Has Google ever blacklisted a site due to an attack like that? I see the risk, I'm just trying to understand how likely it is.
When I first read your scenario about hijacking my site via public wifi, it didn't strike me as very important... but after thinking about it for a few minutes, I do see the harm. Even if it's just someone screwing with my resume, I can envision situations where it could do a lot of harm.
And you do make a good point about the Google blacklist, the consequence of a Google blacklist is very bad. Even if unlikely, that alone is probably enough reason to enable HTTPS.
I've set up HTTPS several times on the small sites that I run, and probably spent about 6 hours on the process in my lifetime. Right after heartbleed came out, I switched to HTTP only. Now maybe it's time to redo the process and get it set up again...
I've only had a site blacklisted once. My father ran a WordPress blog on shared hosting and got hacked (probably weak password or vulnerability in one of the plugins or WP itself, who knows). His site was pretty quickly blacklisted, and even after he scrubbed it, leaving just a basic index.html ("we are coming back" type thing), it stayed blacklisted for at least several days. I am sure others have more experience with this, I've just been lucky.
When I first read your scenario about hijacking my site via public wifi, it didn't strike me as very important... but after thinking about it for a few minutes, I do see the harm. Even if it's just someone screwing with my resume, I can envision situations where it could do a lot of harm.
And you do make a good point about the Google blacklist, the consequence of a Google blacklist is very bad. Even if unlikely, that alone is probably enough reason to enable HTTPS.
I've set up HTTPS several times on the small sites that I run, and probably spent about 6 hours on the process in my lifetime. Right after heartbleed came out, I switched to HTTP only. Now maybe it's time to redo the process and get it set up again...