WordPress has announced that it’ll soon ensure every site built on its platform uses encrypted HTTPS as standard, in line with efforts being made across the rest of the Web.
HTTPS is already available if you have a ‘.wordpress.com’ site but this is now being rolled out to custom domains that only use the WordPress backend.
WordPress is the most popular CMS system on the Web, used by over a quarter of all websites, so this move represents a huge shift over to a more secure internet.
This will immediately apply to any new sites created using a custom domain, with existing websites built on WordPress gradually being upgraded. WordPress will automatically redirect any requests that use HTTP to the new HTTPS version.
This is no doubt prompted by the news that Google has started favoring secure over non-secure domains, but the tech giant recently highlighted that many major sites, including many of its own products, are yet to make the switch.
Indeed CNN, eBay and the New York Times, were all flagged by Google for lacking HTTPS as standard, and are all notable users of WordPress.
WordPress has been working with the Let’s Encrypt project to help it automate the certification process for sites that use its platform.