Wordpress.com turns on default encryption for hosted domains

Run by Automattic, WordPress.com allows users to easily create and manage websites based on the hugely popular WordPress content management system. Users of the free service get a subdomain under wordpress.com to use as an address for their website, but paid plans allow hosting a custom domain.

Implementing HTTPS for wordpress.com subdomains was fairly easy and Automattic did this in 2014. However, turning on encryption for hosted websites with custom domain names requires individual certificates for each of those domains, which posed management and cost-related problems.

The company managed to solve that issue by working with Let's Encrypt, a new certificate authority that provides free SSL/TLS certificates and automates their deployment, configuration and renewal. Let's Encrypt, which is run by a public-benefit corporation called the Internet Security Research Group, entered public beta at the beginning of December and has already issued over one million certificates.

"The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains," said Barry Abrahamson, systems engineer at Automattic, in a blog post. "We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains."

WordPress.com joins other large services that provide website owners with the ability to enable HTTPS for free. CloudFlare has been providing HTTPS with free certificates for all websites that use its security service since 2014 and Plex enabled users to protect their media servers with HTTPS since June 2015.