WordPress is pushing free default SSL for all the website running the popular CMS and hosted on WordPress.com, that means over 26% of websites based on the most popular CMSs on the web will be secured (Statistics by W3techs).
On Friday, WordPress announced that it has partnered with the Let’s Encrypt project in order to offer free HTTPS support for all of its users on WordPress.com blogs.
According to the systems engineer Barry Abrahamson from WordPress’ parent company Automattic, the roll out will be transparent without impact on the users.
“Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com. This brings the security and performance of modern encryption to every blog and website we host. Best of all, the changes are automatic — you won’t need to do a thing.” Abrahamson wrote in a blog post.
“This brings the security and performance of modern encryption to every blog and website we host.” “For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.”
That is great, more security, for free and without any effort! The Internet will be a better place, users will be protected from eavesdropping. The massive introduction of Web encryption provides more than security to the users, the protocol enhancements like SPDY and HTTP/2 have reduced in a significant way the performance gap between encrypted and unencrypted web traffic.
Digital certificates will be offered by the Let’s Encrypt initiative starting from January.
“The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.” added Abrahamson.
Summarizing … WordPress.com is activating HTTPS on all its websites without requesting users intervention.
(Security Affairs – HTTPS, hacking)