Why HTTPS Makes A Difference
Almost every website is using HTTPS now. If it's not, Google flags it with a nasty looking "not secure" symbol in the left corner. There are a bunch of reasons why most websites are using the HTTPS protocol and that's what we're going to talk about.
Difference between HTTP and HTTPS
Let's start with the difference between HTTP and HTTPS. HTTP is the hypertext transfer protocol and HTTPS is the hypertext transfer protocol secure. With regular HTTP requests, it's relatively easy to intercept internet traffic. That's how people on public Wi-Fi networks can see your information.
HTTPS fixes that. Instead of sending the raw request, the data gets encrypted. That's where the SSL certificates come in. The certificate has the public key for the server the website is on. That public key is shared with the users and that's how the secure connection is made.
Even if someone intercepts the traffic they won't be able to get anything useful out of it without knowing that private key. HTTPS actually slightly slows down a website because the user and the server have to exchange those keys using the certificates before any real data is transferred. And just for those of you that might care, HTTP uses port 80 while HTTPS uses 443.
Why security is important
It seems like a minor difference for there to be so much fuss over it but all that fuss is worth it. Keeping data secure online is a growing issue. People keep finding new ways to hack things and they'll keep doing that. At least when you use the HTTPS protocol you make it extraordinarily difficult for them to figure out what your data holds.
HTTPS encryption shows them jumbled letters, numbers, and characters that mean nothing without knowing the decryption key. Technically somebody could still figure out a way to read that data but they would have to work harder than it's probably worth. HTTPS is a quick and pretty easy way to make sure the data on your website gets transferred securely.
This way your users credit cards, email addresses, usernames, and passwords are safer. It also helps with SEO (search engine optimization) if that's a big concern for you. Plus it gives people confidence when they use your website because they know their information is safe. Think about it like this, would you still feel as comfortable ordering from Amazon if there was a message in the corner saying "not secure" with a red x on it? (maybe you would but you know what I mean)
How you can upgrade to HTTPS
Updating your website to use HTTPS isn't hard if you know a little about the server you're using. You could go to a website like https://certbot.eff.org and get the code you need for the command line. Or you can make the file changes yourself.
If you're using a hosting package and it has something like cPanel it should be super easy to update to the HTTPS protocol. Most of them have some kind of automatic functionality that will make the updates for you. Learn about your server if you need to do this update and you'll be able to find the specifics from there.
HTTPS is powerful considering how much data it protects every day. It doesn't hurt to know a few network things as a web developer. That extra knowledge really helps when you have a problem you haven't seen before. At the bare minimum it does give you another place to look for bugs.
As a warning, always back-up your website before you do this kind of update. Sometimes weird things happen and they could corrupt all of your files or a few key ones. Just spend the time making a back-up first.
Staying on top of everything can feel overwhelming when you're just getting started. I remember being a junior dev and not really knowing about all the tabs in the dev tools. There's just a lot of stuff like this you might not learn about until you get on the job or deep into a project. Especially if you're new to web development in general.
I try to help out new developers and get them up to speed faster by teaching them the little things you just don't know you don't know. If you're looking for something like that, my emails will be helpful. 😁 Here's the link if you want to sign up.
The emphasis here is on "people cannot see the content exchanged between the client and the server". And this focus on privacy is good. But it’s also worth noticing that another key benefit from TLS is data integrity. People cannot read the content, but they also cannot tamper with it, which gives you the guarantee that the content you load is the content sent by the server you trust (and trust is a very important idea here) and nobody was able to alter it on its way between both ends.
"It also helps with SEO (search engine optimization)..."
Only because Mother Google says so...today. This isn't so much an optimization as a bribe from Google to encourage wider adoption of HTTPS. As more sites move to HTTPS, the value of this ranking boost will decrease. Also, this is as far as I know a Google-only benefit - not a general-SEO improvement (as if anyone cares what any search engine other than Google thinks).