If your website uses ordinary HTTP to connect then you’re exposing your visitors’ data needlessly. You should instead use HTTPS by installing an SSL certificate on your site. SSL certificates can cost hundreds of dollars per year, but you can get a free one from Let’s Encrypt.
Why are they giving away something other companies charge big money for? Simple. Let’s Encrypt is a non-profit with the mission to get all web traffic encrypted and secure.
- Privacy: an SSL connection encrypts the traffic between the website and the user. Someone sharing a public WiFi connection with me can see that I’m connected to my bank, but they can’t read the data. They can’t see my user name or password and they can’t inject ads or spyware into the data stream.
- Speed: HTTPS is faster than HTTP. In geek-speak HTTP uses the old, slow HTTP/1.1 protocol whereas HTTPS uses the much faster HTTP/2 protocol. But HTTP/2 requires an encrypted (HTTPS) connection otherwise the web browser reverts back to HTTP/1.1. Ergo HTTPS over an encrypted connection (SSL) is faster.
Installing a Let’s Encrypt certificate
Installing a Let’s Encrypt certificate is…complicated. In many cases it requires writing a command-line script and assigning it to a cron job, but once it’s done you’re set. The certificate auto-renews every few months and you don’t have to think about it. The procedure for doing this will depend on your web host.