Protect Your Blog with SSL

As kids, we all loved Sesame Street‘s Cookie Monster. (Who couldn’t relate to a guy who loves snacks?!) But now there’s another CookieMonster on the street, and he’s not so nice.

This CookieMonster is a toolkit that tricks your browser into handing over sensitive information, and it’s one of a number of new tactics used to steal your data and, potentially, hijack your accounts.

WordPress has always taken steps to ensure that your data is safe. Now we want to make it easier than ever for you to avoid evil blogjackers that prey on security vulnerabilities.

Click on Edit Profile in the My Account menu of your dashboard and you’ll see a new field called Browser Connection. There, you can opt to “Always use HTTPS when visiting administration pages.” Click Update Profile to save the change, and you’ll be logged out. Sign back in, and you’re rolling with SSL, which encrypts your connection and helps prevent data scavengers from stealing your password and other info.

HTTPS has always been supported on WordPress.com, but it’s now even easier to remember. HTTPS is highly recommended when you’re accessing your account on a public network. Check out this video to learn more:

New Note: Using HTTPS will slow down your blogging speed significantly. Go Turbo with Gears to help speed things up. Check out this page of the FAQ for more information on using Gears — now supported on Safari for Mac!


Missing out on the latest WordPress.com developments? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications - please check your spam folder if you don't receive this.

Join 17,846,451 other followers

Heather R.

248 Comments

Comments are closed.

  1. AudaciousAria

    Done :) Thank you!

    Like

  2. Teguh Iman Prasetya

    waw

    Like

  3. billi4d

    Phew. Im glad that you have found a way to protect us from the ‘CookieMonster’ lol

    Like

  4. Lauren

    Heather, I always knew you were the Brains in this outfit. Thank you.

    Like

  5. Heather

    @Lauren: Thank our brainy developers :)

    Like

  6. {[(Limeboy11)]}

    COOL

    Like

  7. Gerald Ford

    Cool! SSL is always the right way to go with the Internet. :)

    Like

  8. ClapSo

    Thanks!

    The shields are raised captain!

    I hope the dilithium crystals can stand the strain of defending us from the data klingons.

    Like

  9. CB

    Thanks; great enhancement!
    But why the heck are you not just activating it by default??

    Like

  10. Heather

    @CB: Enabling HTTPS all of the time would introduce unnecessary slowness to your blogging experience. A password-protected home or office network is more secure than public networks, so HTTPS is likely not needed when you’re logged in at home or work. But the choice is yours if you’d like to enable it all of the time. That’s the beauty of options :)

    Like

  11. Ilah

    Wow… Sounds cool. Might wanna try it later. :)

    Like

  12. Pingback: Das Cookie Monster « rufus still thinks about his title …
  13. Yonatan Prasdikatama

    Nice work…. i’ll do that…. we’re now safe…. thanks :)

    Like

  14. vcappuccio

    WordPress is Awesome

    Thanks !!

    Like

  15. Antonio Doldo

    Good feature, security is a think that is obtained in many levels, This is a step ;)

    Like

  16. HeiligeDamon

    excelent improvement! Thanks!

    Like

  17. David Ker

    I did it but it didn’t log me out. So did I do something wrong or are your instructions off? (I’ll log out manually)

    Like

  18. jonathanrox

    Awesome! I get protection! WordPress ROCKS!!!!!!!!!!!!!!!! It’s the best blogging site ever!!!

    Like

  19. iaoj

    Sound and safe
    Thank you

    Like

  20. hoh

    thanx for this
    after the updating profile step – i was not auto logged out
    so do i need to log out? and back in for the https thingy to kick in?
    will it slow down up/download time?

    Like

  21. Heather

    @David Ker + @hoh: You won’t get logged out after clicking Update Profile if you’ve logged in using https before. Don’t worry, it’s still working!

    If you don’t remember logging in using https previously and you aren’t getting logged out, please contact Support.

    Like

  22. kaet

    I must be missing something – I can’t find the Browser Connection field anywhere. I’m trying to follow the instructions you give above, but where exactly is it?

    Like

  23. Heather

    @kaet: Log in to your dashboard and go to the My Account dropdown in the upper left. Select My Profile and you’ll see Browser Connection just below Admin Color Scheme on your profile page.

    Check out the video for a more detailed walkthrough. Promise it will be worth the watch :)

    Like

  24. Dean Longmore

    Awesome news, I wasn’t aware that SSL was supported but I’ll be sure to use it now.
    I admin my site from 2 or 3 different computers, so any extra security I can get is good.

