Protect Your Blog with SSL

As kids, we all loved Sesame Street‘s Cookie Monster. (Who couldn’t relate to a guy who loves snacks?!) But now there’s another CookieMonster on the street, and he’s not so nice.

This CookieMonster is a toolkit that tricks your browser into handing over sensitive information, and it’s one of a number of new tactics used to steal your data and, potentially, hijack your accounts.

WordPress has always taken steps to ensure that your data is safe. Now we want to make it easier than ever for you to avoid evil blogjackers that prey on security vulnerabilities.

Click on Edit Profile in the My Account menu of your dashboard and you’ll see a new field called Browser Connection. There, you can opt to “Always use HTTPS when visiting administration pages.” Click Update Profile to save the change, and you’ll be logged out. Sign back in, and you’re rolling with SSL, which encrypts your connection and helps prevent data scavengers from stealing your password and other info.

HTTPS has always been supported on WordPress.com, but it’s now even easier to remember. HTTPS is highly recommended when you’re accessing your account on a public network. Check out this video to learn more:

New Note: Using HTTPS will slow down your blogging speed significantly. Go Turbo with Gears to help speed things up. Check out this page of the FAQ for more information on using Gears — now supported on Safari for Mac!


Missing out on the latest WordPress.com developments? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications - please check your spam folder if you don't receive this.

Join 65,688,207 other followers

248 Comments

Comments are closed.

  1. Brasil em 1° Lugar!

    My God! I knew that neither had the possibility of having stolen my blog! Mutio good article and the tool, since I am using .. S
    Thanks for the tip and the security provided by wordpress. great work.

    Thank you

    Like

  2. विनय प्रजापति

    I am feeling powerful now, great!

    Like

  3. mcloide

    Awesome .. thanks.

    Like

  4. kickaway

    I love it!!

    Like

  5. scaccesstojustice

    I’m new to wordpress and the world of blog, but am glad that you have my back.

    Like

  6. turknetline

    Sound and safe
    Thank you

    Like

  7. archit

    really cool….

    Like

  8. muccamargo

    Good! Very Good! Thanks!

    Like

  9. Raúl Retana

    Well done guys! 🙂

    Like

  10. Pingback: CookieMonster: Not As Sweet As It Sounds! « iMuslim
  11. allforblue

    thank you, so cool

    Like

  12. larussophobe

    Heather, I did exactly that and the warnings persist. It’s very annoying.

    Like

  13. Heather

    @larussophobe: Check out this page of the FAQ for more detailed instructions on how to disable those warnings. If you’re still being bothered by them, please contact Support.

    Like

  14. Rob

    Thanks a bunch!

    Like

  15. Redwan Ahmed

    how do you do it, i can’t do it

    Like

  16. admiral360dude

    I hope this does not cost money.

    Like

  17. Vikas Gupta

    Ms. Heahter,

    Your black, thick glasses look cool! But your photo needs more light. Lack of adequate light puts some strain on the eyes. Rest is okay. I will do the needful. Thank you.

    Like

  18. Atomsk Andrew

    Pretty good video for that 😉
    Awesome, finally I can be a little less worried too! Those dang Library Machines are about as secure as a open from yard (Which is obviously not very secure).

    Thanks for that work!

    Like

  19. Nita

    Security measures are always great to have. However as it slows down the blog and my internet speed is not ideal, I think I will use it when I am traveling. Thanks for this feature.

    Like

  20. Mistress D

    This is an awesome feature but as a result of adding it my pages now load extremely slow. Kinda annoying but I guess this is the price to pay for protection.
    Thanks

    Like

  21. Heather

    @Nita, @Mistress D, and others: Yes, enabling HTTPS will slow down your blogging speed. I’ve added an update to this post to emphasize that point, with a link to the FAQ for more info on Gears, which can help speed things up. When you’re on a secure network, just disable HTTPS to get back to superfast blogging.

    Like

  22. fracas

    Many thanks for the added security, and the information!

    Like

  23. Manish

    Its another feather in WordPress’ cap. I love wordpress from the core of my heart!

    Like

  24. yasetti

    thanks for informing us.

    Like

  25. Dinesh Babu

    This is a nice feature, Thank you and I am enabling it in my blog.

