This post is part of a series designed to help developers who are just starting out understand some basics and how they relate to WordPress. This post is about HTTP (including its cousin, the secure version) and will attempt to explain the difference between the two and why they matter if you’re developing a WordPress site.
What’s the Difference?
HTTP
Let’s start with HTTP. HTTP stands for Hypertext Transfer Protocol and is a system for transmitting and receiving information across the internet. In this case, the word protocol is being used to mean a rule or system of rules for the correct conduct and procedures to be followed. It is defined differently in other fields and contexts (such as law) so ignore those definitions for now.
HTTP serves as a request/response procedure that all internet agents follow so that data can be passed between servers/nodes and clients rapidly. It’s most commonly used to access HTML pages on the web but can also be used for other things.
HTTPS
So, what if you need to exchange confidential or sensitive information between server and client? That’s where cousin HTTPS comes in, which was created by Netscape way back in 1994 for its Navigator browser. HTTPS stands for Hypertext Transfer Protocol Secure and can be thought of as “secure HTTP.” It is identical to HTTP in many ways since it follows the same basic protocols. The client (e.g. web browser) establishes a connection to a server on a standard port. When servers get requests they reply with statuses and messages, which usually contain the requested info but sometimes they send back an error if they can’t figure out what the client/browser was asking for. Both HTTP and HTTPS use the same Uniform Resource Identifier (URI), and that extra S at the end which stands for secure indicates that an encrypted connection is desired.
Going Deeper
The default port for HTTP is 80 while it’s 443 for HTTPS. Ports are like locations or holes for data to enter. Think of them like boat docks. Each has a unique number, and things get routed to the right one based on established rules. HTTPS connections are encrypted so that, in theory, nobody can access the data being transmitted other than the client/server talking to each other. Encryption just means encoding messages so that only the parties talking can understand it. Think of it as a secret language but with data (not verbal tones).
There are 2 types of encryption layers: TLS and SSL. You’ve likely heard of SSL but maybe not TLS. TLS stands for Transport Layer Security while SSL stands for Secure Sockets Layer. When responding to an HTTPS connection request, the server offers a list of encryption methods it supports. The client/browser then picks one and they begin the information exchange. They have to agree on the method first, obviously, so they’re both on the same page (no pun intended). At this point, they also exchange certificates so they know who they’re dealing with. Think of certificates as passports or driver’s licenses.
The parties at this point ensure they are using the same key and that the connection is closed so that nobody is peeking. Information begins to flow between them. A server needs a public key certificate to have HTTPS connections and it contains key info along with verification of its owner’s identity. Certificates are often issued/verified by a third-party so that they can be trusted. That’s why you purchase SSL certificates for example from places like Comodo and don’t make your own.
Why Does it Matter?
Over the years, the importance of HTTPS has grown significantly. Search engines like Google now consider HTTPS as a ranking factor, giving preference to secure websites in search results. Additionally, modern web browsers display warnings for non-secure HTTP websites, which can negatively impact user trust and engagement. As a result, it has become essential for all websites, even those without sensitive data transmission, to adopt HTTPS to ensure security, privacy, and a positive user experience.
Secure Your Website
At Pagely, we recognize the importance of these changes and developments. We continually update our systems to support the latest versions of HTTPS and TLS, allowing our clients to benefit from improved performance, security, and user experience. We also offer Let’s Encrypt integration, making it easy for our clients to obtain and install SSL certificates without additional costs.
Let’s Encrypt is a free, automated certificate authority that has made it easier for website owners to obtain and install SSL certificates. Let’s Encrypt has gained significant popularity since its launch in 2016 and has played a crucial role in making HTTPS more accessible and widespread. With Let’s Encrypt, website owners can secure their domains with trusted SSL certificates without having to incur additional costs.
By staying at the forefront of these technologies, we help ensure that our clients’ WordPress websites are secure and optimized for the best possible performance. Our team of experts is dedicated to providing guidance and support to help navigate the evolving landscape of internet protocols.