The WordPress.com Blog

The WordPress.com Blog

HTTPS Everywhere: Encryption for All WordPress.com Sites

We’re proud to support a more secure web — now for all custom domains on WordPress.com.

Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com. This brings the security and performance of modern encryption to every blog and website we host.

Best of all, the changes are automatic — you won’t need to do a thing.

As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws.

WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com.

The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.

For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.

Web encryption provides more than security

Protocol enhancements like SPDY and HTTP/2 have narrowed the performance gap between encrypted and un-encrypted web traffic, with encrypted HTTP/2 outperforming un-encrypted HTTP/1.1 in some cases.

Google also announced HTTPS is used as a ranking signal in search results, with HTTPS-enabled sites ranked above their plaintext counterparts.

As a WordPress.com site owner, keep an eye out for this feature on your custom domains. Once your site is HTTPS-enabled, you should see a green lock icon in your browser’s address bar. All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https:// instead of http://). We will transparently handle all the complexities of SSL certificate management for you.

We take security seriously, and we’re proud to offer this to WordPress.com users. For more information about encryption, please see our support documentation.


Missing out on the latest WordPress.com developments? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications - please check your spam folder if you don't receive this.

Join 31,787,779 other followers

71 Comments

Comments are closed.

  1. Gama

    Thanks for the good post. Good information.

    Liked by 4 people

  2. rohvannyn

    Nicely done! I like this!

    Liked by 4 people

  3. donnabgoode

    After being spammed; I am glad you are taking things to the next level.

    Liked by 3 people

  4. Alex Smithson

    Great move. Security is crucial in the digital world, and I can now feel more secure now you’ve announced this news. Thanks a bunch WordPress, your help is much appreciated🙂.

    Alex Smithson

    Liked by 6 people

  5. flowersnaturally

    Great except I haven’t been able to publish my blog for almost a month and there’s no one to tell me why. Thanks:

    R

    Liked by 4 people

  6. Kathryn Grace

    Thank you! THANK YOU! Much gratitude to every one who has been working on this. Those Firefox alerts are driving me bananas!

    Liked by 4 people

  7. mythoughtlane

    Good relief to know this. Thanks WordPress.

    Liked by 3 people

  8. John

    Thank you, WordPress!! 👍🏻

    Liked by 4 people

  9. InFinnity

    Great! Keep up the great work you do for us…

    Liked by 3 people

  10. JohnAmes

    Thanks very much for your constant attention to our needs.

    Liked by 3 people

  11. Carla Doria

    This is good news!

    Liked by 3 people

  12. ...the Island Girl!

    Congratulations on launching this very, VERY important part of today’s internet world! Security is a HUGE thing for me, as I am sure many others are just as concerned. Thank you! I feel better, now! SERIOUSLY! Network security was a very important job I had, once.

    Liked by 4 people

  13. Jet.Structural@gmail.com

    Great work. Thanks!

    Liked by 4 people

  14. genearttech7

    Thank you for letting us know.

    Liked by 3 people

  15. nocturnaltwins

    Awesome, thank you. 🙂

    Liked by 1 person

  16. Vox Populi

    Yay! So glad to read this.

    Liked by 13 people

  17. Resa

    Way to go!! I am thrilled!

    Liked by 4 people

  18. Jaclyn H

    Awesome! Thanks for the information!

    Liked by 4 people

  19. theblogaboutbeautifulthings

    Good job. Thank you for all you do. Security rocks.

    Liked by 2 people

  20. nvsubbaraman

    Great. Thanks for your concern. We are quite secured.

    Liked by 3 people

  21. Eljuno KASIH

    Glad to hear that! Awesome news.🙂❤

    Liked by 3 people

  22. Jean Eisenhower

    Sounds great! One question: If a site is already hacked, what will the encryption do after the fact?

    Liked by 3 people

    • Barry

      Hi Jean,

      HTTPS encryption doesn’t really help you with that problem, but if you think there is a security problem with your WordPress.com site please contact our support team and they will help you right away.

      Liked by 2 people

  23. MJ

    Cool… that’s a good news!

    Liked by 3 people

  24. dw

    Another feather in the WordPress.com hat! Many thanks!

    Liked by 3 people

  25. Klaus Jochem

    Great initiative! I really appreciate this.

    Liked by 3 people

  26. Jean-Paul van Ravensberg

    I’ve requested this feature with many more WordPress Bloggers. Thank you WordPress!

    Liked by 3 people

  27. dakisha

    Reblogged this on My WP and CH Experience.

    Liked by 3 people

  28. poetanasciturblog

    Great move! Well done

    Liked by 3 people

  29. yosh434

    This is great!

    Liked by 3 people

  30. bridie83.

    Good work and thank you!

    Liked by 5 people

  31. JenT

    Wow! Now that I have a better understanding of the numbers involved, just wow! Thanks, Barry and WordPressdotcom.

    Liked by 3 people

  32. brainwane

    This is great and welcome news — thank you for doing this! And thanks to Let’s Encrypt for making it possible!

