Migrate the site to HTTPS

[dead-claudia]

GitHub allows you to toggle HTTPS for its sites, even on custom domains, using Let's Encrypt. It's literally a click of a button in the settings unless you have explicit http:// references in your page, and my cursory search didn't find any that weren't specifically external links. There's other benefits to enabling HTTPS:

• Google specifically knocks its PageRank for HTTP sites.
• If you're using Google Analytics, HTTPS is necessary to get referral data from HTTPS.
• Users of the HTTPS Everywhere extension (bundled by some smaller browser vendors like Brave and Tor Browser Bundle) can't view the docs normally.
• Modern browsers specifically mark HTTP sites as insecure in the same way they do with expired certificates and similar.
• No HTTP/2 browser implementation supports unencrypted transport.
• Google and Mozilla both want to eventually phase out plaintext HTTP, although they both know it'll take several years to do so. Mozilla itself cites HTTPS as providing integrity and authentication checks, things that even when your site isn't doing anything sensitive, it still makes MitM attacks much harder to pull off.
• And of course, there's speed benefits, too.