In a massive shift to secure Internet, WordPress has announced that it will ensure every website on their platform uses encrypted HTTPS.
Google recently announced that they would be favoring secure domains over non-secure ones and such websites would also be hammered in search rankings. Since then there has been a trend across the Web to adopt encryption and the security benefits that come with it. This move from WordPress is definitely in response to that. However, several major sites have yet to make the switch – according to Google 25% of their traffic is still not encrypted. Some of the most famous names on this list are CNN, The New York Times and eBay.
HTTPS is currently available on wordPress if you have a ‘.wordpress.com’ site. However, with this new annoucement custom sites that only use WordPress backend will also be upgraded to HTTPS. This will immediately apply to any new sites created using a custom domain, with existing websites built on WordPress gradually being upgraded. WordPress will automatically redirect any requests that use HTTP to the new HTTPS version.
In their efforts to prove that they are all for secure Internet, WordPress has also been working with Let’s Encrypt project to help it automate the certification process for sites that use its platform.