Cheetah_Kruger_Fast_Secure

Fast Secure Websites on a Budget (with Cloudflare or KeyCDN)

[Update, April 19, 2017: The Let’s Encrypt certificate is now installed automatically on all websites hosted by High Peaks Media on A2 servers. After updating to https://, we recommend creating a free Cloudflare CDN account, and then updating to the Cloudflare nameservers at the domain registrar. This procedure installs a Comodo certificate (issued by Cloudflare) on the edge servers while the Let’s Encrypt certificate is installed on the origin server, thus satisfying encryption throughout (see below). 

After activating Cloudflare, login to your Cloudflare account and create a page rule for the URL *mydomain.com/wp-admin*, with the settings: (a) Disable Performance and (b) Cache Level > Bypass. Then login to WordPress, install the Cloudflare plugin, and select automatic settings. ]

A Fast Secure Website is a Big Deal

In the marketplace, FAST and SECURE translates to YES, I want to do business with you. Deliver your message Fast, and Inspire Confidence!

Moreover, speed and security are now affordable (free or low cost), and setup time is minimal (usually 30-90 minutes, when you know what to do).

What should you do?

Add a security certificate (SSL) to your website. For example, this website is secure (see the https:// in the address bar). Security certificates are now available for free, for example through Let’s Encrypt (see Secure Websites now Available for Free through Lets Encrypt)

Deploy your website on a Content Delivery Network (CDN). A CDN is a critical element in website speed  (see 20 Ways to Improve Website Speed).

How does it work?

Your website is physically located on an ‘origin server’, which is maintained by your website hosting service.

A Content Delivery Network (CDN) stores cached versions (i.e. copies) of your website on their ‘edge’ servers, which are distributed globally.

When someone visits your site, the CDN delivers the cached version of the website from their nearest edge server, thereby decreasing delivery time.

The security certificate certifies that communications between the user and the server are encrypted.

Encryption can occur between the user and the edge server, as in the Cloudflare Universal SSL. This service is currently free.

Or, encryption can occur between the user and the edge server, and  between the edge server and the origin server, as in the Let’s Encrypt certificate (installed on your website) and the KeyCDN network. This service requires a fee, although pay-as-you-go options are low in cost.

Options for SSL / CDN deployment on a budget:

The Cloudflare free ‘Universal SSL’ and Content Delivery Network is suitable for websites that do not collect sensitive information. Note that the certificate only works on modern browsers (approximately 80% of current usage). Also, the free tier of service will not accept custom certificates installed on the origin server.

The Let’s Encrypt SSL and the KeyCDN delivery network are a low-cost pay-as-you-go option that is suitable for ecommerce sites, or sites that collect personal information. KeyCDN offers plans starting at $50 per year for a small website, or contact us and we can provide this option for half of that (Jan 2017 pricing; see below for more information on cost).

I recommend the Cloudflare option for basic sites, and the Let’s Encrypt/KeyCDN option when sensitive information is collected.

Installation Notes

The following notes refer to actual installation procedures, specifically on WordPress websites.

Cloudflare Universal SSL and CDN Installation

Some website hosting providers partner with Cloudflare, in which case a Cloudflare option may be on the cpanel. However, I would recommend creating a Cloudflare account, and setting up the site on the Cloudflare dashboard.

Signup for Cloudflare and add your website. A Universal SSL certificate will be automatically installed.

Change your nameservers at your website registrar to Cloudflare nameservers. This will take time to propagate (usually 12 hours or so, but it could be more or less).

Follow the instructions, recommended for all Cloudflare Users: https://support.cloudflare.com/hc/en-us/articles/201897700-Step-4-Recommended-First-Steps-for-all-CloudFlare-users (e.g., for A2 Hosting, see https://www.a2hosting.com/kb/add-on-services/cloudflare/using-cloudflare-to-defend-against-ddos-attacks)

For WordPress add the Cloudflare plugin (requires the API from the dashboard). Log into Cloudflare via the plugin interface and check appropriate options (e.g., auto functions adds a rule for the WordPress admin (but check http: vs https:). Or on you Cloudflare account, create a Page Rule for administering your website to Disable Performance and Bypass Cache Level for  *mydomain.com/wp-admin*.

If a redirect problem arises, add the Cloudflare Flexible SSL plugin.

If using Cloudflare with WP Fastest Cache, see the tutorial here. On the Cloudflare dashboard, Disable the Speed options Auto Minify and Rocket Loader.

After propagation of the Cloudflare nameservers:

Change the domain of your site to https:// (see the post Lets Encrypt)

Add rules to .htaccess file redirecting http:// to https:// (see the Lets Encrypt post)

# BEGIN REDIRECT HTTP: TO HTTPS: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L] </IfModule>

Fix mixed content issues (i.e., change all content to https) using the Better Search and Replace plugin or the SSL Insecure Content Fixer

Let’s Encrypt with KeyCDN Delivery – Installation Notes

Install a Let’s Encrypt Certificate on your website. Most hosting providers will do this for you.

Transition your site from http to https:

Create an account at KeyCDN, and add a zone to the account (deployment takes a few minutes).

Refer to the Complete CDN Migration Guide. For SSL, you can either (1) install a Let’s Encrypt certificate on the KeyCDN servers (see the post, Use LetsEncrypt With KeyCDN to Enable TLS), or (2) Order and install a custom certificate

(1) Install a Let’s Encrypt Certificate

In the KeyCDN advanced zone settings, scroll down and select the Let’s Encrypt certificate. Also selecte Force SSL.

Setup a Cname in the domain cpanel under DNS settings (deployment takes a few minutes).

  • Name, e.g., keycdn
  • CName, e.g., hpm-66ac.kxcdn.com

Propagation of the Cname takes a few minutes; check using the DNS Check Tool, with the URL e.g., keycdn.yourwebsite.com)

Add a zone alias for the zone on your KeyCDN dashboard (e.g. keycdn.yourwebsite.com). Check that the zone has deployed.

(2) Order and install a custom certificate.

Order for example from http://ssls.com, or follow the suggestions here: https://www.keycdn.com/support/how-to-order-a-ssl-certificate/. In either case, the process takes a bit of time.

Setup CName in the domain cpanel under DNS settings. L

  • Name, e.g., keycdn.yourwebsite.com (where ‘keycdn’ is the zone alias)
  • CName, e.g., hpm-66ac.kxcdn.com

Let the cname propagate; check using the DNS Check Tool, with the URL e.g., keycdn.yourwebsite.com

Add a zone alias for zone (e.g. keycdn.yourwebsite.com)

Edit the zone, and add the certificate (a tool for the Intermediate Certificate is provided at the end of the certificate check page, https://tools.keycdn.com/ssl)

Activate the zone

Finally

On your website, add the plugin CDN Enabler. Enter your zone url using the https:// prefix (for secure sites)

If the site is broken, try changing the URL to http://

Or, try deselecting the box ‘Enable CDN for SSL’

KeyCDN Pricing (Jan 2017)

KeyCDN provides a cost calculator based on traffic to your site. You can find traffic records on the cpanel of your hosting account. The minimum cost is $50 per year. KeyCDN offers up to 5 zones (websites) free; additional zones cost $1 per month.

KeyCDN Useful Tools

https://tools.keycdn.com/

KeyCDN and WP Fastest Cache plugins, https://www.keycdn.com/support/wordpress-cdn-integration-with-wp-fastest-cache/

==

Image credit: By Mukul2uOwn work, CC BY 3.0, Link

Cheetah_Kruger_Fast_Secure

Related Posts

Leave a Reply

Be the First to Comment!

Notify of
wpDiscuz