So CISOs whose organizations have custom WordPress domains will be pleased by Friday's announcement that free HTTPS for all domains hosted on WordPress.com has been added at no charge.
WordPress.com has offered free encryption for sites running on a subdomain of the site, such as example.wordpress.com, since 2014, and said it now plans to begin rolling out the technology to the more than one million custom domains (such as example.com) for which it provides hosting services.
The company was already supporting encryption for subdomains (e.g.: https://username.wordpress.com), using certificates issued for the main wordpress.com domain.
Automattic choosing to implement Let's Encrypt certificates is not a odd choice, since the company has been very supporting of open source software, Internet privacy, and had taken an anti-government surveillance stance before. The change is automatic, meaning users don't need to enable the feature or change anything to activate the offering.
WordPress said in a blog post that the gift brings "security and performance of modern encryption to every blog and website we host", all without users having to lift a finger.
WordPress is aided here by the Let's Encrypt project, which provided a range of SSL certificates and an automated way to manage them.
"You'll see secure encryption automatically deployed on every new site within minutes", WordPress.com stated.
WordPress is not alone in backing HTTPS, of course, and reminded customers that Google reflects its use in search results.
As mentioned earlier, a green lock icon on the left side of the address bar and an "https://" URL are indicators that the website is secured and has an SSL certificate. And as this January blog from Trend Micro notes, Let's Encrypt for can be abused by attackers who set up a malicious Web site of their own that uses these certificates but feeds into other sites - including, possibly one hosted on WordPress.
"We will transparently handle all the complexities of SSL certificate management for you".
Kerry in Hiroshima, says time to get rid of nuclear weaponsSpeaker of the House of Representatives Nancy Pelosi in 2008, Kerry is the senior-most executive branch official to visit. Before he visited the memorial, Kerry spoke with Fumio Kishida, the Japanese foreign minister.
Source: Wordpress.com turns on default encryption for hosted domains
No comments:
Post a Comment