Switch Your Whole WordPress Website to Secure HTTPS SSL

I had cause recently to purchase and install a Secure Cert for this website so I could accept credit card payments securely but since then I’ve seen a few people mention the benefits of fully securing your whole site, not just payment sections. There are benefits for Forms pages and communications with other sites too. Here are some of the steps necessary to switch a whole WordPress site to SSL  as I’ve just done successfully with this one.

Purchase an SSL Cert

These have always been expensive but I found an affordable “Domain Validated” RapidSSL one at €7.85 per year that should work for most small to medium sites at NameCheap.com. There’s a bit to purchasing it and installing it on your server but tutorials are available online and it can be done in a matter of minutes if you’re familiar with the process.

Dedicated IP Address

If you are on a shared hosting server you may need a Dedicated IP address for your site. Mine was on a private VPS so I’d nothing to do. Dedicated IPs should be pretty cheap from your hosting company.

HTTPS Plugin

There’s a great plugin for WordPress that allows you to make certain posts or pages use HTTPS or turn the whole site HTTPS including the admin section. It’s called WordPress HTTPS. It does a pretty good job of converting any urls it finds, including those in your content, to HTTPS automatically.

WordPress Settings

A quick way of switching all the internal urls to HTTPS once you have your secure cert installed is to add https:// to the WordPress URLs in Settings – General.

Theme/Template Tweaks

You may need to go into your theme’s code and convert any absolute http:// url references to relative urls. Especially if it’s old or custom made like mine. I found the following WordPress functions very handy here as it kinda future proofs your site if you ever switch urls again:

bloginfo( 'wpurl' );
bloginfo( 'template_url' );
bloginfo( 'stylesheet_url' );

301 Redirects

Technically search engines may view your HTTP and HTTPS site as 2 separate sites and cry duplicate content. You could sort this by using a 301 redirect in your .htaccess file and using a “Canonical” tag.

Speed Issues

One barrier to switching to HTTPS was that it can slow your site considerably as the encryption processes involved take time and cpu power but I havn’t noticed too much of a slow down. Bigger, busier sites may notice more. Here’s a Response report from Site24x7 for the changeover period (around May 7th). It looks bad but is only a slowdown of about 500ms on the previous weeks report:

HTTPS Speed Report

You may be required to update your website url with other services providers like Google Analytics and Webmaster Tools but that’s a bit beyond the scope of this article!

Leon

Advertisements

Add Rich Snippets to your WordPress Site and Improve Visibility in Google

The Rich Snippets thing has passed me by a bit recently and I only decided to look into it when a client of mine asked about it after having done some kind of SEO course. Here’s a full description of what Rich Snippets are on the Google site but basically it’s a way of controlling how you appear in Google search results.

You can have your result stand out from the rest and therefore have a better chance of being clicked simply by adding extra information to the result. In the example below, I’ve set my WordPress blog post to use the “Review” rich snippet which means there’s a star rating on my result in Google. It also includes breadcrumb links to different sections of my site under the main link “www.reverbstudios.ie > Blog > Reviews” as well as adding links to my Google + profile at the bottom. Catches the eye a bit more eh!?

Rich Snippets To set this up on your WordPress based website, first install the “All In One Schema.org Rich Snippets” plugin, activate it then go to Posts – Add New. You’ll see a new box on the post editing screen called “Configure Rich Snippet” which allows you to fill out the info that appears in your Google result. You can currently choose from the following formats:

  • Item Review
  • Event
  • People
  • Product
  • Recipe
  • Software Application
  • Video
  • Article

Whichever format you choose will show a different set of options to be filled in. Simple!

To test if it’s working correctly, use Google’s own Rich Snippet testing tool at – Google.com/webmasters/tools/richsnippets or just Google yourself in a few days!

