WordPress Signals End to HTTP Support

Google has been attempting to bring sites to the HTTPS security standard for some time, and it looks as though the message has been heeded by WordPress.  In a statement, WordPress founder Matt Mullenweg announced that all hosts will shortly need to have the higher level of security for certain features, including many API’s will only work on the encrypted hosts.


In the press release, Mullenweg said

“First, early in 2017, we will only promote hosting partners that provide an SSL certificate by default in their accounts. Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.”


What Does This Mean for WordPress Users?

It depends on your site and what it is used for.  For a very basic site that only offers static pages of information, it is likely that it will mean very little.  However, you are likely to see that WordPress will be less likely to patch old non-https version of its software.  This could leave you open to more security issues.

In the longer term, Google has already expressed a preference for sites to move to HTTPS.  A site that is based on an outdated version of the WordPress platform is unlikely to be viewed positively by the search engine, particularly when the upgrade cost virtually nothing.

For users with more active sites that take data from users or use API’s, it is likely that these plugins will cease to work as they are updated to only operate under HTTPS conditions.

How to Change to HTTPS on WordPress

HTTPS moves are usually relatively simple, involving no more than adding HTTPS security layers to a server, moving the site to the newly secured server address, repointing all current pages from the old HTTP site to their new equivalents and then regenerating and resubmitting sitemaps. The process should result in minimal downtime for most users.

Free HTTPS certificates are available from the Let’s Encrypt project.  These are suitable for many sites, but we would suggest a paid alternative if your site is of extremely high value.

If your developer is unsure of how to perform site moves to the HTTPS security standards, then call us. DOM Marketing has handled these services on many high-value sites.