Converting http to https; is it a must in order to be secured?

Question

I already have a SSL certificate for my site and know how to redirect or convert my site into https.

But my question here is that. Is it a 'must', to convert the site to https in order to be secured? Or is it okay to retain using http but I should put the SSL certificate in the site so that even I type https, my site can still be visited and somehow it's also secured?

Sub notes: http://www.sampleSite.com/ is the default link that I use in my site but if I type https://www.sampleSite.com/ it will also work though there will be no 'Secure' indicated besides my site link

Answer 1

Yes you should.

If you don't redirect http to https users will not redirect themselves.

Even if important pages (with personal information) that must be secured with https are redirected to https and the link pointing to them are https, because your pages with the link are using http, are vulnerable to sslstip.

If you want to properly secure your website, use https on all your webpage, redirect all http connection to https and use HSTS.

Anything less will be insecure and vulnerable to sslstrip attacks.

Answer 2

It depends of the use. If you web site use log in and sensitive informations, it's better to secure it.

The biggest difference between http and https is that https encripte the online data. If anyone in between the sender and the recipient could open the message, they still could not understand it. Only the sender and the recipient, who know the "code," can decipher the message.