Some browsers seem hell bent to get all sites to go HTTPS, but - if you are not doing sales, its not so important,
and there are sites that are https that have malware payloads, so being https is no guarantee of safe passage..
Sorry, and respectfully, that is not the case. I have pointed this out before--it is just as important for
server security as it is for end user security. It is
essential. This isn't 1995. This is a bold assumption to make, to say it is "not so important." It is more important today than it was even a year or two ago. SSL is so blindingly simple and fast to deploy now, with no cost whatsoever, that there is no excuse not to. I literally issue new certificates to domains in under a minute. One minute! And that includes an automated process that updates the server configurations for me. I can configure XenForo to use SSL in about two minutes, including mitigating the old non-SSL links within the sites. (It's not an act of congress like some have implied the last time this came up.) That's three painless minutes out of my day to remove one more attack vector from my servers and sites while also protecting my end users, and it doesn't cost me a penny. Three minutes!
Why is it free? The Let's Encrypt organization, in concert with the Electronic Frontier Foundation and its dozens of major corporate donors, realized that having the entire Web operate under SSL will reduce operating costs for everyone. Fewer server hacks, fewer account breaches, less expense by I.T. departments having to deal with attacks on "open" sites, and a few others reasons I don't have time to get into.
But I'm tired of beating a dead horse. I do this for a living. I've dealt with security breaches and site defacement. I know the attack vectors these hackers take. Been there, done that, spent the 36 hours without sleep restoring the damage done by a hacker and didn't even get a goddarned t-shirt out of it. I'm not pulling stuff out of thin air. If I don't reduce exposure to my server or my end users by even a small percentage for something so blindingly simple, then I am not doing my job and don't deserve to get paid for it.
Just know that it's not just about us, the end users--it is also about the server and the site that it hosts.
I am not following replies to this thread.