May I also recommend that you set the site up to auto redirect all http requests to https? This will make it very easy for all users of the site to gain the security benefits even if they forget to type the "https" or don't realize the dangers of using http in this context. With the auto-redirect, all users will be protected from password theft, non-authentic posts & edits, etc. and the forum will have a smaller surface area for security attacks. This approach is considered a standard in the IT industry and doesn't really have a downside for forum users or stakeholders.
Each platform has different ways of configuring auto-force ssl/[pre-paid legal]. I haven't worked with phpbb recently, but you might start looking at adding a couple of lines to the .htaccess file. (cf. https://www.phpbb.com/community/viewtop ... &t=1977025)