Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

WordPress.com Pushes Free HTTPS to All Hosted Sites

WordPress.com has announced free HTTPS for all custom domains that it hosts, including blogs and websites.

WordPress.com has announced free HTTPS for all custom domains that it hosts, including blogs and websites.

The switch to the new security enhancement is automatic, meaning that blog and site owners will immediately benefit from encryption. Furthermore, all new sites will benefit from encryption automatically within minutes, thus ensuring that users are provided only with secured, HTTPS traffic.

To provide customers and users with the new feature, WordPress has partnered with the Let’s Encrypt project, which delivered the efficient and automated method of providing SSL certificates to a large number of domains. The certificate issuance process was kicked off in January, and has now been expanded to the entire list of domains.

The open certificate authority (CA) Let’s Encrypt issued its first live digital certificate in September 2015 and entered public beta in December. Backed by the Electronic Frontier Foundation (EFF) and various industry leaders, the CA managed to issue more than one million free certificates in the first three months after going public, all while still in beta.

WordPress has been supporting encryption for sites using WordPress.com subdomains for the past two years, but has finally decided to push it to custom domains too. The decision was fueled by the latest industry trend toward supporting the HTTPS protocol, WordPress explains.

After announcing in 2014 that it would use HTTPS in search engine rankings, Google revealed in December last year that it would favor HTTPS pages over their HTTP counterparts. Last month, the Internet giant said it is now monitoring the use of HTTPS on the world’s top 100 websites in its transparency report.

As soon as WordPress.com custom domains start taking advantage of encryption, a green lock icon will appear in the browser’s address bar, indicating that the feature is active. WordPress also notes that uses the same Common Name, tls.automattic.com, for all certificates, it stores the unique domain names in the SubjectAltName attribute, and it 301 redirects all insecure HTTP requests to the secure HTTPS version.

“All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https:// instead of http://). We will transparently handle all the complexities of SSL certificate management for you,” WordPress says.

WordPress is one of the most popular content management system (CMS) out there, but also the most targeted by different types of web attacks. This year alone, we saw WordPress sites used to launch Layer 7 DDoS attacks, and witnessed crooks stealing admin credentials via the Custom Content Type Manager (CCTM) plugin for WordPress.

 

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).