Http vs https: what difference does it make to security?

 

We look at the difference between the two and tell you how to switch between them

The way a website transfers content from its servers to your browser is through a protocol called Hypertext Transfer Protocol (HTTP). It is text file that uses hyperlinks to take you from one website to another as well as embedded other content, such as audio and video. The problem here is that all data is in the clear, meaning anyone could potentially see what you are looking at.

The secure version of this is HTTPS. This means the website has an SSL certificate, so data in transit is encrypted preventing hackers from stealing the information it carries.

The web is moving away from HTTP towards HTTPS to ensure data privacy and security.

What are the benefits of https over http?

The primary benefit of using a website with an SSL certificate in the case of HTTPS is security. All content is secure, including personal information, such as usernames and passwords and customer information, such as credit card details.

There is also greater element of trust with HTTPs. With an SSL certificate, you are being serious about the data on your website as well as the security of customers and other users.

Additionally, some web browsers, including Google Chrome, are starting to block non-secured (http) websites, or present them as unsafe, which means your customers may not even be able to find your website if they search for it or enter your url into their address bar.

How does https work?

Websites using http send data in plain text, which means hackers can easily read the information sent to and from them. Obviously, this is a pretty serious problem if you’re sending credit card details to the website or the website is sending credit card details to a third party payment processor.

Adding an SSL certificate means these communications are secured using encryption, so even if hackers do manage to intercept the information, it’s very hard to unscramble to data into any sensical insight.

An SSL works using an ‘asymmetric’ Public Key Infrastructure (PKI) system, using two keys to encrypt communications. One is a public key and the other is a private key. They can only be unencrypted by each other. The private key is kept safe by the website owner and the public key is available to anyone. This means anyone trying to access the website’s data only has half of the tools it needs to decrypt the information.

When you request information from a secured website (https), the website will send the SS certificat to your browser so it can check the certificate is valid and will protect your data. The website you’re accessing and your browser will then generate a secure connection between your browser and the website.

How to switch from http to https

If you’re not yet using https to secure your website, it’s time to talk to your hosting company, which should issue and install an SSL certificate for you, redirecting your traffic from the http to the https version with little effort.

If this isn’t the case, there are plenty of third-party companies that you can purchase an SSL certificate from and then manually set it up on your FTP. You will then need to set up a redirect to tell browsers trying to access the http version of the site to https.

Source