Everyone can make their website HTTPS for free
In case you have not heard the amazing news, Mozilla, EFF, Automattic and a few other folks are banding together to help end the SSL certificate cartel by the end of 2015
This is huge. Everyone will be able to make their website HTTPS for free, without paying an annual fee and much easier than StartSSL
The good: These new certificates will be cross-signed by an existing trusted authority which in plain english means that even older browsers should accept them (which is a problem with existing free self-signed or obscure certificate authorities).
The bad: They do not intend to offer wildcard certificates, at least not anytime soon – this means the SSL cartel can still feed on people who need subdomains supported (ie. www.example + forums.example etc.)
The ugly: They intend to make the certificates expire every 90 days. This makes it a little bit of a workout for folks to go through four times a year. However it might be possible via some code (like a WordPress plugin) to automate the process and do all the work for you.
Note you’ll still need to meet existing SSL/TLS requirements like a dedicated IP for your domain unless you want to use SNI which a handful of browsers do NOT support (IE6, IE7 or IE8 on Windows XP, Safari on Windows XP, Android 2.x, BlackBerry OS 7.1 or earlier, Windows Mobile up to 6.5, wget before 1.14, Nokia Browser and Opera Mobile for Symbian)
The other catch is that many websites have hard-coded HTTP urls for images, etc. which will not work on a HTTPS website in a modern browser. WordPress is horrible about this, embedding HTTP everywhere. But with some plugins and template edits, and search/replacing your database, you can clean that up.
ps. I know that “SSL” is retired and now “TLS” but we cling to old terms and call HTTPS “SSL”
pps. If you need a wildcard SSL certificate, the lowest I’ve seen is $60 for two years at StartSSL or sometimes you can find a 1 year only promo price from AlphaSSL under $20 if you search google – there is also WoSign with free wildcards but they is risky because they are in China and this makes the cert slow and subject to government manipulation…