An upcoming upgrade to WordPress will make it much easier for website owners to upgrade from HTTP to HTTPS.
WordPress 5.7, which is currently in beta and will be released to the public on March 9, promises to make the previously difficult task of migrating to a secure instance of the content management system (CMS) a one-step process, as explained by the WordPress core development team:
For all people concerned, switching a WordPress site from HTTP to HTTPS has proven to be a pain. While the site and WordPress addresses must be updated on the surface, content with embedded HTTP URLs remains unchanged in the database.
Migrating a website to HTTPS is now a simple one-click process with this release. When the Site and WordPress Address both use HTTPS, all URLs in the database are automatically replaced. Additionally, Site Health now includes a check for HTTPS compatibility.
HTTPS everywhere
On its official statistics page, WordPress omits data on the number of websites. That serve content over HTTP rather than the more secure HTTPS protocol.
According to httparchive.org, HTTPS is used by 89.3 percent of URLs crawled, a figure that some believe reflects the state of deployment of secure WordPress site instances, the most widely used CMS framework on the web.
WordPress expert Tim Nash, on the other hand, cautioned that “getting reliable stats is hard,” and that the httparchive figure “seems too high,” despite the fact that installing HTTPS WordPress installations is becoming easier.
“With most major hosts supporting one-click or zero-click HTTPS, as well as one-click or zero-click WordPress installs,” he explained, “the trend for new sites is overwhelmingly over HTTPS.” Older sites also benefit from the fact that setting up HTTPS on most hosts is becoming much easier.
“It’s quite difficult to run a site over HTTP only these days and get traffic [because] browsers are being proactive about warning about sites running HTTP only,” he added.
The new feature in WordPress 5.7 is designed to “build on the work done by hosting companies and browsers and to try and reduce the amount of mixed protocol messages, by proactively changing URLs in the database that are not relative”, according to Nash.
WordPress has been gradually pushing users towards HTTPS for nearly two years, according to Ryan Dewhurst, founder and CEO of WPScan.
Take a look at some of the most recent WordPress security updates
“Since WordPress 5.1 (February 2019), WordPress has included a new Site Health page in the admin section,” Dewhurst explained.
“This page includes some basic security checks, including warning the user if they are not using HTTPS.”
The hardcoded URLs used in pages, posts, and the theme itself. According to Dewhurst, are the biggest challenge for WordPress administrators when migrating to HTTPS from HTTP.
“This leads to mixed content issues. Where the page loaded over HTTPS but includes HTTP content,” he said.
WordPress 5.7 security enhancements
According to the release notes, WordPress 5.7 assists users in overcoming. Any potential HTTPS upgrade challenges by updating all URLs stored in the CMS database automatically.
Improvements to the editor will also included in the upcoming release. Which will be the platform’s first major upgrade in 2021.
“WordPress 5.7 will also include updates to the jQuery JavaScript library. Which has lagged behind in the past, causing WordPress to use older versions, or backported versions,” Dewhurst concluded.
WordPress 5.7 also brings in a new password reset button
“The new interface streamlines this process [that will] allow site admins to quickly reset and automatically start the reset password process for an end user,” Nash told The Daily Swig.
According to Nash, a WordPress security consultant at timnash.co.uk, one of the biggest changes. That will “impact security in years to come” is the introduction of script attribute functions.
“This will allow standardisation of the way inline JavaScript and CSS generated on the site,” he explained. “This might not sound particularly interesting. But it will allow the passing of, for example, a nonce to all inline CSS correctly generated.
“Ultimately this work is design to allow Content Security Policies in the wp-admin area. Without having to resort to unsafe-inline,” Nash concluded.
You may also like:
10 Best WordPress Popup Plugins for Free
Checkout Address Autofill – A Must Have Plugin for WooCommerce
Leave A Comment