Friday brought some very good news for existing and future owners of sites hosted on WordPress.com: they will be getting HTTPS protection without having to pay for an SSL certificate or trouble themselves with managing it.
“WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com,” explained Automattic systems wrangler Barry Abrahamson.
The SSL certificates will be provided by Internet Security Research Group’s Let’s Encrypt CA.
“As a WordPress.com site owner, keep an eye out for this feature on your custom domains,” Abrahamson pointed out.
“Once your site is HTTPS-enabled, you should see a green lock icon in your browser’s address bar. All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https:// instead of http://). We will transparently handle all the complexities of SSL certificate management for you.”
A free certificate, no certificate management required, the security of encrypted traffic, and a better search ranking on Google Search due to encryption use – what more could a site owner ask?
The change is a win-win for everybody. Site owners get a free certificate that they don’t have to manage, the security of encrypted traffic, and a better search ranking on Google Search due to encryption use, and WordPress.com (i.e. Automattic) gets more customers that care about security, not to mention making current users happier.