    Like

  25. hastaelgolsiempre

    Great stuff, but is there a way to stop Internet Explorer from popping up a security warning every time I go to a new bit of my dashboard? I changed my settings about five minutes ago and I’m already annoyed about it enough to just try and trust my password…

    And please no-one answer my question with ‘yes, use Firefox.’

    Like

  26. Mr. Anonymous®

    Heather! – you got my back!!

    I like that!

    ThanX,

    Mr. A® (or IZ it?)
    Enabling NOW!!

    Like

  27. halfmd

    Thanks for looking out for us.

    Like

  28. Teck

    Thank you for this valuable update.

    WordPress Rocks!!!

    Like

  29. reprindle

    OK. But now two Microsoft warnings come up everytime I change a page. What to do about that?

    Like

  30. Heather

    If you’re using Internet Explorer, you can turn off those warnings by following these steps:

    1) Add *.wordpress.com to your list of trusted sites under the Security tab.
    2) Set Internet Options> Security> Trusted Sites> Custom Level> Miscellaneous> Display Mixed Content to “Enable.”

    Please contact Support if that doesn’t resolve the issue.

    Like

  31. blogscapes

    Thanks, this will be helpful!

    Like

  32. Pingback: New post on English/ESL — and something very relevant « Floating Life
  33. Moon

    Great!

    Like

  34. Brigitte

    Thanks for explaining the “why” part as well :3

    Like

  35. Neil

    I especially, having had a major security issue a week ago, am so happy to see that little padlock in Firefox! :)

    Like

  36. Pingback: A New Chapter Begins… « Lubi’s Pensieve
  37. Clark Bunch

    My WordPress has never been hacked, but it happened to me back in the old MySpace days. It’s not a good feeling. Apparently “I” was sending all my friends ring tone ads. Yuck.

    Like

  38. katroboy

    wooww.. thanks guys.. u r all the best! :D

    Like

  39. sinapselog

    Very nice! Security is never enough! :)

    Like

  40. alhakim

    thanks for this, i don’t notice about this option before. Security is important thing when we connect to internet. if we open in home PC, is it still possible someone steal our cookies?

    Like

  41. bigcrow

    hm, Let’s try it and see, how my blog slows down :)

    Like

  42. anonyjw

    Amazing… I remember writing you guys to request this feature weeks ago… I guess you must’ve already had the request from other users and were working hell hard to see it come to life.

    Thank you. Keep up the great work and innovative designs!

    Like

  43. peacefulone

    Cool! ….ur I think?

    Like

  44. monicaramela

    gracias!! :)

    Like

  45. Fairchild_13

    Surely WordPress is the best! XD

    Like

  46. trollboy

    I’m gonna do that right now. Thank you!

    Like

  47. rioserver500

    Great, thanks for the Video

    Like

  48. sapteka

    Good idea.

    Like

  49. Pingback: Wordpress se protege contra el Cookie Monster « Keep Walking
  50. pkab

    HTTPS:// for my administrator page at WordPress. Impressive.
    I tought https:// is only needed when you try to type in your credit card number or placing online order.

    Million thanks WP Guys.

    Like

  51. prazim

    Hi Heather,
    I’m guessing this is for WordPress hosted blogs? I tried it my self-hosted blog and there is no field in my profile area for using https.
    Sue

    Like

  52. juleslife

    Gees! when I think you guys cannot get any better…You do! Way to go guys! Cheers!

    Like

  53. Soccatoon

    Give it a try. Thanx!

    Like

  54. adi.nugroho

    As kids, we all loved Sesame Street’s Cookie Monster.

    …LOL
    (^_^)

    Like

  55. nana78

    Yeah…it so good

    Like

  56. કુણાલ

    m using google chrome .. and it says that,

    – There are several SSL errors on this page: This page contains some insecure elements, This page cont…, ….

    Couldn’t find a way to resolve it .. coz it’s accepted the certificate, it says that the page is coming from trusted source and everything … no problems whtsoever in accepting the certificate but some page elements are becoming source of this error … !!

    plz … F1.. F1 …

    Like

  57. Mohammed

    Superb…done that ;)

    Like

  58. sulochanosho

    Really the most needed tool to stall the hawkers from hijacking the sites and data
    – a boon to the millions of WordPress Bloggers. I was always worried –
    what happens if some hawkers intercept and undo our blogs. You know, we are so much attached
    with our blogs and interaction that it has become another virtual life
    to us. Now at least I feel assured.