    Liked by 3 people

  33. Avery Goodday

    Thank you very much. Great news.

    Liked by 5 people

  34. dbp49

    Now that’s a change I can get behind 100%. Thank-you very much.

    Liked by 3 people

  35. penpatience

    Thank you WordPress. Good news. Frances

    Liked by 3 people

  36. webaregy

    Thanks WordPress🙂

    Liked by 3 people

  37. amanda60

    Thank you WordPress! I only actually restarting with you guys after a few years of intense study and this is a nice way to open. It’s nice to know you’ve got our backs!

    Liked by 4 people

  38. katharinetrauger

    I am very thankful, of course, but now wonder if we must change all our links to our site, such as when we guest post elsewhere…hope not….

    Liked by 3 people

  39. rushbabe49

    Barry, I can’t believe you missed the obvious pun! The changes are “automat(t)ic”! Thanks for the enhanced feature.

    Liked by 4 people

  40. The Great Unwashed

    I love WordPress and recommend it to everyone I know because the people running it are constantly trying to make it a better, friendlier, electronic place. Thank you.

    Liked by 3 people

  41. thesciencegeek

    Thanks for this. A great step forwards

    Liked by 3 people

  42. Matthias

    I’ve been waiting for this for a long time, thank you! Also thanks for HTTP/2.

    Can we have HSTS, too, now that the difficult part is done?🙂

    Liked by 3 people

  43. bridgerjones

    Great news. I was just about to migrate away. Many, many thanks.

    Liked by 3 people

  44. onedman

    I am so very happy about this development. As someone who puts the nose out there it’s great to know I won’t get a good sock right off the bat. Thank you so much for all you do People’s. (((HUGS)))

    Liked by 2 people

  45. bythefirelight

    Love it. This is great.

    Liked by 3 people

  46. Lisa Pomerantz

    This is wonderful news! Thanks WordPress.❤

    Liked by 3 people

  47. Ariél Salle

    We are informed. Thanks. ☺

    Liked by 3 people

  48. Connie

    When will this go into effect? I am not clear, but it seems as if you were saying this should be done by now, but my site (praynwatch.com) hasn’t changed at all. Is there something I need to do, or is this coming later??

    Thank you!

    Liked by 3 people

    • Barry

      Hi Connie! This announcement only applies to sites hosted on WordPress.com. It looks like your site is hosted by HostGator – you should contact them if you want HTTPS support for your site.

      Liked by 3 people

  49. gsquaredstudios (@gsquaredstudios)

    That is fantastic! All of your users will greatly benefit from Https encryption and it’s awesome that you are rolling that out. This has so many benefits, such as ranking help for seo and better performance, which is also a ranking factor. Site speed has been announced as a ranking factor, so this is kind of like a double-whammy. Great job guys!

    Liked by 3 people

  50. Clicky Steve

    Reblogged this on iamsteve.in – angry.scot and commented:

    Great news!

    Liked by 3 people

  51. Clicky Steve

    Great news Barry!

    Liked by 3 people

  52. Markus Dewerny

    Great news! Thumbs up! Thank you very much!!!

    Liked by 3 people

  53. shannond

    Barry, I am trying to send an email to the address: https://en.support.wordpress.com/contact but keep getting an error message: The server response was: The recipient address isnot a valid RFC-5321 address. l4sm39631342pfi.73 – gsmtp

    Could you provide an alternate way to get a HELP message to your support team re: http://www.pioneerheritagegardens.org? Thanks.

    Liked by 3 people

  54. Tina's Faerie Files

    After all the trouble I had with this issue it’s nice to know it is getting resolved.

    Liked by 4 people

  55. Patrick Lumumba.

    WordPress is the best.

    Liked by 3 people

  56. rberteig

    This is a welcome improvement. Now if only a few other hosters would follow suit.

    Liked by 3 people

  57. newcastleflyer

    A good improvement. Now if WordPress could just add SOME more features to the templates, where you add pages, etc.

    Liked by 3 people

  58. Mary J. McCoy-Dressel

    What about the http address we may have up at other sites where we’ve advertised our blog/website? For instance, I have the http address in all my published books. Do I have to change the http to https? Out of curiosity, I typed in the address using the http and it went to my site. Will this continue to be redirected if someone used the http? Thank you. I like the idea of https.

    Liked by 3 people

  59. Mary J. McCoy-Dressel

    Reblogged this on Author Mary J. McCoy-Dressel and commented:
    Hot Off the Press from WordPress. Well, this makes me feel good.🙂

    Liked by 2 people

  60. Bryant Ocampo

    Everything is automatic at Automattic… loved it…

    Liked by 4 people

  61. soniamao

    unfortunately seems like this great update has led to a redirect error on my site! could you advise on how to fix it?
    https://soniamao.com/

    Liked by 2 people

    • Barry

      Hi, sorry about that. It seems to be a problem with your Cloudflare configuration. Can you please make sure that configure Cloudflare is configured to use HTTPS to connect to the origin (WordPress.com). If you have any questions, I would suggest asking their support team.

      Liked by 2 people

%d bloggers like this: