WordPress The Right Way
English en-US
English en-US
  • WordPress The Right Way
  • Getting Started
  • Debugging
    • Error Logging
    • Handling Errors
    • Tools
    • Constants of wp-config.php
  • Data
  • Core
  • Code Style Guide
  • I18n
  • JavaScript
  • Multisite
  • Queries
    • User Queries
    • SQL
    • Taxonomy and Term Queries
    • Comment Queries
    • Post Queries
  • Routing
    • The Main Loop & Template Loading
    • What Are Query Variables and Where Do They Come From?
    • Clashes, Slugs, & Debugging
    • Rewrite Rules
  • Security
    • Secure HTTP
    • Standalone PHP Files
  • Servers And Deployment
    • Migrations
    • WP CLI
  • Templates
  • Testing
    • Testing Theory
      • Test Driven Development
      • Unit Testing
      • Behavior Driven Development
    • Testing Plugins
    • WP_UnitTestCase
  • Widgets
  • Community
  • Credits
Powered by GitBook
On this page
  1. Security

Secure HTTP

In modern web development, you should be using https. There are no excuses not to use it. All hosts should be providing the free letsencrypt certificates as a minimum.

Additionally, your entire site should be secured. Don't secure only WP Admin, the frontend should be secured too.

Failure to do this can bring legal risks, SEO penalties, and security risks to both you and your customers.

What To Do If Your Host Charges for Certificates or Installation

This is a major red flag, and irresponsible, you should change hosting provider. Lots of good alternatives for hostng WordPress exist that provide free certificates and installation, ranging from the lowest prices to enterprise grade providers.

PreviousSecurityNextStandalone PHP Files

Last updated 4 years ago