Bellamy, a little faintly. "I'd enjoy that."
*
Marcus Kane @kanemarcus
A lot of new followers today. Here are a few notes for you:
Marcus Kane @kanemarcus
Replying to @kanemarcus
I am a published science fiction author. Those of you telling me to just write a book instead of many tweets, I have written many books.
Marcus Kane @kanemarcus
Replying to @kanemarcus
You can find the link to purchase them in my header.
Marcus Kane @kanemarcus
Replying to @kanemarcus
I have never claimed to be an expert on Friends. This was my first time watching, and these are my impressions based on one viewing.
Marcus Kane @kanemarcus
Replying to @kanemarcus
My opinion on the Friends canon does not invalidate yours. Yours is as valid as it ever was. But if you feel threatened, examine that.
Marcus Kane @kanemarcus
Replying to @kanemarcus
My ideas may have merit you're reluctant to fully accept because of your own perceptions of how things should be in relationships.
Marcus Kane @kanemarcus
Replying to @kanemarcus
If you followed me for more Friends content, please be aware this is an outlier. I usually talk about science fiction.
Marcus Kane @kanemarcus
Replying to @kanemarcus
On that note, would anyone like to discuss the Hugo Awards?
Masper @gogglesdonothing
Replying to @kanemarcus
ross/rachel is forever tho
Marcus Kane @kanemarcus
Replying to @kanemarcus and @gogglesdonothing
I'll take that as a no.
Jonty @themediumgreen
Replying to @kanemarcus and @gogglesdonothing
I'm so sorry Mr. Kane just ignore him I want to talk about the Hugos tell me all your favorite winners do you like Chuck Tingle
Jonty @themediumgreen
Replying to @gogglesdonothing
I CAN'T TAKE YOU ANYWHERE
*
Marcus will admit he does not feel broadly prepared to seriously enter the Friends discourse. He is, after all, a neophyte. If there are scholarly works on Friends, he has not read them. If there's any academic discussion of these issues, he is not familiar with it. His knowledge is vague and still forming, but for some people, this show was a huge part of their development. It matters to them on a deep, personal level.
For him, it was a decent use of his time while he was sick and confined to his couch. He had a fever for most of the first season. He's not sure he's prepared to fight anyone about it. Based on his mentions, he has many, many fewer horses in this race than other people. But maybe that's a good thing. Maybe his perspective as an outsider is valuable.
Or maybe he just wants the chance to sit down with Abby Griffin. Because instead of spending the past week either working on his next book or even familiarizing himself with Friends and the criticism surrounding it, he's mostly been researching Abby Griffin herself. He'd done it some after the first article Bellamy sent, curious to see her other work, but he'd been busy with a deadline and hadn't really had much time for that, had barely scratched the surface of this woman.
He doesn't have time for it now either, of course, but it's at least relevant to something in his life. And, as Bellamy and his friends have pointed out, this is at least good publicity. It's not a complete waste of time.
The Abby Griffin stalking might be a waste, but he can't help it. She's interesting. The pop-culture writing is, apparently, a side job, something she never intended to get seriously involved in. The website had been her husband's, and when he passed away, Abby and Clarke had taken over its upkeep, and Abby had started producing content when she had time. Given her full-time job is as the director of internal medicine at the hospital, he's frankly amazed she has as much time for content as she does.
And it's good content. She and Clarke have a weekly column where they discuss a movie they went to see together, and the female characters in science fiction piece was apparently part of a series. Her taste is good and her opinions are interesting, and by the time he's meeting her, he has one big question, and one only.
They get through introductions and are settled in at the table before he finally lets it out. "Honestly, I don't understand how you can like Ross."
She lets out a surprised laugh. "Excuse me?"
"Bellamy said he was looking forward to us fighting over Friends, but I have trouble believing you disagree with my opinion of Ross. I don't know what we'd be fighting about."
She smiles into her mug. He'd known she was beautiful from the picture he found on the hospital website, but it's different to see in person, and more awkward. Bellamy and Clarke are hanging out at their own table, pretending not to eavesdrop; it's not an ideal time to be caught staring. "I don't know what he told you, but I didn't disagree. It was an impressive rant. Well reasoned and accurate. I was more interested in discussing why you posted it and the reactions you got. I saw it wasn't popular among some of your readers."
"To say the least."
"One of the things I've been curious about since getting involved in online fandom is what counts as acceptable ways to interact, especially for those of us over thirty or so. I saw a lot of people asking why a heterosexual man in his late forties would care this much about Friends at all. As if that was the problem."
