The cost of using HTTPS for all web traffic is over kill in my bias opinion. HTTPS for the forum is also over kill, unless it’s using hardware SSL.
I never said to use https for the whole website. Although I don't see a reason why not if you got the resources. The difference in speed is not that big.
But at the very least the login parts and the webshop parts need to be protected. I could Google up for you a bunch of reasons why to do this, but I'm sure you know how to use Google yourself. Check out the letsEncrypt links I sent you, as I said it doesn't have to be that difficult and costs nothing.
About speeding up your website. In order to find out what the exact bottleneck is, you will need to monitor your server. If you have a VPS of course and not shared hosting. You should be using some kind of monitoring system to monitor your server such as Nagios, Icinga, Check_mk, Zabbix. The problem could be CPU Load, Memory Usage, Disk IO, network congestion... Too many factors for me to just guess what the issue could be.
As it it Wordpress, you should check if your website use compression, if not, you could use this plugin: GZip Ninja Speed Compression
You could use a caching plugin too, but that's not really optimal for the forum..