As wordpress.com websites are hosted by the company itself, the maintenance of ssl certification or secure https connection, though out the website, is their responsibility.
Need for https or secure connection
Http was the old method to connect a website through a browser. Now its changed and we have the https, as new boy in the block. The difference between http and https is that, the former has added security encryption, otherwise known as SSL or TLS certification.
In short, HTTPS = HTTP + SSL certification.
Connection through http protocol is dangerous, as you become vulnerable to hackers. That’s the sole reason why the browser companies like firefox, chrome, safari, etc prefers to load only https enabled websites. If any portion of your website loads through an http connection, the content will be blocked by default. If all the portion of your website loads only through http, then the entire site will be blocked.
Now lets see what search engines like google, bing, yahoo, etc does to http websites. The visitor count to a website is directly dependent to its performance in search engines. A website that loads through http connection will not be preferred by search engines, as it compromises the our data security. This will result in poor performance of your website in search results and thereby, very low visitor count.
For more information on the topic, please visit -> https://postboard.in/2020/02/19/only-enter-secure-websites-https-insecure-websites-http-make-you-vulnerable-to-hackers/
What is compromised in your wordpress.com website?
WordPress.com gives ssl or tls certification to all websites created within it. So by default, your website has https security enabled. Also, for ensuring all the portions of the website is loaded via https protocol, the website should force the browser to attempt the connection through https. Wordress.com is successful in this aspect too.
In wordpress.com, what compromises the security is the presence of mixed content, when we display some widgets that interferes with https secure connection.
What is mixed content?
Mixed content or partially secure websites contains – an HTTPS page that includes content fetched using HTTP. Pages like these are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe.
How to identify mixed content?
Just look at the address bar of your computer browser. If you see a “padlock” or written “secure” just left to your website, it is secure. Otherwise you need to consider enabling that padlock, asap.
For more info on mixed content -> https://postboard.in/2020/02/19/only-enter-secure-websites-https-insecure-websites-http-make-you-vulnerable-to-hackers/
Common mixed content in wordpress.com
Occasionally widgets that displays,
-> Gravatar images and profile may cause mixed content.
-> Internet Defense League image is a mixed content link.
Theses are the two portions on this website those threatened us. But there can be more. I wonder why wordpress.com is not taking any action against such third party links in widgets.
Additionally, when you enter a website or file url, always type https:// in front of the address.
For eg: https://postboard.in
How to find mixed content on any website?
Go to -> https://www.whynopadlock.com/
Enter your web address with mixed content warning. Do the scan. When the scan is completed, the mixed content areas of your site will be displayed. Convert those http links to https or else delete the mixed content.
We can help you…
If you follow us on wordpress and join our whatsapp community -> https://postboard.in/join-us/, we can help you to secure your website. Its free of cost.