"Judging from the angry responses, plenty of heterosexual men are very invested in Friends. Although I'm not sure how old they are," he grants.
"Age is the biggest issue, in my experience. You'd been participating in an acceptable way, as a creator, but once you show yourself to be invested in Friends shipping--"
"I stepped into the wrong part of fandom."
"That's my thesis, yes."
He considers. "Am I on the record?"
"I'm not a reporter, Marcus," she says, sounding amused. "I'm not trying to trick you into saying something I can use against you. But if you'd like to officially be off the record, we can say that you are."
"My hope with that post was that it would make some of my readers rethink their attitudes towards women and romance. The number of responses I got to Valena's story in Bright Sky Morning that boiled down to her being wrong for not returning Pavel's feelings even though he'd been so devoted to her was--staggering. And depressing."
"Did your female readers appreciate it?"
"They did. Apparently Jin was a much more appealing partner."
Abby smiles. "I certainly thought so."
It's not his first time meeting a fan, of course, and she might not even be a fan, in the sense they're talking about. But she's read his work and has opinions on it, and that's always a little bit flattering. Especially when they align with his. "I'm glad. I was hoping he would be." He clears his throat. "So, you'd like to talk to me as a forty-eight-year-old man who publicly had opinions on shipping."
"And to get your thoughts on Monica and Chandler," she says, all innocence. "If you don't mind."
He can't help smiling himself. "Not at all. I'm all yours."
*
Marcus Kane @kanemarcus
Expanded my horizons this weekend with the High School Musical trilogy. A curious cultural phenomenon.
Marcus Kane @kanemarcus
Replying to @kanemarcus
I appreciated that Troy and Gabriela didn't go to the same college, but still stayed in the same general area.
Marcus Kane @kanemarcus
Replying to @kanemarcus
I still don't think the couple has much of a future, but in an unrealistic movie, I appreciated that nod to practicality.
Marcus Kane @kanemarcus
Replying to @kanemarcus
Very disappointed about the last-minute attempt to cement Ryan's heterosexuality. Let children have LGBT role models.
Murphy @firstnameredacted
Replying to @kanemarcus
If you're seriously going to be talking about Disney movies from now on I'm unfollowing you, I don't give a shit about this
Marcus Kane @kanemarcus
Replying to @kanemarcus and @firstnameredacted
Please do.
*
"Look," says Bellamy, two months after the first Friends rant, "I'm not going to pretend I'm good with crushes, but it would be a lot easier to just ask Abby if she wants to get dinner off the record instead of coming up with new weird shit to have opinions about on Twitter every week."
"I assume the timing of this isn't a coincidence," Marcus says. He was just getting his coat on to go meet her.
"You've already got a standing coffee date. Turn it into a real date. I'm begging you."
"You don't enjoy my opinions on the High School Musical series?"
"I actually do, I'm just getting tired of blocking people. Also, I don't know if you're aware, but dating is awesome. You should try it."
"I appreciate your concern. You don't think it would be weird for you if your boss was dating your girlfriend's mother?"
"No weirder than whatever's actually happening right now. And don't even try to tell me you're not asking her out because you're worried about how it would affect me."
It does sound absurd, when he puts it like that. "No. That wasn't a major factor."
Bellamy rolls his eyes. "Just ask if she wants to come check out the Descendants franchise with you next weekend. Definitely a solid pickup line. Chicks dig it."
"The what?"
"It's like the spiritual successor to High School Musical. I'll send you a link. You should know this stuff if you're really going in on this."
"I should give you a raise."
"That too. Say hi to Abby for me."
It's not entirely accurate to say that he thinks about what Bellamy said as he walks over to his weekly meeting with Abby. Every time he walks to her favorite coffee shop near the hospital, he's thinking these same kinds of thoughts, so it's not really Bellamy's fault. He enjoys Abby's company company and would be happy to see more of her. He already knew that. But it's been a long time since he navigated anything like this.
If only Friends had prepared him for this kind of romance.
"Marcus," says Abby, giving him a smile when he sits down across from her. As usual, she's surrounded by papers, and he sometimes doubts that she'd even have time for a relationship. She does keep herself busy. "I enjoyed your meditations on High School Musical."
"I'm glad to hear it. Bellamy says it gave me a net loss of followers, but not as much of one as he thinks I deserved."
"I'm not surprised." She considers him. "I didn't mean for our friendship to hurt your career."
