There’s no arguing that WordPress has grown to wield much influence on the web, but one area they’ve lacked compared to services and platforms like Facebook, Reddit, and Twitter was their lack of offering HTTPS to sites hosted at WordPress.com that use a custom domain name.
Those days are now over.
They’ve partnered with Let’s Encrypt, a new service offering free SSL certificates, to offer SSL to sites without the site owner having to know how to install SSL.
That’s huge because creating, generating, and installing SSL certificates can be a difficult task, even for those of us with a strong technical background. Thanks to the API nature of Let’s Encrypt, the entire SSL generation and renewal process can be automated, reducing the technical hurdles to implementation and improving adoption.
Why is this important? A few reasons.
First, there’s never been more attention put on security, encryption, and the safety of information. By making it brain-dead simple for their users, WordPress is helping to improve the security of the web.
Second Google loves themselves HTTPS and SSL. Not just in general, as we’ve seen lately in their Gmail messages, but they are starting to rank sites that use HTTPS higher. Still think that HTTPS and TLS is too taxing on your servers? Not so.
At a high level, HTTP/2:
- is binary, instead of textual
- is fully multiplexed, instead of ordered and blocking
- can therefore use one connection for parallelism
- uses header compression to reduce overhead
- allows servers to “push” responses proactively into client caches
Kudos to WordPress.com and Automattic for this move. A safer, more secure web is a better web.