Wildcard certificates allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.
Source: ACME v2 and Wildcard Certificate Support is Live
This is something we’ve been waiting for at CALI so we can move Classcaster to HTTPS. I think it’s also going to be great for folks like me who like having a domain for everything. With wildcard support we should be able to encrypt all the web pages.
It seems that the WordPress Android client did not take kindly to my decision to go all in on the https craze. I needed to delete the site from the app and as it back again.
2 things would have been useful here. First, a more descriptive error message. The 405 Method not allowed message didn’t tell me anything. I knew it wasn’t working. Maybe a hint that it could be related to a change on the site wood be good. Second, let me change the URL of the site without needing to delete it. I think this used to be a feature but I couldn’t find it. I’ve been using the app for years and lost a bunch of data because I had to delete the site and reattach.
The ask is still great, but it child stand to be a bit more flexible.
Let’s talk about Basic Auth:
- It’s a well and clearly defined specification.
- It’s been around since ~1996.
- It’s super simple.
Here’s the short version of how it works.
- You are a developer.
- You have an API key pair: an API Key ID and an API Key Secret. Each of these is a randomly generated string (usually a uuid).
- To authenticate against an API service, all you need to do is put your credentials into the HTTP Authorization header.
Source: Randall Degges – Why I Love Basic Auth
Installing an SSL certificate on your domain is an essential step you should take to secure your WordPress site and now with Let’s Encrypt you can get one for free. An SSL certificate encrypts the connection between your site and your visitors’ browser so hackers can’t intercept and steal personal information. Normally, SSL certificates can be cumbersome to install and can get expensive, but this is changing fast.
Source: Adding Free SSL Certificate and HTTPS to WordPress with Let’s Encrypt and Certbot – WPMU DEV
Let’s Encrypt + Certbot provide a straight forward way to add SSL and HTTPS to your website. This article walks you through the steps to get this running on a WordPress site. It’s worth noting that this will likely work on Apache with virtual hosts but it’ll take a bit more work.