Over, roughly, the past three or four years the idea of all websites being served via HTTPS (HTTP TLS) has been a hot topic in the web administration and development worlds. In the past year the push has become even more forceful with Google making changes to it’s Chrome browser and changing it’s search ranking for sites using HTTP, and a new Certificate Authority being established to provide free SSL certificates (Lets Encrypt). It’s obvious that the direction we’re headed is towards a world where the entirety of the Internet is encrypted. That being said, we’ve always required that our login pages, and WordPress administration pages, are served via HTTPS. However, as of today, all CLA websites on our WordPress Multisite system will be served via HTTPS, whether you’re logged in or just viewing the front-end of a site.
Reasons for making the change:
- Improved security
- Improved visitor confidence (If all content is delivered via HTTPS it avoids the possibility of a “Not secure” message being displayed in web browsers in certain circumstances, such as a page having a search field. This message will eventually be displayed in all circumstances (and in bright red) if a page is viewed via HTTP)
- Higher search results ranking (Google prefers sites that are served over https – this is a small metric in their overall ranking, but every little bit counts)
- Lays the groundwork for future improvements (HTTPS is a requirement of HTTP/2 and JavaScript Service Workers)
What this means for Site Managers:
- We’ve removed the requirement that all sites use the https://www.libarts.colostate.edu domain when logged in. In the past if you were to log into the English website it would direct you to https://www.libarts.colostate.edu/english/wp-admin/. Now, the website URL will remain the same whether viewing the front-end of the website or logging in – so, it will stay as https://english.colostate.edu/wp-admin. This should alleviate some confusion and remove some redirects that were taking place, thus improving site loading times.
- If you have access to more than one site in the Multisite system you will now be prompted to log in to each site, even if you’ve logged into a site already.
- On a site that is served via HTTPS, any file that is attempted to be loaded via HTTP will be blocked. This includes images, videos, documents (PDFs), etc so if there is anything not displaying properly on website that is now served via HTTPS be sure that the URL to the attachment is also HTTPS.
If you notice any problems on the CLA websites that are now served via HTTPS please let us know as soon as possible.