HTTPS

What you need to know

HTTP and HTTPS : What is it?

HTTP stands for ‘hypertext transfer protocol’. It’s a protocol (the official procedure / system of rules) which allows communication between different systems. It’s used for transferring data from a web server to a browser to view web pages. You and I have been using this protocol since last century but now it’s categorised as unsafe as it can be intercepted by third parties to gather data being passed between the two systems.

HTTPS is a secure version of HTTP. ‘hypertext transfer protocol secure‘. Once upon a time only financial institutions had this form of data transference, but now we are all being pushed to use the encryption provided by HTTPS.

HTTPS makes your site more secure for your visitors. More specifically, when a visitor is giving you any sort of information, HTTPS provides multiple layers of protection to that data.

In every site which uses Forms, visitors are required to give their personal details, some sites also ask for credit card or Paypal details. And don’t forget the simple Comment facility. Suppose a visitor wants to leave a comment? That means submitting a form.

Most importantly, WordPress requires a login. Setting up a secure HTTPS login is the absolute minimum precaution you should take.


How do I get HTTPS?

First, you need an SSL certificate.

“SSL” stands for secure sockets layer, a process which creates a secure encrypted connection between the web server and the web browser.

The cost of the certificate is not cheap and will have to be renewed annually. All SSL certificates work under the same principle, but the prices vary – different prices depend on what data your visitors will be sending. Financial details? You need the more expensive certificate. How secure do you want them to be? Is a simple login all the detail your site ever takes? You can take the cheaper version.

It doesn’t stop there. There’s a lot of work yet.

After the SSL certificate is installed and configured, you need a dedicated IP address.
What I will do

  • Purchase, install and configure the SSL certificate
  • Provide a (new) dedicated IP address
  • Configure any hard internal links within your website, from HTTP to HTTPS
  • Update any code libraries, such as JavaScript, Ajax and any third-party plugins
  • Update htaccess applications, such as Apache Web Server, NGinx Config etc to redirect HTTP traffic to HTTPS

What you will do

    • Redirect any external links you control to HTTPS, such as directory listings
    • Update any links you use in marketing automation tools, such as email links
    • Set up an HTTPS site in Google Search Console and Google Analytics.

 

As you see, changing to HTTPS is not a simple step to take.