Force HTTPS Redirects
Redirect HTTP to HTTPS
Starting today, you have the ability to automatically redirect HTTP requests to any of your sites to HTTPS. You’ll see a new checkbox toggle in your site’s settings.
HTTP is not encrypted and is vulnerable to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject malware or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of older, deprecated versions of SSL).
Enabling this feature guarantees authenticity and privacy between your site’s visitors and your site.
Also, Google Chrome will mark HTTP sites as not secure any day now - https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html