WordPress Moving Towards SSL in 2017
WordPress will be moving towards requiring SSL in 2017.
WordPress is at a turning point: 2017 is going to be the year that they are going to see features in WordPress which require hosts to have HTTPS available. Just as JavaScript is a near necessity for smoother user experiences and more modern PHP versions are critical for performance, SSL just makes sense as the next hurdle WordPress users are going to face.
SSL basically means the link between your browser and the server is encrypted. SSL used to be difficult to implement, and often expensive or slow. Modern browsers, and the incredible success of projects like Let’s Encrypt have made getting a certificate to secure your site fast, free, and something we think every host should support by default, especially in a post-Snowden era. Google also weighs SSL as a search engine ranking factor and will begin flagging unencrypted sites in Chrome.
First, early in 2017, WordPress will only promote hosting partners that provide a SSL certificate by default in their accounts. Later they will begin to assess which features, such as API authentication, would benefit the most from SSL and make them only enabled when SSL is there.
Separately, I also think the performance improvements in PHP7 are particularly impressive, and much respect to everyone who worked on that project. WordPress will consider whether hosts use PHP7 by default for new accounts next year as well.