We currently use SagePay but we need to secure the whole checkout. Is it as simple as just installing the certificate and checking the 'Enable secure connection at checkout (SSL certificate is required to be installed on your server):' the settings?
Yes, that is correct, in the admin under Settings: Security settings then you can select the security you want from there.
Remembering that these days Google like to see the whole site secure, so that is an option as well.
Yes, you're right. Also you can set up Strict-Transport-Security header on the web-server to prevent protocol downgrading. Example for Nginx:
add_header Strict-Transport-Security "max-age=31536000; preload";
Thank you for your replies. I was concerned that I'd need to start moving content and amending image URLs etc