What’s the right move with SSL for user based site?

You either go site wide HTTPS, or should not bother with it in the first place. Should it be for all access or just for logged in users depends on the profile of your traffic. If most traffic will come from registered users, then just go unconditional HTTPS as doing it conditionaly just for logged in users obviously introduces more testing and might not play great with plugins that do not handle this situation well.

Side note: You should ask yourself why do it at all. Going HTTPS improves the general security against targeted attacks on specific users, but do not improve the general security of the site by much. It is more likely that a user’s account will be broken into by brute force then by someone “listening” to his traffic.

Related Posts:

  1. What is .crt and .key files and how to generate them?
  2. NET::ERR_CERT_REVOKED in Chrome, when the certificate is not actually revoked
  3. “ssl module in Python is not available” when installing package with pip3
  4. How to generate a self-signed SSL certificate using OpenSSL?
  5. Convert .pem to .crt and .key
  6. Simple Java HTTPS server
  7. HTTPS connection Python
  8. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  9. SSL_ERROR_BAD_CERT_DOMAIN
  10. CFNetwork SSLHandshake failed iOS 9
  11. What exactly is cacert.pem for?
  12. OpenSSL: unable to verify the first certificate for Experian URL
  13. “The underlying connection was closed: An unexpected error occurred on a send.” With SSL Certificate
  14. ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome
  15. How to disable cURL SSL certificate verification
  16. Getting error in Curl – Peer certificate cannot be authenticated with known CA certificates
  17. How do you sign a Certificate Signing Request with your Certification Authority?
  18. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  19. WordPress wp-admin https redirect loop
  20. Howto force SSL for all requests?
  21. Local version of a WordPress site – SSL/HTTPS enforced?
  22. Images causing Mixed Content with SSL
  23. bloginfo() and get_template_directory_uri() with SSL?
  24. Favicon causes mixed content warning over SSL
  25. Adding https to wordpress website
  26. I am locked out of my WordPress site after changing site URL from Http to Https
  27. SSL setup: wp-login css doesn’t load over httpS
  28. In WP versions >= 4.0, is FORCE_SSL_LOGIN forcing HTTPS for the entire admin session?
  29. Separating HTTP and HTTPS content with WordPress, Varnish, and an SSL terminator?
  30. Pointing SSL Enabled URL at Single WordPress Page
  31. Occasional HTTPS Mixed Content Warning
  32. Divert http to https with WordPress on IIS
  33. WordPress : To load all asset files coming from HTTP to HTTPS?
  34. Google maps causing mixed content in header
  35. Cloudflare and SSL breaks wordpress – Mixed Content & Unable to use Admin
  36. Search and replace http:// links to https:// to get the green padlock
  37. I changed my site from HTTPS back to HTTP and now it is broken- Cannot access Admin panel on HTTP URL
  38. un-loading https
  39. WordPress site shows “File not found.” if opened through https
  40. How to set up HTTPS WordPress from Install Step?
  41. wp_remote_get – curl error 28 connection timed out – using SANS in URL
  42. SSL certificate error on Google Chrome , IE [closed]
  43. How do I set up a local version of my https wordpress site for testing and development using MAMP
  44. Address a single page to SSL https secure protocol?
  45. WordPress + SSL + Varnish + Pound
  46. wordpress http to https windows server
  47. Website access with http and https
  48. How to force non SSL on just one page?
  49. Need ideas for HTTPS multiple domain solution
  50. Redirect the whole blog to SSL but not the RSS feed (under Nginx)
  51. How to control SSL in WordPress for automatically changing http to https?
  52. Site not reachable due to change from HTTP to HTTPS [closed]
  53. All content is HTTPS, but browsers warn of HTTP mixed content [closed]
  54. How do I handle SSL properly when WP is behind a reverse proxy?
  55. Hi do I change Media files that still show as http after installing ssl
  56. Errors on a single host using wp_remote_get() unless sslverify is set to false
  57. How to keep WP from using https to get to wordpress.org?
  58. How do I find non-SSL problems on my SSL page?
  59. SSL doesn’t work on certain pages – what is wrong?
  60. WordPress site shown as Not Secure on Chrome when SSL certificate is valid
  61. Self signed certificate issue with WooCommerce rest api connection
  62. URLs not being output with https
  63. ERR_CONNECTION_REFUSED
  64. Do I install WordPress from my Cpanel on https or http, if my website has valid certificate?
  65. SSL not working fine, Home url not matching with site url wordpress errors
  66. How to move my local wordpress to https?
  67. Why does WordPress uses HTTPS for JS, CSS on EC2
  68. ERR_SSL_PROTOCOL_ERROR
  69. WordPress – SSL not working – browser console error “Mixed Content” and “Failed to load resource”
  70. Implications of not completing all tasks when switching to HTTPS
  71. Update not working after installing up SSL
  72. SSL Certificate
  73. How to send user data from one website to another
  74. How come all my http URLs are turned to https?
  75. site on subdomain is redirecting to main site after installing wildcard ssl cert on both
  76. Forcing SSL (Bad Theme coding)
  77. How to switch static files back to using HTTP instead of HTTPS?
  78. WordPress Insecure Content
  79. SSL certificate breaks CSS (in combination with W3TC)
  80. I just updated my SSL certificate and now my site looses formatting when
  81. I would like to add ssl certificate to my already existing wordpress site
  82. My WordPress site SSL is in red crossed color and can’t load at first time?
  83. SSL problems with WordPress
  84. Adding SSL certificate to the front end of my site
  85. iHow to redirect all http traffic to https now that a SSL certificate is added?
  86. How to force static assets with HTTP sources to load over HTTPS?
  87. Moving WordPress from http to https over existing site
  88. WordPress stuck at Step 1 of setup behind nginx reverse proxy
  89. Issue when site move from ssl domain to new domain without ssl
  90. Displaying a remote SSL certificate details using CLI tools
  91. how to download the ssl certificate from a website?
  92. What is a challenge password?
  93. Is there a reason to use an SSL certificate other than Let’s Encrypt’s free SSL?
  94. Wildcard SSL certificate for second-level subdomain
  95. How do I clear Chrome’s SSL cache?
  96. Properly setting up a “default” nginx server for https
  97. Does each subdomain need it’s own SSL certificate?
  98. Does each server behind a load balancer need their own SSL certificate?
  99. Changing my URL in General Settings cause the site to crash
  100. wordpress is auto using http: not https: as it needs to because the server is http behind a reverse proxy https, how do I stop it?

Leave a Comment

deneme bonusu veren sitelerbahis casinomakrobetceltabetpinbahispolobetpolobet girişpinbahis girişmakrobet girişpulibet girişmobilbahis girişkolaybet giriş