HTTPS is Easy

Now you have no reason not to make your website(s) secure!

Troy Hunt is Microsoft Regional Director and MVP for Developer Security. Online security, technology and “The Cloud”. And he made have I been pwned, an online database/API allowing you to find out if your data has been compromised. Basically he knows his stuff. And he has made ‘HTTPS is easy’.


HTTPSisEasy is a short course showing how to setup https on your website for free. You can do it without the command line, using a free Cloudflare account.

I’ve long been advocating Cloudflare. I currently use it on 6 different sites to provide an extra layer of security and speed, yet I still learnt some new things I could do to improve the security further – specifically regarding HSTS, and HSTS preloading.

I suspect there’s a lot of site owners that don’t see any value in making their site secure. It may well be something you hear from clients. Afterall, if you don’t have a store, or do have any user input, then why should it matter? Here’s 3 reasons why.

  1. Google use https as a search ranking factor (which likely means other search engines do as well).
  2. Chrome, is going to start marking http sites as insecure. Again, I imagine other browsers will be doing similar in the future.

I should probably have placed number 3 first. I’ll be honest, it took me a while to understand how my site visitors were at risk since I don’t sell things from my site or accept user data; turns out it’s really obvious. Essentially, https is two way. It protects both the data that users sends to the server (email addresses, and credit card info), and it protects the data that the server sends to the user ensuring it displays as intended.

This recent article from the Tor project looks at a censorship campaign that happened in Egypt last year where 21 sites were ordered to be blocked. The interesting part is towards the bottom of the article:

“Back in 2016, OONI uncovered that state-owned Telecom Egypt was using DPI (or similar networking equipment) to hijack users’ unencrypted HTTP connections and inject redirects to revenue-generating content, such as affiliate ads”

They were hijacking unencrypted websites and changing the content so that they would benefit from it. The only way to ensure the website arrives as intended is to send it as https. When data is sent via http it is susceptible to interception, manipulation, and impersonation. HTTPS guarantees the integrity of the connection between two systems.

So why Cloudflare? Why not something like Let’s Encypt? I’m reasonably technical. I can do some programming, and I use Git, but I am not super comfortable with managing servers, or using the command line. I know enough to get by – but if there’s something easier I can use then I will. Troy has a blog post where he introduces HTTPSisEasy and he explains who he was targeting with the website.

Troy wanted to make his short course accessible to as many people as possible. If you can setup a website on your own hosting, and add a custom domain name, then you can do everything in these videos.

HTTPSisEasy has 4 videos, each around 4:30 long. And the most important one is the first. I watched them on 2x speed, so got through them in about 10 minutes.

However you do it, making your site secure can only be a positive thing. So if you haven’t already – please watch these videos and help make the web better for everyone. While I’m at it – use a VPN as well.

Was it good/ useful/ a load of old rubbish? Let me know on Mastodon, or BlueSky (or Twitter X if you must).

Link to this page

Thanks for reading. I'd really appreciate it if you'd link to this page if you mention it in your newsletter or on your blog.

Related Posts

20 Feb 2013

The Amazing Art of Flipping Websites

Recently I have looked at expanding my internet empire. I have all sorts of ideas and never enough time – so I thought I would see if I could buy some websites relatively cheaply, improve them, and then either flip...
17 Oct 2012

WordPress Social Network Aggregation

I really like the idea of a Tumblog – and even have one on – but I don’t promote it anywhere. Conceptually it’s great – but I don’t like not having control over my content.What I would really like...
12 Apr 2013

My First Website

My first website was terrible. Not intentionally I hasten to add – but because I was told to make it bad…I started university in 1998, the internet was just starting to become more mainstream. It was still a few years...
12 Jun 2023

Rebuilding the Binary Moon Website

I have recently rebuilt the Binary Moon website. It’s been something I’ve been thinking about for a while, and a recent issue with my web host pushed me to finally make a start. In this post, I’ll share some of...
16 Dec 2010

A New Secret to Increasing Your Page Views

Do you want to increase the page views on your website? Everyone does right? Well this is something I have been spending a lot of time thinking about, and I recently found out something quite surprising.In hindsight I probably shouldn’t...