HTTPS Everywhere: Encryption for All WordPress.com Sites

We’re proud to support a more secure web — now for all custom domains on WordPress.com.

April 8, 2016

Barry

Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com. This brings the security and performance of modern encryption to every blog and website we host.

Best of all, the changes are automatic — you won’t need to do a thing.

As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws.

WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com.

The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.

For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.

Web encryption provides more than security

Protocol enhancements like SPDY and HTTP/2 have narrowed the performance gap between encrypted and un-encrypted web traffic, with encrypted HTTP/2 outperforming un-encrypted HTTP/1.1 in some cases.

Google also announced HTTPS is used as a ranking signal in search results, with HTTPS-enabled sites ranked above their plaintext counterparts.

As a WordPress.com site owner, keep an eye out for this feature on your custom domains. Once your site is HTTPS-enabled, you should see a green lock icon in your browser’s address bar. All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https:// instead of http://). We will transparently handle all the complexities of SSL certificate management for you.

We take security seriously, and we’re proud to offer this to WordPress.com users. For more information about encryption, please see our support documentation.

Missing out on the latest WordPress.com developments? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications—please check your spam folder if you don't receive this.

Join 110.1M other subscribers

71 Comments

Comments are closed.

  1. Gama Apr 8th at 5:15 pm

    Thanks for the good post. Good information.

    Liked by 4 people

  2. rohvannyn Apr 8th at 5:40 pm

    Nicely done! I like this!

    Liked by 7 people

  3. donnabgoode Apr 8th at 6:11 pm

    After being spammed; I am glad you are taking things to the next level.

    Liked by 3 people

  4. Alex Smithson Apr 8th at 6:14 pm

    Great move. Security is crucial in the digital world, and I can now feel more secure now you’ve announced this news. Thanks a bunch WordPress, your help is much appreciated :-).

    Alex Smithson

    Liked by 6 people

  5. flowersnaturally Apr 8th at 6:15 pm

    Great except I haven’t been able to publish my blog for almost a month and there’s no one to tell me why. Thanks:

    R

    Liked by 4 people

  6. Kathryn Grace Apr 8th at 6:38 pm

    Thank you! THANK YOU! Much gratitude to every one who has been working on this. Those Firefox alerts are driving me bananas!

    Liked by 4 people

  7. mythoughtlane Apr 8th at 6:39 pm

    Good relief to know this. Thanks WordPress.

    Liked by 3 people

  8. John Apr 8th at 7:02 pm

    Thank you, WordPress!! 👍🏻

    Liked by 4 people

  9. InFinnity Apr 8th at 7:13 pm

    Great! Keep up the great work you do for us…

    Liked by 3 people

  10. JohnAmes Apr 8th at 7:19 pm

    Thanks very much for your constant attention to our needs.

    Liked by 3 people

  11. Carla Doria Apr 8th at 7:27 pm

    This is good news!

    Liked by 3 people

  12. ...the Island Girl! Apr 8th at 7:37 pm

    Congratulations on launching this very, VERY important part of today’s internet world! Security is a HUGE thing for me, as I am sure many others are just as concerned. Thank you! I feel better, now! SERIOUSLY! Network security was a very important job I had, once.

    Liked by 4 people

  13. Jet.Structural@gmail.com Apr 8th at 8:02 pm

    Great work. Thanks!

    Liked by 4 people

  14. genearttech7 Apr 8th at 8:13 pm

    Thank you for letting us know.

    Liked by 3 people

  15. nocturnaltwins Apr 8th at 8:26 pm

    Awesome, thank you. 🙂

    Liked by 1 person

  16. Vox Populi Apr 8th at 8:39 pm

    Yay! So glad to read this.

    Liked by 13 people

  17. Resa Apr 8th at 8:44 pm

    Way to go!! I am thrilled!

    Liked by 4 people

  18. Jaclyn H Apr 8th at 8:54 pm

    Awesome! Thanks for the information!

    Liked by 5 people

  19. theblogaboutbeautifulthings Apr 8th at 9:47 pm

    Good job. Thank you for all you do. Security rocks.

