Today it was announced that Wikimedia sites are going to become HTTPS only, finishing up 10 year effort of rolling out HTTPS. In December 2005, Brion Vibber set up an experimental HTTPS server using special urls like https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page
.
In 2011, HTTPS became available using canonical urls like https://en.wikipedia.org/wiki/Main_Page
, which allowed for the usage of protocol-relative urls (//en.wikipedia.org/wiki/Main_Page
) to avoid serving HTTP content in pages loaded over HTTPS (mixed content).
Since August 2013, all logged in users used HTTPS; however, that system had some drawbacks. If a user clicked an HTTP link, they would be redirected to HTTPS, but their initial click would leak what page they were trying to visit. To counter that, HTTP Strict Transport Security (HSTS) is also being rolled out, which instructs browsers to only visit the website over HTTPS. Wikimedia sites will also be added to browser's HSTS preload lists, which will make sure the browser uses HTTPS even if you have never visited the website before to see the HSTS information.
As of writing, only 7 language groups have been converted[1]: ca, el, en, he, it, ug, zh. The Russian Wikipedia has been practically HTTPS-only since August 2014[2].
Discuss this story
Regarding the https: would have been nice if I'd seen this before my my bot to go belly up for a day. Magog the Ogre (t • c) 18:53, 13 June 2015 (UTC)[reply]
File:Google translate HTTPS.pngUgh, cannot upload that image here, since "You must be logged in to upload files", so here it is: http://i60.tinypic.com/2przqz8.png -- 82.76.227.135 (talk) 09:41, 26 June 2015 (UTC)[reply]Everywhere
Looks like all wikis are now https-only! :D Bawolff (talk) 05:20, 17 June 2015 (UTC)[reply]
Bawolff (talk) 08:03, 19 June 2015 (UTC)[reply]
Well, I suppose that these are (and should remain) above the average editor's interests.--The Theosophist (talk) 09:00, 19 June 2015 (UTC)[reply]