SSL for VIP Sites

Overview #

As a part of our overall efforts to encrypt sites hosted on, we strongly encourage VIP sites to enable SSL/HTTPS for a custom domain name mapped to your site, and to redirect all site traffic to that secure URL.

By default all domains on have SSL enabled. We have temporarily excluded VIP sites from this requirement to allow time to update themes and site assets so they are SSL-compatible. We’re aware that some third-party ad networks do not yet support SSL for displaying ad content. If your ad networks don’t already support SSL, we hope you will strongly encourage them to do so quickly.

↑ Top ↑

Options for SSL Support #

For VIP sites ready enable HTTPS support, we can provide a few options:

  • Secure (default): HTTPS-only. Valid SSL certificate installed, all HTTP traffic redirected to HTTPS.
  • Testing: Valid SSL certificate installed, HTTP traffic NOT redirected to HTTPS. This mode is recommended only for testing and resolving mixed-content issues and is not recommended as a long-term solution. Note that testing mode will have unintended side effects and will most likely impact your sitemaps and how search engines see the site. It’s not recommended to stay with testing mode for longer then a week.
  • Insecure: Valid SSL certificate installed, HTTPS traffic redirected to HTTP. Not recommended, but can be implemented as a short-term workaround for any issues that might come up in testing.

↑ Top ↑

Important Notes #

A few notes about how SSL encryption on VIP works:

  • Our SSL implementation is SNI based, which means some legacy browsers will not be fully supported in their access to pages served over SSL. Consider this when evaluating whether or not to have us globally redirect all requests to HTTPS URLs, and/or in setting the canonical URL to the HTTPS version of pages/posts on your site.

↑ Top ↑

Setup Process #

When you are ready to enable HTTPS support for your VIP site using one of the above options, please open a support ticket and include the following information:

  • The domain name(s) for which you want to add HTTPS support.
  • If you want to purchase your own SSL certificate, a request that we generate a CSR.
  • Which support option described above you want to use (Secure, Testing or Insecure).
  • Optionally for the “Secure” option and where you are providing the certificate, a request to use HSTS headers as a part of the redirect. Note that if these are enabled and you later disable HTTPS support, users may not be able to access your site. (HSTS is enabled for all sites in “Secure” mode using Let’s Encrypt certificates.)

↑ Top ↑

After Setup #

What comes next after HTTPS is enabled on your VIP site?  Here are some recommended TODOs:

  • Set the canonical URLs to HTTPS, so that Google doesn’t consider there to be a conflicting signal.  This can be done by using the VIP helper function wpcom_vip_enable_https_canonical(); by placing it in the theme.
    Warning: Doing so will break share counts!

Ready to get started?

Tell us about your needs

Let us lead the way. We’ll help you select a top tier development partner. We’ll train your developers, operations, infrastructure, and editorial teams. We’ll coarchitect your deployment processes. We will provide live support for peak events. We’ll help your people avoid dark alleys and blind corners, and reduce wasted cycles.