    Like

  26. Pingback: Keep your Wordpress Account Secure « Madurai Veeran Times
  27. twiddlebee

    That’s so bogus! When is the last time you login from a public network or a net café?

    If you really care about WordPress users security why then don’t you stop showing peoples real IP addresses and stop been a hypocrite.

    Like

  28. grupohypermarkup

    Thanks, very self-explaining!

    Like

  29. beheader69

    hey,,,,,,congratz…

    Like

  30. Laporan

    Miss Heather, when see your avatar, i am fall in love. 😉

    Like

  31. CC Farber

    Not much difference, if at all, in my speed. Already because I had Turbo installed on all my frequently used comps. 😀

    Like

  32. mowloft

    this will be helpful thank u i know ill use cookie monster lol

    Like

  33. judys424

    Instructions were clear..got it working right away. Thanks

    Like

  34. هزاران نقطه

    very cool and great. thanks 🙂

    Like

  35. handigzeg

    You are hot.

    Like

  36. nenyok

    Good explain 🙂

    Like

  37. kiwipolemicist

    Please tell me if this is it in a nutshell: if I’m using my home computer or another computer that I *know* is secure with an up-to-date firewall and virus scanner then I don’t need to turn on SSL. For any other computer or internet connection I need to turn on SSL.

    Have I got that right? Thanks.

    Heather’s avatar reminds me of Princess Leia 🙂

    Like

  38. Heather

    @kiwipolemicist: Firewalls do not prevent others from monitoring your data through an open network. The method of attack is not a virus, so virus scanners won’t be of use, either.

    If you’re not sure whether your network is secure, check your network settings on your computer and consult with your router manufacturer. You may also want to do some googling for “how to secure a network.” Here are a couple of articles I found that may be of use:

    How to Secure Your Wireless Network
    How to Secure Your Home Wireless Network

    Like

  39. 1000asale

    Protect your blog with ssl is priceless. I didn’t understand it at first, but now I SEE!

    GREAT JOB YOU GUYS! KEEP DAT INFO FLOWING!

    Mario

    Like

  40. Ahmad . M . G

    Good
    thank u 🙂

    Like

  41. Gabriela

    Thanks for let us know about it!!!! Congrat.
    Gaby

    Like

  42. Pingback: Top Posts « WordPress.com
  43. origamifreak

    Very nice. Thanks for the reminder!

    Like

  44. blulady

    I changed to the “always use https” but ever since I get “certificate error” messages. While it is a good idea to make my blog more secure, the certificate error messages were getting to be annoying.

    Like

  45. Jamaican Dawta

    Thanks!!! Appreciate this!

    Like

  46. drcorner

    Good stuff. Just curious but on the Security front, will we ever see Comment authentication options for Comment spam (for example, entering characters based off of a picture)?

    On larger blogs, constantly monitoring the Comments queue can be inefficient.

    Thanks. 😀

    Like

  47. aminhers

    I believe, WP always give us the best

    Like

  48. Pingback: WordPress News and Announcements on WordPress 2.7 and More « Lorelle on WordPress
  49. GenSephyr

    Thank you!
    This makes things alot easier without needing to type in the extra ‘s’ and reload the page everytime I visit the admin.

    Like

  50. Ithaca Real Estate Broker

    Thanks for the info and a well done presentation!

    Like

  51. al93

    cool! thnks! would you make some spanish-video?.. i may..

    (not a good english.. i know.. spanish speaker!) xD

    Un saludo
    Al93

    Like

  52. topheritage

    i don’t have problems with uploading anymore, thanks!

    Like

  53. dsnugraha

    feeuuwwwiiiittt….. great tips!!

    Like

  54. imr2

    Thank you for providing the security tool and information. And thank you also for your continued explanations in helping us understand how to operate and utilize it. Enhanced security is always a good and welcomed thing. Thank you WordPress. 🙂

    Like

  55. Pingback: Suojaa blogisi Blogjackersejä vastaan « Parallel Lines
  56. asupremenewyorkthing

    I ❤ Heather

    Like

  57. ld624

    Very Good!

    Like

  58. stripfat

    Wow..
    now blogging become secure..

