It looks like WordPress.com has completed the move to HTTPS only
WordPress.com announced in June of last year that they were going to move all WordPress.com subdomains to be HTTPS only.
Be the change you want to see in the world — that’s why we’re joining the many other companies who are participating today in Reset the Net. In the face of intrusive surveillance, we believe that everyone in the tech community needs to stand up and do what they can, starting with their own sites and platforms. For us, that means working to secure the connection between users and our websites. We’ll be serving all *.wordpress.com subdomains only over SSL by the end of the year.
Blog data company Twingly monitors referrals from sites like WordPress.com, and in a recent blog post, highlighted that it appears WordPress.com’s move to full HTTPS is complete.
Indeed, when I tested a few direct subdomains of WordPress.com, they redirected to HTTPS. I tried to test domains I knew wouldn’t likely choose HTTPS on their own, too.
However, for whatever reason, WordPress.com’s own news blog doesn’t redirect yet for me. Maybe just an exception, or because it’s two-levels deep. I don’t know. Either way, it’s cool to see the web get considerably more secure due to Automattic’s decision.