Slashdot Mirror

← Back to Stories (view on slashdot.org)

WordPress.com Enables HTTPS Encryption For All Websites

Posted by msmash on Friday April 8, 2016 @07:30AM from the affinity-for-https dept.

On Friday, WordPress announced that it is bringing free HTTPS to all -- "million-plus" -- custom domains, essentially ramping up security on every blog and website. The publishing platform says it partnered with Let's Encrypt project to implement HTTPS across such a voluminous number of sites. From the blog: For you, the users, that means you'll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.

2 of 86 comments (clear)

Min score:

Reason:

Sort:

Re:Incoming Security Errors by omnichad · 2016-04-08 08:56 · Score: 4, Informative

You can do a full URL without specifying protocol. Instead of http:/// or https:/// you can just use //
Re:Incoming Security Errors by ptaff · 2016-04-08 11:06 · Score: 4, Insightful

you want to pull a js library from www.bar.com
Don't do that. You're introducing latency, you're violating the privacy of your visitors (bar.com knows about them) and you're putting them at risk, security-wise (bar.com gets 0wn3d? your visitors get 0wn3d as well). Don't be a lazy hacker and just spend the 2 minutes needed to store a local copy.