Reputation: 31
Should a whole site be https or just key pages (and how to keep pages http from https)
I've just put an ssl on a WP site and was wondering if all pages should be https, or just the key ones (checkout, etc).
It's about 1500 pages and posts. So going through and finding all non secure assets could take a while.
1) Is it worth making the whole site https?
2) Is the speed an issue these days (from the research I've been doing, it appears it's not so much of an issue anymore)
3) If only key pages are https, is it possible to make the links on the page http (ie After ordering on a secure page, the customer is redirected to a secure confirmation page. But let's say they then click through to the blog... the blog shows up as https... but because it has unsecure elements, it shows error messages in the browser. So, is it possible to click from a https page to a non https page.
(I am using the "Wordpress Https Plugin", which has a "Force SSL Exclusively" function, but, this causes problems with the shopping cart on there, so it can't be used.) Thanks
Upvotes: 3
Views: 237
Answers (2)
Reputation: 2397
Yes, you should definitely make your entire website https is you are able. However, mixing non-https content inside the same page will make most browsers give users warnings, which might confuse them into thinking your site has security problems.
Linking to non-https sites is not a problem, but using assets (javascript, css, images) from non-https sites is.
Unless your site is visited daily by millions of users, you probably shouldn't worry about the performance hit and make the whole thing https. Remember that nowadays Google takes https as a signal for better ranking your site, so it's good for SEO as well.
Upvotes: 1
Reputation: 112386
You kow, honestly, at this point if you're making any page secured with https -- which means you somehow deal with the cert issue -- just make them all. The performance hit is less noticeable if the first SSL/TLS handshake happens when first finding the landing page, and there aren't many advantages to sticking with HTTP.
Update
I guess that wasn't clear enough, or I Hm, I think I just got tl;dr on a one paragraph answer.
IF "you're going to use HTTPS at all"
THEN
"You might as well just use it everywhere."
ELSE
"Don't."
FI
Upvotes: 1
Related Questions
- Should all sites use SSL by default?
- SSL-secured website best practices
- migrating site to from http to https and SSL
- Moving a Wordpress site to HTTPS Everywhere - do external links need to https too?
- Force HTTPS on entire website plus content, but allow HTTP for several items
- After login, should all pages be https?
- What URLs on an https page need to be https?
- only use ssl on login? or whole site?
- Should I use SSL on all web pages or just some account pages?
- SSL on entire site or just part of it?