WordPress is planning to go HTTPS only this year. Matt Mullenwag, the founder of WordPress, announced in December 2016 that certain features of WordPress will soon require that WordPress is installed on a secure server. So, what does this mean for web developers, businesses and users?
If your business website is hosted on WordPress, there is no immediate cause for concern. In fact, you may already have an HTTPS website, in which case, this news does not affect you – and well done for adopting the latest standard early! It is highly likely that WordPress will release an HTTPS only version, but this will probably be a major release. The latest WordPress version is 4.8 “Evans”, and our guess is that WordPress 5.0 will be the HTTPS version. Everybody hosted on non-secure sites will receive upgrades up to this version, and security patches will no doubt still be issued for 4.X.X versions.
We talked about HTTPS Everywhere on our FSE Online blog in February this year. This is an initiative, driven by Google, to encourage a totally secure Internet. Web security is becoming more important every week, with new reports of hacking, cyber attacks and data breaches becoming standard.
The Google Chrome browser started warning users of unsecured websites some time ago, and Google Search has suggested on multiple occasions that it will start to rank SSL secure sites higher to encourage businesses and web developers to build a stronger and more secure internet. Finally, “not using HTTPS” was listed as a common ecommerce fail. The writing has been on the wall for a long time already – it’s only a matter of time before we see a 100% secure WordPress.
WordPress is a double edged sword. It provides a very easy way for web developers to create modern business websites (it is largely responsible for so many small businesses getting online), but it is also prone to vulnerabilities.
WordPress itself is no worse than other CMSes in that matter, but due to its huge popularity (there are over 75 million websites built on WordPress today, which represents around 25% of all websites) hackers tend to target it.
As the software is released under an open source, creative commons licence, it is very easy for hackers to thoroughly investigate and analyse the latest versions. WordPress therefore has a duty to encourage its users and customers to adopt a safer, more secure way to host websites.
What is HTTPS?
HTTPS is HTTP (Hypertext Transfer Protocol), with a Secure layer added to it – either SSL or TSL. HTTPS encrypts any data that is passed between the web server and clients, and the end users, i.e. the web browser. Without HTTPS, cybercrimonals can access private data over insecure connections. For example, if you use an open public WiFi connection to view a website, it is possible for a hacker to monitor the information that passes between your phone or laptop and the web server, if there is no protective secure layer in place.
The great thing about HTTPS is that you do not need to change your website as such, as it is the web hosting platform that is updated. There will be changes to website URLS, but with the help of a technical SEO consultant, it is relatively straightforward to redirect all old non-secure pages to the new https formats.
It’s also worth noting that users are getting more savvy with regards to website security, and many are demanding HTTPS – it is becoming normal to check that any ecommerce website is secure before heading the checkout, and this is helping to create a much safer Internet.
The Advantages of HTTPS
So, there are two main advantages of HTTPS. First, your website data is better protected – a serious data breach can ruin a company. Second, both users and Google like HTTPS, and this means that by adopting this standard you could gain higher rankings in Google and be more appealing to customers.
Don’t Get Complacent
HTTPS is a massive improvement over HTTP, however, do not assume that using HTTPS makes you or your business website immune to hacking. A lot of work still needs to be done to make client accounts more secure. Only recently, hundreds of UK politicians had their accounts blocked after a massive brute force attempt was made on MP’s computer accounts. Simple usernames and passwords are still just as big a threat to your privacy and security than secure web connections.
A few years ago changing to HTTPS was a huge and expensive challenge for web developers, but it’s reasonably straightforward today. If you need help setting up a secure WordPress website, speak to our technical SEO team and we’ll audit your site and advise you of your options. Don’t ignore web security.