- WordPress.com is supporting HTTPS for all its blogs, the web hosting service provider announced Friday.
- Domains or blogs under WordPress will automatically get HTTPS, without any charge or action on the user's part.
- A project launched recently by Let's Encrypt has made it both easier and cheaper for companies like WordPress to implement HTTPS. The project allowed WordPress to have an automated way to provide SSL certificates for large numbers of domains.
Each WordPress website now has an SSL certificate. Not only does HTTPS ensure better security, but Google also prefers websites that use HTTPS, ranking them higher in search results. Google is so in favor of HTTPS that its Chrome browser will eventually flag unencrypted websites and display a large red "x" over a padlock in the URL bar on sites that are potentially insecure. For now, until Google makes it the default for its browsers, users can enable it in their browser settings.
Businesses and government agencies are increasingly shifting to HTTPS because it verifies the identity of a website or web service for a connecting client and encrypts almost all information sent between a website or service and the user. In January, Drupal, a popular content management system, announced it was moving to HTTPS. Though more companies are moving to adopt SSL/TLS, but the practice still goes underused.
There is also growing concern that businesses can be infected and hackers can go unnoticed for years. Last week, the FBI reportedly sent out an alert that a group of hackers "have compromised and stolen sensitive information from various government and commercial networks" since at least 2011.
In March, Let’s Encrypt, an organization dedicated to promoting broader use of encryption on the Web and run by the Internet Security Research Group, said it distributed 1 million digital certificates for free over a period of three months. The certificates cover 2.5 million domains.