Technology

WordPress moves to Https by End of 2014

June 18, 2014 | By Editor 

The shift by tech organizations in order to encode their respective Internet corners continues to gain prominence as more and more companies are enabling SSL certificate and other encoding technologies, such as Perfect Forward Secrecy(PFS), to thwart surveillance and improve security and privacy of user data.

Leading Content Management System (CMS) and blogging tool WordPress, on June 5, 2014, became the latest to pledge to encode its traffic by default. The popular blog and CM platform announced that it plans to have all its (wordpress.com) subdomains served over SSL by 2014 end.

Wordpress Https

In a recent press release, Paul Sieminski, the General Counsel of Automattic, the parent organization to Internet-based development platforms such as WordPress, PollDaddy, VaultPress, JetPack, and Simplenote, said that in the wake of intrusive surveillance the entire tech society has to take a stand and do their optimum beginning with their respective websites and platforms.

He further added that despite Edward Snowden’s revelations and speculations, the three branches (legislative, executive, and judicial) of the U.S. government have not taken many solid steps toward protecting its citizens from unchecked government surveillance.

The announcement came during the first news reports anniversary that described the depths of National Security Agency (NSA) surveillance, also called ‘Reset the Net day’, a coordinated movement that urges sites to encode web traffic using SSL, PFS, and HSTS, apps to also launch SSL and certificate pinning, and promote privacy tools such as VPN or Tor for users interested in keeping Web traffic private.

According to Encrypt the Web, Electronic Frontier Foundation’s (EFF) running tally on encryption, WordPress is neither a supporter of HTTPS Strict, also called HSTS, nor STARTTLS. And, whether WordPress supports PFS, or encodes data center links was also not determined by EFF.

Experts believe that PFS and HSTS should be the default encryption technologies used in any new deployment. HSTS is a policy declaration that may allow web browser to interact only over a HTTPS connection; PFS ensures the private session keys that secure an encoded connection are random. A compromise with one key will not other messages in the future.

Parker Higgins, an EFF enthusiast, last November, said that intercepted encoded information was safeguarded from curious eyes long into the future, even if a site’s secret key was later compromised.

Privacy and security experts have urged tech organizations to encode traffic to secure communication making government surveillance difficult. NSA’s efforts have long succeeded by tardy tech companies who lagged in encrypting web traffic streams and data centers links, which NSA hacked to intercept mails and other information on Google and Yahoo users forcing the two service providers to encode those links.

EFF further elaborated it was not just WordPress that was failing to encode data center links, even other large providers such as Apple, Amazon, AT&T, Verizon, and LinkedIn do not. Paul Sieminski concluded that if encryption is done correctly, then mass surveillance would become more difficult.

ssl certificate

Posted in Technology

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory