WordPress.com is adding HTTPS support for all of its blogs. If you have a custom domain or a blog under the wordpress.com domain name (like code.wordpress.com), you’re good to go.
While many social services like Facebook and Twitter have supported HTTPS for a while now, WordPress.com was still lagging behind for custom domain names.
Since 2014, WordPress.com subdomains have supported HTTPS, but not the others. But this isn’t as easy as flipping a switch for custom domain names as you need certificates for all domain names.
Thanks to the Let’s Encrypt project, it has become much cheaper and easier to implement HTTPS across the web. WordPress.com is taking advantage of this initiative for its websites. Each website now has an SSL certificate and will display a green lock in your address back.
As a nice side effect, Google tends to favor websites that support HTTPS over HTTP-only website. So your WordPress.com website should rank higher in Google search results.
I’m sure you all have a burning question. What do I need to do to activate HTTPS? In an Oprah-like moment, WordPress.com is activating HTTPS on all websites without having to do anything. You get an SSL certificate! Everyone gets an SSL certificate!