Tumblr Adds Support For SSL But Doesn’t Turn It On By Default

Like the numerous tech companies that have come before it, including big names like Google, Facebook and Twitter, Tumblr has today (finally) implemented support for SSL security on its blogging platform. One big caveat, though: it’s not switched on by default. You have to DIY.

For security-minded users – which these days should mean just about everyone – having at least the option to enable this additional layer of security is a good first step for the now Yahoo-owned network. And it doesn’t necessarily mean that SSL will never be on by default – after all, when Twitter rolled out SSL initially, it began by allowing users to manually type in the “https” prefix themselves if they wanted to protect their connection. Doing so is smart, of course, as SSL can prevent hackers and others who may want to snoop on your connection, which is especially a risk on public networks like those at coffee shops or conferences.

According to Tumblr, the feature has been in testing for “weeks” now, and today is available in Tumblr’s settings. To enable it, users have to go to their Tumblr dashboard’s Account Settings, then toggle the switch, so to speak.

Another reason why Tumblr may be hesitant to immediately make SSL the default is that it will break the popular Tumblr extension, XKit, which offers a “power user” experience to Tumblr users with dozens of extra features like enhanced notifications, a better inbox, plus several tweaks, themes, navigation tools and more.

Explains XKit on its blog, “if your XKit went missing after enabling the new ‘SSL Security’ setting from Tumblr, it’s because XKit disables itself automatically on pages served using SSL protocol.” The company says it’s working on a fix for this, but for now you’ll have to choose between XKit or SSL.

Guys, choose SSL. Seriously.