Akismet 3.1 is available for download and contains a bug fix that prevents it from inadvertently modifying a comment’s content during the spam filtering process. In addition to the bug fix, calls made to the Akismet API are now encrypted via SSL.
While it may not seem like much on the surface, encrypting communications between WordPress and Akismet is an important change that increases the privacy of those who leave comments on your site. Christopher Finke, who works on the Akismet development team, explains why:
Akismet’s API is being offered over SSL for the same reason that all wordpress.com subdomains are now served over SSL by default. Encrypting that connection decreases the chances of surveillance by a third-party. No matter what a commenter is writing about, sending their comment to be checked using SSL ensures that it will only be read by those who are meant to read it.
The move is part of a larger effort to apply SSL across WordPress.com and WordPress.org. In late 2014, almost all of WordPress.org was transitioned to load over SSL/HTTPS. As part of the security hardening process of WordPress 3.7, api.wordpress.org, which handles theme, plugin, and core updates, was forced to use SSL if the webserver supports it.
If you’re not sure what SSL is or would like to learn how to implement it on your site, read the HTTPS section in the WordPress user manual. It has an introduction to the protocol and provides tips on implementing, tweaking, and applying good practices