What is HTTP?
Hypertext Transfer Protocol (http) is an application layer protocol designed to transmit and receive information over the Internet. The application transfer protocol shows how information is displayed to a user and does not distinguish how information is transferred from one source to another. HTTP is most often used to import HTML text and other site resources.
HTTP is considered “stateless” and does not receive or store information from previous browsing sessions. The benefits of using HTTP are equal to faster load times and better information display. Websites without confidential financial information or user information use HTTP. Unfortunately, HTTP is not secure and you are always at risk of a third-party data breach.
What about HTTPS?
HTTPS works the same as HTTP when connecting to a server on the standard port. HTTPS creates two separate communications between HTTP and HTTPS using TCP port 443 by default. SSL monitors the information transmitted between the two parties and ensures that the data is not corrupted or stolen. SSL doesn’t care how the information is presented to the user, but HTTP provides the best possible information to be displayed with greater security.
How to secure?
From a technical point, you most definitely have an SSL certificate or an easy option to buy one on your apache hosting plan but whether or not your provider allows it is something you need to find out.
The problem is even after you pay / active and set up all the necessary encryptions on your apache server-side, it won’t be effective until your users use it. Most users have already saved your website in HTTP form to their computers, browsers and bookmarks. When entered through an HTTP URL, the server does not encrypt anything. These connections can be forcefully redirected to a secure version. You can force an HTTPS connection on your website by adding these rules in your website’s .htaccess file
RewriteEngine on RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Placing these 3 lines in a .htaccess file will automatically redirect all users to secure links.
The .htaccess file must be located in the document root folder of the site. If your website is in a subfolder, .htaccess should be placed in the corresponding subfolder.
You can create or edit the .htaccess file via FTP or File Manager in cPanel.