Ever since I have been involved in any kind of web development and web technologies, having a secure website running over HTTPS (which is nowadays actually TLS) was a really difficult task. It required very specific knowledge about web servers, about certificate creation and installation, a very specific sequence of steps and a lot of money to renew the certificate(s) every year.
Having a web site served securely was something for the big sites, and the ones who’s services required it (such as banks). However, the last few years have seen a ton of data leaked and services breached. It has almost become an accepted reality that your online data will be sold, leaked or otherwise distributed around the net. These leaks mean that the data you share on the Internet should ideally be secure from end to end, to at least minimise some of the risk.
The fact is that is has never been easier to install a certificate and run a website over HTTPS. Services like Cloudflare and Let’s Encrypt have automated most of the process and you only have to configure some settings that are unique to your site. In a matter of minutes you are running via HTTPS. Of course there are always edge cases that don’t fall into the “minutes” category, but they are far and few between. \
In August I teamed up with my good mate Troy again and we recorded an amazing Pluralsight course on just this topic. We debunk a bunch of myths around HTTPS, such as being expensive and slow, as well as show some real world examples of what happens, when you don’t have proper website traffic encryption enabled. This is probably the best course we have created together and it is so incredibly relevant right now.
Check out the trailer and get watching today.