Website security

Hello Everyone!

First off I want to complement everyone on their knowledge of the subject matter and their willingness to assist someone like myself.


I have two more questions...


I'm running elgg on WAMP 3.2.6 on a Win 10 Pro machine and my elgg version is 4.1.2 manually installed vs. the Composer install.

The first question I have has to do with the contents of the root directory.  There are two composer.* files present that are exposed from the address bar,*  My first impression is that I can most likely delete these two files because I'm not using composer.  Is this a fair assumption?

Next question, using, as a guide, how do I force the use of https only from my website?