SSL And Security

TonyUK · ‎12-25-2019

Hi does anyone know about SSL code please? I received the link below with some code from godaddy but it seems to have made my security message warning worse? I have installed the SSL certificate ok and also made the recommended changes in Wordpress from HTTP to HTTPS under settings general.

Redirect my cPanel website to HTTPS (for wordpress)

This code is I used and put in the htaccess file in the /public_html/ folder is below and I changed their ^coolexample\.com$ to my domain ^knockoutpics\.co.uk$

I simply changed the .com to .co.uk and tried it with a backslash .co\.uk also but this did not work either? Is it something to do with me being in the UK and not using a .com?

dc352 · ‎01-17-2020

The first thing that struck me:

RewriteCond %{SERVER_NAME} ^knockoutpics\.co.uk$ [OR]
RewriteCond %{SERVER_NAME} ^www\.knockoutpics\.co.uk$

you don't escape the last "."

RewriteCond %{SERVER_NAME} ^knockoutpics\.co\.uk$ [OR]
RewriteCond %{SERVER_NAME} ^www\.knockoutpics\.co\.uk$

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups.

I am now running an HTTPS expiry management service KeyChest.net

I have used a lot of help from open-minded communities and I try to repay some of that help.

View solution in original post

TonyUK · ‎12-25-2019

this is the entire code for info... the second part was already in my htaccess file...

# BEGIN GD-SSL
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^knockoutpics\.co.uk$ [OR]
RewriteCond %{SERVER_NAME} ^www\.knockoutpics\.co.uk$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security "max-age=300"
</IfModule>
# END GD-SSL

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

TonyUK · ‎12-25-2019

.. and one more thing. I have just searched for .htaccess in cpanel and its come up with all those below. I have only edited the one directly under the public.html folder only as advised by the godaddy link. Is this right? Not sure if I should add the code in those below too (the ones in bold maybe?)

Name

	/public_html/.htaccess
	/public_html/wp-content/plugins/akismet/.htaccess
	/public_html/knockoutpics.co.uk/.htaccess
	/public_html/knockoutpics.co.uk/wp-content/plugins/akismet/.htaccess
	/public_html/knockoutpics.co.uk/wp-includes/.htaccess
	/public_html/wp-includes/.htaccess
	/public_html/Wordpress/.htaccess
	/public_html/Wordpress/wp-content/plugins/akismet/.htaccess
	/public_html/Wordpress/wp-includes/.htaccess

dc352 · ‎01-17-2020