So why is there a sudden campaign to show non HTTPS sites as unsafe? Well for that you need to understand the difference between static and dynamic sites. Static sites such as minervasafe.co.uk are very simple. They only change if you tinker with the code stored on the web server. That’s OK if you are an Anorak like me but really challenging if you are a a local trader who just wants to occasionally update rates of work and add pictures of finished work. Then, unless you also have techie skills it is ether painful or expensive as you have to pay someone else. So on stage steps the Content Management System (CMS). The most well known example being WordPress. The CMS does all the techie stuff and all the end user has to do is change wording and pictures. They can do more if they wish but most people can use them out of the box. Still though, back in the days of yore the chances of having your username and password stolen was very very small: “UNLESS the site you were sending traffic to or your site site was of particular interest or notoriety”
There are many CMS alternatives but WordPress is very very big. (currently: Users produce about 76.9 million new posts and 41.4 million new comments each month). And of course without SSL the hundreds of millions of CMS driven sites can have the admin credentials captured and read. So argue the biggies like Google; so they have decided to force the pace and get everyone to sign up to SSL. This will make the internet a super safe place they say. Stand to reason doesn’t it?