With the advent of Lets Encrypt, everyone seems to be looking to put SSL on their website. That's not to say it is not a good thing to do, but it most definitely seems to be at the forefront of peoples minds these days.
However, there's an easy way for many small website operators to get in on the SSL action - even if their host will not let them (or will charge through the nose) for an SSL certificate on their domain. CloudFlare.
Simply register with CloudFlare, add your website on the Free plan (which is free!), and update your DNS to use the CloudFlare servers. Not only will you then get a degree of Distributed Denial of Service attack filtering, but you will also get SSL. Result.
There's a lot of other things that can be done, either to improve the security of the offering, or to make things more performant - some have a cost, but many don't, and I would highly recommend people have a good look around the options CloudFlare present. One of the most important tips I've got is to add a rule to redirect everyone to your newly secured site - and thats on the CloudFlare knowledge base too.