What you need to know
HTTP and HTTPS : What is it?
HTTP stands for ‘hypertext transfer protocol’. It’s a protocol (the official procedure / system of rules) which allows communication between different systems. It’s used for transferring data from a web server to a browser to view web pages. You and I have been using this protocol since last century but now it’s categorised as unsafe as it can be intercepted by third parties to gather data being passed between the two systems.
HTTPS is a secure version of HTTP. ‘hypertext transfer protocol secure‘. Once upon a time only financial institutions had this form of data transference, but now we are all being pushed to use the encryption provided by HTTPS.
HTTPS makes your site more secure for your visitors. More specifically, when a visitor is giving you any sort of information, HTTPS provides multiple layers of protection to that data.
In every site which uses Forms, visitors are required to give their personal details, some sites also ask for credit card or Paypal details. Paypal has warned that they won’t accept payments from non-HTTPS sites sometime in mid-2018.
Browsers in Mid- 2018
Even if you’re not using Paypal, browsers will show your site as insecure.
And don’t forget the simple Comment facility. Suppose a visitor wants to leave a comment? That means submitting a form.
Most importantly, WordPress requires a login.
Setting up a secure HTTPS login is the absolute minimum precaution you should take.
How do I get HTTPS?
First, you need an SSL certificate.
“SSL” stands for secure sockets layer, a process which creates a secure encrypted connection between the web server and the web browser.
The cost of the certificate is not cheap and will have to be renewed annually. All SSL certificates work under the same principle, but the prices vary – different prices depend on what data your visitors will be sending. Financial details? You need the more expensive certificate. How secure do you want them to be? Is a simple login all the detail your site ever takes? You can take the cheaper version.
It doesn’t stop there. There’s a lot of work yet.
After the SSL certificate is installed and configured, you need a dedicated IP address.
What I will do
- Purchase, install and configure the SSL certificate
- Provide a (new) dedicated IP address
- Configure any hard internal links within your website, from HTTP to HTTPS
- Update htaccess applications, such as Apache Web Server, NGinx Config etc to redirect HTTP traffic to HTTPS
What you will do
- Redirect any external links you control to HTTPS, such as directory listings
- Update any links you use in marketing automation tools, such as email links
- Set up an HTTPS site in Google Search Console and Google Analytics.
*The certificate costs roughly AUD $50 – $130 and you will have to renew it each year. There will be a one-off payment for my labour.