    Liked by 3 people

  20. nvsubbaraman Apr 8th at 10:54 pm

    Great. Thanks for your concern. We are quite secured.

    Liked by 3 people

  21. Eljuno KASIH Apr 8th at 11:22 pm

    Glad to hear that! Awesome news. 🙂 ❤

    Liked by 4 people

  22. Jean Eisenhower Apr 9th at 12:52 am

    Sounds great! One question: If a site is already hacked, what will the encryption do after the fact?

    Liked by 4 people

    • Barry Apr 14th at 2:10 pm

      Hi Jean,

      HTTPS encryption doesn’t really help you with that problem, but if you think there is a security problem with your WordPress.com site please contact our support team and they will help you right away.

      Liked by 3 people

  23. MJ Apr 9th at 2:11 am

    Cool… that’s a good news!

    Liked by 4 people

  24. dw Apr 9th at 2:53 am

    Another feather in the WordPress.com hat! Many thanks!

    Liked by 4 people

  25. Klaus Jochem Apr 9th at 7:34 am

    Great initiative! I really appreciate this.

    Liked by 3 people

  26. Jean-Paul van Ravensberg Apr 9th at 9:26 am

    I’ve requested this feature with many more WordPress Bloggers. Thank you WordPress!

    Liked by 3 people

  27. dakisha Apr 9th at 9:41 am

    Reblogged this on My WP and CH Experience.

    Liked by 4 people

  28. poetanasciturblog Apr 9th at 10:42 am

    Great move! Well done

    Liked by 4 people

  29. yosh434 Apr 9th at 11:22 am

    This is great!

    Liked by 5 people

  30. bridie83. Apr 9th at 11:51 am

    Good work and thank you!

    Liked by 6 people

  31. JenT Apr 9th at 5:06 pm

    Wow! Now that I have a better understanding of the numbers involved, just wow! Thanks, Barry and WordPressdotcom.

    Liked by 4 people

  32. brainwane Apr 9th at 5:16 pm

    This is great and welcome news — thank you for doing this! And thanks to Let’s Encrypt for making it possible!

    Liked by 4 people

  33. Avery Goodday Apr 9th at 6:23 pm

    Thank you very much. Great news.

    Liked by 6 people

  34. dbp49 Apr 9th at 6:26 pm

    Now that’s a change I can get behind 100%. Thank-you very much.

    Liked by 4 people

  35. penpatience Apr 9th at 7:02 pm

    Thank you WordPress. Good news. Frances

    Liked by 3 people

  36. webaregy Apr 9th at 9:21 pm

    Thanks WordPress 🙂

    Liked by 3 people

  37. amanda60 Apr 10th at 12:06 am

    Thank you WordPress! I only actually restarting with you guys after a few years of intense study and this is a nice way to open. It’s nice to know you’ve got our backs!

    Liked by 5 people

  38. katharinetrauger Apr 10th at 3:14 am

    I am very thankful, of course, but now wonder if we must change all our links to our site, such as when we guest post elsewhere…hope not….

    Liked by 3 people

  39. rushbabe49 Apr 10th at 4:58 am

    Barry, I can’t believe you missed the obvious pun! The changes are “automat(t)ic”! Thanks for the enhanced feature.

    Liked by 5 people

  40. The Great Unwashed Apr 10th at 12:24 pm

    I love WordPress and recommend it to everyone I know because the people running it are constantly trying to make it a better, friendlier, electronic place. Thank you.

    Liked by 3 people

  41. thesciencegeek Apr 10th at 2:11 pm

    Thanks for this. A great step forwards

    Liked by 3 people

  42. Matthias Apr 10th at 2:37 pm

    I’ve been waiting for this for a long time, thank you! Also thanks for HTTP/2.

    Can we have HSTS, too, now that the difficult part is done? 🙂

    Liked by 3 people

  43. bridgerjones Apr 10th at 3:00 pm

    Great news. I was just about to migrate away. Many, many thanks.

    Liked by 3 people

  44. onedman Apr 10th at 10:00 pm

    I am so very happy about this development. As someone who puts the nose out there it’s great to know I won’t get a good sock right off the bat. Thank you so much for all you do People’s. (((HUGS)))

    Liked by 2 people

  45. bythefirelight Apr 11th at 1:23 am

    Love it. This is great.