"I don't think it is. Plenty of people just read my books and never even find out I'm on Twitter. It's not a large percentage of sales. You're blaming yourself for the High School Musical tweets?" he adds, curious. They are her fault, broadly speaking, but he wasn't sure she knew.
"If you don't keep coming up with hot takes, we don't have much to talk about."
He laughs. "I hope we'd come up with something."
"I hope so too."
The conversation lags, but it's not a bad lag. It feels like she's given him an opening, and it's his job to figure out how to take advantage of it.
The easiest way would be to simply propose a dinner date, as Bellamy suggested. But he's never been good at simple.
"You know, you never told me your favorite relationship on Friends."
"I didn't?"
"No, we usually talk about my opinions."
She levels her gaze at him, considering. "Do you know what I think when I watch Friends now?"
"No."
"They're all so young. And don't get me wrong, I met my husband when we were young, and the two of us were happy, but--sometimes it worries me how much emphasis we put on meeting people early in life. The younger you are, the more romantic it is. And that's one kind of romance, but it's not everything. It makes me want to shake all these kids and tell them that life doesn't end at thirty, or forty, or fifty. You'll keep on meeting new people, and you can still be happy."
He lets himself reach for her hand, and relief floods him when she lets him take it, even turns it over so she can squeeze his fingers. "So your favorite relationship on Friends is the one Rachel has when she's forty-five and Ross is dead?" he teases.
"I hope you're not comparing my husband to Ross."
He has to laugh. "No. I would never."
Abby's smile is warm, and it's suddenly so easy to not be nervous at all. "Good. Because the rest of that was right."
"Good," he agrees. "I was hoping you'd say that."
*
Sky Crew Reviews @kaneandgriffin
New list from @kanemarcus: top 10 YA sci-fi books for adults! Up next, top 10 adult sci-fi books for teens. Age is nothing but a number.
Murphy @firstnameredacted
Replying to @kaneandgriffin
I will pay you to stop
Bellamy @bradburybell
Replying to @kaneandgriffin and @firstnameredacted
when are you actually going to unfollow like you keep saying you will? asking for a friend
Murphy @firstnameredacted
Replying to @kaneandgriffin, @firstnameredacted, and @bradburybell
I keep hoping I'm going to come back and he'll be normal again
SJW Cuck @kanemarcus
Replying to @kaneandgriffin, @firstnameredacted, and @bradburybell
Don't hold your breath.
43 notes
·
View notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Text
Moving your website to HTTPS / SSL: tips & tricks
In 2014, we decided to switch over to the (now) commonly-used HTTPS to encrypt sensitive data that’s being sent across our website. This post describes some useful tips based on our own experiences that might come in handy if you’re considering switching.
Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »
Buy now » Info A little backstory
Back in 2014 HTTPS became a hot-topic after the Heartbleed bug became public. This bug allowed people with ill intent to listen in on traffic being transferred over SSL/TLS. It also gave them the ability to hijack and/or read the data. Luckily, this bug got patched quickly after its discovery. This incident was a wake-up call that properly encrypting user information over the internet is a necessity and shouldn’t be an optional thing.
To emphasize the importance of encrypting sensitive data, Google Chrome (since January, 2017) displays a clear warning next to the address bar whenever you visit a website that doesn’t encrypt – potential – sensitive data, such as forms.
How do I switch?
Because it’s important that your data is safe, we took steps in 2014 to ensure that we have SSL-certificates across our own websites. If you decide to switch (you really should!), there are a few things that you need to take into account to ensure your website fully works as intended once you’re done.
You need to change all your internal links. This also means updating links to assets (where necessary). Make sure to go through your theme and alter references to CSS, images and JavaScript files. Additionally, you can change all your links to start with // instead of https:// which will result in protocol-relative URLs.
Ensure your CDN supports SSL as well. We make use of MaxCDN, which allows you to easily set up SSL on your CDN subdomain.
There are various levels of SSL that you can choose from, each with their own pros and cons. You will find more information about that later on.
Ensure you have a canonical link present in the <head> section of your website to properly redirect all traffic coming in from http:// to https://.
Google also published a handy guide on how to move to HTTPS without massively impacting your ranking, which can be found here.
How does this influence my rankings?
Like stated in the previous section, moving from HTTP to HTTPS can influence your rankings slightly if you don’t plan accordingly. However, after you switch over to HTTPS, your rankings will actually improve over time. Google announced in 2014 that having an SSL certificate will be considered a positive ranking factor, so it’s worth the investment.
