WordPress has used HTTPS since 2014 on all sites with domains that end with .wordpress.com.

This has not been too difficult as anyone who owns a domain such as example.com can simply issue certificates to cover any subdomain of it, for example: site4.example.com. This can be done by using what’s known as a wild card certificate, you can cover all subdomains of example.com at once by vouching for *.example.com. (The *character is what’s known as a wildcard and stands for any text you like).

But lots of WordPress users have brought their own domain names to the WordPress ecosystem in order to make them more unique to the site, such as mysite.blog.com. However, WordPress are looking to change things up. They are looking to provide HTTPS to all of their customers' sites that are hosted on WordPress, whether they are using *.wordpress.com or a custom domain name of their own.

Better yet, if one of your readers tries to connect via HTTP, they will automatically be redirected to a more secure HTTPS connection. Providing secure connections for all!