Presentation
If you are about to migrate to HTTPS, there are some steps to follow to adapt your WordPress configuration.
Let’s assume that your website is called http://www.example.com and is stored in the /var/www/html/example directory.
Configuration
You need to apply the following SQL requests on your WordPress database:
UPDATE as_options SET option_value=replace(option_value,'http://www.example.com','https://www.example.com') \ WHERE option_name='home' OR option_name='siteurl'; UPDATE as_posts SET guid=replace(guid,'http://www.example.com','https://www.example.com'); UPDATE as_posts SET post_content=replace(post_content,'http://www.example.com','https://www.example.com'); UPDATE as_postmeta SET meta_value=REPLACE(meta_value,'http://www.example.com','https://www.example.com');
You also need to update the configuration in your WordPress Settings/General menu:
WordPress Address (URL): https://www.example.com Site Address (URL): https://www.example.com
You should also force the website administration in https. Paste the following line in the /var/www/html/example/wp-config.php file:
define( 'FORCE_SSL_ADMIN', true );
Source: Inspired by Bram van Damme’s website.
Additional Resources
You can read this page on How (And Why) To Disable WordPress XML-RPC or this blog post about RHEL 7 HTTPD SELinux policy hardening.
You can also read this article on How to run Ultra-Fast WordPress.
Ray Heffer wrote an article about building a secure WordPress server LAMP with CentOS 7.
Recent Comments