News Stay informed about the latest enterprise technology news and product updates.

WordPress SSL now free for hosted sites, thanks to Let's Encrypt

Customers with hosted sites will now have WordPress SSL turned on for free by default, thanks to Let's Encrypt certificates, potentially making a large number of websites more secure.

WordPress is now offering free SSL certificates by default for hosted websites, potentially bringing more security...

to a large number of customers. WordPress had previously supported encryption for subdomains, but has now announced free HTTPS would be rolling out automatically to all custom domains hosted by WordPress.com.

According to a blog post by Barry Abrahamson, systems engineer for WordPress' parent company, Automattic Inc., based in San Francisco, WordPress SSL certificates will be gifted by Let's Encrypt -- a free, automated and open certificate authority.

"The Let's Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains," Abrahamson wrote. "We launched the first batch of certificates in January 2016, and immediately started working with Let's Encrypt to make the process smoother for our massive and growing list of domains."

"Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com," Abrahamson wrote. W3techs statistics claimed WordPress is used by 59.3% of all the websites using a content management system that it has scanned, or 26.3% of all websites found. However, it is unclear if those statistics include WordPress.org and custom WordPress installations, in addition to WordPress.com.

Gunter Ollmann, chief security officer at Vectra Inc., based in San Jose, Calif., said WordPress SSL was a long time coming, as many other blogging platforms had enabled HTTPS "several years ago," but questioned if this will make websites more secure.

"Moving to HTTPS for hosted websites with custom domain names is great for privacy, but offers no significant advantage against the constant plague of remotely exploitable vulnerabilities that WordPress has suffered from over the last decade," Ollmann said. "I don't believe we'll see less compromises of the platform than we traditionally have. However, we may see more targeted attacks, as traditionally exposed organizations move their blogging activity to HTTPS-enabled sites hosted under the WordPress platform in an effort to increase the privacy of their readers."

Let's Encrypt launched in September 2015, and entered a generally available beta in January. This week, Let's Encrypt has exited beta and said it has issued over 1.5 million certificates for approximately 3 million websites since September.

"We now have the experience and confidence to take the project out of beta," said Josh Aas, executive director for Internet Security Research Group, based in San Francisco. "We will continue to work on making the Web a safer place through free encryption. An increasingly broad set of industry stakeholders recognize how important it is to secure the Web through Let's Encrypt. However, we still have a long way to go to deliver on our goal to encrypt 100% of all websites."

Next Steps

Learn how to run a secure WordPress installation in an IaaS virtual machine.

Learn how to improve security for Drupal and WordPress content management systems.

Learn the benefits of a bring-your-own-key encryption service.

Dig Deeper on Web application and API security best practices

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you use WordPress? If so, how does free WordPress SSL affect you?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close