To make sure Googlebot can re-index your website more rapidly after the move, make sure you migrate to https:// during low-traffic hours. This way Googlebot can use more of your server’s resources. Just take into account that a medium-sized website might take a while to regain rankings. Have a sitemap? Then Googlebot might be able to recalculate and re-index your website even faster.
Setting up HTTPS & SSL on your server
Generally speaking, hosting providers have a service to allow you to enable HTTPS/order a certificate. There are a few types of certificates you can choose from, which differ in a few ways. Every variant also has their own price tag, so before purchasing one, make sure that you go with a certificate that fits your needs and budget!
If you’re a bit strapped for cash and tech-savvy, go take a look at Let’s Encrypt to acquire a free(!) certificate.
If you run and manage your own web server, there are a few things that you’ll have to enable in your server configuration before being able to use SSL certificates. This tutorial explains what steps to take to get a certificate running on your server.
OCSP stapling
Having to check the validity of an SSL certificate can result in a small hit in loading speed. To overcome this, you can make use of OCSP stapling. OCSP stapling is a feature that enables the server to download a copy of the certificate vendor’s response when checking the SSL certificate. This means that once a browser connects to the server, it checks the validity of the certificate based on the copy on the server instead of having to query the certificate vendor itself, resulting in a significant performance improvement.
Apache
Before enabling OCSP stapling on your Apache server, please check that you’re running version 2.3.3+ of Apache by running the command apache2 -v (or httpd -v) on your server. Lower versions of Apache do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with a VirtualHost configuration specifically made for usage with HTTPS/SSL.
In that file, take the following steps:
Inside the <VirtualHost></VirtualHost> section, you should add SSLUseStapling on.
Just above the <VirtualHost></VirtualHost> section, add SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Check that the configuration is still valid by running apachectl -t. If so, reload Apache by running service apache2 reload.
Nginx
Nginx also supports OCSP stapling. Before editing the server configuration, please check that you’re running version 1.3.7+ of Nginx by running the command nginx -v on your server. Lower versions of Nginx do not support this feature.
If you went through the process of setting up HTTPS on your server as described in the ‘Setting up HTTPS & SSL on your server’ section, then you should have come into contact with an Nginx configuration specifically made for usage with HTTPS/SSL.
In that file, add the following lines in the server {} section:
ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
The last line references a file that contains a list of trusted CA certificates. This file is used to verify client certificates when using OCSP.
After adding these lines to the file, check that the configuration is still valid by running service nginx configtest. If so, reload Nginx by running service nginx reload.
Become a technical SEO expert with our Technical SEO 1 training! »
$ 199€ 199 - Buy now » Info Strict Transport Security header
The Strict Transport Security Header (HSTS) is another handy feature that basically enforces browsers to use the HTTPS request instead of the HTTP equivalent. Enabling this feature is relatively painless.
Apache
If you’re running Apache, first enable the Apache Headers module by running a2enmod headers. After this, it’s only a matter of adding the following line to your VirtualHost configuration (in the <VirtualHost></VirtualHost> section) that you set up earlier for HTTPS:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Reload the Apache service and you’re good to go!
Nginx
Nginx requires you to add the following line in the server{} section of your server configuration file:
add_header Strict-Transport-Security max-age=31536000;
Testing
To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name and see what kind of score you get.
Redirecting URLs
To ensure requests are properly redirected to the HTTPS URL, you need to add an extra line to you configuration. This way, traffic that tries to visit your website over HTTP, will automatically be redirected to HTTPS.
Apache
In your default VirtualHost configuration (so the one that’s used for HTTP requests), add the following to ensure URLs get properly redirected:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
As with the other changes we made before, don’t forget to reload Apache!
Nginx
In Nginx, change the default configuration file that was used for HTTP requests and alter it as such:
server { listen 80; server_name your-site.com www.your-site.com; return 301 http://ift.tt/2tMu8Dn; }
Don’t forget to reload Nginx before testing these changes.
Conclusion
“Should I switch over to HTTPS?” Short answer: Yes. Using HTTPS ensures that private (user) information is being sent across the web in a more secure manner. Especially if you’re dealing with monetary transactions, HTTPS is a must.
What type of certificate you end up going with, depends on your specific use case and budget. Make sure to properly research your options beforehand.
Read more: ‘WordPress security in a few easy steps’ »
http://ift.tt/2te2nlC
0 notes
Last Seen Blogs
night-gacha
shitpostalltheway
alicentsultana
𝐇𝐨𝐥𝐲 𝐌𝐨𝐭𝐡𝐞𝐫
naniwakinyudou
ナニワ金融道
oki-haru
oki haru
cripplerage
He/They