WordPress.com Makes SSL Enabled By Default

from the good-move dept

While we’ve already announced our move to go 100% SSL, it’s great to see Automattic announce that it is now making all WordPress.com accounts default as SSL. That’s for the sites that Automattic itself hosts, not necessarily sites that have self-installed copies of WordPress. Either way, it’s still great to see more sites moving to enable SSL by default.

Filed Under: , , , , ,
Companies: automattic

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “WordPress.com Makes SSL Enabled By Default”

Subscribe: RSS Leave a comment
ltlw0lf (profile) says:

Re: openSSL

This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.

There will always be flaws discovered in stuff, at least until computers take over the writing of stuff.

Also, read the vulnerability report, both the client and the server need to be running vulnerable versions of OpenSSL (which isn’t likely to be the case unless the web browser you use is compiled against OpenSSL,) and the attacker has to be in the middle of the stream in order to perform the attack. Significantly more difficult to accomplish than just asking the server to give you the contents of its memory. Really nasty? Absolutely. Earth shattering to the point that we should just turn off our computers and descend to the dark ages. Probably not.

ltlw0lf (profile) says:

Re: Re: Re: openSSL

Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?

There were 5 other ones, not 6. And most of them were DoS attacks. And most of the other ones were not common configurations and thus only affected a small portion of the users.

All we can hope now is for a horrible death and LibreSSL to come out soon.

And LibReSSL will have flaws discovered in it too. Theo is a wonderful programmer, but he is one man, with a small team that is spread out over many software branches. And his reputation speaks for itself, but there are still flaws discovered occasionally in OpenBSD/OpenSSH/etc.

Writing software isn’t easy. But instead of bitching and moaning, why don’t you help out. OpenSSL hasn’t been a mess since day 1 because it was a mess, it has been a mess since day one because it was 2 guys writing software to scratch an itch and there was nothing else around at the time that could solve, and instead of pitching in and helping out, people just leeched on it.

Is it a big flaw, yes. Nobody is dismissing it. Apply the patch and move on.

Anonymous Coward says:

Re: Re: Re:2 openSSL

You’re right except for the fact that Theo is not working on this alone.

I invite you to check Bob Beck’s presentation on it thus far:

OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.

ltlw0lf (profile) says:

Re: Re: Re:3 openSSL

OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.

OpenSSL is no more commercial than OpenBSD is. You are welcome to pay for support from OpenSSL in the same way that you are to pay for support from OpenBSD.

They are both distributed using a BSD or BSD-derivative license.

Mr Big Content says:

The Internet Has Become A Haven For Terrorists

Snowden should die a death of a million firing squads, one for each site that goes SLL. Thats how much damage he has done to our National Security.

I say we should do away with Anonymity on the Internet. What have all you people got too hide? If the Internet cannot use real Identities, shut it down.

Jeff Woods (profile) says:

Re: The Internet Has Become A Haven For Terrorists

So you don’t have curtains or blinds on the windows of your house? You leave your doors unlocked day and night regardless of whether anyone is home? You prefer your bank statement come on a postcard? Do you believe all WiFi should be open WiFi?Do you remove the passwords on all (both?) of your devices? Surely you don’t have a safe deposit box or locks on anything in your home. After all, someone might want to see what you’re hiding!

Anonymous Coward says:

It’s rather incredible that these companies (not TD or F64 but rather big hosts, like Google and WP) have not adopted this before the NSA scandal. I mean, seriously. Those of us that have been doing it since the 90’s have been laughing our asses off at the complete lack of social responsibility these companies have.

It’s sad really, that the big companies are so reactive to everything and never proactive. WP.com could have bought a 100$ wildcard SSL years ago for an extra very basic security layer, but chose not to. Why? It makes no sense.

The up side is that it provides a good insight into those companies’ thoughts: “Oh, scandal, let’s spin this our way!” instead of “let’s prevent security issues with very basic security measure that’s been around since 1995.

Boy am I glad I don’t host sites there. Security though public outcry. How nice.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...