The last word on Wordpress SSL (Hopefully)

1321893294000 » Tagged as: security , Wordpress

I've blogged too often in recent weeks about issues with WordPress. Many of those issues were related to Wordpress and SSL. I blogged a couple of times that I had solved them but apparently I hadn't.

 

The solution that I had used, which involved a plugin named Wordpress HTTPS, lead to mix of  encrypted and plain text content, which went undecided for some weeks. Some items such as CSS  or images were being loaded over SSL connection while the post itself was sent in the clear.

 

The Site with the LAMP does not use a commercial certificate but a self signed one. Even though most commercial certificates are only as secure as a self signed cert, most browsers have the nasty habit of popping up an ill advised warnings. The days when an SSL certificates were costly but issues only after the Certificate Authority verified who you were. Nowadays SSL certs are issued with almost no verification and they are a lot cheaper than they used to be, but I digress.

 

The end result is that some users apparently were turned back by the security warnings that popped up due to the SSL mixup. I spent a great deal of time tweaking wordpress trying to sort it out to no avail. Finally I switched off the Total Cache plugin and hey presto the problem disappeared and the site seems to be a lot faster to boot!

comments powered by Disqus