Force SSL everywhere is a WordPress plugin by Boštjan Cigan that forces SSL on all pages when a user is logged in (not only on admin ones).
Why would you need it? Check the plugin author’s blog post – WordPress Session Hijacking and Prevention at: http://zerocool.is-a-geek.net/?p=912
How does it work?
A user logs in,
a cookie is set that is sent only through HTTPS,
WordPress checks if this cookie is set,
if not, the user is logged out.
This effectively prevents session hijacking and man in the middle attacks.
Download: http://wordpress.org/extend/plugins/force-ssl-everywhere/