HTTPS enabled by default for logged-in users on Wikimedia sites

This post is available in 2 languages: English Español

This post is available in 2 languages

Today, August 28, the Wikimedia Foundation is making a change to the software that powers the Wikimedia projects: By default, all logged-in users will now be using HTTPS to access Wikimedia sites. What this does is encrypt the connection between the Wikimedia servers and the user’s browser so that the information sent between the two is not readable by anyone else. This is in response to the recent concerns over the privacy and security of our user community, and we explained the rationale for this change in our post about the future of HTTPS at Wikimedia.

What this means for you

How this works is simple: If a user wants to log in, they will be redirected to use HTTPS for the login, thus keeping their username and password secure. After they are logged in, they stay on the HTTPS version of the Wikimedia site they are using.

Excluded Countries

Some users live in areas where HTTPS is not an easy option, most times because of explicit blocking by a government. At the request of these communities, we have made an explicit exclusion for users from those affected countries. Simply put, users from China and Iran will not be required to use HTTPS for logging in, nor for viewing any Wikimedia project site.

Disabling

Are you having a slow or unreliable experience while browsing Wikimedia sites over HTTPS? Then you can turn HTTPS off in your user preferences, under the “User profile” tab: Uncheck “Always use a secure connection when logged in”. You will need to log out and log in again for the preference to take effect. But remember, you will still need to log in using the secure HTTPS process.

HELP!

For further details, please see the HTTPS page on Meta-Wiki, which is available in several languages.

Are you unable to log in and edit a Wikimedia wiki after this change? Please contact the Wikimedia Foundation Operations team via any means you find comfortable, including this blog post’s comments section, on IRC in the #wikimedia-operationsconnect channel, or via the https@wikimedia.org email address.

Greg Grossmeier
Release Manager, Wikimedia Foundation

7 Show

7 Comments on HTTPS enabled by default for logged-in users on Wikimedia sites

happywheels 1 year

This is an excellent move, and while the costs of running SSL have gone down a lot recently, it stil isn’t cheap. I’ve just sent a donation to help cover the costs.

LeadSongDog 2 years

Thank you for ensuring that WP is no longer “the encyclopedia that anyone can edit”. I’ll have so much more free time now.

HamadaFanFFSM 2 years

Unfortunately, I’m stuck on the https version of the page! I can’t go to the http version of the page. It’s still on by default. Please help! thanks!

yarrom 2 years

Great. Btw: what about digitally signing all emails send by the system as talk page information mails?

Ps. Why is this comment send over a non-encrypted line?

LeadSongDog 2 years

Minor catch-22: because https is firewall-blocked, I can’t log in to access my user profile on WP to change preferences. So I “can[‘t] turn HTTPS off” ”Awkward!”

Guillaume 2 years

This is an excellent move, and while the costs of running SSL have gone down a lot recently, it stil isn’t cheap. I’ve just sent a donation to help cover the costs.

Would you have any idea of what enabling SSL for all unauthenticated users would entail?

Taymon 2 years

Thank you very much! This is an excellent move for the privacy of users.

Leave a Reply

Your email address will not be published. Required fields are marked *