As many of you know, Google has now announced HTTPS as a ranking signal.
In plain English this means that all things being equal, a site served over HTTPS will rank higher than a site served over HTTP. And don’t take “all things being equal” lightly, there are hundreds of factors that influence how well your site ranks (so there’s no need to drop everything and buy an SSL certificate). Regardless, security (as in the case with performance) is clearly a direction towards which the web is moving.
Configuring SSL is a pain, even when you know what you’re doing. The last thing we want here at W3 EDGE is to make it harder for you to run a secure website once you’ve gone through the trouble of implementing security measures.
There are a number of ways in which W3 Total Cache supports both performance and security, and we wanted to highlight a few of these capabilities below:
Page caching
- Caching of HTTPS pages: on the page cache settings page, you can “Cache SSL (https) requests” (uniquely) for improved performance.
- Page caching exceptions: Pages with customer-specific data (such as shopping cart pages and member profiles) should not be cached in most cases, and W3TC allows you to implement a page caching exception on the pages of your choice via the “Never cache the following pages” section of the page cache settings page. Usage: simply enter “cart/” to exclude that page or “cart/*” to exclude that page and all sub-pages. (Without the quotes, of course.)
- Pro tip: you can also use the define('DONOTCACHEPAGE', true); define statement in your functions.php file to specify a page or series of pages where page caching should be disabled. Navigate to Performance > FAQ in your Dashboard for more information.
Content Delivery Networks
- Disable CDN on SSL pages: We have a lot of customers who run ecommerce websites and secure transaction pages (/cart, etc.) with SSL. Many of these customers also integrate a Content Delivery Network on their site to improve performance, and this can break SSL pages if the CDN URLs are HTTP. W3TC has long since allowed you to disable CDN on HTTPS pages with a snippet of code, but this functionality is now fully exposed through the UI. Usage: On the CDN Settings page, simply select the “Disable CDN on SSL pages” checkbox under the Advanced section.
- SSL Support: W3TC also supports CDNs served over HTTPS.
- Pro tip: to maximize the use of W3TC and your CDN on sites with both HTTP and HTTPS pages, you can define both versions of your CDN hostnames in the “Replace site’s hostname with” fields of the CDN settings page in the following format: cdn.yourdomain.com,ssl-cdn.yourdomain.com. You can see Yoast’s configuration illustrated in his excellent post on WordPress and CDNs.
CloudFlare
CloudFlare is a product that many of our customers use for securing and accelerating their sites. You can actually use CloudFlare’s Pro plan ($20/mo as of the time of this post) to serve your site over SSL without needing to purchase and configure an SSL certificate.
The latest version of W3TC ships with a CloudFlare extension to facilitate the connection between your site and the CloudFlare services. This connector is not required for CloudFlare to function of course (CloudFlare works at the DNS level), but our connector exposes a number of useful functions that allow you to make changes right from W3TC.
Fun fact: CloudFlare was originally conceived as a security product that ended up having performance benefits as a result of how it functions.
Help!
I know, this stuff can be overwhelming if you don’t have an engineering degree or if you’re just wading into these waters. You can drop us a note or order professional configuration if you need help.