Google switches on Blogspot HTTPS by default, allowing admins and users an opportunity to encrypt their traffic
Google is continuing its crusade to encrypt the web by enabling an HTTPS version of every single domain hosted on Blogspot.
The search giant started the rollout last September, but as an opt-in service. Now users can opt to visit an HTTPS version of a site without its participation, while administrators can turn on an automatic redirect so all visitors are sent to the encrypted version.
Existing bookmarks are unaffected by the changes, while custom domains are not yet supported.
“HTTPS is fundamental to internet security; it protects the integrity and confidentiality of data sent between websites and visitors’ browsers,” said Milanda Perera, security software engineer at Google. “As part of this launch, we’re removing the HTTPS Availability setting. Even if you did not previously turn on this setting, your blogs will have an HTTPS version enabled.
“With this change, visitors can access any Blogspot domain blog over an encrypted channel.”
Google warns that some ‘mixed content, caused by incompatible templates, gadgets or posts, could impact the functionality of some blogs and has set up an online form for authors to flag any issues. This information will be used to create automatic alerts for users if mixed content is detected.
The company already uses HTTPS for its search results, Google Drive and Gmail and is pursuing an evangelical mission to encourage other websites to do the same. For example, its search algorithm now ranks HTTPS-enabled websites higher than those without.
WordPress, one of Blogspot’s biggest rivals, said it would roll out HTTPS to all users earlier this year. The WordPress platform powers about one-quarter of the 10 million most popular websites, making it a popular target for hackers seeking to plant malicious code that can be spread to other users.