What are the pros and cons of a 100% HTTPS site?

Question

First, let me admit that what I know about HTTPS is pretty rudimentary. I don\'t know much about session security, encryption, or how either of those things is supposed to b

Answer 1

Noticeable overhead? Yes, but that matters less and less these days as clients and servers are much faster.

You don't need to make a copy of everything, but you do need to make those files accessible via HTTPS. Your HTTPS and HTTP services can use the same doc root.

Is it foolish to put the whole site under encryption? Typically no.

Would users feel safer? Probably.

Does it truly make for a more secure site? Only when dealing with the communication channel between the client and the server. Everything else is still up for grabs.