Here are the basics. If you want to, for example, conduct transactions online with credit cards, via a form or shopping cart, where customers enter their credit card information, you will want to offer your customers the security that once they hit the submit button, their information is not being viewed by other than you.
How do you do this?
The common and standard way to do this is to purchase and set-up a “security certificate” or “SSL certificate”. Your host can help you with this, and if you want to save some money, you can usually purchase one elsewhere a little cheaper, (ie $30/yr instead of $75+/yr).
Security certificates can range dramatically in cost from under $50 to well over $1,000. For the most part, they are all just as secure. The difference has more to do with how well a certificate is known, and how much insurance is attached to the certificate.
The security certificate allows you to establish a secure connection with your customers. When they visit your website, instead of your website address being at http://, it will be at https://. The extra s is for the secure connection. This secure connection requires that the data be encrypted between your website and your customers – so no one can snoop in on your conversation.
Once you have your certificate, you will need to have a dedicated IP address for your website, (unless you have a shared hosting plan and your host has a shared certificate you can use). Usually a dedicated IP cost a few dollars a month extra. Your website host can and should be able to walk you through all of this.
Once this is set-up, your website should be able to be viewed either by going to http:// or https://, the later of which will be secure. But you may want to go a step further and be sure that when someone visits one of those special pages, that they are required to have a secure connection, since most people won’t know the difference. For the most part, this may not be needed if you simply specify in your website links that the page is at https and not http, but I recommend making some changes to ensure this, as people find web pages in all sorts of ways.
So for our next step, you need to assign either your whole website, or parts of your website to require connection via this secure connection. If you have a pre-build shopping cart program, it should have in the menu options a way to specify which pages you want to have secure. Likely you don’t want the whole site secure, because a secure connection takes longer to load and interact with, and you don’t really want to slow down connections to pages like, About Us, that don’t need to be secure.
If you don’t have a program that allows you to specify which pages should require a secure connection, then you will need to dabble in some fine programming, or have someone do it for you. To do this, you will need to do a mod_rewrite, which is done by changing or creating a file called .htaccess. (Because the file has a dot before its name, it may be hidden in some web page editing programs.)
First you will need to be sure your host has mod_rewrite enabled, as some do not. From there, you can create a specific rule in your htaccess file to specify that your whole website, or specific pages are only to be accessed via a secure connection. This way, no matter how someone makes their way to your specific web page, it will connect via https. Because a small error in your htaccess file can make your whole site disappear, I recommend having someone who knows what they are doing make those changes.
And there you have it.
Well. I suppose it you want your secure page to send an email, then you need to look into what security needs to be in place to ensure your email content is secure. If your email address is hosted on the same server as your secure website, then it should be secure until you access your email. When you access your email, you should do so via secure connection, and that will have to be another post.
And as a final note, it should be added that you can conduct transactions online without having to go through all this if you want to work with a service provider that has all this in place already, such as google or paypal.
Good luck
