Not sure if you are using HTTPS or not and if that's the issue, but I had Bitdefender Free on my parent's computer and I used to use it, but the virus protection as well as others now interpret an HTTPS connection and will give you or a user all kinds of issues. On my parent's computer, a simple Google search would be a PITA with Bitdefender's HTTPS interception. So either you had to keep white listing URL after URL, or use another anti-virus product. Well, that's exactly what I did despite my liking of Bitdefenrder, their HTTPS interception was a real annoyance. So now on my parent's computer I have Immunet. So far so good. Lets hope they too don't go with intercepting HTTPS connections.
Now if your site is not HTTPS and this is why your user is getting that error, you can, or at least should be able to deploy a free HTTPS certificate right from your cPanel using Lets Encrypt. All good, reputable hosts should give you that option. Lets Encrypt is free and the certificate will auto renew every three months. I've read that Lets Encrypt isn't the most ideal for what ever that's worth, but it's better than nothing and will satisfy a user's anti-virus policy if this is the case.
If you do deploy HTTPS, you'll more than likely have to use some htaccess code for a 301 redirect. If that's the case ask here about that code. The other issue inherit of a website that is forum-based is that you'll more than likely have a lot of so-called mixed content. Meaning stuff like images being hosted from an HTTP address rather than an HTTPS address will cause the lock in the address bar to show broken and give you the mixed content warning. It just means the images or what ever are being sent to the browser outside of an encrypted connection, but everything else remains encrypted.
There's two ways to combat the mixed content issue using HTTPS. One is an extension here (who's name escapes me) that uses a proxy to fix the mix content warning. The other is by using CloudFlare. When you use CloudFlare there is an option in your Dashboard to fix mixed content. It does this by CloudFlare using two mechanisms that I know of. One is that they use the HTTPS Everywhere database and the other is some other source which I can't remember. What happens is that if CloudFlare detects an insecure connection, it immediately looks for a HTTPS version of the insecure URL and if there is one CloudFlare will rewrite the URL thus your website won't get a mixed content warning. With my use of CloudFlare ever since I started my forum over four years ago, I have not once seen a mixed content warning since I deployed an HTTPS certificate. Also, once you use a Lets Encrypt certificate, CloudFlare will automatically issue you a free Comodo Certificate.
Anyway. Have a look at these two websites.
https://www.cloudflare.com/website-opti ... s-rewrite/