Connect with us

Hi, what are you looking for?


Data Protection

Wikimedia Rolling Out HTTPS to Encrypt All Wikipedia Traffic

The Wikimedia Foundation announced on Friday that it’s in the process of implementing HTTPS by default in an effort to encrypt all traffic on Wikipedia and other websites operated by the organization.

The Wikimedia Foundation announced on Friday that it’s in the process of implementing HTTPS by default in an effort to encrypt all traffic on Wikipedia and other websites operated by the organization.

By deploying HTTPS for all traffic, the Wikimedia Foundation wants to ensure that users can surf its websites without sacrificing safety and privacy. HTTPS creates an encrypted connection between the user’s computer and the website to protect data against snooping governments and other third parties that might be monitoring traffic. In this case, the secure protocol also makes it more difficult for ISPs to censor access to certain Wikipedia articles.

In addition to rolling out HTTPS, a process that is expected to be completed within a couple of weeks, Wikimedia also announced the use of HTTP Strict Transport Security (HSTS) to provide protection against attempts to break HTTPS and intercept traffic.

Wikimedia has been working on the implementation of HTTPS for Wikipedia and its other websites since 2011. However, this is not an easy task and there are several challenges that must be overcome, especially in the case of a massively popular website such as Wikipedia.

Throughout the transition process, Wikimedia’s engineering team has had to improve the organization’s infrastructure and code based to ensure that the implementation of HTTPS will not have a negative impact on users.

“We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites,” Wikimedia said in a blog post.

Encrypting traffic has been a priority for many organizations following revelations about government surveillance. However, governments have also come to realize the importance of HTTPS.

Advertisement. Scroll to continue reading.

The White House’s Office of Management and Budget (OMB) announced earlier this month the finalization of a HTTPS-Only Standard for all federal websites and web services. Agencies must ensure that all their publicly accessible resources are migrated to HTTPS-only with HSTS by December 31, 2016.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...