Does my Website Need HTTPS?

If you find yourself struggling to grasp website security, then this is the article for you. With that said, I will try to cut out the jargon and explain only the need-to-know. The two aspects we’ll concern ourselves with are SSL and HTTPS. A few issues we will go over are what SSL and HTTPS are, why we need them, and how to obtain an SSL Certificate.

What is SSL and HTTPS?

Technology has a tendency to overload us with too many acronyms. The two we will go over both pertain to security and protecting the integrity of content that a user inputs, like a credit card number or a password. SSL (Secure Sockets Layer) establishes a secure, encrypted link between a server (website) and a client (a web browser like Chrome or Firefox), exchanging data privately. We know a site is secure if it has HTTPS (Hyper Text Transfer Protocol Secure) at the start of a URL. This site for example has SSL. All e-commerce checkouts should have SSL. If the URL does not contain HTTPS, information passed to the server is not secure.

Does my website need SSL?

In a word, yes. Do you sell goods? Do you have a user login area? Do you have forms asking for personal information? Even if you answered no to all three questions, SSL is still a good idea. Why? Google Chrome has begun to indicate the security level of a website in the address bar, labeling it “Secure” in green with a padlock (which it currently does) or “Not Secure” in red (eventually) with a warning (beginning with Chrome version 56). Other browsers, I expect, will soon follow this trend. A warning message could deter users from interacting with a website and they may leave all together. The “Secure” label demonstrates to the user a certain level of trust and security.

Not secure login
Source
Secure login
Source

How do I get an SSL Certificate?

An SSL Certificate must be purchased before you can change HTTP to HTTPS in the front of your URL. Certificates are obtained through a certificate authority (CA) such as Let’s Encrypt, which is also free. The certificate contains a public/private key pair used to code and decode. The public key, contained in the certificate, is shared with the web browser. The private key is installed on the server and never shared with anything. After that, the setup is fairly quick and painless, but further explanation requires a great deal of jargon so we’ll leave it here with the parting words: when in doubt contact your web hosting provider.


Additional Reading