A couple months ago I added an extra layer of security to this site by adding SSL encryption. However, it wasn’t on by default so we weren’t really getting the full benefit.

Then this weekend I saw an article to that point explaining that Life Is About to Get a Whole Lot Harder for Websites Without HTTPS.

Well, with that I decided to turn on HTTPS by default. And turns out it was a lot easier to do than I expected, with just three quick steps:

  1. Login to your WordPress panel
  2. Use the SEO by Yoast plugin, which I conveniently already had installed, to locate and access your .htaccess file
  3. Finally, edit the file by adding the following:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Easy enough.

Going forward www.jeffsteinke.com should always automatically load securely. To tell that it’s working just look in the URL bar. For example, Chrome will show a Secure tag like this:

And I suppose I’m also curious…are there any downsides to forcing all site traffic to use HTTPS? Granted this site is about 99% content with little to no form entry or data being transferred but still, what’s the harm in adding this extra layer of security? Let me know your thoughts…

One thought on “Forcing HTTPS on jeffsteinke.com

Comments are closed.