One other thing @Minion-Queen, I push this so hard because @scottalanmiller continually is making all of these excuses about performance or platform, or whatever. Yet even the NodeBB developers themselves run everything with SSL, and have for quite some time.
Your users ask for it.
The developers of the NodeBB run SSL for the main community.
Clouflare supports websockets via SSL.
Prior to CoudFlare supporting websockets, there was the choice to use a subdomain on its own SSL for websockets while the rest of the site was behind CloudFlare
Start SSL is free and has been even when this community was started.
Let's Encrypt now exists and is also free.
Google has given search boost to SSL sites for 2 years
Claims of performance issues are not substantiated to more than milliseconds based on research.
Your users ask for it.
You know the one thing I have never actually seen posted even one time?
A user specifically asking that SSL be not enabled.
Sure many people have posted that they do not care. Or that they do not see the point in SSL on a public forum. But none of that is objection.
