Skip to content →

Securing WordPress personal blogs: needless worry or table stakes?

Here we go, kicking off the year 2016 with my first post of hopefully many, with the hope that I can develop a habit of frequent (and with some luck, daily) submissions. Developing a writing routine that can span multiple topic areas is something I’ve longed to do for a number of years and the best way to make it happen is to start writing. Some, but not all, of the posts that I share here will be re-syndicated elsewhere so don’t be surprised if you also see them on LinkedIn, on Medium, etc.

Anyway, on to my thought for the day which has to do with personal blogs and the question of HTTPS / SSL security. With writing taking center stage atop well-maintained, updated WordPress installations, it’s somewhat unclear to me how important security is for this use case.

For most web applications and e-commerce sites that involve personal information, user authentication, data sharing, etc., the procurement and adoption of a trusted SSL certificate is generally a no-brainer. But for personal blogs not hosted on externally-powered services like WordPress VIP or Tumblr, I’ve found that it’s still very much an open question and confusing for the average blogger.

In 2014 (and also more recently in 2015), Google announced in a variety of different ways that they will use HTTPS as a ranking signal when indexing sites and displaying search results.

And to make matters more interesting, not all SSL certificates can be considered equally. Features like warranty, money-back guarantee, certificate authority trust level, reissue volume, domain ownership validation, customer support, certificate installation, encryption level, browser compatibility and price are all part of the diligence process. In fact, I’ve found that you can acquire an SSL certificate for $9/year all the way up to $399/year — that’s quite a range for someone simply looking to blog using WordPress and benefit from Google’s HTTPS ranking boost.

In short, I think HTTPS over TLS is important but you may not see it on this blog for a couple weeks as I personally navigate the process of acquiring an SSL certificate for my domain, assigning it to my web host and ensuring that WordPress uses it consistently and correctly for active and archived posts.

Lastly, for those reading this, there may be a lucrative opportunity to help those managing and self-hosting their own blogs (like mine) to review their SSL certificate options and acquire, configure and enable them. It’s a somewhat messy, time-consuming and tedious chore that most won’t ever bother with so imagine how simple an Amazon Mayday support process would be to offer and sell to bloggers worldwide.

Happy New Year,

Published in General