HTTP is the protocol used for communication between browsers and web servers. This protocol sends all information in clear text, in both directions. Sending commands and responses in clear text could allow a 3rd party to "eavesdrop" and catch information they can later use to act as the user who is logged in to the website.

The solution to this, which enhances security to your site, is to use HTTPS. This is a secure version of the HTTP protocol that makes sure all communication between browser and web server is encrypted. When a connection is created the server will send a public key to the browser. This key is then used to encrypt the request before it's sent to the server. Only the matching private key can be used to decrypt the request. When the server sends back a response it will encrypt using the private key. This will allow the public key to be used to decrypt the response.

In order for the web server to generate public and private keys it must have a valid SSL certificate installed. These comes in many flavors and at varying prices depending on the validation you want to have associated with the certificate. The most basic certificate will only allow encryption. This form of security will be enough for most web sites. A new service that makes it possible to create and update SSL certificates in an automated way, was launched in San Francisco a few months ago. The service is called Let's Encrypt and the certificates will be updated every 3 months.

Web by Pixel offers a service to install and maintain the SSL certificate on the site hosted on our CMS platform and it is included with your license fee. We also support installing an SSL certificate of your choice.

We configure this security update so that your site automatically redirects from HTTP to HTTPS.

Please note that older versions of browsers might require a dedicated IP address on the server in order to fully support the HTTPS protocol. Modern browsers support Server Name Indication (SNI). Most modern browsers support SNI without the need to have a dedicated IP address. Windows XP users of Internet Explorer does not have this support.

For more information please contact us.