Today, Blogger / Google made a major announcement which has been coming, for a long time.
The initial offer, which will roll out gradually, will only affect BlogSpot published blogs. It will be voluntary, to give blog owners a chance to upgrade the various accessories and applications.
HTTPS aka SSL initially will be voluntary - and activated from the dashboard Settings - Basic page, when available.
The dashboard, for this blog.
The bad news, for this blog.
If "No" is grayed out, you're going to have to wait - as I must.
The good news, for some blogs.
If "No" is normal, you may select it - and enable SSL, on your blog.
Change "No" to "Yes", and it's enabled. No waiting, no "Save". And if it becomes a problem, you can change it back.
SSL for custom domains is going to require a bit more waiting.
It's going to take a while longer, before custom domains will support SSL.
Don't bother publishing a custom domain blog back to BlogSpot, temporarily, to enable HTTPS. As soon as you re publish to the domain, HTTPS will be disabled.
We'll just have to wait. Blogs published to BlogSpot, though, can be upgraded, as soon as the dashboard option lights up.
Not all readers will want to use SSL.
If you enable HTTPS for your blog, your readers will still have the choice whether to use it or not. Normal HTTP access will continue to work, for people unable or unwilling to use HTTPS.
Not all blogs will be able to use SSL, immediately.
Depending upon what accessories are present, on a given blog, HTTPS may or may not be a good fit. Accessories and features that don't support SSL, when accessed from a blog which uses SSL, will generate "mixed content" errors.
Seeing a lot of "mixed content" errors may not make the visitors to the blog feel at ease. Not all blog owners will choose HTTPS, immediately - even when it's available. Blogs which contain hundreds of Blogger hosted photos - each photo accessed by "HTTP:", and each one generating a "mixed content" error - may not be able to use SSL, immediately.
Today we're expanding on the HTTPS Everywhere mission and beginning an initial rollout of HTTPS support for Blogspot. HTTPS is a cornerstone of internet security as it provides several important benefits: it makes it harder for bad actors to steal information or track the activities of blog authors and visitors, it helps check that visitors open the correct website and aren’t being redirected to a malicious location, and it helps detect if a bad actor tries to change any data sent from Blogger to a blog visitor.SSL access to Blogger blogs has been requested, by many blog owners, for years.
The initial offer, which will roll out gradually, will only affect BlogSpot published blogs. It will be voluntary, to give blog owners a chance to upgrade the various accessories and applications.
HTTPS aka SSL initially will be voluntary - and activated from the dashboard Settings - Basic page, when available.
The dashboard, for this blog.
The bad news, for this blog.
If "No" is grayed out, you're going to have to wait - as I must.
The good news, for some blogs.
If "No" is normal, you may select it - and enable SSL, on your blog.
Change "No" to "Yes", and it's enabled. No waiting, no "Save". And if it becomes a problem, you can change it back.
SSL for custom domains is going to require a bit more waiting.
It's going to take a while longer, before custom domains will support SSL.
Don't bother publishing a custom domain blog back to BlogSpot, temporarily, to enable HTTPS. As soon as you re publish to the domain, HTTPS will be disabled.
We'll just have to wait. Blogs published to BlogSpot, though, can be upgraded, as soon as the dashboard option lights up.
Not all readers will want to use SSL.
If you enable HTTPS for your blog, your readers will still have the choice whether to use it or not. Normal HTTP access will continue to work, for people unable or unwilling to use HTTPS.
Not all blogs will be able to use SSL, immediately.
Depending upon what accessories are present, on a given blog, HTTPS may or may not be a good fit. Accessories and features that don't support SSL, when accessed from a blog which uses SSL, will generate "mixed content" errors.
Seeing a lot of "mixed content" errors may not make the visitors to the blog feel at ease. Not all blog owners will choose HTTPS, immediately - even when it's available. Blogs which contain hundreds of Blogger hosted photos - each photo accessed by "HTTP:", and each one generating a "mixed content" error - may not be able to use SSL, immediately.
Comments
I guess I don't fully understand why a blogger would want https://
Thanks for asking that question.
Everybody won't want to use HTTPS, for reading blogs.
My suspicion is that a few blog owners (and readers) want to use it, because everybody else wants to use it.
But it does have benefits.
It lets you (or a reader) ensure that when you request a blog (website) with a certain URL, you're not being redirected to another blog (website). And, that the content of what you're viewing is exactly what was sent, by the blog (website) that you requested.
Here's the Google Security Blog summary.
"HTTPS is a cornerstone of internet security as it provides several important benefits: it makes it harder for bad actors to steal information or track the activities of blog authors and visitors, it helps check that visitors open the correct website and aren’t being redirected to a malicious location, and it helps detect if a bad actor tries to change any data sent from Blogger to a blog visitor."
I've got lots more to write. Check back here, during the weekend.