Ever since I started working on Automattic and WordPress.com full-time I’ve found myself working at places like cafes and various other places with wireless internet connections around town. It’s nice because they make far better hot chocolate than I do. I’ve also been lucky enough to find myself at some great conferences around the world, for example I’m heading to SxSW Interacive next week. Any conference worth its salt these days provides free wifi.
This is great, but the internet can be a dangerous place. What most people don’t realize is that almost everything they do on the internet, with the exception of things like e-commerce, is transmitted in clear text. This means the data could be readable to anyone who listened. People use things like “packet sniffers” that let them observe and log traffic on a local network, for example that free wifi connection you and 50 of your closest trusted friends are on.
There are ways around this using things like VPN or SSH tunnels, but mostly they’re beyond the reach of us mere mortals to use. I know personally if I’m a techy conference I’m less likely to post to my blog because someone could just “sniff” my password and traffic and cause all sorts of travel.
We’ve made it so you never have to worry about this on WordPress.com. You’re safe blogging here now.
Using the same technology that online stores like Amazon.com and your bank do, we’re now securing all the important bits of your blog using SSL. What this means is that when you’re logging in or posting to WordPress.com, all of your traffic will be encrypted so anyone “sniffing” it will just see a bunch of gibberish. This is free and immediately available for all our users.
On a technical level, what we’ve done is restricted your login cookies to be SSL-only, which means they will never be transmitted in the clear, and we’re encrypting the cookies sent in the clear to make it difficult for anyone to impersonate your login.
There are still one or two kinks we’re working out, particularly for this main blog, but at worst you may see a security warning about the SSL certificate. If you have any problems please let us know using the feedback form.
Also, because we love you so much, we’ve made the code we’re using to do this available as a WordPress plugin. All you need is a SSL certificate and WordPress 2.1-alpha.
Anyway, now when you go to conferences or that sketchy coffee house blog without fear.