Google turns on HTTPS for all blogspot blogs

Blog owners will have the option to automatically redirect all visitors to the HTTPS version

All blogs hosted on Google's blogspot.com domain can now be accessed over an encrypted HTTPS connection. This puts more control into the hands of blog readers who value privacy.

Google started offering users of its Blogger service the option to switch their blogspot.com sites to HTTPS in September, but now that setting was removed and all blogs received an HTTPS version that users can access.

Instead of the "HTTPS Availability" option, blog owners can now use a setting called "HTTPS Redirect," which will redirect all visitors to the HTTPS version of their blogs automatically. If the setting is not used, users will still be able to access the non-encrypted HTTP version.

Forcing HTTPS by default would have been better, but would have likely triggered mixed content alerts in users' browsers for some blogs. These errors happen when a website served over HTTPS loads resources, such as images and code, from external servers that don't use HTTPS.

"Mixed content is often caused by incompatible templates, gadgets, or post content," Google software security engineer Milinda Perera said in a blog post Tuesday. "While we're proactively fixing most of these errors, some of them can only be fixed by you, the blog authors."

To help authors detect such errors early, Google has built a tool directly into the Blogger editor that warns authors about mixed content issues even before a blog post is saved and published.

In addition to using blogspot subdomains, Google's Blogger service allows users to use their custom domains for their blogs; however, those blogs have not received HTTPS support yet.

This is in contrast to WordPress.com, the blogging platform run by Automattic, which recently enabled HTTPS by default for all custom domains. The company achieved that by partnering with Let's Encrypt, a new certificate authority that provides free SSL/TLS certificates and automates their deployment, configuration and renewal.

Users who want to always access the HTTPS version of a blogspot.com domain can install the HTTPS Everywhere extension developed by the Electronic Frontier Foundation that's available for Google Chrome, Mozilla Firefox and Opera.

Join the CSO newsletter!

Error: Please check your email address.

Tags Googleblogs

More about Electronic Frontier FoundationGoogleMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place