Question: I was thinking of making my entire website HTTPS instead of just the shopping cart. Is this a good idea?
Answer: There are both pros and cons to securing an entire site with SSL, but most seem to agree that the cons outweigh the pros. The advantage is that your users know from the beginning that they are working with a secure site. If your website happens to be for a financial institution, this may add to users’ comfort when they are entering login data.
The disadvantages are that a site will mostly like run slower when it has to authenticate encrypted data. The larger your site, the more data it will have to encrypt. Also, if a browser ever has issues with the certificate, a user will be locked out from your site completely or will have to click through unnecessary confirmations. This may prevent them from even getting to a contact form to tell you something is wrong.
Generally speaking, there is simply no need to encrypt general pages of information. Login forms should point to encrypted script URLs, and all shopping cart data, personal information, and financial information should be under HTTPS. If that is all you have (i.e. you only have those private forms on your site and nothing else), then complete HTTPS might be a good idea.