It’s accomplishing this by giving free HTTPS to every custom domain featured on the site, which means not just improved security, but also higher rankings for WordPress users in Google search results.
“As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws,” wrote WordPress CTO Barry Abrahamson in a blog post.
Abrahamson adds that while encrypted sites were once known for their slower performance when compared to un-encrypted domains, SPDY and HTTP/2 have improved the speeds of the secured sites, occasionally allowing them to deal even better with heavy loads of traffic.
The company notes that while WordPress.com subdomains have been encrypted since 2014, custom domains are finally being given the same treatment, bringing a quarter of all websites (including this one) up to par with Internet security standards.
Automatically, from here on out, every web page running on WordPress will automatically defer to an “https://” address, even if you type “http://” before the domain name in the address bar. A green lock icon in the address bar will indicate that your site is HTTPS-enabled, which should go into effect immediately. If you’re newly registering for a WordPress site, the company says you’ll receive the encryption update “within minutes.”
This news comes after WordPress launched the Let’s Encrypt project, which enabled the company to automatically bring SSL certificates over to “a large number of domains.”