Really Simple SSL, a popular plugin used on more than five million sites for installing SSL certificates, handling website migrations, mixed content, redirects, and security headers, has added a new feature in its most recent major update. Version 7.0.0 introduces vulnerability detection as part of a partnership with WP Vulnerability, an open source, free API…
Beginning September 1, 2020, Apple’s Safari browser will no longer trust SSL/TLS certificates issued for longer than 398 days, which is the equivalent of one year plus the renewal grace period. Apple cited its “ongoing efforts to improve web security” in the announcement earlier this year. The change affects the full lineup of Apple platforms:…
The Google Security Team has announced a timeline for when Chrome will begin blocking mixed content by default in order to ensure that HTTPS browsing is more secure. Mixed content refers to HTTPS pages that load resources, such as images, videos, stylesheets, and scripts, over HTTP. The gradual rollout will begin with Chrome 79, which…
In July of last year, Let's Encrypt announced that it would begin issuing Wildcard certificates for free in January of 2018. Although a little late, the organization has announced that Wildcard certificate support is now live. In addition to these certificates, the organization has updated its ACME protocol to version 2.0. ACMEv2 is required for…
Google Search Console has started sending out notices to sites that have not yet migrated to HTTPS. Chrome 61 is now in beta and version 62 is on track to begin marking HTTP pages as “NOT SECURE” beginning in October. It will show the warning if it detects any forms on the page that transmit…
In October 2016 Mozilla Telemetry showed more than 50% of page loads were encrypted with HTTPS. This week Let’s Encrypt is reporting that more than 50% HTTPS page loads is now the norm, a major milestone for HTTPS adoption across the web. Per @Firefox Telemetry, more than 50% HTTPS page loads is now the norm!…
SiteGround is now auto-issuing Let’s Encrypt certificates for every domain hosted on its shared servers. The company has also begun issuing and installing certificates on new accounts automatically after customers register domains or direct new domains to SiteGround’s servers. This also includes add-on domains added in cPanel. The certificates are also auto-renewed as long as…
In October, Let’s Encrypt was managing more than 10 million active SSL certificates. That number doubled to 20 million in November as large providers continue to partner with the organization to manage their customers’ certificates. In 2014, Google announced that HTTPS is a ranking factor. Earlier this year, the Google Chrome security team announced that Chrome 56 will mark HTTP…
Do you notice anything different about the Tavern’s URL? We recently enabled SSL on the site. Although the transition from HTTP to HTTPS was relatively smooth, we encountered a few issues. Postmatic Thought The Tavern Disappeared Soon after making the switch, we received error notices from Postmatic when trying to moderate comments via email. Because…
Sucuri, a website security company that specializes in securing WordPress (and other CMS) sites, announced that SSL certificates are now available at no cost to all customers who make use of the company’s firewall. As a sponsor of the Let’s Encrypt initiative, Sucuri joins Automattic as one of the first companies to fully automate free…
If you notice images don’t load after upgrading to WordPress 4.4 and you use SSL on the frontend, you’re not alone. In a thread on the WordPress.org support forum, Brokkr explains the crux of the problem: I recently switched my WordPress site to https after getting certificates from Let’s Encrypt. Using 4.3.1 all content was…
Last November the Electronic Frontier Foundation announced Let’s Encrypt, a new free and open certificate authority for the public. The initiative aims to make trusted certificates available to anyone at no cost. The idea behind Let’s Encrypt is to transition as many domains as possible from HTTP to HTTPS by providing a virtually painless one-click…
Akismet 3.1 is available for download and contains a bug fix that prevents it from inadvertently modifying a comment’s content during the spam filtering process. In addition to the bug fix, calls made to the Akismet API are now encrypted via SSL. While it may not seem like much on the surface, encrypting communications between…
There’s been a lot of hype around a new tool that was released not too long ago called FireSheep. In a nutshell, FireSheep is an extension for FireFox that monitors the airwaves of public Wi-Fi to sniff out login credentials to popular websites such as WordPress.com, self-hosted WordPress installations, Twitter, Facebook, and more. Once those…