Web Security: Why You Should Always Use HTTPS
Sam Hermans
Scanning with atscan.be ?? service at height by starworks.be ?? planning cumbaya.travel trips ??
You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications.
Aside from providing critical security and data integrity for both your websites and your users' personal information, HTTPS is a requirement for many new browser features, particularly those required for progressive web apps.
HTTPS is intended to provide benefits like confidentiality, integrity and identity. Your information remains confidential from prying eyes because only your browser and the server can decrypt the traffic. Integrity protects the data from being modified without your knowledge. We'll address identity in a bit.
There’s an important distinction between tweeting to the world or sharing thoughts on Facebook and having your browsing activity going over unencrypted HTTP. You intentionally share tweets, likes, pics and thoughts. The lack of encryption means you’re unintentionally exposing the controls necessary to share such things.
It’s the difference between someone viewing your profile and taking control of your keyboard.
HTTPS protects the privacy and security of your users
HTTPS prevents intruders from being able to passively listen to communications between your websites and your users.
One common misconception about HTTPS is that the only websites that need HTTPS are those that handle sensitive communications. Every unprotected HTTP request can reveal information about the behaviors and identities of your users.
Although a single visit to one of your unprotected websites may seem benign, some intruders look at the aggregate browsing activities of your users to make inferences about their behaviors and intentions, and to de-anonymize their identities.
For example, employees might inadvertently disclose sensitive health conditions to their employers just by reading unprotected medical articles.
HTTPS is the future of the web
Powerful, new web platform features, such as taking pictures or recording audio with getUserMedia(), enabling offline app experiences with service workers, or building progressive web apps, require explicit permission from the user before executing.
Many older APIs are also being updated to require permission to execute, such as the geolocation API. HTTPS is a key component to the permission workflows for both these new features and updated APIs.
About Lumturio
Lumturio’s update manager for Drupal and WordPress' modules and cores continuously checks for new versions of you or your client’s websites CMS (including contributed modules and themes), and alerts you when updates are available.
We recently added the possibility to monitor SSL certificates for validity and to check on their expiry date.