WordPress pushes free default SSL for hosted sites

World's favourite one-stop pop-shop now harder to hack.

WordPress has deployed HTTPS for its hosted sites*, in what is a huge security boon for users.

April statistics by W3techs found 26.3 percent of all content management systems run WordPress.

Systems engineer Barry Abrahamson from WordPress' parent company Automattic says the roll out will be transparent and administrators will not need to do anything to enjoy the better security.

"Today we are excited to announce free HTTPS for all custom domains hosted on WordPress," Abrahamson says.

"This brings the security and performance of modern encryption to every blog and website we host.

"We are closing the door to unencrypted web traffic at every opportunity."

Certificates will be gifted from the Let's Encrypt initiative with the first batch launched in January.

It means millions of websites will be safer from spying and interception techniques.

He says performance enhancements like SPDY and HTTP/2 have closed the performance gap between encrypted and unencrypted traffic, which was a reason some admins had put off the security measure in previous years.

Automattic's upgrade comes as social media kingpins and other major tech companies deploy HTTPS throughout popular services, with Google going further and penalising sites that rely on plain text. ®

Bootnote: We've edited the first paragraph, which might originally have given the impression HTTPS was enabled on all WordPress sites, rather than those hosted by WordPress. ®


Biting the hand that feeds IT © 1998–2017