WordPress SSL over HTTPS: Securing your blog’s administration pages

Keep prying eyes from stealing your important admin credentials using encryption.

Although I really should be working on my next video, I am doing something totally different —getting my website’s admin area encrypted. Yes, I am easily distracted by little side projects and that’s why I can never get anything done quickly… but THIS is a worthy task.

Why should you secure WordPress using SSL over HTTPS?

What’s the point? Security, of course. Just think: You are blogging in a coffee shop using their open wifi —or even password-authenticated wifi— it doesn’t matter. As long as there is traffic going over the network, your website’s administrative data packets are being transmitted in the clear, including your admin username and password. You wouldn’t want your bank information visible to all in the ether so why would you trust your website management bouncing around unencrypted? Logging into WordPress and doing your business can be a fairly secure process after a few steps.

Getting it done— Difficulty level: Fairly easy

I’m approaching this with the assumption that you have access to change your web host’s Apache SSL configuration and WordPress plugins. Without this access, you may have other challenges.

Quick and dirty SSL certificates

Sure you can purchase an SSL certificate from an authority and install them at your hosting level but that would be way beyond the scope of this little project. For now, I’m doing this the easy way so you can get up and running with encryption. If you already have a valid SSL certificate with a matching Server Name then skip this step. Otherwise you’d better follow along or risk getting errors. On your Apache server:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
/opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/server.crt

The path and key/certificate filenames may differ depending on your server. The one quoted is for a Bitnami appliance on Amazon’s Elastic Cloud Computing infrastructure so using the exact syntax on a generic Ubuntu server may be totally different. This self-signed certificate should suffice for this project but be sure to note the certificate specifics before allowing your client browsers to accept the connection permanently. Fill out the certificate information, carefully following the prompts.

Adjust the Apache SSL configuration

The .conf file for SSL connections is usually separate from the main Apache .conf, and may be found in a subdirectory called extras. On a Bitnami WordPress appliance for AWS it might be called /opt/bitnami/apache2/conf/extras/httpd-ssl.conf. The enabled directives are few —and for good reason. However, for WordPress to resolve URLs properly while under SSL, some additions need to be made. Please audit your security after these modifications are performed.

Define the proper DocumentRoot and VirtualHost directives for your WordPress install. The directives mirror those that are defined by WordPress and allow the Rewrite module to behave properly in the Administration area if permalinks are enabled.

<directory "/opt/bitnami/apps/wordpress/htdocs">
    Options +MultiViews +FollowSymLinks
    AllowOverride None
    <ifversion < 2.3>
    Order allow,deny
    Allow from all
    </ifversion>
    <ifversion >= 2.3>
    Require all granted
    </ifversion>
    RewriteEngine On
    #RewriteBase /wordpress/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php [L]
</directory>

You’ll need to restart Apache or reload the configuration for changes to take effect.

Prepare WordPress for SSL

To keep things simple, use the WordPress HTTPS (SSL) plugin by Mike Ems. Though you might be able to enable SSL logins in wp-config.php yourself, any canonical redirects you have in .htaccess may cause the HTTP redirect to fail. So stick with the plugin and save yourself some trouble! After activating the plugin and checking the box for “Force SSL Administration,” administrative pages in WordPress (including login) will be encrypted. You may want to bookmark the HTTPS admin URL for your website to avoid needless redirects. Voila, that’s all there is to it —enjoy!

Advertisements

First look: Steam’s In-Home Streaming with a Mac

Steam logo

When Steam announced that its latest desktop app build supports gameplay controls, audio, and video streamed through another platform —I was happily shocked. This is futuristic stuff, lemme tell ya. Here is what’s going on:

In-Home Streaming: How does it work?

Quick and dirty? Watch my video.

First there’s a host PC, likely running Microsoft Windows, with the Steam app and all the games installed.

Next, there’s a client computer (in this case a tiny 13″ MacBook Air) with the Steam app.

HAWKEN on a MacBook Air

Lastly, In-Home Streaming requires a robust internal network. Gigabit Ethernet between the host PC, the router, and the client computer would be the perfect scenario. In this example, I have an 802.11ac wireless router in a central room but my host PC in another room maxes out at 300Mbps. The client Mac has 802.11ac wireless and is located in the same room as the host PC.

Demo

Mac: Steam In-Home Streaming – Battlefield 4, Watch_Dogs

In-Home Streaming could be described as a straightforward VNC session on steroids, designed for gaming. Once the client computer on Steam detects the host PC, all games will offer a button to “Stream,” rather than Play a game in your library. All the visuals will be rendered on the host PC and pumped over your internal network to the client PC, which only has to be capable of displaying the streamed-in graphics. A graphically intensive game like Watch_Dogs, currently only available for Windows, can be played on a Mac at native resolution. Note that any settings modified during In-Home Streaming are saved on the host PC, not the client. Keep this in mind if you play primarily on your host PC, like I do. Audio is also streamed to the client PC. Streamed games are controlled by the client’s hardware, so try to use a real mouse and full-size keyboard. Let me tell you: Trying to play HAWKEN using a MacBook Air’s built-in trackpad is a bad idea!

Real question #1: Non-native Battlefield 4

Steam games perform very well when streamed but almost everyone will ask, what about non-native games (titles outside of the Steam network)? Heck, the first thing I wanted to attempt was playing Battlefield 4 on my Mac! (See video…)

Right off the bat, you simply cannot just add EA/DICE’s Battlefield 4 as a non-native Steam game. Doing so will just result in a launch error. The workaround, however, is quite simple, if not clunky.

  1. On the host PC add Wordpad or Notepad as a non-native Steam game. Its name will appear on the list of games you can play
  2. On the host PC go through the normal steps to get directly into Battlefield 4, which involves first queuing up a match in a web browser
  3. On the client (my Mac) use the Steam app to launch Wordpad
  4. While staring at Wordpad on the client, use Alt-Tab to switch the display into Battlefield 4

Encoding map-loading and transition screens for the stream will stutter unless your host PC has a lot of CPU power and an SSD drive. To maximize performance, unless you have an Intel i7 3770 + SSD setup with amazing graphics, set your host graphics to Medium or less. Setting it higher will only make host encoding worse, regardless of the speed of the network and the client platform. Considering the 13″ screen and 1440×900 resolution of my MacBook Air, I set the client Steam app’s streaming setting to “Performance.”

Steam In-Home Streaming on a Mac: Battlefield 4 on a MacBook Air

Real question #2: Watch_Dogs

Thankfully, Ubisoft’s exciting spring 2014 title Watch_Dogs is fully native in Steam and performs quite well using In-Home Streaming. Again, to maximize performance, unless your host PC is totally boss, turn down the graphic quality. Framerates reported by my Mac’s client app hovered around 30 fps using Medium quality.

Steam In-Home Streaming on a Mac: Watch_Dogs on a MacBook Air

Alternatives

Steam’s In-Home Streaming does all this magic with very little latency and as of this writing, the beta build can only improve overall performance. There’s another ingenious method that bypasses Steam altogether and involves the freemium remote desktop app Splashtop combined with the freeware utility Synergy.