Slashdot Mirror

← Back to Stories (view on slashdot.org)

WordPress.com Enables HTTPS Encryption For All Websites

Posted by msmash on from the affinity-for-https dept.

On Friday, WordPress announced that it is bringing free HTTPS to all -- "million-plus" -- custom domains, essentially ramping up security on every blog and website. The publishing platform says it partnered with Let's Encrypt project to implement HTTPS across such a voluminous number of sites. From the blog: For you, the users, that means you'll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.

3 of 86 comments (clear)

  1. HTTPS real meaning by fbobraga · · Score: 3, Insightful

    "Hopefully Talking To People Securely" (sorry by the joke, but it was stronger than me :P)

  2. Incoming Security Errors by JourneymanMereel · · Score: 2, Insightful

    Sadly this probably means tons of mixed content security errors are about to start happening. Everybody who linked to an image in their blog with the full URL (http://site.com/image.png) will have images that used to load with no problem start throwing up security errors. I had this problem when I got the Let's Encrypt certificate for my blog. Had to go back and change all the images I had loaded in my previous posts to use my new https URLs. Fortunately, I don't post often so there weren't too many...

    --
    Life has many choices. Eternity has two. What's yours?
    1. Re:Incoming Security Errors by ptaff · · Score: 4, Insightful

      you want to pull a js library from www.bar.com

      Don't do that. You're introducing latency, you're violating the privacy of your visitors (bar.com knows about them) and you're putting them at risk, security-wise (bar.com gets 0wn3d? your visitors get 0wn3d as well). Don't be a lazy hacker and just spend the 2 minutes needed to store a local copy.