What is HTTPS and How to Set Up for Free (2018)

HTTPS Secured Website

If you are the owner of a website and you know nothing about ‘HTTPS’ then you must read this article.

 

Important links of this article:

 

What is HTTPS?

Full form of HTTPS is Hypertext Transfer Protocol Secure and it is an extension of HTTP i.e. HyperText Transfer Protocol. HTTPS make the connection secure. Here secure connection means when you are visiting any website then your data remain secure from attackers that might want to modify your website content.

Whenever you are surfing the internet then you have observed that most of the domain name or website address starts like ‘http://domainname.com’ or ‘https://domainname.com’.

Domain name or website address starting with ‘http’ are insecure.

Nowadays Chrome is also indicating as not secure to these websites.

 

Insecure Website
 

 

How Attackers or Hackers will get my data when I am visiting the insecure website?

Well, there are lots of ways through which they can do that. Attackers might modify data of the website you are visiting according to their use such as changing image, text or getting your information from that website.

Whenever we visit any website we are connected to that particular server where that website is hosted. Suppose you are visiting a website which is asking you to pay money in return of any service and for paying money you will have to enter your bank details such as your name, your bank name, your card number etc. and these data you are entering at your side. I mean at your computer, laptop or mobile.

That data will be transferred from your side i.e. client side to server side where the website is hosted and in between them, your data have to pass from different other networks or servers. Role of attacker starts from here.

He will identify those particular data packets which are traveling from client side to server side or vice versa and now he can do anything like modifying data packets or he can make a copy of that data packets which contains important information like your bank details.

 

How Is HTTPS Securing My Data?

 

Big Sale on SSL - Up to 49% Off

NOTE: Use NameCheap SSL. Very cheap and effective SSL certificate.

Click on the above image to purchase now.

HTTPS is acting like shield here. Once your website is having HTTPS then every data packets which are traveling from client side i.e. from your mobile, desktop, laptop or any other internet browsing devices to server will be encrypted.

Here data is encrypted means your data is converted into some difficult code from the simple human-readable text which can’t be easily understood. HTTPS is making your data secure.

The internet network through which we are receiving and transferring data is totally insecure. HTTPS makes that channel secure by adding TLS/SSL layer of encryption.

 

Advantages of HTTPS.

There are several advantages of having HTTPS on your website such as:

  • Enhance Security:

With the help of HTTPS, you are enhancing the security of your website. It prevents your website from man-in-the-middle-attacks. Because when you are adding HTTPS you are securing your network channel with SSL (Secure Socket Layer).

 

  • Increase your Google Ranking:

As we all know that Google doesn’t reveal its ranking factors but Google has recently announced that Website with HTTPS will be given more priority in comparison to websites which are not having HTTPS. You can clearly observe that Google Chrome is labeling ‘not secure’ to websites which are not having SSL certificates.

 

  • Improve Visitors Trust:

HTTPS provides a secure channel to visit any network. And all visitors who are visiting your website can trust that their data is secured. This improves trust and also increase the number of visitors visiting your website.

 

Disadvantages of HTTPS.

  • Buying an SSL

There are free SSL available but when you need more features like support, long validity, warranty etc. then you’ll have to purchase an SSL In free SSL if anything goes wrong like a catastrophic failure of their PKI for instance then no one is there for your support whereas in paid SSL you are having a warranty and someone to support you.

 

  • The Mixed Mode Issue or When your site isn’t fully secure instead of using SSL

Sometimes when you are using an SSL then also your browser is indicating that you are not secure while browsing those contents.

This happens because of mixed content. Here mixed content means you are using HTTP instead of https somewhere in your content to display images or text.

Or you might be adding some content to your website from insecure websites.

The same problem was happening to me also. I was using HTTP for the path of the image like ‘http://thetechlogy/img/background.jpg’

It got corrected when I replaced HTTP with HTTPS.

For correcting issue due to mixed content you will have to inspect the content of your website then go to the console and find out that HTTP that is causing a mixed content problem.

 

  • Varnish or Public Caching Will Not Work

If you are using Varnish to speed up your website, then it will not work with HTTPS. As over SSL connection, everything is encrypted like content and packet headers.

So, any public caching cannot happen as everything is in encrypted form. ISPs or any public caching like Varnish will not be able to cache encrypted content.

 

How can I add HTTPS to my Website?

For adding HTTPS to your website you will need an SSL certificate.

SSL certificates are available for free but you can also purchase them according to your need.

 

There are lots of websites which are selling SSL certificates like

  • GoDaddy
  • HostGator
  • BigRock
  • CloudFlare etc.

 

If you need more security like 256-bit encryption and you also want to secure your subdomains, then you can purchase SSL certificate to add HTTPS to your website.

Otherwise, you can use free SSL from websites like CloudFlare and sslforfree.

 

 

Add HTTPS using Cloudflare.

These are steps with the help of that you can add HTTPS to your website for free.

Step 1: Go to Cloudflare website and Sign up.

https://dash.cloudflare.com/sign-up

At the time of sign up you’ll have to enter your email id and password then you’ll have to verify your email.

 

 

Sign up at Cloudflare
 

Step 2: Then add your website name for which you want to get HTTPS.

 

 

Add site at Cloudflare
 

Step 3: Then select a Plan. You can compare different plan and their features.

 

Select a Plan
 

Step 4: Cloudflare will automatically detect all DNS name linked to your website.

Just Click on Cloud Icon to make them secure.

 

 

DNS of your website
 

Step 5: Then Cloudflare will provide you Nameservers. You’ll have to copy that.

 

 

Nameservers by Cloudflare
 

Step 6: This is the last step where you’ll change your domain default Nameservers with Cloudflare Nameservers.

To Change the Nameserver of your domain first go to the website from where you have purchased your domain name such BigRock, GoDaddy etc.

Then change Nameserver type to custom and update Nameserver with provided Cloudflare Nameservers.

 

Thanks a lot for reading this article.

I am new to blog writing. Please suggest me your ideas to share my knowledge in a killer way.

I am waiting for your comments and suggestions.

SEMrush