To understand the need to switch to HTTPS, it is first necessary to understand the difference between standard HTTP and HTTPS.
HTTP stands for hypertext transfer protocol, a protocol that defines how information is exchanged between a client (browser) and a web server. Every time a user connects to a website, the user’s browser sends a request to the server website, the user’s browser sends a request to the server that lets the server know what Is being sought. The server processes the request and either returns the requested resource or takes some other action, such as generating a ‘not found’ error message.
Using standard HTTP, neither the request or the response is encrypted in any way. That makes the protocol vulnerable to hacking. A third party can intercept communications in either direction and can modify what is requested and what is returned.
The S in HTTPS stands for ‘secure’. When this protocol is used, communications are encrypted before transmission in each direction by means of an Digital Certificate. This greatly enhances the security of communications between a website and it’s visitors. Google also adds your website “one point” extra to your overall score when you are using HTTPS and this might also improve your visibility.
How it works to implement HTTPS? Website owners must acquire a Digital Certificate. These SSL certificates can be purchased from web hosting companies and from other trusted (by browsers) sales sites. Trusted vendors of Digital Certificates include Geotrust, Godaddy and Verisign.
There are also free options. Let’s Encrypt is an open source option backed by companies like Google and Mozilla.
Purchased certificates are normally valid for one year, and must be renewed annually, at a cost, to continue using must be renewed annually, at a cost, to continue using them. Let’s Encrypt must also be renewed, but renewal is free of charge.
Once acquired, the certificate must be installed on the web server. When it is in place, you can use the HTTPS protocol.