Website security

Hello Everyone!

First off I want to complement everyone on their knowledge of the subject matter and their willingness to assist someone like myself.

 

I have two more questions...

 

I'm running elgg on WAMP 3.2.6 on a Win 10 Pro machine and my elgg version is 4.1.2 manually installed vs. the Composer install.

The first question I have has to do with the contents of the root directory.  There are two composer.* files present that are exposed from the address bar, https://blah.blah.org/composer.*  My first impression is that I can most likely delete these two files because I'm not using composer.  Is this a fair assumption?

Next question, using, https://whynopadlock.com as a guide, how do I force the use of https only from my website?