HTTPS Everywhere: Encryption for All WordPress.com Sites
We’re proud to support a more secure web — now for all custom domains on WordPress.com.
Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com. This brings the security and performance of modern encryption to every blog and website we host.
Best of all, the changes are automatic — you won’t need to do a thing.
As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws.
WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com.
The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.
For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.
Web encryption provides more than security
Protocol enhancements like SPDY and HTTP/2 have narrowed the performance gap between encrypted and un-encrypted web traffic, with encrypted HTTP/2 outperforming un-encrypted HTTP/1.1 in some cases.
Google also announced HTTPS is used as a ranking signal in search results, with HTTPS-enabled sites ranked above their plaintext counterparts.
As a WordPress.com site owner, keep an eye out for this feature on your custom domains. Once your site is HTTPS-enabled, you should see a green lock icon in your browser’s address bar. All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https://
instead of http://
). We will transparently handle all the complexities of SSL certificate management for you.
We take security seriously, and we’re proud to offer this to WordPress.com users. For more information about encryption, please see our support documentation.
Thanks for the good post. Good information.
LikeLiked by 4 people
Nicely done! I like this!
LikeLiked by 4 people
After being spammed; I am glad you are taking things to the next level.
LikeLiked by 3 people
Great move. Security is crucial in the digital world, and I can now feel more secure now you’ve announced this news. Thanks a bunch WordPress, your help is much appreciated :-).
Alex Smithson
LikeLiked by 6 people
Great except I haven’t been able to publish my blog for almost a month and there’s no one to tell me why. Thanks:
R
LikeLiked by 4 people
Hi @flowersnaturally can you please contact us here for help with that? https://en.support.wordpress.com/contact
Happy to take a closer look!
LikeLiked by 4 people
Great service to all of us.Thanks.
LikeLiked by 2 people
Thank you! THANK YOU! Much gratitude to every one who has been working on this. Those Firefox alerts are driving me bananas!
LikeLiked by 4 people
Good relief to know this. Thanks WordPress.
LikeLiked by 3 people
Thank you, WordPress!! 👍🏻
LikeLiked by 4 people
Great! Keep up the great work you do for us…
LikeLiked by 3 people
Thanks very much for your constant attention to our needs.
LikeLiked by 3 people
This is good news!
LikeLiked by 3 people
Congratulations on launching this very, VERY important part of today’s internet world! Security is a HUGE thing for me, as I am sure many others are just as concerned. Thank you! I feel better, now! SERIOUSLY! Network security was a very important job I had, once.
LikeLiked by 4 people
Great work. Thanks!
LikeLiked by 4 people
Thank you for letting us know.
LikeLiked by 3 people
Awesome, thank you. 🙂
LikeLiked by 1 person
Yay! So glad to read this.
LikeLiked by 13 people
Way to go!! I am thrilled!
LikeLiked by 4 people
Awesome! Thanks for the information!
LikeLiked by 4 people
Good job. Thank you for all you do. Security rocks.
LikeLiked by 2 people
Great. Thanks for your concern. We are quite secured.
LikeLiked by 3 people
Glad to hear that! Awesome news. 🙂 ❤
LikeLiked by 3 people
Sounds great! One question: If a site is already hacked, what will the encryption do after the fact?
LikeLiked by 3 people
Hi Jean,
HTTPS encryption doesn’t really help you with that problem, but if you think there is a security problem with your WordPress.com site please contact our support team and they will help you right away.
LikeLiked by 2 people
Cool… that’s a good news!
LikeLiked by 3 people
Another feather in the WordPress.com hat! Many thanks!
LikeLiked by 3 people
Great initiative! I really appreciate this.
LikeLiked by 3 people
I’ve requested this feature with many more WordPress Bloggers. Thank you WordPress!
LikeLiked by 3 people
Reblogged this on My WP and CH Experience.
LikeLiked by 3 people
Great move! Well done
LikeLiked by 3 people
This is great!
LikeLiked by 3 people
Good work and thank you!
LikeLiked by 5 people
Wow! Now that I have a better understanding of the numbers involved, just wow! Thanks, Barry and WordPressdotcom.
LikeLiked by 3 people
This is great and welcome news — thank you for doing this! And thanks to Let’s Encrypt for making it possible!
LikeLiked by 3 people
Thank you very much. Great news.
LikeLiked by 5 people
Now that’s a change I can get behind 100%. Thank-you very much.
