This is a series of articles explaining how to speed up WordPress, the use of which is growing rapidly for CMS-based business sites and media sites. This time, we will explain step-by-step how to implement Always-On SSL and HTTP/2 on an existing HTTP WordPress site.
Last time, as preparation for enabling HTTP/2 and Always-On SSL, we explained how to migrate an existing WordPress site over to KUSANAGI. This time, we will show how to enable HTTP/2 and Always-On SSL on sites already running on KUSANAGI.
If you just started reading this blog from this article or you have a WordPress site that is not running on KUSANAGI, please read the back issue "Enabling Always-On SSL and HTTP/2 on an existing HTTP WordPress site (Part 1: Preparation)" and follow the instructions from step 1.
Step 2: Enable HTTP/2 and Always-On SSL on WordPress site already running on KUSANAGI
1: Check the plugins
If you are using partial SSL plugins like WordPress HTTPS or Admin SSL, you will need to delete or disable them or problems may occur when enabling Always-On SSL.
2: (Method 1) Enable Always-On SSL and HTTP/2 via Let's Encrypt
*If you are using business SSL certificates, skip to step 2 "Enabling Always-On SSL and HTTP/2 with business SSL certificates”.
Enter the command to issue a Let's Encrypt SSL certificate into the console. You can use any email address that you have access to.
kusanagi target example.com kusanagi ssl --email firstname.lastname@example.org
The command to issue an SSL certificate via Let's Encrypt.
If successful, the following message will be displayed
Auto renewal certificate is already enabled. Nothing to do. Modified nginx/httpd config files and restart.
The message that displays after entering the command to issue an SSL certificate
If the certificate is successfully issued, the wp-cli's search-replace command will get executed and URLs in the database like "http://example.com" will get changed to "https://example.com". Also, automatic renewal for the 90-day SSL certificates will be activated.
Next, set up HSTS (HTTP Strict Transport Security) settings and redirect from HTTP to HTTPS.
kusanagi ssl --https redirect --hsts weak
Redirect and HSTS settings
We have now done the basic setup for HTTP/2 and Always-On SSL through Let's Encrypt. Access the page from a browser and check that it works. Consult "Using KUSANAGI - Adding Always-on SSL and HTTP2 (Part 1. Let's Encrypt)" for details on Let’s Encrypt and how to check that it is working.
Next, we will show how to enable Always-On SSL and HTTP/2 with SSL business certificates.
3: (Method 2) Enabling Always-On SSL and HTTP/2 with business SSL certificates
The steps are laid out in the back issue “Adding Always-On SSL and HTTP/2 (Part 2. SSL Server Certificates for Business)” Follow the instructions as written in that article.