Secure HTTP

In modern web development, you should be using https. There are no excuses not to use it. All hosts should be providing the free letsencrypt certificates as a minimum.

Additionally, your entire site should be secured. Don't secure only WP Admin, the frontend should be secured too.

Failure to do this can bring legal risks, SEO penalties, and security risks to both you and your customers.

What To Do If Your Host Charges for Certificates or Installation

This is a major red flag, and irresponsible, you should change hosting provider. Lots of good alternatives for hostng WordPress exist that provide free certificates and installation, ranging from the lowest prices to enterprise grade providers.