Making Your Site More Secure with HTTPS & SSL
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It is the set of instructions (or process) used to send information from our server to your computer. All information on a web page is sent using HTTP, and when you enter information into a web page it is used to send that information back to the server for processing - this includes information you might enter into a form.
The issue is that if someone is using the right software, they can listen in on the two-way traffic between you and the server. The observer can take a copy of the information you send, and use it how they wish.
Imagine you are at one end of a swimming pool and the server is at the other end. If we use a rubber duck to represent the information being sent to and from each computer by being pushed back and forth, someone on the side of the pool can see this activity and watch what is happening.
So, what is HTTPS?
What HTTPS represents is encryption, the S stands for SECURE. The information sent between the server and your computer is first encrypted and then sent across the internet. When it gets to your computer, it is unscrambled and used to show the page. The same works the other way, anything you type is encrypted before it is sent to the server. This means that anyone looking from the outside can only see the scrambled information and the encryption means that it will take them a very long time to decrypt or understand it.
Back at the pool, it is the same as if you put a long drain pipe from you to the other end and sent your duck back and forth inside that. No one from the outside would be able to see what you were sending or receiving.
Is it a good thing?
Another aspect that is good about HTTPS is that to set up the encryption system we need to prove to a security company who you are and that the request is genuine. Like applying for a passport. Once we have proven things we get the right to use the encryption for up to three years before we have to reapply for a new license.
Why do we need secure websites?
As of July 2018, Google announced that any websites without https will be marked as 'not secure' in the address bar. And will not rank as highly in search results.
By using HTTPS on your website we are not only complying with what Google feels to be the best practice, and let's be honest if Google says 'jump', the world asks 'how high'', but it also represents a more secure internet with less opportunity for fraud. This, in turn, gives your visitors more confidence in your website.