Skip to main content

WordPress brings encryption to 25 percent of the web

Wordpress 2015 Security Flaw Vulnerability
Encryption has been a pervasive topic as of late, and for good reason. As the web becomes more crucial to our everyday lives, we begin to lose the sense of privacy we would otherwise have. Now WordPress, the content management system that powers 25 percent of the web, has decided to join the revolt against unwanted surveillance.

It’s accomplishing this by giving free HTTPS to every custom domain featured on the site, which means not just improved security, but also higher rankings for WordPress users in Google search results.

“As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws,” wrote WordPress CTO Barry Abrahamson in a blog post.

Abrahamson adds that while encrypted sites were once known for their slower performance when compared to un-encrypted domains, SPDY and HTTP/2 have improved the speeds of the secured sites, occasionally allowing them to deal even better with heavy loads of traffic.

The company notes that while WordPress.com subdomains have been encrypted since 2014, custom domains are finally being given the same treatment, bringing a quarter of all websites (including this one) up to par with Internet security standards.

Automatically, from here on out, every web page running on WordPress will automatically defer to an “https://” address, even if you type “http://” before the domain name in the address bar. A green lock icon in the address bar will indicate that your site is HTTPS-enabled, which should go into effect immediately. If you’re newly registering for a WordPress site, the company says you’ll receive the encryption update “within minutes.”

This news comes after WordPress launched the Let’s Encrypt project, which enabled the company to automatically bring SSL certificates over to “a large number of domains.”

Editors' Recommendations

Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
Your WordPress site could be vulnerable to attack, update it right away
wordpress version released to fix six serious vulnerabilities wordpressheader

We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you're a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement -- if you're running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

Read more
WordPress fixes huge security vulnerability, all users instructed to update
wordpress vulnerability version 472 plug in

A serious zero-day vulnerability has been discovered in WordPress, and fixed as of its most recent stable release. All WordPress users are encouraged to make sure that they have updated their installation to version 4.7.2, as otherwise their site could be hijacked.

It's thought that the exploit could give attackers the ability to modify the content on any post or page that's part of a site built with WordPress, as per a report from Tripwire. Obviously, this lends itself to garden variety vandalism, but there's also the threat of a much more troubling form of attack.

Read more
Lightroom, meet WordPress: Plug-in enables simplified photo uploads
wordpress vulnerability version 472 plug in

One of the most popular RAW photo editors can now directly upload to the most popular blogging platform -- last week Automattic, the software company behind Wordpress.com,  released a new plug-in that allows Wordpress users to upload images without leaving Lightroom.

The new plug-in, besides shaving a few minutes off logging in and manually uploading photos, will also import any titles, captions, and keywords added inside Lightroom into the online file inside Wordpress.

Read more