ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    HTTPS Everywhere: Encryption for All WordPress.com Sites

    News
    wordpress security encryption ssl lets encrypt
    6
    29
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Alex Sage
      last edited by Alex Sage

      Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com. This brings the security and performance of modern encryption to every blog and website we host.

      https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/

      1 Reply Last reply Reply Quote 4
      • tonyshowoffT
        tonyshowoff
        last edited by tonyshowoff

        If you're using a custom domain like cowbells.com (edit: lol it's real apparently), surely you must pay for a signed certificate? Is WordPress really providing it, as you said "you're good to go" even if you have a custom domain?

        Deleted74295D 1 Reply Last reply Reply Quote 0
        • Deleted74295D
          Deleted74295 Banned @tonyshowoff
          last edited by

          @tonyshowoff said:

          Is WordPress really providing it, as you said "you're good to go" even if you have a custom domain?

          If you have a subdomain of YOURNAME.wordpress.com you get it.

          YOURNAME.com won't be covered.

          tonyshowoffT A 2 Replies Last reply Reply Quote 0
          • tonyshowoffT
            tonyshowoff @Deleted74295
            last edited by

            @Breffni-Potter said:

            @tonyshowoff said:

            Is WordPress really providing it, as you said "you're good to go" even if you have a custom domain?

            If you have a subdomain of YOURNAME.wordpress.com you get it.

            YOURNAME.com won't be covered.

            I figured, but OP seems to say otherwise, but it'd cost WordPress a hell of a lot to cover everyone.

            J A 2 Replies Last reply Reply Quote 0
            • J
              Jason Banned @tonyshowoff
              last edited by

              @tonyshowoff said:

              @Breffni-Potter said:

              @tonyshowoff said:

              Is WordPress really providing it, as you said "you're good to go" even if you have a custom domain?

              If you have a subdomain of YOURNAME.wordpress.com you get it.

              YOURNAME.com won't be covered.

              I figured, but OP seems to say otherwise, but it'd cost WordPress a hell of a lot to cover everyone.

              Unless they are just using lets encrpyt for all of them

              A 1 Reply Last reply Reply Quote 0
              • A
                Alex Sage @Deleted74295
                last edited by Alex Sage

                @Breffni-Potter said:

                If you have a subdomain of YOURNAME.wordpress.com you get it.

                YOURNAME.com won't be covered.

                WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com.

                https://en.support.wordpress.com/https/

                1 Reply Last reply Reply Quote 0
                • A
                  Alex Sage @Jason
                  last edited by Alex Sage

                  @Jason

                  The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately started working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.

                  1 Reply Last reply Reply Quote -1
                  • A
                    Alex Sage @tonyshowoff
                    last edited by Alex Sage

                    @tonyshowoff Let's Encrypt is completely free.

                    tonyshowoffT 1 Reply Last reply Reply Quote 0
                    • tonyshowoffT
                      tonyshowoff @Alex Sage
                      last edited by

                      @aaronstuder said:

                      @tonyshowoff Let's Encrypt is completely free.

                      Without Microsoft support and recognition of it, it's completely useless from a business perspective, and maybe even a regular person perspective, considering red WARNING!!!! doesn't go over well. I like the idea of Let's Encrypt, the idea that SSL certs require money for signing due to "insurance" is a total lie and it's a way to print money. Any proof an SSL certificate has failed? No, only underlying protocols and software.

                      All that money Versign and the other monsters collect to send out 25kb of data is a scam, and it's no surprise the first browser to start claiming self-signed certificates were inherently dangerous was IE.

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        Alex Sage @tonyshowoff
                        last edited by Alex Sage

                        @tonyshowoff What are you talking about?

                        Let's Encrypt doesn't cause any warnings.

                        I have tons of sites running LE with no warnings...

                        https://letsencrypt.org/certificates/

                        tonyshowoffT 1 Reply Last reply Reply Quote 0
                        • tonyshowoffT
                          tonyshowoff @Alex Sage
                          last edited by

                          @aaronstuder said:

                          @tonyshowoff What are you talking about?

                          Let's Encrypt doesn't cause any warnings.

                          I have tons of sites running LE with no warnings...

                          https://letsencrypt.org/certificates/

                          Do you have an example of a web site using it?

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            Alex Sage @tonyshowoff
                            last edited by

                            @tonyshowoff said:

                            Do you have an example of a web site using it?

                            Sure. https://letsencrypt.org/

                            tonyshowoffT 1 Reply Last reply Reply Quote 0
                            • tonyshowoffT
                              tonyshowoff @Alex Sage
                              last edited by tonyshowoff

                              @aaronstuder said:

                              @tonyshowoff said:

                              Do you have an example of a web site using it?

                              Sure. https://letsencrypt.org/

                              That's issued by IdenTrust and is a part of the same certificate authority, I'm talking about one issued by letsencrypt themselves, as a part of that chain, not their parent, unless of course that's how it works.

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                Alex Sage @tonyshowoff
                                last edited by

                                @tonyshowoff https://helloworld.letsencrypt.org/

                                tonyshowoffT 1 Reply Last reply Reply Quote 1
                                • tonyshowoffT
                                  tonyshowoff @Alex Sage
                                  last edited by

                                  @aaronstuder Thank you 🙂

                                  A 1 Reply Last reply Reply Quote 0
                                  • A
                                    Alex Sage @tonyshowoff
                                    last edited by

                                    @tonyshowoff said:

                                    @aaronstuder Thank you 🙂

                                    Any warnings?

                                    tonyshowoffT 1 Reply Last reply Reply Quote 0
                                    • tonyshowoffT
                                      tonyshowoff @Alex Sage
                                      last edited by

                                      @aaronstuder said:

                                      @tonyshowoff said:

                                      @aaronstuder Thank you 🙂

                                      Any warnings?

                                      No, not in Chrome, IE, Opera, or Firefox (as presumed). This is great! But my criticism above stands when it comes to independent authorities and my criticism of the sign-monster coming on board in the first place without a free option available back then. I really hope this makes a big dent in the absolute scam that is the signed certificate industry.

                                      The only criticism I do have is that they do not support wild card and apparently don't plan to anytime soon, according to community posts I found (granted from months ago). Until wildcard is supported, Versign, Thawt, etc will continue to just exploit the hell out of people. Having said that, this is a great start. There was that one SSL service which provided "free" SSL for years now, but it's a pain in the ass to setup, and their site basically wants you to be an expert to avoid having to pay.

                                      Great start, wonderful 🙂

                                      A 1 Reply Last reply Reply Quote 0
                                      • A
                                        Alex Sage @tonyshowoff
                                        last edited by

                                        @tonyshowoff I agree. Wildcard support would be excellent, but the price is right 😉 Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc)

                                        tonyshowoffT 1 Reply Last reply Reply Quote 1
                                        • tonyshowoffT
                                          tonyshowoff @Alex Sage
                                          last edited by

                                          @aaronstuder said:

                                          @tonyshowoff I agree. Wildcard support would be excellent, but the price is right 😉 Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc)

                                          Indeed, like I said, great start, if nothing else hopefully it will cause the prices in wildcards to drop due to fears of people leaving their current issuers.

                                          1 Reply Last reply Reply Quote 1
                                          • DashrenderD
                                            Dashrender
                                            last edited by

                                            The problem with free is someone has to pay for the servers that support it. I'm really glad that the EFF has decided to do Let's Encrypt - something that took them well over a year after they first announced it before it was working.

                                            To boot strap themselves, they have their root certificate signed by someone that most if not all browsers already trusted until they get their own root cert accepted by most if not all browsers directly.

                                            tonyshowoffT 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post