In October, Let’s Encrypt was managing more than 10 million active SSL certificates. That number doubled to 20 million in November as large providers continue to partner with the organization to manage their customers’ certificates.
In 2014, Google announced that HTTPS is a ranking factor. Earlier this year, the Google Chrome security team announced that Chrome 56 will mark HTTP sites that transmit passwords or credit cards as insecure.
In 2017, managed WordPress hosting companies will have one more reason to enable SSL by default for new accounts. In a post on the WordPress.org blog, Matt Mullenweg, co-founder of the open source WordPress project, explains what the project is going to do to encourage HTTPS by default across the web.
“Early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts,” Mullenweg said.
“Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.”
Unrelated to SSL, Mullenweg also commented on the significant performance improvements in PHP7 and will consider whether hosting partners use PHP7 by default for new accounts in 2017.
These moves are a continued effort by Mullenweg to secure and encrypt as much of the web as possible. Earlier this year, WordPress.com encrypted all of its sites using Let’s Encrypt.
Let’s Encrypt is an initiative which aims to encrypt 100% of the web by making trusted certificates available to everyone at no cost. It’s a 501(c)(3) nonprofit and recently launched a crowdfunding campaign to cover the cost of one month of operations totaling $200K.
Josh Aas, ISRG Executive Director, explains the reasons behind the crowdfunding campaign, “First, there is a gap between the funds we’ve raised and what we need for next year,” Aas said.
“Second, we believe individual supporters from our community can come to represent a significant diversification of our annual revenue sources, in addition to corporate sponsorship and grants.”
To learn more about the campaign and to contribute, visit Let’s Encrypt’s Indiegogo page.
Let’s hope that the list only includes those who offer it for free, as Let’s Encrypt is now free and even cPanel support it. One of my clients (foolishly) signed up for SlowDaddy WordPress hosting and has been quoted an extra $80 a year.