After WordPress also Google decided to switch on default HTTPS for its free domain service provider Blogspot. The measure will impact millions of users of the popular platform. Since September 2015 Google had introduced HTTPS support for Blogspot domains as an option, now it is announcing the extension to every Blogspot domain blog.
The adoption of encryption will provide more security to the end-users, in the recent months, many companies have pushed the security measures, including WhatsApp and Viber.
In April WordPress announced that it has partnered with the Let’s Encrypt project in order to offer free HTTPS support for all of its users on WordPress.com blogs, that means over 26% of websites based on the most popular CMSs on the web will be secured (Statistics by W3techs).
“As part of this launch, we’re removing the HTTPS Availability setting. Even if you did not previously turn on this setting, your blogs will have an HTTPS version enabled.” Google informed users. “We’re also adding a new setting called HTTPS Redirect that allows you to opt-in to redirect HTTP requests to HTTPS. While all blogspot blogs will have an HTTPS version enabled, if you turn on this new setting, all visitors will be redirected to the HTTPS version of your blog at https://<your-blog>.blogspot.com even if they go to http://<your-blog>.blogspot.com. If you choose to turn off this setting, visitors will have two options for viewing your blog: the unencrypted version at http://<your-blog>.blogspot.com or the encrypted version at https://<your-blog>.blogspot.com”
HTTPS will make impossible for attackers to eavesdrop connections between the user’s browser and web server. The adoption of HTTPS will help visitors to check that they open the correct website and aren’t being redirected to a malicious site, and it helps detect if an attacker tries to change any data sent from Blogger to the visitor.
The HTTP version of the blogs will remain accessible by the users anyway, anyway, that can use the new setting called HTTPS Redirect that redirects HTTP requests to HTTPS. Google implemented the technical implementation in order to avoid forcing its users to use the HTTPS and avoid problems with the bloggers.
Some blogs on Blogspot, in fact, contains “mixed content” such as images and scripts incompatible with the HTTPS protocol. Google intends to support its bloggers by offering tools and porting services to overwhelm the difficulties related to the migration of this mix content.
(Security Affairs – Blogspot, HTTPS)