    Like

  59. radith

    thanks for the information, appreciate this, thank you very much

    Like

  60. uisjob1

    Thanks for this tips

    Like

  61. special11

    Thanks for the help!!!

    Like

  62. Hameedullah Khan

    Again an awesome feature, for a security paranoids like me :).

    Like

  63. Junaidi

    Thanks for your information. Very helpfull

    Like

  64. daviddesouza

    neat stuff!

    Like

  65. juvengle

    gotta check it 😉 thanks

    Like

  66. Aafke

    Excellent! And Ioved the video!
    Am now going to update 😀

    Like

  67. Pingback: Fă-o, dacă nu ai făcut-o deja. « Rebusul vieţii
  68. Manoj Sterex

    This is a very good feature for people who blog away from home as well. 🙂

    But I have a suggestion to make, why not enable https:// always *while* the person is logging in (i.e. for the login page) and revert back to http:// when the person is logged in?

    This way, the wordpress account information is safe. And people can choose if the data transmitted after logging in (posts and pages) require https:// as well.

    Like

  69. gstrzok

    Heather, thank you for taking the time to share your insights into this issue as well as the solution to it. Is is selfless actions like this one that always bring a smile to my face.

    Like

  70. bakinghistory

    Thank you so much!

    Like

  71. Scietech

    Thanks a lot, folks!

    Like

  72. vegetplotlot

    Great thanks for the inform, it certainly helps to boost my confidence to use WordPress.

    Like

  73. jlyndsignz05

    thank you for this security feature

    Like

  74. Pingback: Latest News on the Blog System Front | Blog Tipz
  75. Harshad Joshi

    Chrome does come with Google Gears functionality inbuilt so as to offer fast browsing

    Is it a subtle way to suggest that we need to move on using Google Chrome on Windows.. 😉

    Like

  76. gobasic

    thank you.

    Like

  77. Dedy Irsad

    Good job..

    Thanks for your info..

    Like

  78. Yosuan

    cool stuff, Thanks

    Like

  79. rido284

    wow..cool.. 😉

    Like

  80. khalifavi

    as usual, nothing to say,
    wordpress developer seems know ‘almost’everything we need,
    thanks

    Like

  81. misshynes

    LOOOOOOVVVEEE Cookies.. but not the one on the movie.. lol..
    TY Heather for making this.. It will be very useful for all of us. 🙂

    Like

  82. Pingback: Blog security « Test Patterns
  83. Pingback: Protect Your Blog with SSL « How good is that?
  84. URCHIN7PC

    Good idea.

    Like

  85. seosocialbookmarks

    Thanks for great post and vdo.

    Like

  86. Recent bookmark

    Nice move ! thanks alot

    Like

  87. Xue Wen

    Thanks…

    Like

  88. sysblog

    Thanks a bunch, wordpress team, for yet another great feature! And one I’ve been waiting for for ages!

    But why not take it one step further and thing of all those who’s (IP) packets go through censorship firewalls, e.g. the big wall, or any who fear their free information retrieval and freedom of speech (posting should now already be secured, I assume) is at risk. Why not have all pages be accessible via https? Certainly this also is a speed issue. But wouldn’t it be worth it? I’m sure you guys once again will figure out a solution!

    Like

  89. skashliwal

    Thank you!

    Like

  90. Ryan

    thank you

    Like

  91. المتفائلـة بربهـا

    thanks , I do it

    Like

  92. rajesh301

    one step towards security 🙂
    thank you

    Like

  93. Pingback: HTTP cannot be longer used for authenticated web sites « Bits and Chaos
  94. tofery

    Thank your wise job, indeed.

    Like

  95. danmurray01

    It’s nice to hear this news, good job. However, I don’t think I need it because I only use my office and home connection.

    Like

  96. betal

    WOWOWOOWOWOWOWOWWO THANK YOU IS VERY NICE !!!!!!!

    Like

  97. eideard

    Did it. Then, un-did it.

    Slowed things down perceptibly.

    Like

  98. nearlynothingbutnovels

    Thanks! Jim

    Like

  99. Ben Kim

    Thanks, Great.

    Like

  100. cwash

    This is a great tool to help ward off hackers.

    Like

Create your new blog or website for free

Get Started

%d bloggers like this: