HTTP VS HTTPS
A simple guide to HTTP VS HTTPS
GDPR has brought many system topics to the lime light. GDPR is actually a good thing as it forces people to give thought to how their current information systems handle their customers information. In my opinion, HTTPS is another protection that most companies should have and is of great benefit.
Browsers such as google chrome or mozilla firefox are making it more transparent when you are secure, and when you are not. The little green padlock, indicating that you are communicating with the website server via HTTPS, lets you know that you are sending your information over a secured or encrypted connection.
HTTPS and why you might want to add it to your website
There are many reasons why it is beneficial to transmit your website data using a secure protocol like HTTPS, the main benefit being how the data is being transmitted and how difficult it is to ‘listen in’. For those interested in hearing a little more, I will try to elaborate without getting too technical!
What is HTTP?
HTTP is the standard protocol that your web browser uses to communicate with the website you visit. It is how the client (e.g. you browser) communicates with the server (e.g. the place where your website is stored) The HTTP ‘session’ is a sequence of network request-response transactions.An HTTP server listens for a server to make a connection and when it does, sends a particular response (e.g. a website homepage).
What is HTTPS?
HTTPS is the secure form of HTTP, meaning that the information being sent back and forth between your browser and the site you are visiting is encrypted and “packaged” in a way that it makes it difficult for a person (or system) listening to eavesdrop on the communication.
If your site is currently using HTTP, you can start the process of setting up HTTPS by purchasing an SSL (Secure Sockets Layer) certificate. If you are working with a managed hosting provider, they will be able to assist you with the setup, and may have hosting options that include an SSL.
Why is HTTPS Benefical?
Transferring information over a non-secure, HTTP connection, means that the communication is sent as plain text. This could potentially be viewed or modified by a third-party. This means that payments, confidential financial information, or simply contact details are much more secure. A secure, encrypted connection prevents parties from accessing information via an encrypted end-to-end, connection.
Google has openly stated that prioritises secure (https) sites over http. This is because Google always wants to connect their customers with safe, useful information. Being well ranked on google is usually self perpetuating as being higher on the list, means more clicks, more clicks usually means a higher ranking and so on…
The simple fact is that if a potential customer has any security concerns, they are going somewhere else. GDPR forces individuals and businesses to understand more about these topics and as such, will always go to where they feel most secure.
Types of SSL
There are many different types of certificate from free, to… expensive. This is usually a case of getting what you pay for. Different providers charge different rates, different businesses require different levels of encryption. You should expect to pay about €100 (per year) for a reliable level of security. If your business processes very sensitive data or you entrust a smaller third party to do so, (in my opinion), you should budget for more.
How Do I Move from HTTP to HTTPS?
Changing from HTTP to HTTPS involves purchasing an appropriate certificate from a reputable supplier, installing it on your server, updating your website .htaccess file or updating your CMS (wordpress etc.). Different levels of certification take different amounts of time to install/configure – budget from a couple of mins to a couple of days to implement.