WordPress.com goes full HTTPS for hosted sites

HTTPS Green-padlock-in-circleThere’s no arguing that WordPress has grown to wield much influence on the web, but one area they’ve lacked compared to services and platforms like Facebook, Reddit, and Twitter was their lack of offering HTTPS to sites hosted at WordPress.com that use a custom domain name.

Those days are now over.

They’ve partnered with Let’s Encrypt, a new service offering free SSL certificates, to offer SSL to sites without the site owner having to know how to install SSL.

That’s huge because creating, generating, and installing SSL certificates can be a difficult task, even for those of us with a strong technical background. Thanks to the API nature of Let’s Encrypt, the entire SSL generation and renewal process can be automated, reducing the technical hurdles to implementation and improving adoption.

Why is this important? A few reasons.

First, there’s never been more attention put on security, encryption, and the safety of information. By making it brain-dead simple for their users, WordPress is helping to improve the security of the web.

Second Google loves themselves HTTPS and SSL. Not just in general, as we’ve seen lately in their Gmail messages, but they are starting to rank sites that use HTTPS higher. Still think that HTTPS and TLS is too taxing on your servers? Not so.

Third, by having their sites being sent over HTTPS, WordPress.com can serve those sites using HTTP/2, which means faster, more efficient content delivery.  This is important as our sites get larger and larger, with more CSS, javascripts, responsive high-DPI images, and more. The HTTP/2 repo at Github says:

At a high level, HTTP/2:

  • is binary, instead of textual
  • is fully multiplexed, instead of ordered and blocking
  • can therefore use one connection for parallelism
  • uses header compression to reduce overhead
  • allows servers to “push” responses proactively into client caches

Kudos to WordPress.com and Automattic for this move. A safer, more secure web is a better web.