SEOClerks

Wordpress will force you to switch to HTTPS



Enter a reason for deleting this comment

Wordpress will force you to switch to HTTPS

Recently Wordpress has announced that in early 2017 the company is planning to change certain features obligating websites to have HTTPS. I found more info here: https://www.bleepingcomputer.com/news/security/upcoming-wordpress-features-will-require-hosts-to-support-https/

This doesn't mean you won't be able to use Wordpress anymore without an HTTPS but it will mean certain features like API authentication will be available only for HTTPS websites.

So there you have it, another blow for people wanting to use plain old HTTP websites. First Google pushed this idea of "forcing" websites to migrate to HTTPS now Wordpress does the same. Even if you are a content creator, in a few years you will be forced to switch to HTTPS is you want to stay relevant both from a new features point of view but also from a ranking point of view.

Getting an HTTPS nowadays is not really difficult, there are plenty of free ways you can earn an HTTPS and also migrate everything from HTTP to HTTPS.

Comments

Please login or sign up to leave a comment

Join
idealmike

Thanks for the heads up. I wonder whether this was because of some pressure or influence on behalf of and by Google, or whether it's WordPress trying to actually keep up with the changes and not try to get a bad name for hosting tons of non-secure websites.

I'm not sure how many WordPress.com hosted and self WordPress.org hosted sites there are in total but it was about 75 Million sites, or 22% all U.S. Domains. With 50 Million Downloads of WordPress or something from what I remember from a couple years back in 2014.

So it's probably a lot more now. That's a lot of unsecured sites. So it's good that WordPress are doing this seeing as it does make peoples sites a little more secure. Or at the least, makes it look like they are doing something to try and achieve that.

Although I think it's only about 1/3 of all WordPress.org self hosted sites that actually update to the latest WordPress there's a lot that are still running on very old versions of WordPress. It's good, but there's a long road ahead if the whole internet is going to follow suite and go full SSL by 2020.



Are you sure you want to delete this post?

clerkboy3

But is that bad in your opinion?
Why? Is it too much security concerns that are not needed?



Are you sure you want to delete this post?

MusicMoguls

This is a great thing and i think that all sites should be https especially if they deal with sensitive information. I think its been a long time coming and this is just the beginning of the security measures that will be taken in the future. The internet has come a long way from html to html 5 http to https protocol. We need to have some sort of regulation put in place that says websites that do not have https cannot handle credit card information or personal information of any kind. It will force everyone to switch over making the internet a safer more secure place to be.

What reasons do people have to not switch? I am glad that word press is doing this but the entire internet should do this. You mentioned that it costs almost nothing or even nothing to do this. It should be a requirement the same way its a requirement to have a license to run a business. I think this is a very positive thing and im glad you shared this so everyone knows that wordpress has just got more secure.



Are you sure you want to delete this post?

idealmike

Yeah agree with that Jkeyz. Well, up to a point. What I mean is, not all sites do take sensitive information. Take flash / HTML5 arcade gaming sites. Or just simple blogs that have no forms to fill in. Or sites that are just basic tools you use like some case converter site or some bitcoin conversion site or something. Other than the contact form they may have on their contact us page. Or maybe perhaps, the registration page. But that only really ever asks for a username/password and email address. But I guess, even that could be deemed sensitive information. I wouldn't be surprised though, if domain registrars are forced to sell domain names with an SSL certificate. Anyone not buying a domain and not buying an SSL certificate now will probably have to do so in the near future anyway at some point along the way. And at the end of the day if it makes the Internet a more secure and safer place to be then it can only be a good thing for the Internet. It' not infallible but a little more secure at the least!



Are you sure you want to delete this post?

Lynne

Hi Cristian. I wonder what impact this will have on scam websites? Perhaps this will cut down on the amount of online scams if there is more of a verification process? If this is the case then I am more than happy for this change.

There are way too many people that are being conned online on a daily basis, plus something I am starting to see is that these scam artists just do the same thing over and over again. They set up one scam website and as soon as the heat gets too much they shut it down and immediately there is another scam, exactly the same up just with a different name. I find it very upsetting!



Are you sure you want to delete this post?

idealmike

Unfortunately there is no verification process involved in buying an SSL certificate for your website. You can buy one from any domain registrar like NameCheap or GoDaddy or even individually from somewhere else without even needing to create an account on their site or hand over any personal information like name and address etc. So anyone can still buy an SSL certificate and just because a site has SSL doesn't mean that it's a safe site. This could actually trick a lot of people into thinking a site is safe simply because it's using SSL. People will see the https protocol and the little padlock icon and presume that it's safe to use. All that means is your details are encrypted a little bit when you send them to them to be processed. It doesn't mean they fulfill their end of the deal and send you your items just because they're using SSL and I hope people realize and know that.



Are you sure you want to delete this post?

Lynne

Oh so actually it is just all bullshit? That is quite worrying then, I don't see the point then?

So in essence forcing everyone to switch to https is just going to provide a false sense of security for users and a pain in the ass for website owners?

That is just daft isn't it?



Are you sure you want to delete this post?

idealmike

Well yeah and no. SSL only encrypts the details, the data between you and the website .So its encrypted. That's all it does. It doesn't mean the site you're using is not a scam site. Any Tom Dick or Harry can purchase an SSL certificate for some website it don't mean jack! And you know, it is going to give people a false sense of security. They'll see the padlock icon and that it says https and say oh it's okay looks its SSL encrypted, it's secure, it's fine. But that doesn't really mean anything. It doesn't mean that the site you're using is not a scam site. Most SSL providers such as Verisign or Comodo etc only provide some extra layer of protection for you if your details that were transmitted do somehow become intercepted and then decrypted. They don't offer any protection if the item or items you purchase don't arrive. That's between you and your credit card company.



Are you sure you want to delete this post?

Lynne

Oh that is awful.

I'm just wondering though Mike, is there a website or place where you can report scams to that you know of?



Are you sure you want to delete this post?

overcast

I have moved most of my personal domains to the WordPress already. So that's one thing I want to keep continuing so far. I don't think there is going to be any harm in not keeping HTTP. But it's better to follow when google itself is working on those things. That surely helps in such context.



Are you sure you want to delete this post?