Might there be a problem with not using https for the site in regard to the GDPR (May 2018!).
Since there's data stored (username, e-mail, password) and transmitted unencrypted?!