Leon

WordPress Permalink Problems on Register365 Zeus Hosting

A quick post to alert those of you to a small issue with Register365 Linux Zeus Hosting and WordPress. Seemingly while they support the .htaccess files traditionally used to contain the rewrite/permalink rules for wordpress, a lot of the server mod_rewrite functionality doesn’t work and you get the unnecessary “index.php” in every url before the pretty part. Here’s what you need to do to get fully pretty permalinks using the /%postname%/ setting in Settings – Permalinks.

Create a new file called “rewrite.script” with a html editor or notepad. Add the code below, save then upload the file to the root folder of your wordpress installation. Delete any .htaccess file already there.

Next go to Settings – Permalinks in your wordpress admin and choose “Custom Structure” then add just /%postname%/ to the field, ie – delete /index.php if it’s there.

RULE_0_START:
# get the document root
map path into SCRATCH:DOCROOT from /
# initialize our variables
set SCRATCH:ORIG_URL = %{URL}
set SCRATCH:REQUEST_URI = %{URL}

# see if theres any queries in our URL
match URL into $ with ^(.*)?(.*)$
if matched then
set SCRATCH:REQUEST_URI = $1
set SCRATCH:QUERY_STRING = $2
endif
RULE_0_END:

RULE_1_START:
# prepare to search for file, rewrite if its not found
set SCRATCH:REQUEST_FILENAME = %{SCRATCH:DOCROOT}
set SCRATCH:REQUEST_FILENAME . %{SCRATCH:REQUEST_URI}

# check to see if the file requested is an actual file or
# a directory with possibly an index. don't rewrite if so
look for file at %{SCRATCH:REQUEST_FILENAME}
if not exists then
look for dir at %{SCRATCH:REQUEST_FILENAME}
if not exists then
set URL = /index.php?q=%{SCRATCH:REQUEST_URI}
goto QSA_RULE_START
endif
endif

# if we made it here then its a file or dir and no rewrite
goto END
RULE_1_END:

QSA_RULE_START:
# append the query string if there was one originally
# the same as [QSA,L] for apache
match SCRATCH:ORIG_URL into % with ?(.*)$
if matched then
set URL = %{URL}&%{SCRATCH:QUERY_STRING}
endif
goto END
QSA_RULE_END:

PS – if you have wordpress installed in a sub folder then adjust the following line from above to reflect the proper path:

set URL = WORDPRESS-FOLDER/index.php?q=%{SCRATCH:REQUEST_URI}

Take Secure Credit Card Payments on your WordPress Website

I’ve been able to take Credit Card/Visa payments via Paypal for a while now and more recently via Stripe in conjunction with my invoicing system Zoho but over the last week or so I’ve properly and fully implemented credit card payments on this WordPress based website. On my payment page below you’ll notice a full credit card payment system that processes your payment immediately on this site. The payment page also has a an SSL cert for increased security.

ReverbStudios.ie/Payments

What you’ll need to achieve the same is:

* Stripe requires an SSL cert/Secure payment page to work.

So my Stripe Payment page takes credit card details, processes them on submission and returns the user to a thank you page. Both Gravity forms and Stripe can be configured to send an acknowledgement email/receipt to the user and site owner.

No more paying a pile of money to bank merchant or credit card processing companies!

Here’s some details on Stripe transaction fees.

I can help install the system on your own WordPress based website if you need. A standalone Payment Page/Virtual Terminal like mine here can also be installed on any non WordPress based site also..

Get in touch. Or alternatively ask a question in the comments below.

Leon

Gravity Forms + Stripe Curl_Exec Issue

At the time of writing this the Gravity Forms + Stripe WordPress extension/plugin for Gravity Forms is about the only extension that will add a proper credit card fieldset to an existing form created with the excellent Gravity Forms plugin. I had been taking credit card details via credit card fields setup manually in Gravity Forms then inputting the details in my Stripe account but that was hassle and allegedly a bit insecure!

