WordPress.com Makes SSL Enabled By Default

from the good-move dept

While we've already announced our move to go 100% SSL, it's great to see Automattic announce that it is now making all Wordpress.com accounts default as SSL. That's for the sites that Automattic itself hosts, not necessarily sites that have self-installed copies of Wordpress. Either way, it's still great to see more sites moving to enable SSL by default.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: default, privacy, protection, reset the net, ssl, wordpress
Companies: automattic


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Whatever, 5 Jun 2014 @ 8:59pm

    openSSL

    This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.

    link to this | view in chronology ]

    • icon
      ltlw0lf (profile), 6 Jun 2014 @ 9:16am

      Re: openSSL

      This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.

      There will always be flaws discovered in stuff, at least until computers take over the writing of stuff.

      Also, read the vulnerability report, both the client and the server need to be running vulnerable versions of OpenSSL (which isn't likely to be the case unless the web browser you use is compiled against OpenSSL,) and the attacker has to be in the middle of the stream in order to perform the attack. Significantly more difficult to accomplish than just asking the server to give you the contents of its memory. Really nasty? Absolutely. Earth shattering to the point that we should just turn off our computers and descend to the dark ages. Probably not.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Jun 2014 @ 9:23am

        Re: Re: openSSL

        Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?

        I think you missed those. OpenSSL has been a mess since day 1. All we can hope now is for a horrible death and LibreSSL to come out soon.

        link to this | view in chronology ]

        • icon
          ltlw0lf (profile), 6 Jun 2014 @ 10:08am

          Re: Re: Re: openSSL

          Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?

          There were 5 other ones, not 6. And most of them were DoS attacks. And most of the other ones were not common configurations and thus only affected a small portion of the users.

          All we can hope now is for a horrible death and LibreSSL to come out soon.

          And LibReSSL will have flaws discovered in it too. Theo is a wonderful programmer, but he is one man, with a small team that is spread out over many software branches. And his reputation speaks for itself, but there are still flaws discovered occasionally in OpenBSD/OpenSSH/etc.

          Writing software isn't easy. But instead of bitching and moaning, why don't you help out. OpenSSL hasn't been a mess since day 1 because it was a mess, it has been a mess since day one because it was 2 guys writing software to scratch an itch and there was nothing else around at the time that could solve, and instead of pitching in and helping out, people just leeched on it.

          Is it a big flaw, yes. Nobody is dismissing it. Apply the patch and move on.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 6 Jun 2014 @ 10:48am

            Re: Re: Re: Re: openSSL

            You're right except for the fact that Theo is not working on this alone.

            I invite you to check Bob Beck's presentation on it thus far:
            https://www.youtube.com/watch?v=GnBbhXBDmwU

            OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.

            link to this | view in chronology ]

            • icon
              ltlw0lf (profile), 6 Jun 2014 @ 11:09am

              Re: Re: Re: Re: Re: openSSL

              OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.

              OpenSSL is no more commercial than OpenBSD is. You are welcome to pay for support from OpenSSL in the same way that you are to pay for support from OpenBSD.

              They are both distributed using a BSD or BSD-derivative license.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Jun 2014 @ 10:12pm

    Great.

    link to this | view in chronology ]

  • identicon
    Mr Big Content, 5 Jun 2014 @ 10:38pm

    The Internet Has Become A Haven For Terrorists

    Snowden should die a death of a million firing squads, one for each site that goes SLL. Thats how much damage he has done to our National Security.

    I say we should do away with Anonymity on the Internet. What have all you people got too hide? If the Internet cannot use real Identities, shut it down.

    link to this | view in chronology ]

    • icon
      Jeff Woods (profile), 6 Jun 2014 @ 12:43am

      Re: The Internet Has Become A Haven For Terrorists

      So you don't have curtains or blinds on the windows of your house? You leave your doors unlocked day and night regardless of whether anyone is home? You prefer your bank statement come on a postcard? Do you believe all WiFi should be open WiFi?Do you remove the passwords on all (both?) of your devices? Surely you don't have a safe deposit box or locks on anything in your home. After all, someone might want to see what you're hiding!

      link to this | view in chronology ]

      • icon
        Jay (profile), 6 Jun 2014 @ 3:55am

        Re: Re: The Internet Has Become A Haven For Terrorists

        Yeah... I'm pulling the satire card.

        50 points from House Woods for not getting it...

        link to this | view in chronology ]

      • icon
        Easily Amused (profile), 6 Jun 2014 @ 9:13am

        Re: Re: The Internet Has Become A Haven For Terrorists

        whooooosh.....

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Jun 2014 @ 4:27am

    It's rather incredible that these companies (not TD or F64 but rather big hosts, like Google and WP) have not adopted this before the NSA scandal. I mean, seriously. Those of us that have been doing it since the 90's have been laughing our asses off at the complete lack of social responsibility these companies have.

    It's sad really, that the big companies are so reactive to everything and never proactive. WP.com could have bought a 100$ wildcard SSL years ago for an extra very basic security layer, but chose not to. Why? It makes no sense.

    The up side is that it provides a good insight into those companies' thoughts: "Oh, scandal, let's spin this our way!" instead of "let's prevent security issues with very basic security measure that's been around since 1995.

    Boy am I glad I don't host sites there. Security though public outcry. How nice.

    link to this | view in chronology ]

  • identicon
    not clever, 6 Jun 2014 @ 6:21am

    Re: The Internet Has Become A Haven For Terrorists

    what is your name mister "Mr Big Content"

    good point for @Jeff Woods

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.