wordpress security

WordPress.com has published a blog post informing their users that they've decided to utilize the Let's Encrypt project - a free service that makes it fairly simple to add HTTPS to your website - to add HTTPS to every website with a custom domain hosted on their platform. The emphasis is on custom domains because for the last couple of years, any of their users utilizing a subdomain under the wordpress.com domain already had HTTPS enabled.

WordPress, for good or bad, is a familiar name for anyone who has ever looked into blogging or barely scratched the surface of web development. The platform itself is an open-source content management system that makes it extremely straight forward to set up and maintain a managed website - something that a lot of people find to be a hassle. WordPress.com, however, is a separate entity which simplifies the process of getting your website or blog up and running: they not only handle most of the configuration for you, but also take care of the hosting and domain registration as well.

A notable part of what WordPress.com is doing is that the switch will be completely automatic: website administrators won't need to go in and enable or disable a certain setting to make it happen, and all of their customers will receive HTTPS without needing any additional action. As the rollout begins to take place, all plain HTTP requests will simply start transparently redirecting to their HTTPS counterparts.

Source: Neowin