After spending way too much time avoiding the work due I finally configured both suramya.com & the Blog to be https by default. The setup was fairly simple, I added the certificate on the 1and1.com portal, then after a few mins I was able to access the site over https. In order to redirect http to https automatically I followed the following steps:
Auto Redirect to https in Apache
Configure .htaccess to force a redirect, you can also configure it in the Apache main configuration (under the virtualhosts directive) but since I don’t have root access and can’t modify it I updated the .htaccess config to do the same thing. Basically you need to add the following lines to .htaccess :
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.suramya.com/$1 [R,L]
Change www.suramya.com to your domain, else every visitor to your site will be sent to my site. Not that I will mind that, but you might. 🙂
Then I did the same thing for the blog with a small change, The .htaccess for the blog reads as the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.suramya.com/blog/$1 [R,L]
When updating the file, you need to ensure you put the changes outside the # BEGIN WordPress & # END WordPress as the content is dynamically generated and would be overwritten.
Updating all the urls in WordPress
After I made the changes above, I found that the site was being redirected to https but I was getting errors about mixed content on the page because all the URL’s/Images that I had uploaded to WP till now were saved as http and not https. So I had to change every URL in the blog from http to https and to be honest I wasn’t looking forward to doing this manually. I searched the web and found this site that had instructions on how to update the url’s using the WordPress commandline interface. From the blog directory you need to issue the following command:
wp search-replace http://www.suramya.com/blog/ https://www.suramya.com/blog/ --dry-run
This command does a dry run and tells you what all changes will be made and if everything looks ok, then you can run the above command again without the ‘dry-run’ call.
wp search-replace http://www.suramya.com/blog/ https://www.suramya.com/blog/
If all goes well you will get an output similar to the following:
(uiserver):~/public_html/suramya.com/blog$ wp search-replace http://www.suramya.com/blog/ https://www.suramya.com/blog/
+------------------+-----------------------+--------------+------+
| Table | Column | Replacements | Type |
+------------------+-----------------------+--------------+------+
| wp_commentmeta | meta_key | 0 | SQL |
| wp_commentmeta | meta_value | 572 | PHP |
| wp_comments | comment_author | 0 | SQL |
| wp_comments | comment_author_email | 0 | SQL |
| wp_comments | comment_author_url | 29 | SQL |
| wp_comments | comment_author_IP | 0 | SQL |
| wp_comments | comment_content | 2 | SQL |
| wp_comments | comment_approved | 0 | SQL |
| wp_comments | comment_agent | 0 | SQL |
| wp_comments | comment_type | 0 | SQL |
| wp_links | link_url | 0 | SQL |
| wp_links | link_name | 0 | SQL |
| wp_links | link_image | 0 | SQL |
| wp_links | link_target | 0 | SQL |
| wp_links | link_description | 0 | SQL |
| wp_links | link_visible | 0 | SQL |
| wp_links | link_rel | 0 | SQL |
| wp_links | link_notes | 0 | SQL |
| wp_links | link_rss | 0 | SQL |
| wp_options | option_name | 0 | SQL |
| wp_options | option_value | 3 | PHP |
| wp_options | autoload | 0 | SQL |
| wp_postmeta | meta_key | 0 | SQL |
| wp_postmeta | meta_value | 0 | PHP |
| wp_posts | post_content | 591 | SQL |
| wp_posts | post_title | 0 | SQL |
| wp_posts | post_excerpt | 0 | SQL |
| wp_posts | post_status | 0 | SQL |
| wp_posts | comment_status | 0 | SQL |
| wp_posts | ping_status | 0 | SQL |
| wp_posts | post_password | 0 | SQL |
| wp_posts | post_name | 0 | SQL |
| wp_posts | to_ping | 0 | SQL |
| wp_posts | pinged | 20 | SQL |
| wp_posts | post_content_filtered | 0 | SQL |
| wp_posts | guid | 2775 | SQL |
| wp_posts | post_type | 0 | SQL |
| wp_posts | post_mime_type | 0 | SQL |
| wp_term_taxonomy | taxonomy | 0 | SQL |
| wp_term_taxonomy | description | 0 | SQL |
| wp_termmeta | meta_key | 0 | SQL |
| wp_termmeta | meta_value | 0 | SQL |
| wp_terms | name | 0 | SQL |
| wp_terms | slug | 0 | SQL |
| wp_usermeta | meta_key | 0 | SQL |
| wp_usermeta | meta_value | 0 | PHP |
| wp_users | user_login | 0 | SQL |
| wp_users | user_nicename | 0 | SQL |
| wp_users | user_email | 0 | SQL |
| wp_users | user_url | 0 | SQL |
| wp_users | user_activation_key | 0 | SQL |
| wp_users | display_name | 0 | SQL |
+------------------+-----------------------+--------------+------+
Success: Made 3992 replacements.
That’s it. After running the command, the blog is completely on https and the security gods are happy :). Now I need to update all the URL’s on the main site to reference https instead of http and that is going to be painful. It will require a whole lot of script-fu to do it automatically as it will have to be a regex/awk or something similar. Maybe someone already did the work and posted the solution online. Alas that was not the case. I ended up manually updating the files since there were only about 20-25 of them. Opened all of them in the editor one-shot and then did a search & replace. Now both sites are coming up properly in https.
– Suramya