Wikia.com‘s registration and login forms are both loaded over insecure HTTP and also POST over HTTP. The registration form asks for a full date of birth which is personally identifiable information (PII).
The “Sign up with Facebook” button on the registration page and “Facebook Connect” button on the log in page open a new window loaded over HTTPS.
https://www.wikia.com/Wikia automatically redirects to http://www.wikia.com/Wikia (the main homepage)
At the time of this report Wikia is #16 on Quantcast’s Top 100 Sites list in the U.S. They also report 140 million users on their About Us page.
Interestingly enough, they have obtained a SSL certificated valid from July 31, 2015 until January 28, 2016 and have pretty solid results from Qualys SSL Labs server test earning an A grade for each of 4 servers configured.
Test wikia.com on Qualys SSL Labs for yourself: https://www.ssllabs.com/ssltest/analyze.html?d=wikia.com
Type: Log in form over http, Registration form over http, request to http
Needs protecting: Password, Birth date
First identified: 12/14/15