How to secure a website with a https domain (Part I)

What you will learn in this article:

  • What is HTTP;
  • The importance of HTTPS.

It is a Friday evening after a long week, on your way home you get a call from a friend who pronounces the magic words “let’s enjoy tonight!! I have VIP access”. You are so excited that you rush home to get ready but suddenly, you remember that last time you went at that specify club, the party did not end up as planned. Then, you start laughing because you know that after your last exploits there is no chance that the gentlemen in front of the club will let you in.

 

HTTPS vs. HTTP

If we use that analogy in the context of website security our gentlemen are the HTTPS. It enables to keep the hecklers away.  In order to allow the exchange of content on the internet, there is a protocol called HTPP (HyperText Transfer Protocol). However, that protocol nowadays is not secure even though a lot of websites still use it. Therefore, HTTPS  (“S” stands for secure) was introduced in order to add an additional layer of protection.

Thus, prevent intruders from being able to listen/read communications between your websites and your users. That could be critical if your users exchange sensitive information with your website such as personal informations. Thus, if it is not already the case we recommend to transfer your HTTP to https so that your connection is encrypted.

ssl certification

There is a misconception that only eCommerce website should have secured websites. If the SSL (Secure Socket Layer) certification is included in your web host deal, we recommend to activate it even though you own a blog for two reasons:

  • It will help you to enhance your brand image since the users will directly notice that the website is secured.
  • Https is better for your SEO

Therefore, in order to secure your users and your website we recommend to activate the certification SSL. In addition, it will help you to improve your SEO and enhance your branding. It should be noted that in our case the activation was free. The only thing we had to do was to redirect the traffic to the secure version of the website. However, the redirection is beyond the subject of this article and we are tackled in another article.

If you want to read the implementation process: How to secure a website with an https domain (Part II)