Subscribe
Modern field guide to security and privacy

WordPress joins movement toward HTTPS encryption

Popular blogging platform WordPress is the latest in a growing number of sites that are enabling website encryption to protect their users.

  • close
    A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser.
    Reuters
    View Caption
  • About video ads
    View Caption
of

The popular blogging platform WordPress is about to make its corner of the Internet more secure as it begins to enable encryption by default on 600,000 custom Wordpress.com domains.

The move to embrace HTTPS encryption – the secure form of the Internet protocol HTTP – represents an increasing mainstream embrace of consumer-focused online security. Many major sites, such as Google, Yahoo, Facebook, and Twitter, already have HTTPS enabled, and the US government is working to have HTTPS on its sites by the end of 2016.

But even as some of the biggest companies on the Web are moving toward HTTPS, the majority of Internet sites still don't use HTTPS, which privacy advocates say is especially important when users are submitting sensitive data, such as credit card information or a Social Security Number, to a website.

Recommended: Most encryption products far beyond reach of US law enforcement

"It protects our users against various issues," a spokesperson for Automattic, WordPress’s parent company, said in an e-mail. "This includes defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws."

Automattic didn't have a firm date for a complete rollout, but the encryption is currently enabled on about 100,000 of those domains.

Over the past few years, privacy advocates and tech companies have ramped up efforts to expand the use of HTTPS. This past December, the nonprofit Internet Security Research Group (ISRG) launched its service Let’s Encrypt to provide HTTPS encryption to sites for free. It's providing HTTPS encryption to WordPress.

“Who we’re really trying to protect is the people who visit WordPress sites or any other site,” said Josh Aas, ISRG's executive director. "The era of HTTP-only needs to end."

Even though HTTPS is becoming more common, it's still up to individuals to check their URL bar for the HTTPS connection, a task even many experts are unlikely to do for each site they visit.

To help address that issue, tech advocacy nonprofit The Electronic Frontier Foundation provides tools such as the “HTTPS Everywhere” browser extension for consumers. The extension ensures that if someone visits a site with HTTPS, that person connects to the secure version of the site each time. 

Until HTTPS is more widely adopted, tech companies such as Google and Mozilla are working to make a site’s connection security more obvious to Internet users.

Google has a multiphase plan that uses icons in the URL bar to alert users when a site has an encrypted connection, and eventually mark sites that do not as unsafe. Sites won’t be marked until a certain percentage of total Internet traffic is sent over HTTPS. Likewise, Mozilla plans to gradually make new features, such as the geolocation, unavailable to sites that don’t have HTTPS to protect people’s security.

Richard Barnes, head of security for Mozilla’s Firefox browser, tracks the number of domains that newly acquire HTTPS without previously having it. Before Jan. 27 when WordPress acquired HTTPS for the sites, he said, there were about 16.5 million domains total with HTTPS. Paired with other sites that acquired HTTPS that day, the total number of sites with HTTPS jumped 8 percent, which Mr. Barnes said is “significant.” 

WordPress isn’t the only hosting company migrating to a secure connection. DreamHost recently enabled their customers to opt in to HTTPS, as well as hosting company OVH.

Editor's note: This story was updated to clarify that custom WordPress.com domains will receive HTTPS encryption.

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK