The EFF is a well-known nonprofit organization committed to defending digital privacy, free speech, and innovation, and their report evaluates internet companies on how well they safeguard user information when governments come knocking.

This continues our streak of perfect scores. We received 5/5 stars in the last Who Has Your Back? report that we were included in (2015), and 5/5 stars in the EFF’s most recent Who Has Your Back?: When Copyright and Trademark Bullies Threaten Free Speech report (2014).

In this year’s report, the EFF awarded stars to WordPress.com for:

• Following industry-wide best practices.
• Promising to notify users about law enforcement requests before turning over data.
• Refusing to voluntarily provide government with access to any data about users for law enforcement, intelligence gathering, or other surveillance purposes.
• Fighting for user privacy in Congress by taking a public position against the re-authorization of Section 702.
• Standing up to National Security Letter (NSL) gag orders.

This last criterion is especially important in this day and age. NSLs are a legal tool that give the FBI power to demand data about ordinary American citizens without judicial review, while also prohibiting service providers like Automattic from informing the public or the users affected by the requests. The potentially indefinite gag orders associated with NSLs worry us, and many others.

Fortunately, there are new legal procedures that allow internet companies like us to request judicial review of the troublesome gag orders associated with NSLs. Unfortunately, we can’t provide specifics, but we can tell you that our policy is to ensure that every NSL gag order imposed on us (if any) is reviewed by a judge, as now allowed by the law. On the numbers of NSLs that we receive, we report the most we can under the law in our transparency report, which as you can see is not very much.

Outside of these criteria, we continually work to make our own legal policies and practices for safeguarding user information as user-protective as possible. We have stringent requirements for disclosing user data in response to government requests, we push back on any overreaching demands, and we’re as transparent as we are allowed to be (within the law) about the requests we receive. You can check out our bi-annual transparency report here.

We’re very encouraged that many companies in this year’s report scored well, and are thrilled to be in good company. This isn’t a zero-sum game; companies can work together (and with the EFF!) to advance policies and practices that protect internet users. We do what we can to protect our own corner of the internet, but also like to share our learnings with others who might build on or improve what we’ve done. This is why our Legal Guidelines, legal forms, DMCA templates, Terms of Service, and Privacy Policies are all licensed under Creative Commons licenses, and many of these documents are available on GitHub.

We hope other companies, especially smaller startups, can use or take inspiration from the policies we’ve built to further user rights on their own sites and platforms.

Thank you to the EFF for including us in your report, and for all of your work to advance important digital rights online. And thanks especially to every WordPress.com user for continuing to trust us with your sensitive information and content. We’ve got your back.

Filed under: Admin Bar

The EFF is a well-known nonprofit organization committed to defending digital privacy, free speech, and innovation, and their report evaluates internet companies on how well they safeguard user information when governments come knocking.

This continues our streak of perfect scores. We received 5/5 stars in the last Who Has Your Back? report that we were included in (2015), and 5/5 stars in the EFF’s most recent Who Has Your Back?: When Copyright and Trademark Bullies Threaten Free Speech report (2014).

In this year’s report, the EFF awarded stars to WordPress.com for:

• Following industry-wide best practices.
• Promising to notify users about law enforcement requests before turning over data.
• Refusing to voluntarily provide government with access to any data about users for law enforcement, intelligence gathering, or other surveillance purposes.
• Fighting for user privacy in Congress by taking a public position against the re-authorization of Section 702.
• Standing up to National Security Letter (NSL) gag orders.

This last criterion is especially important in this day and age. NSLs are a legal tool that give the FBI power to demand data about ordinary American citizens without judicial review, while also prohibiting service providers like Automattic from informing the public or the users affected by the requests. The potentially indefinite gag orders associated with NSLs worry us, and many others.

Fortunately, there are new legal procedures that allow internet companies like us to request judicial review of the troublesome gag orders associated with NSLs. Unfortunately, we can’t provide specifics, but we can tell you that our policy is to ensure that every NSL gag order imposed on us (if any) is reviewed by a judge, as now allowed by the law. On the numbers of NSLs that we receive, we report the most we can under the law in our transparency report, which as you can see is not very much.

Outside of these criteria, we continually work to make our own legal policies and practices for safeguarding user information as user-protective as possible. We have stringent requirements for disclosing user data in response to government requests, we push back on any overreaching demands, and we’re as transparent as we are allowed to be (within the law) about the requests we receive. You can check out our bi-annual transparency report here.

We’re very encouraged that many companies in this year’s report scored well, and are thrilled to be in good company. This isn’t a zero-sum game; companies can work together (and with the EFF!) to advance policies and practices that protect internet users. We do what we can to protect our own corner of the internet, but also like to share our learnings with others who might build on or improve what we’ve done. This is why our Legal Guidelines, legal forms, DMCA templates, Terms of Service, and Privacy Policies are all licensed under Creative Commons licenses, and many of these documents are available on GitHub.

We hope other companies, especially smaller startups, can use or take inspiration from the policies we’ve built to further user rights on their own sites and platforms.

Thank you to the EFF for including us in your report, and for all of your work to advance important digital rights online. And thanks especially to every WordPress.com user for continuing to trust us with your sensitive information and content. We’ve got your back.

Filed under: Admin Bar

The EFF is a well-known nonprofit organization committed to defending digital privacy, free speech, and innovation, and their report evaluates internet companies on how well they safeguard user information when governments come knocking.

This continues our streak of perfect scores. We received 5/5 stars in the last Who Has Your Back? report that we were included in (2015), and 5/5 stars in the EFF’s most recent Who Has Your Back?: When Copyright and Trademark Bullies Threaten Free Speech report (2014).

In this year’s report, the EFF awarded stars to WordPress.com for:

• Following industry-wide best practices.
• Promising to notify users about law enforcement requests before turning over data.
• Refusing to voluntarily provide government with access to any data about users for law enforcement, intelligence gathering, or other surveillance purposes.
• Fighting for user privacy in Congress by taking a public position against the re-authorization of Section 702.
• Standing up to National Security Letter (NSL) gag orders.

This last criterion is especially important in this day and age. NSLs are a legal tool that give the FBI power to demand data about ordinary American citizens without judicial review, while also prohibiting service providers like Automattic from informing the public or the users affected by the requests. The potentially indefinite gag orders associated with NSLs worry us, and many others.

Fortunately, there are new legal procedures that allow internet companies like us to request judicial review of the troublesome gag orders associated with NSLs. Unfortunately, we can’t provide specifics, but we can tell you that our policy is to ensure that every NSL gag order imposed on us (if any) is reviewed by a judge, as now allowed by the law. On the numbers of NSLs that we receive, we report the most we can under the law in our transparency report, which as you can see is not very much.

Outside of these criteria, we continually work to make our own legal policies and practices for safeguarding user information as user-protective as possible. We have stringent requirements for disclosing user data in response to government requests, we push back on any overreaching demands, and we’re as transparent as we are allowed to be (within the law) about the requests we receive. You can check out our bi-annual transparency report here.

We’re very encouraged that many companies in this year’s report scored well, and are thrilled to be in good company. This isn’t a zero-sum game; companies can work together (and with the EFF!) to advance policies and practices that protect internet users. We do what we can to protect our own corner of the internet, but also like to share our learnings with others who might build on or improve what we’ve done. This is why our Legal Guidelines, legal forms, DMCA templates, Terms of Service, and Privacy Policies are all licensed under Creative Commons licenses, and many of these documents are available on GitHub.

We hope other companies, especially smaller startups, can use or take inspiration from the policies we’ve built to further user rights on their own sites and platforms.

Thank you to the EFF for including us in your report, and for all of your work to advance important digital rights online. And thanks especially to every WordPress.com user for continuing to trust us with your sensitive information and content. We’ve got your back.

Filed under: Admin Bar

The EFF is a well-known nonprofit organization committed to defending digital privacy, free speech, and innovation, and their report evaluates internet companies on how well they safeguard user information when governments come knocking.

This continues our streak of perfect scores. We received 5/5 stars in the last Who Has Your Back? report that we were included in (2015), and 5/5 stars in the EFF’s most recent Who Has Your Back?: When Copyright and Trademark Bullies Threaten Free Speech report (2014).

In this year’s report, the EFF awarded stars to WordPress.com for:

• Following industry-wide best practices.
• Promising to notify users about law enforcement requests before turning over data.
• Refusing to voluntarily provide government with access to any data about users for law enforcement, intelligence gathering, or other surveillance purposes.
• Fighting for user privacy in Congress by taking a public position against the re-authorization of Section 702.
• Standing up to National Security Letter (NSL) gag orders.

This last criterion is especially important in this day and age. NSLs are a legal tool that give the FBI power to demand data about ordinary American citizens without judicial review, while also prohibiting service providers like Automattic from informing the public or the users affected by the requests. The potentially indefinite gag orders associated with NSLs worry us, and many others.

Fortunately, there are new legal procedures that allow internet companies like us to request judicial review of the troublesome gag orders associated with NSLs. Unfortunately, we can’t provide specifics, but we can tell you that our policy is to ensure that every NSL gag order imposed on us (if any) is reviewed by a judge, as now allowed by the law. On the numbers of NSLs that we receive, we report the most we can under the law in our transparency report, which as you can see is not very much.

Outside of these criteria, we continually work to make our own legal policies and practices for safeguarding user information as user-protective as possible. We have stringent requirements for disclosing user data in response to government requests, we push back on any overreaching demands, and we’re as transparent as we are allowed to be (within the law) about the requests we receive. You can check out our bi-annual transparency report here.

We’re very encouraged that many companies in this year’s report scored well, and are thrilled to be in good company. This isn’t a zero-sum game; companies can work together (and with the EFF!) to advance policies and practices that protect internet users. We do what we can to protect our own corner of the internet, but also like to share our learnings with others who might build on or improve what we’ve done. This is why our Legal Guidelines, legal forms, DMCA templates, Terms of Service, and Privacy Policies are all licensed under Creative Commons licenses, and many of these documents are available on GitHub.

We hope other companies, especially smaller startups, can use or take inspiration from the policies we’ve built to further user rights on their own sites and platforms.

Thank you to the EFF for including us in your report, and for all of your work to advance important digital rights online. And thanks especially to every WordPress.com user for continuing to trust us with your sensitive information and content. We’ve got your back.

Filed under: Admin Bar

Best of all, the changes are automatic — you won’t need to do a thing.

As the EFF points out as part of their Encrypt the Web initiative, strong encryption protects our users in various ways, including defending against surveillance of content and communications, cookie theft, account hijacking, and other web security flaws.

WordPress.com has supported encryption for sites using WordPress.com subdomains (like https://barry.wordpress.com/) since 2014. Our latest efforts now expand encryption to the million-plus custom domains (like automattic.com) hosted on WordPress.com.

The Let’s Encrypt project gave us an efficient and automated way to provide SSL certificates for a large number of domains. We launched the first batch of certificates in January 2016 and immediately starting working with Let’s Encrypt to make the process smoother for our massive and growing list of domains.

For you, the users, that means you’ll see secure encryption automatically deployed on every new site within minutes. We are closing the door to un-encrypted web traffic (HTTP) at every opportunity.

Web encryption provides more than security

Protocol enhancements like SPDY and HTTP/2 have narrowed the performance gap between encrypted and un-encrypted web traffic, with encrypted HTTP/2 outperforming un-encrypted HTTP/1.1 in some cases.

Google also announced HTTPS is used as a ranking signal in search results, with HTTPS-enabled sites ranked above their plaintext counterparts.

As a WordPress.com site owner, keep an eye out for this feature on your custom domains. Once your site is HTTPS-enabled, you should see a green lock icon in your browser’s address bar. All plaintext HTTP requests will be automatically redirected to their encrypted counterpart (your URL will begin with https:// instead of http://). We will transparently handle the all the complexities of SSL certificate management for you.

We take security seriously, and we’re proud to offer this to WordPress.com users. For more information about encryption, please see our support documentation.

Filed under: Features, Security