This applies to all api.matomo.org and plugins.matomo.org calls.
First we add a new required system check showing to users if the connection over HTTPS works or not for these endpoints. If it doesn't work, then there should be an error shown explaining that we will soon switch to HTTPS by default. They should either make HTTPS work or disable HTTPS (see next item). We should mention the consequences of not fixing this issue (eventually won't receive any updates anymore big security issue for sure, and using HTTP is a minor security issue that someone could pretend there is no longer an update available)
We introduce a setting to force HTTP instead of HTTPS as some people won't be able to change their PHP either because the hoster doesn't allow it or because they aren't technical enough etc.
Create an FAQ about how to make HTTPS work or disable HTTPS and link to it in the system check error message in 1 above.
@peterhashair did number 3 get done also regarding creating or updating the FAQs? Be good to link to that in this issue for completeness when done.
reopen this issue, as we discussed, not to force users to use HTTPS at this stage, only a warning message. In the next stage we will force HTTPS connections. Ref Here: https://github.com/matomo-org/matomo-security/issues/195
removing from 4.11. milestone, as the remaining tasks will be solved in a later verion.