LikeLiked by 3 people
Thank you WordPress. Good news. Frances
LikeLiked by 3 people
Thanks WordPress 🙂
LikeLiked by 3 people
Thank you WordPress! I only actually restarting with you guys after a few years of intense study and this is a nice way to open. It’s nice to know you’ve got our backs!
LikeLiked by 4 people
I am very thankful, of course, but now wonder if we must change all our links to our site, such as when we guest post elsewhere…hope not….
LikeLiked by 3 people
Hi Katherine,
There is no need to change any links – they will all redirect automat(t)ically.
LikeLiked by 3 people
Barry, I can’t believe you missed the obvious pun! The changes are “automat(t)ic”! Thanks for the enhanced feature.
LikeLiked by 4 people
I love WordPress and recommend it to everyone I know because the people running it are constantly trying to make it a better, friendlier, electronic place. Thank you.
LikeLiked by 3 people
Thanks for this. A great step forwards
LikeLiked by 3 people
I’ve been waiting for this for a long time, thank you! Also thanks for HTTP/2.
Can we have HSTS, too, now that the difficult part is done? 🙂
LikeLiked by 3 people
Hi Matthias,
We are looking at the feasibility of supporting HSTS and maybe some additional security-related features.
LikeLiked by 2 people
Great news. I was just about to migrate away. Many, many thanks.
LikeLiked by 3 people
I am so very happy about this development. As someone who puts the nose out there it’s great to know I won’t get a good sock right off the bat. Thank you so much for all you do People’s. (((HUGS)))
LikeLiked by 2 people
Love it. This is great.
LikeLiked by 3 people
This is wonderful news! Thanks WordPress. ❤
LikeLiked by 3 people
We are informed. Thanks. ☺
LikeLiked by 3 people
When will this go into effect? I am not clear, but it seems as if you were saying this should be done by now, but my site (praynwatch.com) hasn’t changed at all. Is there something I need to do, or is this coming later??
Thank you!
LikeLiked by 3 people
Hi Connie! This announcement only applies to sites hosted on WordPress.com. It looks like your site is hosted by HostGator – you should contact them if you want HTTPS support for your site.
LikeLiked by 3 people
That is fantastic! All of your users will greatly benefit from Https encryption and it’s awesome that you are rolling that out. This has so many benefits, such as ranking help for seo and better performance, which is also a ranking factor. Site speed has been announced as a ranking factor, so this is kind of like a double-whammy. Great job guys!
LikeLiked by 3 people
Reblogged this on iamsteve.in – angry.scot and commented:
Great news!
LikeLiked by 3 people
Great news Barry!
LikeLiked by 3 people
Great news! Thumbs up! Thank you very much!!!
LikeLiked by 3 people
Barry, I am trying to send an email to the address: https://en.support.wordpress.com/contact but keep getting an error message: The server response was: The recipient address isnot a valid RFC-5321 address. l4sm39631342pfi.73 – gsmtp
Could you provide an alternate way to get a HELP message to your support team re: http://www.pioneerheritagegardens.org? Thanks.
LikeLiked by 3 people
The email address you’re looking for is help@wordpress.com — this should do the trick.
LikeLiked by 2 people
After all the trouble I had with this issue it’s nice to know it is getting resolved.
LikeLiked by 4 people
WordPress is the best.
LikeLiked by 3 people
This is a welcome improvement. Now if only a few other hosters would follow suit.
LikeLiked by 3 people
A good improvement. Now if WordPress could just add SOME more features to the templates, where you add pages, etc.
LikeLiked by 3 people
What about the http address we may have up at other sites where we’ve advertised our blog/website? For instance, I have the http address in all my published books. Do I have to change the http to https? Out of curiosity, I typed in the address using the http and it went to my site. Will this continue to be redirected if someone used the http? Thank you. I like the idea of https.
LikeLiked by 3 people
Hi Mary,
Yes, we seamlessly redirect http to https – no need to manually update any links.
LikeLiked by 2 people
Oh, thank goodness! 🙂 Thank you, Barry.
LikeLiked by 3 people
Reblogged this on Author Mary J. McCoy-Dressel and commented:
Hot Off the Press from WordPress. Well, this makes me feel good. 🙂
LikeLiked by 2 people
Everything is automatic at Automattic… loved it…
LikeLiked by 5 people
unfortunately seems like this great update has led to a redirect error on my site! could you advise on how to fix it?
https://soniamao.com/
LikeLiked by 2 people
Hi, sorry about that. It seems to be a problem with your Cloudflare configuration. Can you please make sure that configure Cloudflare is configured to use HTTPS to connect to the origin (WordPress.com). If you have any questions, I would suggest asking their support team.
LikeLiked by 2 people