2017 is about to start with a bang. WordPress has already announced its intentions of going completely in support of HTTPS hosting. The founder and
Matt also stated that WordPress will be introducing new features for their themes and templates that could only be supported by HTTPS platforms. Confirmed sources state that the new 4.7 platform build will require SSL technology for security enhancement purposes.
What is the purpose of SSL?
The introduction of a mandatory SSL (Secure Sockets Layer) model will ensure that customer information is protected by added security layers. SSL has two main purposes:
- To ensure that the details of a transaction and/or conversation remains private between the sender and the server,
- Ensuring that the customer is reaching out to the server directly that they intend to correspond to.
So the hullabaloo is all about making the SSL certificates compulsory for all websites. HTTPS is your regular dose of HTTP (Hypertext Transfer Protocol) nicely slathered on both sides with SSL encryption. Earlier making HTTPS platforms used to be both costly and time-consuming. HTTPS never gained much momentum before 2015 since they weren’t as effective and they had the notorious reputation of slowing websites down. With the advent of PHP 7 in early 2015, new doors opened for HTTPS evolution. The HTTPS platforms we are talking about now are fast, smooth and completely secure. They are also cost effective as compared to the service they provide. Now all online transactions, password updates, and medical histories info can remain personal.
What’s the point of making HTTPS mandatory?
WordPress is all about customer service. This open source platform has finally taken the extra step required to ensure that all web builders using WordPress can experience and cater the sense of security to their individual customers and clients. With the new features to be introduced in 2017, the November debacle can seem like a distant nightmare.
How to know if you are in safe hands as a user?
Just to familiarize you with a working idea of HTTPS, let us bring to your notice the green tag and the “lock” sign you see on the top left corner of our URL. This denotes that the website you are browsing is safe and is SSL encrypted. So all transactions you make on this website are secure. In case you do not see a green lock on the top left corner of any website URL, but you see a red “x” this means the website you are on does not have a host that supports HTTPS. If you are looking for a registered physician, psychiatrist or a dentist, sure as daylight you won’t find him there. In short, scoot!
Does HTTPS affect Google
Google has taken an edgy initiative to promote HTTPS platforms. This trend started earlier this year but was not made as strong. Google crawlers check websites for HTTPS support, the websites that are on an HTTPS host server automatically get higher ranks on the SRLs. Google has not penalized any website for using a non-SSL encrypted server, but the news is, very soon the “unsafe” sites are going to be pushed down on the SRL. The decision was announced back in august. Google will henceforth be taking HTTPS into account as a ranking signal for websites.
Over the last few months, Google tested sites while taking into account their levels of safety and security. Since most of the sites responded positively Google took another step and started including HTTPS as a ranking signal. At this moment, this affects only about 1 percent of all queries. But considering the fact that over 69 percent of all current websites use WordPress CMS this is quite a large number; we are talking a few hundred-thousand websites being affected right now.
The walk of shame for non-HTTPS
With its decision to tag “non-secure” sites in 2014, Google has made it very evident that they will go as far as publicly shaming websites for lacking an HTTPS support. This was echoed in Google Security Engineering Team Manager Parisa Tabriz’s Tweet that declared Google’s intention to call out “unsafe” HTTP sites. In the mean-time, Google is giving some much-needed time to the HTTP websites to switch to a safer HTTPS host.
It’s not just Google developing a sudden knack for HTTPS websites. Both Apple and Mozilla have shown their support to the “encrypt everything” drive. By the beginning of 2017, we can see all US government websites to be HTTPS by default. A trusted source (who requested to be kept anonymous) from the depths of the Google offices has said that the company is planning on announcing its intentions of making the HTTP flag default by early 2017.
A little more from WordPress.com
WordPress.com already provides a free version of HTTPS to its users who are hosting sites on the WordPress platform. The target is to promote the voluntary choice of HTTPS hosts. WordPress is hence coming up with the positive reinforcement of new features for all WordPress users that can only be supported by HTTPS host servers.
This sudden drift towards HTTPS from HTTP is all because of safety. HTTP is quite obsolete, as you can see. It offers no hint of protection to the users or the webmasters who are running the websites. Adding a much-needed layer of protection in the form of SSL is a small price to pay for the safety of millions.