This is the section of the article I’m referring to:
Best Practices for HTTPS for WordPress #
It is recommended for all production WordPress sites to use HTTPS.
- Use a reputable web host, most provide HTTPS service as a standard.
- Use a SSL Certificate from Let’s Encrypt, they are free and easy to use.
- Serve Static Content from an SSL enabled CDN
You may need to redirect your HTTP traffic to your HTTPS site. For Apache, you can do so by creating two VirtualHost entries for example:
<VirtualHost *:80>
ServerName mkaz.blog
Redirect / https://mkaz.blog/
</VirtualHost>
<VirtualHost *:443>
ServerName mkaz.blog
DocumentRoot /home/mkaz/sites/mkaz.blog
<Directory /home/mkaz/sites/mkaz.blog>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mkaz.blog/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mkaz.blog/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mkaz.blog/fullchain.pem
IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Caddy considerations in the next post.