WordPress, the software that builds software that powers 25% of the web, is making a big change to boost its user security.
It is activating “HTTPS” by default on all the websites it hosts, it announced on Friday — encrypting users’ traffic to protect them from hackers and stop people snooping on them. (We first saw the news over on The Register.)
If you access a site via “HTTP” — still the default for a lot of the web — your data is public, and at risk of being monitored or even hijacked and surreptitiously modified.
This makes it unsuitable for when you need to send encrypted data, like passwords or banking details. HTTPS is a secure alternative that lets you do that without risk of interception, and in recent years there has been a major drive to activate it on all websites to protect users — not just those that handle sensitive data.
WordPress has significant might online — according to W3techs research, 26.3% of all websites are powered by its content-management system. And now it’s getting fully behind the push for HTTPS, and will turn it on — by default — for every single website it hosts.
Some of the larger companies and media organisations that use WordPress tech may host their sites themselves (or have them hosted elsewhere in the cloud). So HTTPS won’t be automatically activated for them — it will be up to them to sort out.
But all ordinary WordPress users — the owners of and visitors to blogs, websites for small businesses, personal websites, and so on — will get the benefits without having to lift a finger.