Many people are hosting their web sites on GoDaddy, and buy their SSL certificates from them. GoDaddy’s Managed WordPress hosting is pretty good, certainly better than what they’ve offered for years.
But the hosting account doesn’t include an SSL security certificate. SSL is needed so logging into WordPress is secure. Form data should always be secured (sent across the Internet encrypted) including your login form, comment forms, and all other forms. Even if you do not have an eCommerce site, or other reason to be taking credit card information, every web site now needs to send form data encrypted.
For having an SSL security certificate, you have 3 options:
1) Stay with GoDaddy for now, buying SSL certificates
Not what I recommend, but you can buy the SSL certificate your hosting company sells. GoDaddy and most hosting companies will install an SSL certificate for you. GoDaddy’s currently sale price is $59.99 for first year, renew at 74.99/yr.
This is the simplest solution for you, if you are hosting on a site that doesn’t offer free SSL certificates, but it is not the best overall. GoDaddy technical support and user interface and pricing are not the best. One simple thing to check for how good a hosting company is: do they offer the latest software, frequently updated. LetsEncrypt is one software the hosting company should have installed.
However, this probably costs more money than other options.
Don’t let GoDaddy or other hosting company talk you into buying their more expensive certificate unless you know you need it. The encryption on all their certificates is the same (SHA-2 2048-bit encryption). All SSL certificates verify the domain name matches the site (so if a hacker intercepted your traffic, pretending to be your site, the “SSL padlock” would not show, and visitor’s web browsers would warn them). Very few companies would benefit from the extra validation that you are the company you claim to be (in addition to validating the domain name is correct), which is what is provided by the more expensive SSL certificates GoDaddy offers.
2) Stay with GoDaddy until your current hosting expires, without SSL
This is less expensive than discarding your current hosting subscription. But know that form information sent by your site, from your login form or any other form, is sent un-encrypted across the Internet.
That makes this option only worthwhile if you are truly unable to afford the purchase of either the SSL certificate or new hosting that includes a free SSL certiifcate.
You would take credit cards not on your site but through a payment processing company (e.g. PayPal or Stripe).
You would protect your WordPress login with a “two-factor authentication” plugin so you have to log in both with a password and by typing in a code that is sent to an app on your cell phone. If someone steals your WordPress password, they still won’t be able to log in. (Don’t use the email option of your two-factor plugin, use the cell phone app; it is more secure, since most email is not transmitted encrypted unless you specifically configure using SSL/TLS for your email accounts.)
3) Move to hosting that comes with free SSL certificates
You can get free SSL certifcates by LetsEncrypt or other providers, on many hosting companies. LetsEncrypt has the same encryption as other SSL providers. Hosting companies can install LetsEncrypt on their servers and then you create and install your SSL certificates yourself. If LetsEncrypt is installed (most likely you’ll see it in your cPanel), simply specify which domain you want to make a certificate for, and LetsEncrypt installs the SSL certificate for you. You can make an SSL certificate for each domain name you’re hosting, one domain (or sub-domain) per certificate.
My Hosting Recommendation
I recommend hosting with SiteGround. Their StartUp plan would be adequate for most personal or small business sites. Currently their StartUp hosting is on sale for $3.95/month ($47.40/yr or lock in the sale price buying 2 or 3 years). Normal price (and price for additional years) is currently $9.95/month. Their hosting includes free LetsEncrypt SSL certificates, for every site you host.
SiteGround’s technical support is much better than GoDaddy’s; their security is better than GoDaddy’s; their speed is better too. SiteGround technical support knows WordPress enough to troubleshoot plugin problems, so you can contact the plugin author to fix the specific bug; SiteGround can remove the bad plugin so your site is up again, quickly. This level of knowledge is very rare among hosting companies, but SiteGround trains all their technical support people to become this good.
The Arizona WordPress Meetup only recommends SiteGround or WPEngine, based on the experience of several people who host sites for clients, and have learned the good and the bad of many hosting companies. They have also cleaned sites that got hacked on other hosts; moving to SiteGround or WPEngine, and installing Sucuri and WordFence (and/or iThemes Security) makes you much less likely to ever get hacked again.
If the company can spend the money to get an SSL certificate from GoDaddy, it will spend less to simply switch Now to SiteGround.
Get SiteGround Hosting through my link, they’ll give me a little money for referring you. Plus, you can have me start taking care of your site.