Ok, so here’s the deal about http versus https, in layman’s terms:
https sites have their identity confirmed. It’s like Anne Hathaway being carded to confirm she’s really her and not just an absurdly good look-alike trying to get free drinks at the exclusive club.
Why does this matter? You’ve heard of phishing, right? When a site poses as another site to steal your password or credit card information? Right? Good. So, this poser phishing site, it can look the same, even down to the url in the address bar, thanks to super sneaky technology. This is like being an Anne Hathaway lookalike who actually changes her name to “Anne Hathaway” to fool more unsuspecting bouncers. https is our defense mechanism against this, a technical way to confirm the identity of the site you’re visiting to ensure it’s the real deal.
But my site doesn’t even take credit cards! Why should I pay for a security certificate when I don’t ask for sensitive information?!
The best way to check is this website. It’s Google’s test for your responsiveness (aka how friendly your website is to cell phone and tablet users). Just plug in your URL and if it says “Awesome!” in green, you can sit back and drink your coffee with smug satisfaction, knowing your site is safe from the looming SEO disaster.