Firstly, I had a fair amount of websites with a now EIG owned company for about 10 years. It was just a shared host, but they're all low traffic, and I could easily add a domain name and spin up a blog/project. A few years back I needed https for an API I was working with - the cost was something like $40 a year for the domain, for a project that wasn't a money spinner. So I found another (read: free) way to access the API.
Earlier this year I asked again. It was something like $20-$100 per domain to put an https cert in place, even if I got it myself from LetsEncrypt. As the entire package was about about $100 a year (up 30%, with worse customer service since EIG took over) I finally took the step and moved all my sites elsewhere. The new host isn't much more expensive, but provides free LetsEncrypt with a click from the controlpanel. I now use https on most things.
Secondly, I have a few sites with a decent number of FB likes that have counted up as the result of some viral/social campaigns in the past. None have forms on, all are links to elsewhere. Currently those likes work as (not insignificant) social proofing. Move the site from http to https and I lose the count on the Like button.
The cost in the first point (or the effort/time/cost in moving everything) just hadn't been worth it for the smaller stuff. Facebook not sorting the counts hasn't made it worth it in the second. I suspect my reasons are 2 of many that stop people from upgrading - I guess I'm just saying that even with the best intentions, there are other factors at play that prevent John Everyman from making the move. Make it easy/default for him, more https everywhere.
You can set up your apache/nginx or whatever webserver to redirect http requests to https. That way you can still link to your website with an http:// URL.
Appreciated, but this is a hacky solution. If you use the graph explorer, both the http and https addresses have different counts. It's very frustrating - shouldn't be that way.
True. And you have to be extra careful with HSTS Preloading; if one of your subdomains breaks because of HTTPS, it'll be a pain to get your domain taken off the list.
Firstly, I had a fair amount of websites with a now EIG owned company for about 10 years. It was just a shared host, but they're all low traffic, and I could easily add a domain name and spin up a blog/project. A few years back I needed https for an API I was working with - the cost was something like $40 a year for the domain, for a project that wasn't a money spinner. So I found another (read: free) way to access the API.
Earlier this year I asked again. It was something like $20-$100 per domain to put an https cert in place, even if I got it myself from LetsEncrypt. As the entire package was about about $100 a year (up 30%, with worse customer service since EIG took over) I finally took the step and moved all my sites elsewhere. The new host isn't much more expensive, but provides free LetsEncrypt with a click from the controlpanel. I now use https on most things.
Secondly, I have a few sites with a decent number of FB likes that have counted up as the result of some viral/social campaigns in the past. None have forms on, all are links to elsewhere. Currently those likes work as (not insignificant) social proofing. Move the site from http to https and I lose the count on the Like button.
The cost in the first point (or the effort/time/cost in moving everything) just hadn't been worth it for the smaller stuff. Facebook not sorting the counts hasn't made it worth it in the second. I suspect my reasons are 2 of many that stop people from upgrading - I guess I'm just saying that even with the best intentions, there are other factors at play that prevent John Everyman from making the move. Make it easy/default for him, more https everywhere.