    The data, information available on the WordPress in the form of Blogs are
    not less than a Global Encyclopedia, which you dont find in traditional cut and censored
    sources. I tell, the uninhibited expression of thoughts and outburts that has come
    on the Blogs are of immense value and that ‘ll go a long way in the evolution and
    recycling of the process of our humanity and world on a new paradigm.

    Like

  59. umair

    great job!

    Like

  60. rvgleaders

    thank u

    Like

  61. gvijaikumar9

    Thanks very much, my wordpress blog hacked once and i’ll definetly configure this

    Like

  62. Pingback: WordPress security versus TypePad security « TypePad versus WordPress
  63. artpredator

    awesome–thanks WordPress for staying on top of it! protection without wearing a raincoat!

    Like

  64. Zul

    Thanks heather!

    Like

  65. mclearskin

    Done. That was my concern. Thank you.

    Like

  66. andyash

    1. What if I use WP at home or work and SSL (as well as TLS) are already used through Internet Explorer Settings?

    2. Will enabling HTTPS affect posting via Windows Live Writer?

    Like

  67. Heather

    @andydash:

    1. Those settings just enable the browser to connect over HTTPS. You’ll still need to enable the option to visit WordPress via HTTPS in your profile.
    2. No, LiveWriter will not be affected by or have an effect on HTTPS.

    Like

  68. govjobs

    Awesome great thanks.

    Like

  69. sachinsrini

    thanks

    Like

  70. programmervb

    Thank’s

    Like

  71. neilosjay

    Gentials…..
    Now no body can steal myself from me!!!

    Like

  72. zacca

    Excellent enhancement.
    Thank you.

    Like

  73. gyl.

    Done. Thanks for the heads up!

    Like

  74. airbornb

    Zuper, thanks guys!

    Like

  75. deigratia

    Love those Secure socket layers Matt and crew “well done”

    Like

  76. Mr.Rockmantico

    Cool!! Thanks ;-)

    Like

  77. kaet

    Thanks Heather – I found it this time!

    Like

  78. grovenews

    You never stop to amaze. Every other day you come up with new features that makes it so much easier and secure to use wordpress. Not for nothing is this the best blogging platform. I feel like sacrificing a hundred virgins in your honour. Keep up the good work.

    Like

  79. ibsconsulting

    Thank for your great effort
    want to be the best

    Like

  80. dandelionsalad

    Thanks so much. This even helped fix a bug I had on my blog when adding links to previous posts so I’ll be using this all the time now. Cheers!

    Like

  81. Ron

    Done that – thanks. Problem is now, within Admin, page transitions are painfully slow (nope, it’s not my computer or connection). Is this going to be the norm from now on, or is it a temporary glitch?

    For the sake of enhanced security it’s a small price to pay, I suppose. . .

    Like

  82. Armando Netto

    COOL! Most Security now for wordpress blogs.

    Abraços.

    Like

  83. Yasir Imran

    Brilliant, you guys did a great work
    well chances of blogjack decreased a bit
    Thanks WP tema

    Like

  84. Pingback: Gearing up for SSL to WordPress with Safari at bioneural.net
  85. Ron

    Sorry – it really is way too slow and I’m unchecking the option – I’ll take my chances, especially as I’ve just lost an entire post in the transition from text box to full screen, and that really is too high a price (yeah, I should have saved it first, but that’s not the point). . .

    Like

  86. kika_simone

    Thanks! :P

    Like

  87. NeoOoeN

    Ok, that vidz is epic.

    Thanks .

    Like

  88. baysidelady

    Thankyou to you and our brainy developers! :)
    I just did it, and found very easy to do ~~ so easy even I could do it.

    Like

  89. sugoistanley

    nice step ahead wordpress!
    i like that SSl things, makes me feel secure when blogging..

    Like

  90. theblackrat

    Thanks Heather, that SSL tip and the IE alert setting were great pieces of advice.

    Like

  91. Scott Fillmer

    great idea, don’t know why I was thinking all admin pages were already ssl enabled, thanks.

    Like

  92. Gu

    its the best

    Like

  93. Muhamad Rizal Avif Khan

    Brilliant ;)

    Like

  94. O. Braga

    Thank you!

    Like

  95. 3dwarehouse

    nice Its cool

    Like

  96. eideard

    Dynamite. Thanks, Heather.

    Like

  97. Dark Crow200

    Awesome!

    Like

  98. Leo Agusto

    thanks again

    Like

  99. afruj

    Cool! Really Good feature.

    Like

  100. sutardjo70

    good…..thanks

    Like

Follow

Get every new post delivered to your Inbox.

Join 17,846,451 other followers

%d bloggers like this: