Welcome to WebmasterWorld Guest from 220.127.116.11
the visitor would be connecting to your website via http first (if I understand correctly).
which "doubles" the risk of something eventually going wrong.
I still haven't found any other options I like either, so my sites are still http.
CloudFlare's "Flexible SSL" makes migrating to HTTPS really, really easy, and it's been reliable since I started using it months ago. I wouldn't use it if I were running a bank or an e-commerce site (since traffic between the origin server and CloudFlare's network isn't encrypted), but for an information site doesn't ask for confidential user data, it's a great solution. It sure beats getting labeled "Not secure" in Web browsers.
What could go wrong.
"Even if nothing can go wrong, something still will."
It sure beats getting labeled "Not secure" in Web browsers.
Evidently the vast majority of internet users are like me and don't notice the little "Not secure" warning.
I don't think this is a problem for a while. But, there is a possibility, that, with the time, web browsers become more "aggressive". And I think that, in a couple of years, web browsers might block the access to non HTTPS site, and request the user an explicit action to access them. Like a warning message, requesting the user to click to confirm he really wants to access the site in spite of "risks".
So I think everybody should switch, and not end to do it in a rush, if it happens. And it still profits from your user to have the connection between your server and their device encrypted. Even if you do not collect information, hackers can be very creative to exploit a non secured connection.
I've seen legit sites do the Cloudflare/WAF HTTPS method
HTTPS websites can still be hacked. Man in the middle attacks are popular with commerce websites.
One is cost and the other is making a mess about it. Not the whole internet uses Wordpress.