WordPress: Move Blog to new URL Domain HTTP HTTPS on the MYSQL Console

Info: Today most Search Engines prefer Blogs who are offering „HTTPS“ at the URL for secure direct connects to the Websites but this results a lot of headaches to the Website Developers.

To be effective you should know:

  • You have to offer HTTPS beside HTTP
  • You should use a validated Domain Certificate, most Domain Resellers offer them for FREE
  • You should know that NOT every FREE Certificate is TRUSTED by every Browser (green closed lock symbol at the adressbar)
  • You have to Develop Websites WITH variable Format output ( PC, Tablet, Smartphone, Smart-TV, Infoboxes,)
  • Design Websites and test 3:2, 4:3, 16:9, 21:9, Formats
  • Easy readable for handicapted People
  • Easy to print to PDF (Test Print Preview Page)
  • Test with different Browsers ( IE, Firefox, Midori, Chrome, Safari, Mobile Browsers like Webview, Silk) if you have no possibilities ask Friends to test

To move the Blog you must access the MySQL Server and the Blog Database! phpMyAdmin Admin Interface should NOT be used if you can use the Terminal for higher Security! If not access the phpMyAdmin Admin Weblogin only be Local IP!!!

MySQL Server:

  • Always remove Anonymous User!
  • Always replace the root User Account with a new one
  • Always use very long Database Passwords! minimum 12 digits !
  • Set if you can the Listen IP to localhost or Socket for the MYSQL Server, no one should be able to access the server via public IP. If you have a virtual Server without second IP install a Firewall like „ufw“ and block all Ports without 25, 80, 443!!

Database Changes:

  • Login to the Server via SSH and connect to the MySQL Server with $mysql -u databaseadmin -p
  • Enter following MySQL Commands:

 

mysql > use blogdatabasename;  #change to the blog database

mysql > UPDATE wp_posts SET guid = replace(guid, 'http://www.domain','https://www.domain');

mysql > UPDATE wp_posts SET post_content = replace(post_content, 'http://www.domain', 'https://www.domain');

mysql > UPDATE wp_options SET option_value = replace(option_value, 'http://www.domain', 'https://domain');

mysql > UPDATE wp_posts SET guid = replace(guid, 'http://www.domain','https://www.domain');

mysql > UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://www.domain','https://www.domain');

mysql > flush query cache; #force updates on the mysql server caches!

mysql > quit;

Testing:

  • Login into your Blog on WordPress and check results and view, save and change all basics settings again on area settings an reading, cause much files are often „cached“ by Browsers, Proxy’s or by Cache Plugins!
  • Change wp-config.php add this „define(‚FORCE_SSL_ADMIN‘, true);“ to force https for Admin Login.
  • Check the Widgets! Cause you can’t change all URL’s at the MySQL Database, cause the Widgets creates „dynamic“ URL-Path Entry’s!!!

Security: Webserver HTTPS with Self Signed Certificate Do it yourself in 5 Minutes!!

Today the Point of Security and encrypted Webserver Communication is rolling over every User who hosts own Websites on the Internet. Last decades HTTPS was only used by Online Login Pages like Shops and Banks to verify the Communication between a User PC and the Website. But after January 2015 the most Search Engines like google decides to force index of Websites with HTTPS Protocol. The Background is that a TLS encrypted Connection isn’t easy to track and to force „drive-by-load-Viruses“ to the Website Visitors.

Self Signed Certificate Sample
Self Signed Certificate Sample

But a lot of Webmasters of the Opensource Community were angry about this handling. Thats is not real problem if you won’t buy a SSL/TLS Certificate. Every Webmaster can create a self signed Certificate on his Webserver if he is able to login via ssh and to config the Webserver like Apache. Self signed Certificates are warned by the Webbrowsers at the only first view, but if the User wants to install the Certificate the Browser isn’t warning next visits!

The Search Engines like Google don’t check the trust of the Certificates by the robots and so your Site will be good placed on the Index like the last decades. The ONLY thing is that you MUST move all Files,Images, Internal Links and Bookmarks to „https://“  that the „LOCK“ of the Browser Dialog is „CLOSED“  and „GREEN“ like on the Picture .

Of course if you want, you can buy and install „Domain Name Trusted“ Certificates, but if you only host private Websites/Blogs you won’t really pay over 100$ per Year for the Certificates.

Advantages:

  • Secure Login to your Site/Blog
  • Encrypted Transfer of Data
  • Security for your Visitors
  • No Drive-BY-Loads
  • Less Content Stealing

You will remark next years that the internet will be moved to HTTPS!

To create a Certificate use „OPENSSL“ with this command,answere the Questions of the Script, later put the Certificates .crt and .key to /etc/ssl/.. and tell Apache to pull them there!

$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt