https?

3 posts / 0 new
Last post

Hey, not sure what all is involved...but what are some thoughts on getting the 50/90 site secured with https?
I have little knowledge on the subject, but from what I understand its more secure than http or whatever...???
I'm really just curious is all.

https at its most basic is when a website and the user's browser are encrypting all info before sending it back and forth. it typically involves obtaining a secure certificate from an issuing authority.

https can be implemented in just such a simple way but it can also include a more involved process where the entity that issues the secure certificate verifies your company in the real world.

when dealing with sensitive data such as credit cards it is absolutely essential that https be used.

generally there is not much risk when sending non-sensitive data so https is not necessary, HOWEVER, Google decided that it would be best if the entire web used https so they have begun encouraging that by adding ever increasingly alarming messages to their Chrome browser when a user encounters a site that does not use https. and their Chrome browser is by far the most popular browser currently. plus they also penalize your website in search results if you are not using https!

secure certificates used to be expensive but they have dropped in price. if you host with GoDaddy they are still way too expensive! if you host with Pair Networks they are $10/year. so factor that cost in when choosing a host!

and there is a new option called Let's Encrypt (https://letsencrypt.org/) which is gaining in popularity. many web hosts do not support it because it eats into another of their profit areas! it is just as good as an expensive certificate for the basic functionality of encrypting your web traffic.

so, anyone with a website should get https because 1) Google says so and 2) your visitors are beginning to expect it and 3) it can be cheap or even free!

Nice, thanks - great explanation.
I do indeed get the nasty-looking "not secure" hazard sign in Chrome. I also have a plugin 'https only' or something like that, which will only give me that https version of sites if it exists.