Https matters, why?

# What does HTTPS do to your website?

Currently, all major web browsers indicate websites that aren’t using HTTPS as insecure. So here’s why: https is a layer of HTTP protocol that simply encrypts user’s data when it’s exchanged between a client and server. It uses a handshake principle which is based on the creation of a common encryption key between a client and web-server. This key is later used to encrypt all the data in communication.

But why do we need to encrypt the data which is transferred on the internet? The problem is that when the user’s computer sends a signal to the web server, it comes through dozens of communication servers/routers.

From the point of security, any of those may potentially be hacked by somebody. If the traffic is unencrypted, data may be hijacked at some point between the user and the server. Its called a “man in the middle” attack. It may be not that critical if your website only works with non-essential personal data, but if you process payments or collect important data (like passport ids, credit cards, etc) – https is the first step that should be done.

# Paid certificates

There are a lot of services which provide certificates. For instance, comodo: https://comodosslstore.com/…/cheap-comodo-ssl…

They not only provide the certificates but also provide a warranty in case of cert compromising (which is quite impossible or at least very hard).

# Letsencrypt as a free solution

Letsencrypt (https://letsencrypt.org/) is a free solution backed by such giants as Google, Mozilla, Cisco, Facebook, etc.

They provide a free tool that generates a cert and includes it to the web server software. In both cases (paid/free), you’ll need to have/learn some DevOps skills to set everything up on your server but as a result – you get a much more secure website than if there’s no encryption used at all

.In case you are concerned about your website security, you may contact us and we’ll help you to resolve this and some other issues.