It's a must that you encrypt any sort of communication from your server to the client forcing the HTTPS protocol. I would suggest that you link your domain name with
Cloudflare (or any other CDN) - they provide free
SSL certificates and proxy requests coming to your site (server) through their service. Essentially they filter requests before they reach your origin server. It is free, easy to use and it could improve your site's page loads - they store cached copies of your website across the globe in their servers, and depending on where the request came from they will fetch the site from the nearest location. On top of that, you get extra features such as
firewall rules,
analytics, and protection against
DDoS attacks. Go ahead and tick that box. Link to Cloudflare
https://www.cloudflare.com.