A while ago, WordPress partnered with let’s encrypt in a bid to offer HTTPS support to its wordpress.com blogs. Soon after, in May 2016, Google changed every BlogSpot domain name from HTTP to HTTPS.
BlogSpot is a Google domain service provider. BlogSpot is free and caters to a lot of users. Thus, a very big percentage of the Web is now on HTTPS. So, why all the fuss? The answer is simple – security.
HTTP (Hyper Text Transfer Protocol) is the protocol that governs communication on the Web between clients and servers. Simplified, HTTP is the protocol over which data between your browser and any website you access is sent. HTTPS is the same protocol but with an added advantage. The “S at the end stands for SECURE. Therefore, data exchanged between your browser and any website you have accessed is encrypted.
Encryption is a process where data is converted into a code known only to the sender and receiver. Encryption prevents unauthorized access. Data that is encrypted is therefore secure.
HTTPS has three major benefits
- Ensure any confidential and sensitive online transactions are secure
Anyone with a bank account faces the risk of being attacked. Online banking and online shopping are two very sensitive transactions. The HTTPS protocol ensures that an attacker cannot easily steal your bank details or card information. That information is encrypted.
- Deter attackers who eavesdrop on connections to steal information
Eavesdropping attacks occur when there’s a weakened connection between a server and client, hence allowing an attacker to send himself the network traffic.
Apart from using a virtual private network (VPN), personal firewalls, updated antivirus software and avoiding public networks (especially for sensitive transactions), https has now come in handy to prevent attackers from eavesdropping.
If data is encrypted, then an eavesdropper looking to steal information is thwarted.
- Prevent redirection to malicious sites
The internet is full of all manner of malicious sites for example phishing sites. Phishing sites attempt to steal your login information by tricking you into thinking you are on the legitimate website. The HTTPS protocol prevents redirection to such malicious sites.
Ideally, every website on the internet should be on the HTTPS protocol. However, it is not so. Google’s move is a great step. It shows their commitment in support of the efforts geared towards a more secure Web.
— Digitally Indian (@digitalyindian) 23 de febrero de 2017