As kids, we all loved Sesame Street‘s Cookie Monster. (Who couldn’t relate to a guy who loves snacks?!) But now there’s another CookieMonster on the street, and he’s not so nice.
This CookieMonster is a toolkit that tricks your browser into handing over sensitive information, and it’s one of a number of new tactics used to steal your data and, potentially, hijack your accounts.
WordPress has always taken steps to ensure that your data is safe. Now we want to make it easier than ever for you to avoid evil blogjackers that prey on security vulnerabilities.
Click on Edit Profile in the My Account menu of your dashboard and you’ll see a new field called Browser Connection. There, you can opt to “Always use HTTPS when visiting administration pages.” Click Update Profile to save the change, and you’ll be logged out. Sign back in, and you’re rolling with SSL, which encrypts your connection and helps prevent data scavengers from stealing your password and other info.
HTTPS has always been supported on WordPress.com, but it’s now even easier to remember. HTTPS is highly recommended when you’re accessing your account on a public network. Check out this video to learn more:
New Note: Using HTTPS will slow down your blogging speed significantly. Go Turbo with Gears to help speed things up. Check out this page of the FAQ for more information on using Gears — now supported on Safari for Mac!
WordPress.com News 
waw,very good tip,thank a lot,May Creator BLESS You MORE,AMEEN.
Little problem here.
I’ve got three blogs. If I log in one using the ssl and then switch to another using the admin bar, I must “relogin” using HTTP (not https).
Am I missing something?
@lascoltodelvenerdi: That should not be the case, as the HTTPS preference is per user, not blog. Please contact support with further details so we can investigate the issue.
thanxs
SSL is great… but it seems to me, that after enforcing SSL, all the ADMIN pages are running very slow 😦
cool
Why not just activate this for everyone?
yeah but howddya load it?
Thanks!
Thanks, Heather
WOW, thank you for this
thank you
Heather you’re hot, but you sound like a man in the video. Damn.
Thanks for the tip though.
I don’t see the option of “Browser Connection” on my dashboard.
Phenomenal!!
use Google Chrome to load it faster..
Wow, great! Thanks!
Since I can never connect to wordpress.com directly, I used to establish anonymous connection for blogging. I think it won’t be even slower when add https on an anonymous session. Thanks, it’s done!
very much! Thank you..
🙂
Thank you for this valuable information!!
thx u..
= )
Aah..I found it. It is in DASHBOARD –> USERS –> YOUR PROFILE –> Click on Browser Connection… and UPDATE PROFILE.
Thanks!:)
Thanks!
Hello Heather,
Thank you and those who did create this Tool. It Really can help saving our Data specialy ID and password. WordPress has always thought about clients security and they were successed in that. we have a proverb in our Language that is translated “The Seeker is the Finder”. you have always tried to do that and you have achieved those hopes, even sometimes more than you have expected yourself.
Keep doing this business and always hold & keep the sake of your clients in your mind.
I do thank you on behalf of my self.
nice advice
Great feature, thanks a lot!
Thank-you for sharing such good advice with everyone!
I am definitely bookmarking this and giving it a try once I am in the mood to =)
Hey, that’s great! thank you!
Terima kasih
This thing is great, but it seems to be like a double edge sword, because I do not want my blog to slow down. So…you are saying that if I access my blog from my home or my personal work computer I really do not need the SSL? If that is what I normally do, so I would prefer not to get the SSL.
Is that correct?
@izescalheiros: Yep! If the network you access at home or work is secure, you’re all good without it. It’s a trade-off, which is why it isn’t activated by default.
Really its superb. I am a new one, today is the first day of writing a comment. and i am proud to tell u about the “SSL” facility. Every one can compulsory follow word press.com suggations.-Thanks
-Manoharmane
Weird I didn’t know ”Blog jackers” Would come outta hand nobody done this to me yet.
Am I the only one experiencing the following? Its just that administering my Word Press blog after enabling this feature has become really really irritatingly slow. It even takes longer to load a page than to wait for a You Tube video to play. Talk about saving an article after you’ve finished writing…
Shouldn’t security be integrated, mandatory and not optional. Then I guess the reason why this feature is optional is because of the speed trade-off. But at this point, for me, it isn’t fast enough. Kinda surprising since we are at the age when TV shows are being streamed off the Internet at a bearable pace, yet encrypting a bunch of text takes longer. I’m no expert at encryption, but it just feels intuitive that video, even if unencrypted should take up more time to load than encrypted text.
All I’m saying is please make this feature better and warn your readers of the pros and cons of using such a feature in the future.
Thank you!
done 🙂
Cool!
…Thank you very much!!!
ღ
Simple, easy and painless. Gracias!
Thank you so much!
I run several blogs on WordPress.com and since the introduction of SSL I’m getting out of my nerves because running them has become desperately slow. I tried everything : I activated HTTPS and Gear but as it became too slow I desactivated HTTPS since I read that if I only work on my PC therefore I can do without it. I tried Chrome, Firefox 3 and Internet Explorer 6 with no improvements to mention (Chrome gave better results but is still desperately slow). I blog almost all day long and it takes me 8 hours now to do what I used to do in 2 hours. Has it anything to do with the fact that I frequently login and logout to work on different blogs or is there something else ? HELP PLZZZZ !!!
@ribh: As mentioned above, an effect of enabling HTTPS is slower blogging speed. If you are connecting to the Internet through a secure network, you likely do not need to enable HTTPS. To turn it off and bring things back up to speed, uncheck the checkbox next to Enable HTTPS in Edit Profile. Please contact Support with any further issues.
Good feature, i`ll try it later. Thanks Heather