A couple months ago I added an extra layer of security to this site by adding SSL encryption. However, it wasn’t on by default so we weren’t really getting the full benefit.

Then this weekend I saw an article to that point explaining that Life Is About to Get a Whole Lot Harder for Websites Without HTTPS.

Well, with that I decided to turn on HTTPS by default. And turns out it was a lot easier to do than I expected, with just three quick steps:

  1. Login to your WordPress panel
  2. Use the SEO by Yoast plugin, which I conveniently already had installed, to locate and access your .htaccess file
  3. Finally, edit the file by adding the following:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Easy enough.

Going forward www.jeffsteinke.com should always automatically load securely. To tell that it’s working just look in the URL bar. For example, Chrome will show a Secure tag like this:

And I suppose I’m also curious…are there any downsides to forcing all site traffic to use HTTPS? Granted this site is about 99% content with little to no form entry or data being transferred but still, what’s the harm in adding this extra layer of security? Let me know your thoughts…