On This Page: [hide]
WordPress will implement a feature that will make updating from HTTP to HTTPS easier in its next version – WordPress 5.7.
This feature will make it a lot easier to migrate your website URL to the safer HTTPS only with a couple of clicks. Here is what the WordPress developers introduce:
Switching a WordPress site from HTTP to HTTPS has proven to be a pain for all involved. While on the surface, the site address and WordPress address have to be updated, content with embedded HTTP URLs remains unchanged in the database.
With this release, migrating a site to HTTPS is now a one-click interaction. URLs in the database are automatically replaced when the Site and WordPress Address are both using HTTPS. Also, Site Health now includes an HTTPS status check.
HTTPS Usage
Up to now, 89.3% of the websites in the networking space are using HTTPS according to HTTPArchive.
By implementing the new upgrade feature, WordPress will increase this number and the state of site development will become a lot more secure, especially for new WordPress users.
WordPress expert Tim Nash forewarned that “getting reliable stats is hard” even though adding HTTPS to WordPress is becoming easier.
With most major hosts supporting one click or zero-click HTTPS and WordPress install, new sites usually choose HTTPS, Nash added.
“Older sites also benefit that for most hosts installing HTTPS is becoming significantly easier, It’s quite difficult to run a site over HTTP only these days and get traffic because browsers are being proactive about warning about sites running HTTP only”, he illustrated.
The new update also builds on the work done by hosting companies and browsers which have been trying to reduce the number of mixed protocol messages, by proactively changing URLs in the database that are not relative.
WordPress 5.7 Security Intensifications
As we can see from the version 5.7 release notes, the CMS will reduce any potential HTTPS sufferings by automating the whole process of upgrade.
“WordPress 5.7 will also include updates to the jQuery JavaScript library, which has lagged behind in the past, leaving WordPress using older versions, or backported versions,” said Ryan Dewhurst, founder, and CEO of WPScan.
In terms of password security, a new password reset button is about to be presented. This will give the opportunity to site admins to quickly reset and start the reset password process for an end-user.
“There will be introduced script attribute functions which will be one of the biggest and impactful changes for the WordPress security”, according to Nash.
This is done to allow standardization of how inline JavaScript and CSS are generated on the site, allowing the passing of a nonce to all inline CSS correctly generated.
“Ultimately this work is designed to allow Content Security Policies in the wp-admin area without having to resort to unsafe-inline,” the expert concluded.
How to redirect from HTTP to HTTPS