Does HTTPS make my website secure?

In a word, no. HTTPS is often misunderstood to mean that a website, as a whole, is secure.

In truth, when you see ‘https’ in the address bar and a padlock next to it what it really means is that the connection between your device (computer, tablet, phone) and the server that the website is hosted on is encrypted, so that any information that you may enter on the site to pass back to the server, and vice versa, is secure.

This security application came about because it is possible to ‘sniff’ packets of data, that is intercept and record the data, when it is being passed between the website on your browser and the server over open internet channels. So, for example, if you filled in a form with sensitive data like your address, birth date or credit card information, these could easily be picked up and used.
When a connection is encrypted even though the data can be intercepted, it is hashed to make it unintelligible.

So, when a site uses https, it is only the connection that is secure, not the website itself.

In order to ensure your website is secure for your users there are a few factors to take into account:

  • Hosting
    Be sure to use a reputable hosting service that takes security seriously;
  • Website code
    A website can easily be coded to be malevolent, collecting personal details from users without their knowledge (or yours!) and passing it on to nasty people to exploit. Always be sure you use a reputable development agency to build your website and if you use a CMS like WordPress then you can ensure your website security by using specialist plugins that scan your files and code for vulnerabilities regularly.