Protect Your Blog with SSL
As kids, we all loved Sesame Street’s Cookie Monster. (Who couldn’t relate to a guy who loves snacks?!) But now there’s another CookieMonster on the street, and he’s not so nice.
This CookieMonster is a toolkit that tricks your browser into handing over sensitive information, and it’s one of a number of new tactics used to steal your data and, potentially, hijack your accounts.
WordPress has always taken steps to ensure that your data is safe. Now we want to make it easier than ever for you to avoid evil blogjackers that prey on security vulnerabilities.
Click on Edit Profile in the My Account menu of your dashboard and you’ll see a new field called Browser Connection. There, you can opt to “Always use HTTPS when visiting administration pages.” Click Update Profile to save the change, and you’ll be logged out. Sign back in, and you’re rolling with SSL, which encrypts your connection and helps prevent data scavengers from stealing your password and other info.
HTTPS has always been supported on WordPress.com, but it’s now even easier to remember. HTTPS is highly recommended when you’re accessing your account on a public network. Check out this video to learn more:
doneNew Note: Using HTTPS will slow down your blogging speed significantly. Go Turbo with Gears to help speed things up. Check out this page of the FAQ for more information on using Gears — now supported on Safari for Mac!
Email Newsletter
September 16th, 2008 at 9:52 pm
Done
Thank you!
September 16th, 2008 at 9:56 pm
waw
September 16th, 2008 at 9:56 pm
Phew. Im glad that you have found a way to protect us from the ‘CookieMonster’ lol
September 16th, 2008 at 9:58 pm
Heather, I always knew you were the Brains in this outfit. Thank you.
September 16th, 2008 at 9:59 pm
@Lauren: Thank our brainy developers
September 16th, 2008 at 10:01 pm
COOL
September 16th, 2008 at 10:03 pm
Cool! SSL is always the right way to go with the Internet.
September 16th, 2008 at 10:08 pm
Thanks!
The shields are raised captain!
I hope the dilithium crystals can stand the strain of defending us from the data klingons.
September 16th, 2008 at 10:09 pm
Thanks; great enhancement!
But why the heck are you not just activating it by default??
September 16th, 2008 at 10:10 pm
@CB: Enabling HTTPS all of the time would introduce unnecessary slowness to your blogging experience. A password-protected home or office network is more secure than public networks, so HTTPS is likely not needed when you’re logged in at home or work. But the choice is yours if you’d like to enable it all of the time. That’s the beauty of options
September 16th, 2008 at 10:16 pm
Wow… Sounds cool. Might wanna try it later.
September 16th, 2008 at 10:21 pm
Nice work…. i’ll do that…. we’re now safe…. thanks
September 16th, 2008 at 10:28 pm
WordPress is Awesome
Thanks !!
September 16th, 2008 at 10:33 pm
Good feature, security is a think that is obtained in many levels, This is a step
September 16th, 2008 at 10:43 pm
excelent improvement! Thanks!
September 16th, 2008 at 11:00 pm
I did it but it didn’t log me out. So did I do something wrong or are your instructions off? (I’ll log out manually)
September 16th, 2008 at 11:01 pm
Awesome! I get protection! WordPress ROCKS!!!!!!!!!!!!!!!! It’s the best blogging site ever!!!
September 16th, 2008 at 11:11 pm
Sound and safe
Thank you
September 16th, 2008 at 11:15 pm
thanx for this
after the updating profile step – i was not auto logged out
so do i need to log out? and back in for the https thingy to kick in?
will it slow down up/download time?
September 16th, 2008 at 11:17 pm
@David Ker + @hoh: You won’t get logged out after clicking Update Profile if you’ve logged in using https before. Don’t worry, it’s still working!
If you don’t remember logging in using https previously and you aren’t getting logged out, please contact Support.
September 16th, 2008 at 11:27 pm
I must be missing something – I can’t find the Browser Connection field anywhere. I’m trying to follow the instructions you give above, but where exactly is it?
September 16th, 2008 at 11:28 pm
@kaet: Log in to your dashboard and go to the My Account dropdown in the upper left. Select My Profile and you’ll see Browser Connection just below Admin Color Scheme on your profile page.
Check out the video for a more detailed walkthrough. Promise it will be worth the watch
September 16th, 2008 at 11:29 pm
Awesome news, I wasn’t aware that SSL was supported but I’ll be sure to use it now.
I admin my site from 2 or 3 different computers, so any extra security I can get is good.
