Configuration

HTTPS

Why use HTTPS

If you sign in to WordPress.com via a non-secure Internet connection, like a public Wi-Fi connection at your local coffee shop, your account may be more vulnerable to hijacking. To keep the bad guys out, we recommend using HTTPS.

↑ Table of Contents ↑

Enabling HTTPS

To enable HTTPS you need to head on over to the Users –> Personal Settings screen.

Once there you want to check the box that says “Always use HTTPS when visiting administration pages” and then press the Save Changes button at the bottom of the page. When you log back in, you’ll be rolling with SSL encryption.

↑ Table of Contents ↑

Frequently Asked Questions

Does it slow down WordPress.com ?
With this option turned on, you may find that WordPress.com is more sluggish over the https connection. That’s because nothing that’s transmitted over SSL is cached, so it takes some extra work to re-download all the information on a page.

How do I get those annoying security warnings to go away?
You may receive warnings as you navigate around your admin with HTTPS enabled.

These warnings are actually quite normal. When you see the alert on your WordPress.com dashboard, it’s usually a misguided warning more than anything, and you will only see it when logged in.

When you connect to your Dashboard over an HTTPS connection, we use an SSL certificate to encrypt your connection. SSL certificates need to be signed to a specific domain, and we can’t provide certificates for every mapped domain, so our certificate is signed for WordPress.com.

When you connect to your Dashboard via your own domain but your security software sees a certificate signed to http://wordpress.com/ it’s alerting you that WordPress.com may be intercepting your connection, which of course is perfectly fine. You may also see this warning if you attempt to reach your blog (not your Dashboard) using “https” instead of “http” in your blog URL.

Most security systems should have a way to add a permanent exception so you will never see the warning again in this instance.

↑ Table of Contents ↑

Manage in Internet Explorer

  1. Go to Tools > Internet Options in your browser menu.
  2. Add *.wordpress.com to your list of trusted sites under the Security tab. Make sure to uncheck the box for “Require server verification (https:) for all sites in this zone.”
  3. Set Internet Options> Security> Trusted Sites> Custom Level> Miscellaneous> Display Mixed Content to “Enable” (you’ll have to do lots of scrolling to get there).
  4. Click OK on all windows.
Security -> Trusted Sites

Security -> Trusted Sites

Add *.wordpress.com to trusted sites

Add *.wordpress.com to trusted sites

Enabled the display of mixed content

Enabled the display of mixed content

↑ Table of Contents ↑

Manage in Chrome

Mac:

  1. Click on the padlock icon in the address bar

  2. Click on “Certificate Information”

  3. There should be a blue-framed “Certificate” icon – click and drag that image to your desktop.

  4. Double-click on the certificate file (*.wordpress.cer)

  5. Keychain will then ask you if you want to add this certificate

  6. Go to Keychain
  7. Choose “login” under Keychains and “Certificates” under Category
  8. Double click on the correct Certificate

  9. Twirl open the “Trust” area
  10. Select “Always Trust” in the When Using This Certificate dropdown.
  11. You will be prompted for your computer password to make changes to your Keychain.
  12. The red X will turn to a blue +

  13. Restart Chrome.

↑ Table of Contents ↑

Manage in Firefox

  1. Go to Firefox menu > Preferences > Advanced > Certificates
  2. Choose your preference
Still confused?

Contact support.

Not quite what you're looking for?

Get Help