Automattic Partners with Let’s Encrypt to Enable HTTPS on All WordPress.com Websites

photo credit: Padlock - (license)
photo credit: Padlock(license)

WordPress.com announced today that it has turned on encryption for custom domains. The network’s subdomains have been HTTPS-enabled since 2014 as part of the Reset the Net campaign against mass surveillance. Today Automattic expanded HTTPS coverage to more than one million custom domains hosted on the network.

Last April the company joined Mozilla, Cisco, EFF and several other organizations to sponsor Let’s Encrypt, a new free certificate authority for the public. The project gave WordPress.com an automated way to roll out an SSL certificate to each custom domain it hosts. Users do not need to adjust any setting – encryption has been turned on automatically, which is indicated by a green lock in the browser’s address bar.

According to the Electronic Frontier Foundation, encryption offered via the new initiative will help users defend against surveillance of their content and communications, cookie theft, account hijacking, cookie and ad injection, and other forms of internet censorship.

WordPress.com representatives said sites may see a performance boost and better Google rankings as a result of the switch to HTTPS. Two years ago Google announced it would begin using HTTPS as a lightweight ranking signal as an incentive for website owners to switch to HTTPS. With the help of the Let’s Encrypt initiative, many of the technical barriers to adding encryption have been removed. WordPress.com’s move to provide free HTTPS for all customers helps make the web more secure as the network powers a large chunk of the world’s websites.

10 Comments


  1. Very good idea for WordPress.com custom domain holders. Since it would be difficult for custom domain holders to use CloudFlare’s free Flexible SSL offering, getting LetsEncrypt SSL automatically is a big plus. Since SSL is now a minor ranking signal, these sites will certainly see the benefits in SERPS.

    I’m using CloudFlare’s free offering on all my domains in a WP network on WP Engine. It’s been smooth sailing for me on that front with SSL, but I do have to install the CloudFlare plugin and set an API key, so the WordPress.com offering is lighter, faster, and a great option for those custom URL holders.

    Report


    1. Thanks for sharing. Didn’t know they were offering ssl. Going to set that up

      Report


    2. I use CloudFlare as well and I love it. I am using Windows hosting platform, so I cannot install LetsEncrypt yet.

      Report


      1. You may install it on Windows IIS. There is a lot of howtos on the internet, just google “letsencrypt powershell”.

        Report


  2. I think self hosted site should also be given this service also we are all using WordPress.

    Report


    1. If you choose quality hosting, you can use it. It is not related to WordPress but to software/settings on your server/hosting.

      Report


    2. By all means you can install Let’s Encrypt on self hosted sites, it doesn’t have to be a WordPress powered site, it works on any site with no issues.

      Report


  3. Working 100%, I installed Let’s Encrypt on all my domains powered by NGINX Web Server, automated , and signed HTTPS certificates.

    Report


  4. If you have visitors using XP then they will get certificate errors. Only Firefox on XP works, but IE and Chrome do not.

    Report

Comments are closed.