Should I use a SSL in my test domains?
Yes, you should. You might need to test if e.g. a particular request works over HTTPS, but testing on a production system is a bad idea (the production system should remain stable), and your test system should match the production system as closely as possible. Secondly, if you're sharing the login details between domains, why shouldn't the test domain be secured as well?
If the price of the certificate is a problem, what you can do is:
- Get a free cert from Let's Encrypt.
- Use a self-signed cert.
- Set up your own internal certificate authority for the test domain (probably the best option).
I have a second domain with the same content (including login credentials) that I use only for test and development.
If the second domain provides the same content and has the same login credentials and is accessible from the internet too then there is no reason that it should not get same protection (i.e. SSL) as the first domain.
Not only should you use SSL for your test domains, but you need to if you want to enable security features like HSTS Preloading.