A client may have reasons to prefer HTTP over HTTPS: perfs, plaintext for debug, etc. It's hard to assume that "HTTPS should be the default" in any circumstance.
I'm not sure the wordpress sites are to blame here (for once): SSL isn't free to deploy (yet).
If you have a site that gets enough traffic that you need a better supported or more validated certificate, then I'm sure the $40/yr for a cheapass godaddy cert is worth the money.
Assuming you have time and knowledge to do it.
Assuming you own the domain or at least are able to access to its DNS records.
Assuming you can use SNI (and all your visitors too) or have your own IPv4 address.
Assuming $40 is free...
No, even a free certificate doesn't mean that deploying ssl is free.
A client may have reasons to prefer HTTP over HTTPS: perfs, plaintext for debug, etc. It's hard to assume that "HTTPS should be the default" in any circumstance.
I'm not sure the wordpress sites are to blame here (for once): SSL isn't free to deploy (yet).