We’re proud to support a more secure web — now for all custom domains on WordPress.com.
HTTPS Everywhere: Encryption for All WordPress.com Sites
Apr 8, 2016 @ 5:10 pm
Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com. This brings the security and performance of modern encryption to every blog and website we host.
Best of all, the changes are automatic — you won’t need to do a thing.
As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws.
WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com.
The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.
For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.
Web encryption provides more than security
Protocol enhancements like SPDY and HTTP/2 have narrowed the performance gap between encrypted and un-encrypted web traffic, with encrypted HTTP/2 outperforming un-encrypted HTTP/1.1 in some cases.
Google also announced HTTPS is used as a ranking signal in search results, with HTTPS-enabled sites ranked above their plaintext counterparts.
As a WordPress.com site owner, keep an eye out for this feature on your custom domains. Once your site is HTTPS-enabled, you should see a green lock icon in your browser’s address bar. All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https:// instead of http://). We will transparently handle all the complexities of SSL certificate management for you.
We take security seriously, and we’re proud to offer this to WordPress.com users. For more information about encryption, please see our support documentation.
71 Comments
Please do not use these comments for asking questions, support, or bug reporting. Use the forums or support contact form for that.
Please read our comment guidelines before posting.
Thanks for the good post. Good information.
LikeLiked by 1 person
Nicely done! I like this!
LikeLiked by 2 people
After being spammed; I am glad you are taking things to the next level.
LikeLike
Great move. Security is crucial in the digital world, and I can now feel more secure now you’ve announced this news. Thanks a bunch WordPress, your help is much appreciated
.
Alex Smithson
LikeLiked by 3 people
Great except I haven’t been able to publish my blog for almost a month and there’s no one to tell me why. Thanks:
R
LikeLiked by 1 person
Hi @flowersnaturally can you please contact us here for help with that? https://en.support.wordpress.com/contact
Happy to take a closer look!
LikeLiked by 2 people
Great service to all of us.Thanks.
LikeLike
Thank you! THANK YOU! Much gratitude to every one who has been working on this. Those Firefox alerts are driving me bananas!
LikeLiked by 1 person
Good relief to know this. Thanks WordPress.
LikeLike
Thank you, WordPress!! 👍🏻
LikeLiked by 1 person
Great! Keep up the great work you do for us…
LikeLike
Thanks very much for your constant attention to our needs.
LikeLike
This is good news!
LikeLike
Congratulations on launching this very, VERY important part of today’s internet world! Security is a HUGE thing for me, as I am sure many others are just as concerned. Thank you! I feel better, now! SERIOUSLY! Network security was a very important job I had, once.
LikeLiked by 1 person
Great work. Thanks!
LikeLiked by 1 person
Thank you for letting us know.
LikeLike
Awesome, thank you.
Like
Yay! So glad to read this.
LikeLiked by 10 people
Way to go!! I am thrilled!
LikeLiked by 2 people
Awesome! Thanks for the information!
LikeLiked by 1 person
Good job. Thank you for all you do. Security rocks.
LikeLike
Great. Thanks for your concern. We are quite secured.
LikeLike
Glad to hear that! Awesome news.
❤
LikeLike
Sounds great! One question: If a site is already hacked, what will the encryption do after the fact?
LikeLike
Hi Jean,
HTTPS encryption doesn’t really help you with that problem, but if you think there is a security problem with your WordPress.com site please contact our support team and they will help you right away.
LikeLike
Cool… that’s a good news!
LikeLike
Another feather in the WordPress.com hat! Many thanks!
LikeLike
Great initiative! I really appreciate this.
LikeLike
I’ve requested this feature with many more WordPress Bloggers. Thank you WordPress!
LikeLike
Reblogged this on My WP and CH Experience.
LikeLike
Great move! Well done
LikeLike
This is great!
LikeLike
Good work and thank you!
LikeLiked by 2 people
Wow! Now that I have a better understanding of the numbers involved, just wow! Thanks, Barry and WordPressdotcom.
LikeLike
This is great and welcome news — thank you for doing this! And thanks to Let’s Encrypt for making it possible!
LikeLike
Thank you very much. Great news.
LikeLiked by 2 people
Now that’s a change I can get behind 100%. Thank-you very much.
