The movement to encrypt as much of the public Web as possible has gotten a major boost, as WordPress has turned on HTTPS connections for all of the more than one million custom domains hosted on WordPress.com.
The change happened on Friday and significantly, it doesn’t require any work on the part of the site owners. WordPress did the work for them, using the EFF’s Let’s Encrypt initiative, which is designed to allow site owners to reply encrypted connections quickly. The system is free and doesn’t require much in the way of work on the site owner’s end, a marked contrast to the way that the a typical SSL certificate deployment works. That process can be long, painful, and expensive, and because it’s so frustrating many site owners don’t bother with it.
WordPress hosts a huge number of custom domains and officials believed the best way to bring secure connections to those sites was to do it on a mass basis, rather than have individual site owners do it themselves.
“The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains,” the company said.
Aside from the logistical pain, the other main obstacle site owners talk about for enabling SSL is the performance hit. Secure connections can be significantly slower than plaintext ones, but some of that disparity has been addressed with changes to the HTTP protocol.
“Protocol enhancements like SPDY and HTTP/2 have narrowed the performance gap between encrypted and un-encrypted web traffic, with encrypted HTTP/2 outperforming un-encrypted HTTP/1.1 in some cases,” the company said.
Giving users a secure connection allows site owners to protect users’ privacy, both from attackers and from mass surveillance. Privacy and security experts have been encouraging, and in some cases pressuring, site owners to switch to HTTPS connections. Some large media sites have made the change, and many large Internet companies have made HTTPS their default connection option. But for smaller site owners, having that burden taken out of their hands makes the process much easier and efficient.
Image from Flickr stream of Sean MacEntee.