Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialRyan Jin
15,337 PointsIs HTTP not secure comparing to HTTPS?
I've heard that HTTPS is a secure way to transfer data. Is HTTP the same thing or it is less secure?
3 Answers
Kevin Korte
28,149 PointsThat's correct. HTTP is hypertext transfer protocol, HTTPS is hypertext transfer protocol secure. HTTPS connections behave the same except the connection between the client and the server communications are encrypted by a SSL certificate on the server. This is the ideal connection to have if you are recieving any information from your users such as email address, phone numbers, names, etc, and a necessity if you are accepting any sort of payment or financial information. HTTP is going to be less secure because it's not encrypted.
If you have even a simple contact form on your website, I'd highly recommend picking up an inexpensive SSL certificate. You can find them for as little as $10-$30 a year. Check out Namecheap as one option for SSL certificates if you want more info.
Jacob Brasher
810 Pointshttps is more secure, you'll learn that in a few episodes
Polrat Ratthakit
202 PointsHey Ryan,
I would also like to add a little bit here that Google clearly states that they prefer HTTPS over HTTP. It is one of the very few announcements about what they use as ranking factors.
Polrat (Paul) Ratthakit
Ryan Jin
15,337 PointsRyan Jin
15,337 PointsSo hackers can easily hack HTTP connections?
Kevin Korte
28,149 PointsKevin Korte
28,149 PointsMore or less yes. There are some free tools that can help intercept and modify HTTP headers. It's not "hacking" like they gain access to your site, it just has to do with the HTTP header, or the information being transferred from the client's computer to your server, and back.
If that info contained account passwords, then they could gain access that way. But at that point you should have an SSL certificate and use HTTPS anyway.