Category News

SSL Installation on WordPress in Preparation for the GDPR

Recently, the Internet has been ablaze with information about the impending compliance deadline with the European General Data Protection Regulation (GDPR). The GDPR is already in effect, however, the grace period for compliance ends on May 25, 2018. This means that all businesses processing data on EU citizens must comply with the GDPR by that date, regardless of whether they are located in the EU or not. This also means that you are likely impacted if you have a website that is visited by EU citizens and your website stores cookies and/or has a contact form and/or has means for visitors to leave comments and “likes” etc (which basically means any blog). The GDPR states that you need to “…implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects.

In practice, in my opinion (I am not a lawyer!) this means among other things for your website that you probably need to

  • Install an SSL certificate on your website, such that all web traffic is encrypted;
  • Update your website to include a disclaimer on your cookie and data protection policy.

Now, ideally, one would install an SSL certificate first and then set up the website, but alas, this is not what I have done with this website, which is based on WordPress. So I had to go through a few extra steps to make the SSL certificate work.

Step 1: Install SSL Certificate

This was the easy part, since all I had to do was to purchase an SSL certificate from my hosting provider, and the installation of the certificate was up to them.

Step 2: Edit the Settings of your WordPress Installation

This step is necessary so that all your permalinks point to https:// instead of http://. This can be accomplished by going to Settings > General Settings and editing the WordPress and Site addresses to point to https, see the screenshot below.

https settings in WordPress

https settings in WordPress

However, unfortunately, this was not the whole story, since my site contains quite a few pages and blog posts, complete with lots of images and uploads, which all still pointed to http:// instead of https:// internally. This meant that upon visiting my secured site (https://www.cfbtranslations.com instead of https://www.cfbtranslations.com), the browser didn’t show a nice (green) padlock in the address bar, but instead a broken lock, indicating partially insecure elements on the site.

Secure site indicated by padlock

Secure site indicated by padlock

A broken padlock means that portions of the site (links, images) still point to insecurely loaded elements, which means these images are for example loaded via http:// instead of https://.

Broken padlock indicating insecure elements on website

Broken padlock indicating insecure elements on website

Step 3: Change All Internal Links to https

In my case, getting the aforementioned insecure elements to load securely turned out to be the most cumbersome part. There are a number of WordPress plug-ins which claim to accomplish the same task with the click of a button. Unfortunately, they all turned out incompatible with my theme or some of the numerous plug-ins I use. If you don’t use any elaborate plug-ins and your theme is compatible, I suggest you simply search for plug-ins related to “SSL” and install the plug-in of your choice. In any case, please make sure you have a back-up of your site in case things go awry and you need to restore the site to its original condition before installing the plug-in.

If, however, the plug-in of your choice does not accomplish the task, there is a second option. Install and activate the plug-in “Better Search Replace,” and then search for “http://www.yoursite.com” and replace it with “https://www.yoursite.com.” After this step, visiting your site via https:// should show a nice (green) intact padlock with no security warnings.

Step 4: Redirect http:// to https:// in Your .htaccess File

This step is necessary so that all visitors typing www.yoursite.com or yoursite.com without any of the prefixes are redirected automatically to the secure version of your site at https://www.yoursite.com. Now, every hosting provider has their own means to access and edit the .htaccess file in your home directory. Most hosting providers also have a recommended syntax for the https redirect, so please follow the instructions of your hosting provider.

In my case, I had to insert the following lines at the very top of the .htaccess file, before anything else:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

That did the trick, and all visitors are now redirected to a safe and secure site. The second step to make my website GDPR-compliant is to check which, if any, cookies my site uses (direct or third party), and update my existing cookie and privacy policy page accordingly. However, this is the topic of a future blog post.

An Oldie but Goodie – Christmas Song for Unix Hackers


better !pout !cry
better watchout
lpr why
santa claus < north pole >town


cat /etc/passwd >list
ncheck list
ncheck list
cat list | grep naughty >nogiftlist
cat list | grep nice >giftlist
santa claus < north pole >town


who | grep sleeping
who | grep awake
who | egrep ‘bad|good’
for (goodness sake) {
     be good
     }

by Frank Carey, AT&T Bell Laboratories, 1985

Translation:

Santa Claus is Coming to Town

You’d better watch out, you’d better not cry;
You’d better not pout, I’m telling you why;
Santa Claus is coming to town.

He’s checking his list, checking it twice;
Going to find out who’s been naughty and nice.
Santa Claus is coming to town.

He knows who is sleeping, he knows who is awake.
He knows who has been bad or good;
So be good for goodness sake.

You’d better watch out, you’d better not cry;
You’d better not pout, I’m telling you why;
Santa Claus is coming to town.

Slides for presentation at ATA58, ST-7, “An Introduction to Artificial Intelligence, Machine Learning, and Neural Networks”

You can download the slides for my presentation here.
(© All rights reserved, though I am happy to share a version with higher resolution or give specific permission for reuse of the slides upon request.)

Abstract:

From spam filters to stock trading bots, the applications of artificial intelligence are already omnipresent. This poses important questions such as: Will my autonomous vacuum cleaner go on a rampage and eat the hamster? Do neural networks think like brains? What are the chances of a robot uprising? The presentation will address these questions and give an introduction to artificial intelligence, which is impacting all our lives, perhaps more than most people are aware of. However, the talk will not discuss machine translation and related topics. No knowledge of computer science or advanced mathematics is required to attend.

Scam alert!!!!!

An outfit called “Alliance of Applied Translators and Interpreters International”, AATII, has illegally acquired the publicly available information and names of thousands of translators and interpreters from various reputable directories, such as the ATA directory, and is using this information list the translators and interpreters without their consent on their site. My name and information was stolen as well without my knowledge (until this morning) or permission. Hacking of the associated databases does not seem to be involved, since only publicly available information was mined and subsequently falsely represented.

According to Whois, the website in question (which will not be linked here) is registered to the following person:

Registrant Name: LIXIN CHENG
Registrant Organization: Princemountain Transnational Services Inc.
Registrant Street: #300-5900 No. 3 Road
Registrant City: RICHMOND
Registrant State/Province: British Columbia
Registrant Postal Code: V6X 3P7
Registrant Country: CA
Registrant Phone: +1.6043702171

Warning: Do not do business with either AATII or Princemountain Translational Services until this matter is resolved!

Update: As of yesterday afternoon (April 15, 2016, US Pacific), the misused information has been removed from the site.

Update August 2020: According to the Law Society of BC, Li Xin Cheng dba Princemountain Translational Services Inc. has been banned from practicing law by the Supreme Court of British Columbia. Click here for details.