September 16th, 2008 at 11:40 pm
Great stuff, but is there a way to stop Internet Explorer from popping up a security warning every time I go to a new bit of my dashboard? I changed my settings about five minutes ago and I’m already annoyed about it enough to just try and trust my password…
And please no-one answer my question with ‘yes, use Firefox.’
September 16th, 2008 at 11:47 pm
Heather! – you got my back!!
I like that!
ThanX,
Mr. A® (or IZ it?)
Enabling NOW!!
September 16th, 2008 at 11:54 pm
Thanks for looking out for us.
September 17th, 2008 at 12:05 am
Thank you for this valuable update.
WordPress Rocks!!!
September 17th, 2008 at 12:12 am
OK. But now two Microsoft warnings come up everytime I change a page. What to do about that?
September 17th, 2008 at 12:23 am
If you’re using Internet Explorer, you can turn off those warnings by following these steps:
1) Add *.wordpress.com to your list of trusted sites under the Security tab.
2) Set Internet Options> Security> Trusted Sites> Custom Level> Miscellaneous> Display Mixed Content to “Enable.”
Please contact Support if that doesn’t resolve the issue.
September 17th, 2008 at 12:29 am
Thanks, this will be helpful!
September 17th, 2008 at 12:35 am
Great!
September 17th, 2008 at 12:55 am
Thanks for explaining the “why” part as well :3
September 17th, 2008 at 1:13 am
I especially, having had a major security issue a week ago, am so happy to see that little padlock in Firefox!
September 17th, 2008 at 1:30 am
My WordPress has never been hacked, but it happened to me back in the old MySpace days. It’s not a good feeling. Apparently “I” was sending all my friends ring tone ads. Yuck.
September 17th, 2008 at 1:32 am
wooww.. thanks guys.. u r all the best!
September 17th, 2008 at 1:38 am
Very nice! Security is never enough!
September 17th, 2008 at 1:38 am
thanks for this, i don’t notice about this option before. Security is important thing when we connect to internet. if we open in home PC, is it still possible someone steal our cookies?
September 17th, 2008 at 1:44 am
hm, Let’s try it and see, how my blog slows down
September 17th, 2008 at 1:50 am
Amazing… I remember writing you guys to request this feature weeks ago… I guess you must’ve already had the request from other users and were working hell hard to see it come to life.
Thank you. Keep up the great work and innovative designs!
September 17th, 2008 at 2:06 am
Cool! ….ur I think?
September 17th, 2008 at 2:08 am
gracias!!
September 17th, 2008 at 2:29 am
Surely WordPress is the best! XD
September 17th, 2008 at 2:31 am
I’m gonna do that right now. Thank you!
September 17th, 2008 at 2:45 am
Great, thanks for the Video
September 17th, 2008 at 3:00 am
Good idea.
September 17th, 2008 at 3:08 am
HTTPS:// for my administrator page at WordPress. Impressive.
I tought https:// is only needed when you try to type in your credit card number or placing online order.
Million thanks WP Guys.
September 17th, 2008 at 3:10 am
Hi Heather,
I’m guessing this is for WordPress hosted blogs? I tried it my self-hosted blog and there is no field in my profile area for using https.
Sue
September 17th, 2008 at 3:18 am
Gees! when I think you guys cannot get any better…You do! Way to go guys! Cheers!
September 17th, 2008 at 3:26 am
Give it a try. Thanx!
September 17th, 2008 at 3:33 am
…LOL
(^_^)
September 17th, 2008 at 3:46 am
Yeah…it so good
September 17th, 2008 at 5:05 am
m using google chrome .. and it says that,
- There are several SSL errors on this page: This page contains some insecure elements, This page cont…, ….
Couldn’t find a way to resolve it .. coz it’s accepted the certificate, it says that the page is coming from trusted source and everything … no problems whtsoever in accepting the certificate but some page elements are becoming source of this error … !!
plz … F1.. F1 …
September 17th, 2008 at 5:08 am
Superb…done that
September 17th, 2008 at 5:17 am
Really the most needed tool to stall the hawkers from hijacking the sites and data
- a boon to the millions of WordPress Bloggers. I was always worried -
what happens if some hawkers intercept and undo our blogs. You know, we are so much attached
with our blogs and interaction that it has become another virtual life
to us. Now at least I feel assured.
