There are tons of options out there to protect yourself with https and it can be daunting at first, but I will give my view on it and how I’ve managed dozens of WordPress websites with HTTPS over the years.
Before we go any further you must obtain a SSL Certificate (usually done via your hosting provider). Most decent web hosting providers now offer “Let’s Encrypt” which is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).
Step two is to download and install the Really Simple SSL plugin. This plugin is the best out there for me. I use it on all my WordPress websites and have done for many years. It removes the headache of different server configurations and setup for https, may it be an apache server, or nginx this plugin has all basis covered.
And finally, we need just need to active the plugin. As always it’s recommended you backup your website before doing this.
If you have any comments or questions, reach out below!