1 person found this helpful
HTTPS is encrypted and much slower than HTTP. It also costs more. I don't see much necessity for it unless you're collecting, storing or transmitting sensitive data such as credit cards, medical records, banking transactions, etc... There would be very little point in using this level of encryption on pages that don't require it.
That's good to know. I didn't realize it was "much slower," nor did I realize it costs more. Do hosts charge more for HTTPS service, or does it just cost more because it increases bandwidth usage?
I noticed that the Electronic Frontier Foundation is promoting HTTPS - https://www.eff.org/about (Ironically, they're About HTTPS page isn't displaying correctly.) Also, Firefox has a HTTPS addon. But I don't want to jump on the bandwagon until I have a better understanding of the technology.
I'm thinking of trying HTTPS on one of my political sites, but it sounds like it might not be a good choice on my regular, general audience sites.
Can anyone tell me how to convert a website to HTTPS in the first place? Thanks.
1 person found this helpful
Buy a Security Certificate for your server.
Pick which pages will be secure
Place those in your secure directory.
For example, when I make an online store, the payment area will be secure and will live in a secure folder. I'll tell my hosting provider to apply the security certificate for that website to that particular folder. All data into and out of that folder will be encrypted.
Now, I can also make the entire website secure. But as Nancy says, that is slower, due to the encryption. It also takes up a certain amount of additional processor cycles. So, I use the folder approach.
As soon as someone calls the secure page on the website, a lock symbol will appear somewhere on the browser that is on that website and the http: calls will go through the security certificate and be https:
Virtual Private Networks are another matter entirely and are useful in exchanging data to and from a remote computer system from your local system. In many cases, there is no web browser required.
OK, that fills in a big piece to the puzzle. I checked GoDaddy and see that you can get security certificates for $6 a year. I'd kind of like to try it with one of my smaller websites.
But it sounds like your web pages have to be HTTP or HTTPS - you can't give visitors a choice of surfing in either mode, right?
Also, I can see how this might cause problems with search engines. If the pages of one my sites are indexed in Google, and I change all the URL's to https, then Google is going to send people to the wrong pages.
Thanks; that is a good article.
Don't go with GoDaddy.
Bad service? I bought all my domain names from GoDaddy (and pay them my annual dues). I haven't had any bad experiences so far, but I always feel a little nervous about a big corporation effectively controlling all my websites.
I don't have much love for GoDaddy's shared hosting plans because they lump you in with about a hundred other sites -- all with the same IP address which is dead wrong.
If you're using HTTPS for a shopping cart site, as an example, see Lawrence's comments in this other thread.