    Liked by 3 people

  46. Lisa Pomerantz Apr 11th at 8:29 am

    This is wonderful news! Thanks WordPress. ❤

    Liked by 4 people

  47. Ariél Salle Apr 11th at 11:42 am

    We are informed. Thanks. ☺

    Liked by 4 people

  48. Connie Apr 11th at 4:07 pm

    When will this go into effect? I am not clear, but it seems as if you were saying this should be done by now, but my site (praynwatch.com) hasn’t changed at all. Is there something I need to do, or is this coming later??

    Thank you!

    Liked by 4 people

    • Barry Apr 11th at 4:11 pm

      Hi Connie! This announcement only applies to sites hosted on WordPress.com. It looks like your site is hosted by HostGator – you should contact them if you want HTTPS support for your site.

      Liked by 3 people

  49. gsquaredstudios (@gsquaredstudios) Apr 11th at 4:12 pm

    That is fantastic! All of your users will greatly benefit from Https encryption and it’s awesome that you are rolling that out. This has so many benefits, such as ranking help for seo and better performance, which is also a ranking factor. Site speed has been announced as a ranking factor, so this is kind of like a double-whammy. Great job guys!

    Liked by 3 people

  50. Clicky Steve Apr 11th at 4:49 pm

    Reblogged this on iamsteve.in – angry.scot and commented:

    Great news!

    Liked by 3 people

  51. Clicky Steve Apr 11th at 4:49 pm

    Great news Barry!

    Liked by 3 people

  52. Markus Dewerny Apr 11th at 10:24 pm

    Great news! Thumbs up! Thank you very much!!!

    Liked by 4 people

  53. shannond Apr 12th at 4:51 am

    Barry, I am trying to send an email to the address: https://wordpress.com/support/contact but keep getting an error message: The server response was: The recipient address isnot a valid RFC-5321 address. l4sm39631342pfi.73 – gsmtp

    Could you provide an alternate way to get a HELP message to your support team re: http://www.pioneerheritagegardens.org? Thanks.

    Liked by 4 people

  54. Tina's Faerie Files Apr 12th at 4:35 pm

    After all the trouble I had with this issue it’s nice to know it is getting resolved.

    Liked by 4 people

  55. Patrick Lumumba. Apr 12th at 4:39 pm

    WordPress is the best.

    Liked by 3 people

  56. rberteig Apr 12th at 5:46 pm

    This is a welcome improvement. Now if only a few other hosters would follow suit.

    Liked by 4 people

  57. newcastleflyer Apr 13th at 10:02 am

    A good improvement. Now if WordPress could just add SOME more features to the templates, where you add pages, etc.

    Liked by 3 people

  58. Mary J. McCoy-Dressel Apr 13th at 7:13 pm

    What about the http address we may have up at other sites where we’ve advertised our blog/website? For instance, I have the http address in all my published books. Do I have to change the http to https? Out of curiosity, I typed in the address using the http and it went to my site. Will this continue to be redirected if someone used the http? Thank you. I like the idea of https.

    Liked by 4 people

  59. Mary J. McCoy-Dressel Apr 13th at 7:25 pm

    Reblogged this on Author Mary J. McCoy-Dressel and commented:
    Hot Off the Press from WordPress. Well, this makes me feel good. 🙂

    Liked by 2 people

  60. Bryant Ocampo Apr 14th at 8:18 am

    Everything is automatic at Automattic… loved it…

    Liked by 5 people

  61. soniamao Apr 14th at 3:12 pm

    unfortunately seems like this great update has led to a redirect error on my site! could you advise on how to fix it?
    https://soniamao.com/

    Liked by 3 people

    • Barry Apr 14th at 3:21 pm

      Hi, sorry about that. It seems to be a problem with your Cloudflare configuration. Can you please make sure that configure Cloudflare is configured to use HTTPS to connect to the origin (WordPress.com). If you have any questions, I would suggest asking their support team.

      Liked by 3 people

Create your new blog or website for free

Get Started