WordPress.com announced today that it has turned on encryption for custom domains. The network’s subdomains have been HTTPS-enabled since 2014 as part of the Reset the Net campaign against mass surveillance. Today Automattic expanded HTTPS coverage to more than one million custom domains hosted on the network.
Last April the company joined Mozilla, Cisco, EFF and several other organizations to sponsor Let’s Encrypt, a new free certificate authority for the public. The project gave WordPress.com an automated way to roll out an SSL certificate to each custom domain it hosts. Users do not need to adjust any setting – encryption has been turned on automatically, which is indicated by a green lock in the browser’s address bar.
According to the Electronic Frontier Foundation, encryption offered via the new initiative will help users defend against surveillance of their content and communications, cookie theft, account hijacking, cookie and ad injection, and other forms of internet censorship.
WordPress.com representatives said sites may see a performance boost and better Google rankings as a result of the switch to HTTPS. Two years ago Google announced it would begin using HTTPS as a lightweight ranking signal as an incentive for website owners to switch to HTTPS. With the help of the Let’s Encrypt initiative, many of the technical barriers to adding encryption have been removed. WordPress.com’s move to provide free HTTPS for all customers helps make the web more secure as the network powers a large chunk of the world’s websites.