HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of HTTP — the protocol your browser uses to load websites. The "S" stands for Secure, and it means all traffic between the visitor's browser and your server is encrypted using TLS (Transport Layer Security, commonly still called SSL).
When a site uses HTTPS:
https://When a site uses plain HTTP, everything is transmitted in clear text.
If your school portal (SIS, LMS, email login) runs over HTTP, every username and password typed by staff or students is sent across the network unencrypted. Anyone on the same Wi-Fi — a student in the library, a visitor in the canteen — can capture these with free tools.
Enrollment forms, contact forms, and any page where students or parents submit personal information are all vulnerable on HTTP sites. This is a direct violation of RA 10173 (Data Privacy Act) obligations to protect personal data in transit.
Chrome, Firefox, and Edge mark HTTP sites as "Not Secure" in the address bar. For school websites, this damages trust and may cause parents and students to abandon forms or logins.
Since 2018, Google has used HTTPS as a ranking signal. HTTP school sites rank lower in search results.
| Scenario | HTTP | HTTPS |
|----------|------|-------|
| Login form submission | Password sent in plain text | Password encrypted |
| Enrollment form | Student data readable in transit | Data encrypted |
| Attacker on same Wi-Fi | Can read all traffic | Sees only encrypted noise |
| Browser indicator | "Not Secure" warning | Padlock icon |
An SSL certificate is a digital document that:
Certificates must be renewed periodically (typically every 90 days for free certificates, or 1–2 years for paid ones).
Let's Encrypt is a free, automated certificate authority trusted by all major browsers. Most web hosts now offer one-click HTTPS setup using Let's Encrypt.
Use Certbot to obtain and auto-renew a Let's Encrypt certificate:
sudo certbot --nginx -d yourschool.edu.ph
http://yourschool.edu.ph automatically redirects to https://yourschool.edu.phhttp:// links in your site to https://The Site Scanner will tell you whether your school's site is running HTTPS, whether the certificate is valid, and whether HTTP redirects to HTTPS properly.