In today’s digital world, we often take for granted simple everyday tasks such finding a new pair of running shoes or pre-ordering a new video game online, especially with the current COVID-19 lockdown in the UK, and how much work goes into the websites we browse on a daily basis. As a user, we simply expect everything to work flawlessly and most importunity to be secure. There’s no reason it shouldn’t be, right?
Unfortunately, not all websites use a secure connection. This means any data collected by the website is not encrypted and is readily available for malicious software and/or hackers to retrieve. However, there is a simple solution to secure your website. This is done through the use of an SSL (Secure Socket Layer) certificate, which in result will change the beginning part your website URL from HTTP to HTTPS.
Take Google for example, if they didn’t have an SSL certificate their URL would be:
However, with an SSL Certificate installed their actual URL is:
If a user then tries to access the HTTP version of the website (http://www.google.co.uk), the user will simply be redirected to the HTTPS version (providing the correct redirects have been set up by a web developer).
So what is HTTP?
HTTP (HyperText Transfer Protocol) allows your web browser (i.e. Google Chrome) to communicate with the server where your website files and database(s) is hosted. Responses can be sent and received between the user and the server, which in result will allow you to access different websites.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is formed by layering HTTP over another secure protocol, which is known as “SSL/TLS” (Secure Sockets Layer/Transport Layer Security). This then encrypts the user’s connection to your website and prevents any malicious attempts to intercept or read any data being passed between the user and server.
Any web addresses starting with HTTPS is using the secure HTTPS protocol. This is indicated by a lock icon in the address bar similar to the one below.
Should I use HTTPS?
Historically HTTPS has mainly been used for payment transactions, emails and any website that store user’s information (i.e. websites that users has their own account on). However, in recent years more and more browsers now warn users that the website they are browsing is insecure and any data collected is potentially at risk.
Check out some of the errors below:
It is without a doubt that in todays digital world having an SSL certificate is an absolute must for any successful website. SSL certificates are usually pretty low cost to install (depending on the web developer), and will massively build trust with your target audience.