It's a must that you encrypt any sort of communication from your server to the client forcing the HTTPS protocol. I would suggest that you link your domain name with Cloudflare (or any other CDN) - they provide free SSL certificates and proxy requests coming to your site (server) through their service. Essentially they filter requests before they reach your origin server. It is free, easy to use and it could improve your site's page loads - they store cached copies of your website across the globe in their servers and depending on where the request came from they will fetch the site from the nearest location. On top of that, you get extra features such as firewall rules, analytics, and protection against DDoS attacks. Go ahead and tick that box.