I’ve added “SSL” or what most people call “HTTPS” to the site, at least temporarily.
It’s nice that it adds the little padlock icon to the address bar in web browsers, and it tends to make the Google search engine happier, which is good. But as a long-time computer administrator, setting it up and keeping it running can be a hassle, so we’ll see how this works out. An organization named “LetsEncrypt” has tried to make the process simpler and free, which is helpful. Most SSL certificate issuers charge for each certificate, which has to be renewed annually, and the validation process has gotten more complicated as time goes by — which really isn’t worth it for a small, read-only blog. But everybody is being taught to look for that little padlock icon.
The trouble is that the publisher of the WordPress plugin that makes this possible has decided to go from freeware to a pay model within days of my first installing it. I chose it because this particular one is free, which is appropriate for a small script that sets up a scheduled task to update the free SSL certificate periodically. WordPress has its peculiarities with SSL and LetsEncrypt, and a lot of plugin publishers have been cashing in on it, something I take a dim view of. So now, the plugin publisher has decided to head in that direction — although admits that the plugin will keep working as it is.
So we’ll see how this goes. I’ll keep HTTPS running for as long as it’s still workable and doesn’t cost anything. If the plugin goes away, I may see if I can write a script to replace it. If it doesn’t work out, I’ll take the site back to plain old HTTP. If that happens, I’ll pop an announcement banner up ahead of time, in case it makes anybody’s browser display any dire warnings.