WordPress Will Only Recommend Hosting Companies Offering SSL by Default in 2017

In October, Let’s Encrypt was managing more than 10 million active SSL certificates. That number doubled to 20 million in November as large  providers continue to partner with the organization to manage their customers’ certificates.

In 2014, Google announced that HTTPS is a ranking factor. Earlier this year, the Google Chrome security team announced that Chrome 56 will mark HTTP sites that transmit passwords or credit cards as insecure.


In 2017, managed WordPress hosting companies will have one more reason to enable SSL by default for new accounts. In a post on the WordPress.org blog, Matt Mullenweg, co-founder of the open source WordPress project, explains what the project is going to do to encourage HTTPS by default across the web.

“Early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts,” Mullenweg said.

“Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.”

Unrelated to SSL, Mullenweg also commented on the significant performance improvements in PHP7 and will consider whether hosting partners use PHP7 by default for new accounts in 2017.

These moves are a continued effort by Mullenweg to secure and encrypt as much of the web as possible. Earlier this year, WordPress.com encrypted all of its sites using Let’s Encrypt.

Let’s Encrypt is an initiative which aims to encrypt 100% of the web by making trusted certificates available to everyone at no cost. It’s a 501(c)(3) nonprofit and recently launched a crowdfunding campaign to cover the cost of one month of operations totaling $200K.

Josh Aas, ISRG Executive Director, explains the reasons behind the crowdfunding campaign, “First, there is a gap between the funds we’ve raised and what we need for next year,” Aas said.

“Second, we believe individual supporters from our community can come to represent a significant diversification of our annual revenue sources, in addition to corporate sponsorship and grants.”

To learn more about the campaign and to contribute, visit Let’s Encrypt’s Indiegogo page.


13 responses to “WordPress Will Only Recommend Hosting Companies Offering SSL by Default in 2017”

  1. Let’s hope that the list only includes those who offer it for free, as Let’s Encrypt is now free and even cPanel support it. One of my clients (foolishly) signed up for SlowDaddy WordPress hosting and has been quoted an extra $80 a year.

    • I foolishly signed up for Hostgator, and they quoted me around $90 to upgrade from my “hatchling” plan to a “baby” plan that includes SSL. What hosting service do you recommend?

      • Hi, I use RoseHosting and their support is excellent. You may contact their support through live chat and get answers to your questions.
        As far as I know they offer managed support with their services and will help you to set up WP + SSL without additional charges.

  2. Isn’t it also high time WordPress changed its password hashing from md5 to something better?

  3. Excellent, I completely agree with this Jeff. We started implementing php7 and lets encrypt earlier this year. That’s the ideal anyway, there have been times where various plugins had issues with php7 or ssl was a problem due to external content feeds and such but definitely aiming for it as a standard.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: