I recently moved each blog to their own subdomain. This was mainly to give a strong security layer between each blog, limiting overall exposure if one blog is compromised.

While I was improving security, I decided to move my entire blog to Secure HTTP (HTTPS). Unfortunately, this was not free. Although the overall expense was small, it’s sad secure browsing is still seen as an edge-case upgrade.

Getting this blog to be completely HTTPS hosted was slightly more effort than I expected. Here’s what it took:

  1. Upgrade hosting to SSL.
  2. Purchase SSL certificate .
  3. Go back to hosting admin page and find CSR .
  4. Figure out how the web-based admin page maps to the purchased certs and install new certs.
  5. Add some htaccess rules to force HTTPS.
  6. Update WordPress site URLs (via Dashboard > General Settings) to use HTTPS.
  7. Directly update DB tables to convert hard-coded site URLs.

I was surprised to find WordPress hard-codes the site URLs in posts (both the content and guid links). It seems it would have been trivial to design the post content to be relative to the current site url.

Also, I’m waiting on getting an EV certificate .