WordPress Offers HTTPS to Custom Domains
WordPress.com is offering free HTTPS for all custom domains hosted on its site in an effort to bring the security and performance of modern encryption to every blog and website.
WordPress points out that strong encryption protects users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking and other Web security flaws. Although WordPress has supported encryption for sites using WordPress.com subdomains since 2014, the newest announcement expands encryption to the many custom domains hosted on WordPress.com. What’s more, the change is automatic, which means site owners won’t need to do anything for it to take effect.
“The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains,” WordPress said in its announcement. “For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.”
WordPress notes that site owners should keep an eye out for this feature on their custom domains. Once a site is HTTPS-enabled, users will see a green lock icon in their browser’s address bar. Then all plain text HTTP requests will automatically be redirected to their encrypted counterpart. Plus, WordPress says that it will transparently handle all the complexities of SSL certificate management.