Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Digital Literacy How the Web Works The World Wide Web Sir Tim Berners-Lee and URLs

Ryan Jin
Ryan Jin
15,337 Points
Posted by Ryan Jin
Ryan Jin
15,337 Points

Is HTTP not secure comparing to HTTPS?

I've heard that HTTPS is a secure way to transfer data. Is HTTP the same thing or it is less secure?

3 Answers

Kevin Korte
Kevin Korte
28,149 Points
Kevin Korte
Kevin Korte
28,149 Points

That's correct. HTTP is hypertext transfer protocol, HTTPS is hypertext transfer protocol secure. HTTPS connections behave the same except the connection between the client and the server communications are encrypted by a SSL certificate on the server. This is the ideal connection to have if you are recieving any information from your users such as email address, phone numbers, names, etc, and a necessity if you are accepting any sort of payment or financial information. HTTP is going to be less secure because it's not encrypted.

If you have even a simple contact form on your website, I'd highly recommend picking up an inexpensive SSL certificate. You can find them for as little as $10-$30 a year. Check out Namecheap as one option for SSL certificates if you want more info.

Ryan Jin
Ryan Jin
15,337 Points
Ryan Jin
Ryan Jin
15,337 Points

So hackers can easily hack HTTP connections?

Kevin Korte
Kevin Korte
28,149 Points
Kevin Korte
Kevin Korte
28,149 Points

More or less yes. There are some free tools that can help intercept and modify HTTP headers. It's not "hacking" like they gain access to your site, it just has to do with the HTTP header, or the information being transferred from the client's computer to your server, and back.

If that info contained account passwords, then they could gain access that way. But at that point you should have an SSL certificate and use HTTPS anyway.

Jacob Brasher
Jacob Brasher
810 Points
Jacob Brasher
Jacob Brasher
810 Points

https is more secure, you'll learn that in a few episodes

Polrat Ratthakit
Polrat Ratthakit
202 Points
Polrat Ratthakit
Polrat Ratthakit
202 Points

Hey Ryan,

I would also like to add a little bit here that Google clearly states that they prefer HTTPS over HTTP. It is one of the very few announcements about what they use as ranking factors.

Polrat (Paul) Ratthakit