Websites hosted on WordPress’s commercial service are now encrypted using certificates from Let’s Encrypt, the free certificate authority that removes both the cost and complexity from HTTPS. If you host a site on wordpress.com, this is already available too you with no additional effort required on your part.
If you have your own hosted WordPress site and you can install software to your server, it is fairly easy to get the Let’s Encrypt software up and running. I recently migrated this site to a VPS and had no issue getting Let’s Encrypt up and running. Many shared hosting services such as DreamHost have also added support.
HTTPS is moving closer and closer to the default state of the web, and that is a good thing. A notable holdout at the moment is SquareSpace, which has never allowed custom certificates, even paid ones. I had an exchange with them on Twitter not that long ago but they did not commit to any timeframe on support for secure connections. I would urge them to move on this before it becomes a competitive disadvantage.
If you are just starting out with creating a website, I would make support for free and easy HTTPS a requirement when choosing your host.