Allow non-SSL pages to use https or Force non-SSL pages to http?

The short answer is that you should always use https whenever possible even on the most basic websites regardless of whether you use wordpress. Here are some of the reasons with a short explanation.

  1. Security – Even on pages that don’t necessarily need to be secure it is useful to use https because you want cover as many situations as possible. Consider, you may have a contact form on your site where you collect users’ personal (if not necessarily secret) data. If that form is filled out without https in a coffee shop, now anyone in that coffee shop who was looking has that user’s information. This is a simple example but you can see that the possibilities here are many and varied (think about cookies et. al.).
  2. Spoofing – This could easily be a sub-category of security. When you use https, you make it much more difficult for your site to be spoofed via man in the middle.
  3. Referrer Data – When you go from an https page to an http page all referrer data is lost. This may or may not be an issue for you but it is still something to consider. When you are jumping between http and https within a site you have to consider that you will be losing any referrer data (which can be bad for seo and especially bad if your site has advertising).
  4. SEO – Google and other search engines give sites that are https enabled a higher ranking. There are various arguments to be made on whether or not this is a good policy but it is a policy regardless.
  5. Why Not? – If you are hosting a site and you have an ssl certificate why not use it on all the pages. There isn’t a real downside and personally, I’ve found that it is much easier to just turn it on for an entire site using the apache (or IIS) configuration and forget about it rather than trying to constantly manage which pages are and are not secure.

These are just a few of the big reasons, there are others that are just as valid.

Related Posts:

  1. Divert http to https with WordPress on IIS
  2. All content is HTTPS, but browsers warn of HTTP mixed content [closed]
  3. Website Migration (with https) to a new domain(http)
  4. Why does WordPress uses HTTPS for JS, CSS on EC2
  5. Implications of not completing all tasks when switching to HTTPS
  6. How to switch static files back to using HTTP instead of HTTPS?
  7. The plain HTTP request was sent to HTTPS port in wordpress [closed]
  8. Changing my URL in General Settings cause the site to crash
  9. https connection using CURL from command line
  10. Simple Java HTTPS server
  11. HTTPS connection Python
  12. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  13. Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url
  14. Why is WordPress redirecting from http to https on a local environment?
  15. Local version of a WordPress site – SSL/HTTPS enforced?
  16. bloginfo() and get_template_directory_uri() with SSL?
  17. After updating site to use SSL all images in posts point to http://
  18. Adding https to wordpress website
  19. Upgrade to SSL Breaks Admin Dashboard
  20. SSL setup: wp-login css doesn’t load over httpS
  21. In WP versions >= 4.0, is FORCE_SSL_LOGIN forcing HTTPS for the entire admin session?
  22. Occasional HTTPS Mixed Content Warning
  23. WordPress : To load all asset files coming from HTTP to HTTPS?
  24. 403 error on admin login page
  25. I changed my site from HTTPS back to HTTP and now it is broken- Cannot access Admin panel on HTTP URL
  26. un-loading https
  27. WordPress site shows “File not found.” if opened through https
  28. Address a single page to SSL https secure protocol?
  29. wordpress http to https windows server
  30. Jetpack “Connect to WordPress” serving insecure content under HTTPS
  31. Website access with http and https
  32. Need ideas for HTTPS multiple domain solution
  33. How to control SSL in WordPress for automatically changing http to https?
  34. How do I handle SSL properly when WP is behind a reverse proxy?
  35. Hi do I change Media files that still show as http after installing ssl
  36. Errors on a single host using wp_remote_get() unless sslverify is set to false
  37. My site doesn’t redirect from HTTP to HTTPS
  38. https to https problem – 404 and can’t login
  39. ERR_TOO_MANY_REDIRECTS on wordpress page [closed]
  40. URLs not being output with https
  41. How to move my local wordpress to https?
  42. Specific Page/Post Need to Stay Non SSL
  43. SSL Certificate
  44. Front-end pages messed up due to HTTPS
  45. How to send user data from one website to another
  46. How come all my http URLs are turned to https?
  47. Forcing SSL (Bad Theme coding)
  48. Moving site from HTTP to HTTPS
  49. My WordPress site SSL is in red crossed color and can’t load at first time?
  50. Any idea on how to fix this error when forcing SSL on a certain page?
  51. SSL/HTTPS Redirect Loop
  52. iHow to redirect all http traffic to https now that a SSL certificate is added?
  53. How to force static assets with HTTP sources to load over HTTPS?
  54. Moving WordPress from http to https over existing site
  55. Is it bad to redirect http to https?
  56. Properly setting up a “default” nginx server for https
  57. How to force HTTP and stop SSL completey on WordPress website
  58. wordpress is auto using http: not https: as it needs to because the server is http behind a reverse proxy https, how do I stop it?
  59. SSL Error: unable to get local issuer certificate
  60. Custom Tumblr theme wont save because of non-https urls?
  61. Getting “Handshake failed…unexpected packet format” when using WebClient.UploadFile() with “https” when the server has a valid SSL certificate
  62. Https to http redirect using htaccess
  63. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  64. Disable SSL / HTTPS for wordpress
  65. Serving HTTP and HTTPS from one installation
  66. WordPress is Inserting images into Post as HTTP and not HTTPS
  67. force http canonical tag on https pages
  68. What’s the right move with SSL for user based site?
  69. Make default new sites https (multisite)
  70. Locked out of WordPress Site Admin after enabling Force SSL on WordPress Https (SSL)
  71. https multiple redirects
  72. Gravity Forms not loading under https, jQuery is not defined
  73. Pointing SSL Enabled URL at Single WordPress Page
  74. Can’t login to Dashboard when changing site URL to HTTPS
  75. Google maps causing mixed content in header
  76. Cloudflare and SSL breaks wordpress – Mixed Content & Unable to use Admin
  77. No ‘Access-Control-Allow-Origin’ header is present [closed]
  78. Certain header elements not served over https
  79. Locked out of admin and some pictures don’t show after failed SSL installation
  80. WordPress 4.0 Forces entire site into SSL
  81. Domain Mapping for WordPress MU and https redirection – How to?
  82. Any any insecure http:// URLs left in wordpress?
  83. How to convert srcset links from https to http?
  84. How to get Caching Plug-ins to work on localhost with HTTPS?
  85. Disable WordPress accessing WordPress.org to check for updates
  86. How to protect login via SSL but not the rest of the dashboard
  87. Understanding Redirects
  88. Staging Session Randomly Switched from Secure (https) to Not Secure
  89. Problem forcing San SSL certificate on WordPress
  90. Using the JSON API via HTTPS and HTTP
  91. Why is http header providing 404 while site is online?
  92. Create a new hyperlink to wordpress blog
  93. Core update of 4.2.3 changes all link to https [duplicate]
  94. WordPress and SSL
  95. Access wordpress pages using a self signed shared ssl
  96. ‘Too many redirects’ error after changing site URL in WordPress [closed]
  97. Generate all urls with https
  98. Displaying a remote SSL certificate details using CLI tools
  99. Wildcard SSL certificate for second-level subdomain
  100. Does each subdomain need it’s own SSL certificate?