In December 2016, WordPress announced that they would be moving the platform towards a ‘secured by default’ position, and that has now been confirmed to be happening from July 2017…

In a blog post from Matt Mullenweg (WordPress), he said “2017 is going to be the year that we’re going to see features in WordPress which require hosts to have HTTPS available. Just as JavaScript is a near necessity for smoother user experiences and more modern PHP versions are critical for performance, SSL just makes sense as the next hurdle our users are going to face.”

He’s not wrong either as Google and other search providers, as well as internet browsers themselves, have penalised web sites that don’t use the HTTPS prefix to their domain addresses as standard.  It is also more trusted by internet users themselves, who look for the ‘padlock’ when browsing sites to enable them to feel more secure about their actions online.


The prefix you should be looking for on secure web sites - https://
The prefix you should be looking for on secure web sites – https://


So, what is HTTPS?

HTTPS adds a security layer to HTTP (Hypertext Transfer Protocol).  HTTPS essentially encrypts data (using SSL or TSL) that is communicated between servers and clients until it reaches the intended recipient.

This prevents cybercriminals from accessing sensitive user information and also reduces the risk of tapping and modification of sensitive data.  Although HTTPS is not completely fool proof, it undoubtedly has major security advantages for the majority of its users.

HTTPS sites can be easily identified, as they have a locked padlock icon located on the link bar in most common browsers.  As mentioned earlier, within new internet browsers – the address/search bar will display sites as ‘Not Secure’ when they have data or credit card fields, but do not hold any certification.


What happens if I don’t upgrade?

WordPress have already stated that they will look at restricting features of the platform for those who do not use the HTTPS prefix.  They have so far hinted at API integrations from other organisations, for example – Twitter and Facebook feeds, but it will likely also affect e-commerce and payment processing systems.


How do I upgrade my site?

If SM&Co manage your site, we will be in touch to discuss your options going forward.  Nowadays, the time and effort involved in installing an SSL certificate are very low and that means it is good value too.  If we don’t manage your site presently, and you need help or assistance – please contact us.