I’ve migrated my blog from GoDaddy to a paid plan with WordPress.com. I decided to trade flexibility for simplicity, since I don’t want to spend time fiddling around with the administration of this site. When I spend all day on IT, doing IT for a blog is no longer on my list of hobbies. With GoDaddy, you are responsible for all aspects of security, including updating WordPress, updating themes and plugins, and installing a security plugin to block the thousands of known attacks against WordPress. I have two major security concerns with GoDaddy. I had to allow insecure ciphers in order to connect to the shell on my site via SSH (or SCP). Why on earth haven’t they updated to a recent version of SSH?!? GoDaddy also requires you to purchase an SSL certificate from them to enable TLS on your domain. There’s no way to install a free certificate from Let’s Encrypt. I looked into enabling two-factor auth, but you have to manage it yourself with a plugin.
With a Premium plan from WordPress.com, SSL is enabled automatically with a certificate from Let’s Encrypt. I can use my domain name, and security is mostly handled for me. I can enable two-factor authentication. The downside is that I’ve lost some flexility; I can’t use my own theme or install my own plugins unless I upgrade to a Business plan. Also, I have to set up ads through Wordads.com to try to cover the cost of the site. I was fairly successful in covering the cost of hosting with Google AdSense; I’m not sure how effective WordAds will be.