Your friendly neighborhood host back again for another edition of "why should I care about this". Today, I am writing about "HTTPS". Firstly, what does HTTPS mean? Basically, it is "HTTP" but "secure" (which is where the "s" comes from). When you type out "http" into your browser, you are telling your browser the protocol over which to transfer data from a server to your computer. The protocol is basically the application foundation for all internet communication as it is HOW data moves from server to server, through cables/satellite/wifi/etc and reaches your computer. So what is the problem with HTTP?
Well, when you make a connection to a website, that connection has to bounce through a bunch of different channels. There are DNS servers, routing servers, mirror servers, etc. Essentially, there are many "hops" you have to make to reach your destination. With HTTP, that is not secure, anyone (really anyone because info is out there) can snag your data as it's making one of these hops. This is how a large majority of credit card information was stolen before HTTPS became a thing, and it's how your personal information is taken. If you use the same passwords for a bunch of sites, and that password gets stolen, then there are computers that will systematically go through your entire history and try those passwords to get access to your information.
That is a BIT of a simplification of a complex process, but that's the "essence" of http. What makes HTTPS different? Better?
The "S" for secured, means that the data transmitted by you and sent by the computer over those series of hops is ENCRYPTED. Encryption is scrambling up your data with a series of symbols, letters, and random crap that can only be de-convoluted by an encryption KEY. That key is usually a series of numbers. The longer the number, the better the key. There are entire industries dedicated to making encryption keys, and it's basically all math. ANYWAY, what this means for you is that if someone takes your information now from a hop, they won't be able to de-crypt it for... oh... 50 years of computing time?
HTTPS is becoming increasingly important with the implications from GDPR, the US's questioning of Zuckerberg and data safety and security. In fact, our great friends at google told all of us hosts and developers to basically get our act together and make everything HTTPS: searchengineland.com/effective…
. I, personally, won't click on a site that says "NOT SECURE", and I CERTAINLY won't login to it! This means that I will be willingly giving information about myself to anyone who could want to use it maliciously.
Maybe internet ponies don't carry quite the same weight as, say, your bank account, but we still share alot about ourselves through the internet - AND YOUR COMPUTER shares alot too that you may not know about The whole internet is moving to HTTPS because it's secure and safer for all users.
Therefore it's our responsibility as content creators, hosts, etc to make sure that the sites we host are encrypted - for the safety of our clients and their users. Okay, so how to I get HTTPS?
"When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the 'SSL handshake'. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website." - instant SSL.com
All servers have an SSL certificate whether you know it or not. You have to pay to get an SSL certificate for the server you're hosting on in order to establish that connection. Basically, you're buying 1) insurance for your site, 2) an encryption key, and 3) a fancy little green bar telling you that the website is secure.
Here is an example of a secured site that I host
Here is an example of an unsecured site (note the "i" and click for more information in your browser)
Different companies will have special secure identifiers
You will need to ask your host to give you HTTPS!
If they say you don't need it, make a face and start looking for new options.
Internet safety is VERY important. Your data security is very important. Encryption is going to happen across all sources soon, and it's better to be prepared