When you're running everything encrypted, it helps keep out man-in-the-middle attacks and low hanging fruit like anything using PHP/Wordpress and the far too many easy access things for script kiddies. If someone wants to get you, they're going to get you, but that's not most of us.It's not as if the use of encryption suddenly makes things a whole lot safer per definition
Except that it doesn't. Because faking a certificate isn't rocket science. For example, already in 2013 it got discovered that the French government used fake Google certificates to snoop in on traffic. And there are plenty of reports about rogue CA's which mistakenly (or willingly) gave out the wrong certificates, for example by not demanding that clients proof that they actually own the domain for which they wanted a certificate.When you're running everything encrypted, it helps keep out man-in-the-middle attacks
Https is certainly a convenience and encryption a necessity for security, but note that it is the system, libraries, and software around it that gets hacked.