LikeLike
Thank you WordPress. Good news. Frances
LikeLike
Thanks WordPress
LikeLike
Thank you WordPress! I only actually restarting with you guys after a few years of intense study and this is a nice way to open. It’s nice to know you’ve got our backs!
LikeLiked by 1 person
I am very thankful, of course, but now wonder if we must change all our links to our site, such as when we guest post elsewhere…hope not….
LikeLike
Hi Katherine,
There is no need to change any links – they will all redirect automat(t)ically.
LikeLiked by 1 person
Barry, I can’t believe you missed the obvious pun! The changes are “automat(t)ic”! Thanks for the enhanced feature.
LikeLiked by 1 person
I love WordPress and recommend it to everyone I know because the people running it are constantly trying to make it a better, friendlier, electronic place. Thank you.
LikeLike
Thanks for this. A great step forwards
LikeLike
I’ve been waiting for this for a long time, thank you! Also thanks for HTTP/2.
Can we have HSTS, too, now that the difficult part is done?
LikeLike
Hi Matthias,
We are looking at the feasibility of supporting HSTS and maybe some additional security-related features.
LikeLike
Great news. I was just about to migrate away. Many, many thanks.
LikeLike
I am so very happy about this development. As someone who puts the nose out there it’s great to know I won’t get a good sock right off the bat. Thank you so much for all you do People’s. (((HUGS)))
LikeLike
Love it. This is great.
LikeLike
This is wonderful news! Thanks WordPress.❤
LikeLike
We are informed. Thanks. ☺
LikeLike
When will this go into effect? I am not clear, but it seems as if you were saying this should be done by now, but my site (praynwatch.com) hasn’t changed at all. Is there something I need to do, or is this coming later??
Thank you!
LikeLike
Hi Connie! This announcement only applies to sites hosted on WordPress.com. It looks like your site is hosted by HostGator – you should contact them if you want HTTPS support for your site.
LikeLike
That is fantastic! All of your users will greatly benefit from Https encryption and it’s awesome that you are rolling that out. This has so many benefits, such as ranking help for seo and better performance, which is also a ranking factor. Site speed has been announced as a ranking factor, so this is kind of like a double-whammy. Great job guys!
LikeLike
Reblogged this on iamsteve.in – angry.scot and commented:
Great news!
LikeLike
Great news Barry!
LikeLike
Great news! Thumbs up! Thank you very much!!!
LikeLike
Barry, I am trying to send an email to the address: https://en.support.wordpress.com/contact but keep getting an error message: The server response was: The recipient address isnot a valid RFC-5321 address. l4sm39631342pfi.73 – gsmtp
Could you provide an alternate way to get a HELP message to your support team re: http://www.pioneerheritagegardens.org? Thanks.
LikeLike
The email address you’re looking for is help@wordpress.com — this should do the trick.
LikeLike
After all the trouble I had with this issue it’s nice to know it is getting resolved.
LikeLike
WordPress is the best.
LikeLike
This is a welcome improvement. Now if only a few other hosters would follow suit.
LikeLike
A good improvement. Now if WordPress could just add SOME more features to the templates, where you add pages, etc.
LikeLike
What about the http address we may have up at other sites where we’ve advertised our blog/website? For instance, I have the http address in all my published books. Do I have to change the http to https? Out of curiosity, I typed in the address using the http and it went to my site. Will this continue to be redirected if someone used the http? Thank you. I like the idea of https.
LikeLike
Hi Mary,
Yes, we seamlessly redirect http to https – no need to manually update any links.
LikeLike
Oh, thank goodness!
Thank you, Barry.
LikeLike
Reblogged this on Author Mary J. McCoy-Dressel and commented:
Hot Off the Press from WordPress. Well, this makes me feel good.
LikeLike
Everything is automatic at Automattic… loved it…
LikeLike
unfortunately seems like this great update has led to a redirect error on my site! could you advise on how to fix it?
https://soniamao.com/
LikeLike
Hi, sorry about that. It seems to be a problem with your Cloudflare configuration. Can you please make sure that configure Cloudflare is configured to use HTTPS to connect to the origin (WordPress.com). If you have any questions, I would suggest asking their support team.
LikeLike