Warning: I wrote this blog in 2016. That is a long time ago, especially on the internet. My opinions may have changed since then. Technological progress may have made this information completely obsolete. Proceed with caution.
A long, long time ago, in 2015, securing a website was an expensive, tedious process. Then along came Let’s Encrypt, a non-profit certificate authority that provides SSL certificates completely for free. Real (not-self-signed) certificates that get a green padlock in your address bar. And they make the process super easy and automated. If you’re on shared hosting it might be a little harder, but your host should be able to implement it fairly easily. Dreamhost made it basically one click for me. You should read that post it’s pretty good. One thing to note is that Chrome and Firefox both have plans to start marking http connections as insecure, rather than default neutral status (the current status quo).