In an attempt to provide increased security and privacy for its users, WordPress has announced that upcoming features will require hosts to support HTTPS.
Starting in early 2017, WordPress will be promoting only hosting partners that provide an SSL (Secure Sockets Layer) certificate by default in their accounts. After that, the popular Content Management System (CMS) will assess the use of SSL across various features and enable those features only if the security technology is available.
The main driver for this move is an industry-wide consensus that an encrypted web would result in higher overall online security for all people. Large Internet players have already announced plans to support the transition to HTTPS, including Google, which has been lobbying for improved online security for several years.
Last year, Google said it would favor HTTPS pages over their HTTP counterparts, and the company started monitoring the use of HTTPS on the world’s top 100 websites in its transparency report this year. WordPress, which has been supporting encryption for sites using WordPress.com subdomains for a couple of years, said in April it would offer free HTTPS for custom domains that it hosts, including blogs and websites.
WordPress partnered with the open certificate authority (CA) Let’s Encrypt to deliver only secured, HTTPS traffic to users. Backed by the Electronic Frontier Foundation (EFF) and various industry leaders, the CA has already proven a driving force for the web-wide adoption of HTTPS.
By requiring that all hosts have HTTPS available, WordPress ensures that both customers and users take advantage of a secure experience. During 2017, the CMS will analyze the impact of SSL on specific features, including API authentication, and will make the use of SSL mandatory for those that will benefit the most from the improved security.
“Just as JavaScript is a near necessity for smoother user experiences and more modern PHP versions are critical for performance, SSL just makes sense as the next hurdle our users are going to face,” WordPress creator Matt Mullenweg says.
“Modern browsers, and the incredible success of projects like Let’s Encrypt have made getting a certificate to secure your site fast, free, and something we think every host should support by default,” he also notes.
According to Mullenweg, the performance improvements in PHP7 are so impressive that WordPress might consider requiring hosts to use it by default for new accounts starting next year as well. However, no decision on this has been formally announced yet.
Related: Apple Wants All iOS Apps to Use HTTPS by 2017
Related: WordPress.com Pushes Free HTTPS to All Hosted Sites
More from Ionut Arghire
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
- New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
- CISA Seeks Public Opinion on Cloud Application Security Guidance
Latest News
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
