Making WordPress More Secure
Courtesy of WordPress.org
Posted December 1, 2016 by Matt Mullenweg (founder of WordPress)
SSL basically means the link between your browser and the server is encrypted. SSL used to be difficult to implement, and often expensive or slow. Modern browsers, and the incredible success of projects like Let’s Encrypt have made getting a certificate to secure your site fast, free, and something we think every host should support by default, especially in a post-Snowden era. Google also weighs SSL as a search engine ranking factor and will begin flagging unencrypted sites in Chrome.
First, early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts. Later we will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.
Separately, I also think the performance improvements in PHP7 are particularly impressive, and major kudos to everyone who worked on that. We will consider whether hosts use PHP7 by default for new accounts next year as well.”
At DigitalOatmeal, we use SSL and HTTPS on ALL of our current websites. All of our sites utilize Let’s Encrypt, a leader in making the web a more secure place to work and play. For more information on Let’s Encrypt and how it works and what it does, you can go here.
To all of you from all of us, here at DigitalOatmeal, have a happy and safe Holiday Season.