Skill Level Beginner
- Adding an s to the end of the HTTP of your website is probably one of the quickest and most immediately-effective things you can do to drastically improve the security for you, your visitors, and your content, which is why all websites should be served under the encrypted HTTPS protocol. Let me explain. When someone visits your website, information is sent back and forth between their computer and the server your website sits on, very similar to a tin can telephone. If the website is served under an unencrypted HTTP connection, all that information is passed back and forth in plain language. That includes things like usernames and passwords and credit card numbers and anything else you send. Now, this connection is over an open network, the internet, which means anyone with sufficient knowledge can hook into that conversation and listen in. This is what's called a man in the middle attack because there is, quite literally, a man in the middle listening in, and that's where HTTPS comes in. With HTTPS, the very first connection between your visitor and your host is an exchange of secret keys which describe an encryption pattern. Any subsequent back and forth includes that secret key and is encrypted. That way, even if someone does hook into the conversation and places themselves in the middle, all they get is encrypted garbage. No action information. Now, you might say, "Well, my website only has poetry "and photos of my pet, Rosebush. "I don't really care if someone sees anyone "accessing that site." Here's the thing. What people choose to access on the web is their business and protecting their privacy through encryption is just good policy. But, if you need another reason, here it is. HTTPS is a requirement to be able to use the new, much faster HTTP/2 protocol. So, if you want people to access your site in a fast and secure way, go get that s added to your HTTP. If you want to learn more about HTTPS and the HTTP/2 protocol, check out our courses on LinkedIn Learning.