The data, information available on the WordPress in the form of Blogs are
not less than a Global Encyclopedia, which you dont find in traditional cut and censored
sources. I tell, the uninhibited expression of thoughts and outburts that has come
on the Blogs are of immense value and that ‘ll go a long way in the evolution and
recycling of the process of our humanity and world on a new paradigm.
September 17th, 2008 at 5:19 am
great job!
September 17th, 2008 at 5:44 am
thank u
September 17th, 2008 at 6:04 am
Thanks very much, my wordpress blog hacked once and i’ll definetly configure this
September 17th, 2008 at 6:40 am
awesome–thanks WordPress for staying on top of it! protection without wearing a raincoat!
September 17th, 2008 at 6:44 am
Thanks heather!
September 17th, 2008 at 6:52 am
Done. That was my concern. Thank you.
September 17th, 2008 at 6:53 am
1. What if I use WP at home or work and SSL (as well as TLS) are already used through Internet Explorer Settings?
2. Will enabling HTTPS affect posting via Windows Live Writer?
September 17th, 2008 at 6:54 am
@andydash:
1. Those settings just enable the browser to connect over HTTPS. You’ll still need to enable the option to visit WordPress via HTTPS in your profile.
2. No, LiveWriter will not be affected by or have an effect on HTTPS.
September 17th, 2008 at 6:59 am
Awesome great thanks.
September 17th, 2008 at 7:02 am
thanks
September 17th, 2008 at 7:14 am
Thank’s
September 17th, 2008 at 7:16 am
Gentials…..
Now no body can steal myself from me!!!
September 17th, 2008 at 7:21 am
Excellent enhancement.
Thank you.
September 17th, 2008 at 7:24 am
Done. Thanks for the heads up!
September 17th, 2008 at 7:56 am
Zuper, thanks guys!
September 17th, 2008 at 8:01 am
Love those Secure socket layers Matt and crew “well done”
September 17th, 2008 at 8:25 am
Cool!! Thanks
September 17th, 2008 at 8:30 am
Thanks Heather – I found it this time!
September 17th, 2008 at 9:04 am
You never stop to amaze. Every other day you come up with new features that makes it so much easier and secure to use wordpress. Not for nothing is this the best blogging platform. I feel like sacrificing a hundred virgins in your honour. Keep up the good work.
September 17th, 2008 at 9:19 am
Thank for your great effort
want to be the best
September 17th, 2008 at 9:21 am
Thanks so much. This even helped fix a bug I had on my blog when adding links to previous posts so I’ll be using this all the time now. Cheers!
September 17th, 2008 at 9:47 am
Done that – thanks. Problem is now, within Admin, page transitions are painfully slow (nope, it’s not my computer or connection). Is this going to be the norm from now on, or is it a temporary glitch?
For the sake of enhanced security it’s a small price to pay, I suppose. . .
September 17th, 2008 at 10:05 am
COOL! Most Security now for wordpress blogs.
Abraços.
September 17th, 2008 at 10:06 am
Brilliant, you guys did a great work
well chances of blogjack decreased a bit
Thanks WP tema
September 17th, 2008 at 10:27 am
Sorry – it really is way too slow and I’m unchecking the option – I’ll take my chances, especially as I’ve just lost an entire post in the transition from text box to full screen, and that really is too high a price (yeah, I should have saved it first, but that’s not the point). . .
September 17th, 2008 at 10:40 am
Thanks!
September 17th, 2008 at 10:43 am
Ok, that vidz is epic.
Thanks .
September 17th, 2008 at 10:54 am
Thankyou to you and our brainy developers!
I just did it, and found very easy to do ~~ so easy even I could do it.
September 17th, 2008 at 10:56 am
nice step ahead wordpress!
i like that SSl things, makes me feel secure when blogging..
September 17th, 2008 at 11:01 am
Thanks Heather, that SSL tip and the IE alert setting were great pieces of advice.
September 17th, 2008 at 11:02 am
great idea, don’t know why I was thinking all admin pages were already ssl enabled, thanks.
September 17th, 2008 at 11:18 am
its the best
September 17th, 2008 at 11:51 am
Brilliant
September 17th, 2008 at 1:16 pm
Thank you!
September 17th, 2008 at 1:32 pm
nice Its cool
September 17th, 2008 at 1:40 pm
Dynamite. Thanks, Heather.
September 17th, 2008 at 1:41 pm
Awesome!
September 17th, 2008 at 1:55 pm
thanks again
September 17th, 2008 at 1:57 pm
Cool! Really Good feature.
September 17th, 2008 at 2:06 pm
good…..thanks