Monday, November 13, 2017

Well-known blogging consultant urges everyone to go to https now -- but it's complicated


Ramsay Taplin, Australia’s “Blog Tyrant” has come up with a detailed post on how Bloggers can convert their sites to https, link
  
It’s important to remember that this applies only to specific domains, not to subsites of Blogger or Wordpress.


I wrote a detailed comment.  Since the comment period is time-sensitive, I’ll reproduce my own comment here:

How important is https for a page that does NOT require user logon or collect user info? That does NOT process funds, PII, etc.

I have four domains on BlueHost, which as of now will set up one as SSL (with an enhanced SiteLock passage). I did pick one of the addons (because it is possible to do transactions on it although i do them rarely in practice). In my case that is doaskdotellnotes.com (not the site I have shared most often). I am expecting BlueHost will change things so that all four can be https. Also, Google’s free Blogger will make all free domains https but does not with those that have their own domain names.  That is because SSL is by main domain name (e.g. blogger.com int he case of Google). That also seems true of Automattic  (example) https://jboushka.wordpress.com/ (there’s not much there — that’s a copy of some old stuff). It wo uld be helpful to know if Google, WordPress, BlueHost etc will do anything soon to make this “easier”.
You can navigate to my Blogger Profile.  “Movie Reviews” “Book Reviews” and “Bill Boushka” all resolve to specific domain names and right now do not have https.  The other thirteen are Blogger subdomains.  They can be viewed with or without https.  Some embedded videos from some news sources do not yet work when viewed in https.
Ramsay’s directions are very long and complicated, and I would wonder how many bloggers have the time to do this.  The blogging business paradigm that he advocates generally works with niche blogs aimed at very specific audiences, and often go along with small businesses that actually would use email lists.  This might be very hard for a lot of small businesses to do.
I suspect BlueHost and other providers will make this simpler in the future.  Business persons should also consider hacker security protection like SiteLock.
Electronic Frontier Foundation has long urged all websites to go to https, even those that don’t require logon or do transactions or collect PII.
I’ll come back to this in more detail in the near future (I don’t know how near) on my Wordpress news blog. 

2 comments:

Bill Boushka said...

Ramsay replied to me: Check out Let’s Encrypt – it’s free and renews automatically.

I think it’s important to do it even if it’s just for the SEO benefits. Google clearly has a plan to make https everywhere and I don’t think there is much we can do about it now.

There are also more and more plugins coming out on WordPress and so on that make the migration/redirection much simpler.

Thanks again!

Bill Boushka said...

The link for Let's Encrypt is https://letsencrypt.org/ I'll call my own hosts (BlueHost and Verio) about this by right after Thanksgiving. It sounds important.