Communication between your browser and the web server uses a protocol known as HTTP (Hyper Text Transfer Protocol). Using HTTP, all network traffic between your browser and the web server is sent as plain text which anyone with access can intercept and manipulate. HTTPS is the secure version of HTTP and it ensures that all network traffic between your browser and the web server is encrypted.
This encryption is enabled by the installation of a valid SSL certificate on the web server.
The validity of the certificate is checked by your browser which will show different warnings depending on the browser if an invalid certificate is detected.
A valid certificate is typically indicated by a green padlock next to the website address.
- As well as encrypting your connection to the web server a valid SSL certificate also;
- Ensures that the website you are viewing is the one it claims to be and not an impostor.
Secures communication with your chosen payment processor if your site handles credit card payments. In fact, it will not be possible to process card payments without a SSL certificate.
- You might think that you do not need HTTPS if your site only hosts your blog, or static pages.
Here are some of the reasons your static web site does need HTTPS:
- Using insecure HTTP, as we’ve already mentioned), allows other people to read your network traffic.
It also allows people to intercept and modify your connection coming back from the server and inject their own content, typically this would be adverts although it could just as easily be malicious content.
- The worst thing is that it opens up your site visitors to malicious attack as well.
The National Cyber Security Centre (part of GCHQ) recommends using HTTPS on all sites and so do we.
Some providers charge extra for SSL, it is included free in all of our hosting packages.