One step to improve the overall security in the internet is the usage of https.
https makes sense for every site, not only banks, insurances and online shops.
It is not only making the communication between you and your user secure, it also could improve your Google ranking.
The simplest way to do this is Letsencrypt. Letsencrypt is free of charge and super simple to use.
It comes with a simple bash script that you can execute and it will take care of all the configuration necessary to encrypt your side successfully.
Go to Certbot choose your setup and follow exactly the steps shown underneath.
In my case this was:
This takes a maximum of 10 minutes and you have a secure connection.
Be aware that your certificate needs renewal every three months, but this only takes a couple of seconds.
I added that to my update script, that I am running frequently to cover for this. I will probably post this pretty soon too.
If you like it, please consider donating to Letsencrypt. Even small amounts like $5 can help to keep this project alive. The cheapest alternative certificate I know costs $25 per year.
And just to mention it, for around $60 yearly you can sign up to StartCom and generate as many certificates as you like.
Once done have a look at the SSL Test to check if your site is fully encrypted and gets a good grade.
If you are getting everything but an A, consider optimizing this as well. Have a look at this blog post for SSL optimization.
Also another step is to redirect all your traffic from http to https, so you are 100% sure to serve only secure content. Have a look at my post to achieve forwarding traffic from http to https.