Unfortunately, my VPS server wasn’t setup correctly to handle the Stripe calls and after having installed The Gravity Forms + Stripe plugin I noticed none of my forms were visible anymore. After a few emails back and forth with the plugin developer Naomi and turning off all my other plugins except Gravity Forms and Gravity Forms + Stripe, I got the following error message:

Warning: curl_exec() has been disabled for security reasons in
/home/reverbst/public_html/wp-content/plugins/gravity-forms-stripe/includes/api/lib/Stripe/ApiRequestor.php
on line 176

To sort this out I had to edit my VPS php.ini file to remove the reference to “curl_exec” in the “disable_functions” line. To do this you’ll need access to change your server settings. Non-VPS or shared hosting customers can’t normally change server settings. You can ask your hosting company to do this for you but I’d say it’s unlikely they will. Hopefully your hosting setup is suitable though.

First off, find out where your php.ini file is or which one your server is using by viewing your PHP info. Upload a file called “phpinfo.php” with the following content only:

<!--?php phpinfo(); ?>

Next, open up an SSH session to your server and login as the root user using something like Putty. Add the following commands to edit your php.ini file. The example given relates to the location of php.ini on my server only:

pico -w /usr/local/lib/php.ini

Finally, run the following command to restart apache so the changes are active:

/etc/init.d/httpd restart

My Gravity Forms + Stripe setup now works perfectly! Here’s my payment form:

Reverbstudios.ie/payments/

Leon

How to Colour Menu Items Differently in WordPress

There might come a situation where you want to have one or two menu items/pages a different colour to the rest as I’ve done with my “Blog” link on this site. You might want to highlight or draw attention to one particular section or even just have every item a different colour for variety!

Here’s a quick how to on how to do it.

View your website in Chrome for example and right click on the menu item in question and choose “Inspect Element”. We’re looking for the “menu item id” so that’s “menu-item-1975” for my Contact Me menu item.

Menu Item Colour

You now need to add some new CSS to your theme’s stylesheet “style.css”. Add this line for a red highlight:

.menu-item-1975 a {color: #C30;}

or, to give a new background colour:

.menu-item-1975 a {background-color: #C30;}

Leon

Plugin and Theme Fault Finding in WordPress

Just a quick tip or 2 to help troubleshoot faulty WordPress plugins and themes. If you have a major WordPress issue it’s usually always the fault of rogue plugins or themes and if you contact your hosting company or Google around for advice you’ll see a lot of people say deactivate and reactivate each plugin in turn to find the culprit. With around 50 plugins in my own site, that would take forever.

Tip 1 (Plugins):

If you have access to FTP or a hosting File Manager for your site go into the remote “wp-content” folder and change the name of the “Plugins” folder to “Plugins2” or similar. This will quickly deactivate ALL plugins and tell you whether your issue is with plugins at all or not. Reload the site with the plugins folder renamed and see if the issue persists. If it does then it’s not a plugin issue so go back and rename the plugins folder properly and the site will be as was.

If the issue is fixed then one of your plugins is acting up. Rather than go through them one by one, take groups of about 3 or 4 plugins and deactivate/reactivate them.

Tip 2 (Themes):

If the above doesn’t fix your issue then the problem might be with your theme. Try switching theme’s temporarily and switch to a well known and stable theme like WordPress’s own “Twenty Twelve”. The first thing I always do when it’s obvious the theme is at fault is go into the theme’s “Functions.php” file and make sure there’s no white space at the start or end of the files php code. After that I might go and see if there’s an updated version of the theme available.

Tip 3 (Error Reporting & Debugging):

If nothing else works you can try a bit of debugging by turning on WordPress’s own error reporting tool. You add the following line in the “wp-config.php” file in WordPress’s root directory:

define(‘WP_DEBUG’, true);

You can also enable php error reporting in your site’s root “.htaccess” file with the below code which puts the errors in a log file on your site rather than show them to the public:

php_flag log_errors on
php_value error_log /home/path/public_html/www.YourWebAddress.ie/PHP_errors.log

Leon