Step One: Search the box or look below under each topic. Click on topics to expand the answer.
WordPress.org or WordPress.com?
WordPress comes in two distinct flavors. .com and .org
What’s the difference between the two?
.ORG is the place where WordPress is created. It’s run by volunteers who work together to create the code that becomes then next WordPress (I volunteer there too). That bundle of code can be downloaded by anyone and used in anyway they like. This requires you have server space to run the code (a hosting account). You can use any theme, any plugin and do most anything you want with it from there.
.COM is a for profit business. They use the latest version of WordPress and host the websites themselves. You can set up a site in a matter of minutes with .com but there are limitations. You can only use the themes and plugins that they allow and cannot easily change the code to suit your needs.
What’s the difference between a Page and a Post?
Functionally speaking they are just about the same. Sometimes themes will show them differently, sometimes not.
In this theme, Pages have the author byline and date removed (see Recommendations for an example of a Page).
Posts generally have the author, the date at the top. (see Understanding Mobile Responsive for an example of a Post).
Both can have comments turned on or off on an individual basis.
Technically both are called Post Types. There are actually 5 different kinds that come in a standard WordPress install.
- Post (Post Type: ‘post’)
- Page (Post Type: ‘page’)
- Attachment (Post Type: ‘attachment’)
- Revision (Post Type: ‘revision’)
- Navigation menu (Post Type: ‘nav_menu_item’)
Most readers will never see the Attachment or Revision type and the Nav Menu stuff obviously becomes a Menu Bar Item.
I like to suggest that Pages are for more permanent items of content while Posts are for more current or timely content.
BONUS: Is this FAQ a Page or a Post?
ANSWER: It’s a trick question. This FAQ is neither or both. It’s a “Custom Post Type” I created. This site has a Custom Post Type for FAQ, Clients, Testimonials, and Landing Pages (used for ad campaign squeeze pages). Some sites need additional post types to help separate content. (This is not beginner stuff.)
Category or Tag?
A ‘category’ and ‘tag’ in WordPress are technically referred to a taxonomies. They are very similar but both are just a fancy word for being able to group things.
Generally speaking it’s wise to use just a few different Categories, and do what you want with Tags.
Example:
I write a bunch of post about a wide range of topics. You can see them all if you click on the Blog in the menu bar. You’ll find posts on Pinterest, Social Media, Technology and on and on. To better help you sort and refine what you might be looking for I can use the ‘category’ of WordPress to show you only those posts that deal with WordPress.
Within those posts on WordPress I might have tagged them with terms that were mentioned in the post. These tags will show up at the end of the post and are actually links. Click on a tag and it will build an archive page of all the posts that contain that tag. Here’s a link to the Tag Archive Page for SEO.
HINT: Before starting to write, think about creating a Category strategy that will work for you down the road. It’s possible to adapt later but much easier if you first start narrow on the Categories.
When it comes to Tags, you can create and use Tags as you like. Go crazy!
I usually write a post and before I publish I come up with a few tags that describe the post.
It’s also possible to create Custom Taxonomies. Like a Custom Post Type, these can be created (not for beginners) and used to better refine a Custom Post Type.
Most sites don’t need a Custom Taxonomy.
Comments? Spammers? Can I do anything?
Comments come in a few flavors.
- The real kind – having real discussions on your posts is a wonderful experience. It builds relationships, community, and so much more.
- The argumentative kind (trolls) – who are just looking to disagree or push your buttons. They’ll attack you or other commentors, they are just looking for a fight.
- and then there’s the spammers. We all know about them.
The easiest answer is that YES you can simply turn comments off.
You can turn off comments on just a single post or all posts. Some of the widest read bloggers (like Seth Godin) don’t have comments. That works for them but there are other options.
First of all, enable something called Akismet and
Everyone who has Akismet on their site and marks a comment as spam, also signals the database at Akismet. It tells the database who left the comment, what their email was, the website they entered and their IP address. Akismet tracks all this and if enough people mark a comment, an IP, or a website as spam the Akismet algorithm kicks in and starts blocking it automagically!
Akismet kills 99% of all spam. Goodbye Spammers!
As for the Trolls (#2 above) studies have found that if the Commenters are not ‘anonymous’ they tend be a whole lot more civil. There’s a few ways to do this.
- You can allow only those who are registered on the blog to comment. (this requires management by you)
- Use a comment moderation system that allows them to sign in via social media sites (like facebook, google). This site uses Disqus to do just that.
You can always moderate comments. You can edit and you can delete but if you do, you should also have a comment policy in place.
Do I need to worry about patches and updates?
First of all let me say that WordPress is SECURE.
Secondly, let me say that anything is secure until someone (usually the bad guys) finds a way to break into it.
The good news is that when this happens, the smart guys fix it so the bad guys can’t get in. Phew!
If you own a WordPress Website from time to time you’ll need to update to keep your site safe and secure.
There are 3 different things that might need to be updated in WordPress: The Core itself, Themes, and Plugins.
Luckily, when new updates become available you are alerted to them in the dashboard.
Since Version 3.7 of WordPress they have made the update process automatic. So essentially there’s nothing for you to do.
But automatic doesn’t apply to the other 2: Themes and Plugins. Both of these you’ll still need to update manually.
Don’t worry. It’s easy. When you see the updates for your Themes and Plugins it takes just a single click (for each) to update them. Here’s a video showing just how easy this is.
How easy was that? Don’t forget to backup your site before updating.
Is setting up my own Hosting Account complicated?
Hardly. As a matter of fact it may be the easiest thing you do!
Most all Hosts signups are the same. for this example I’ll use GreenGeeks.

Step 1: Click the button to go to their site (or here)
Step 2: You should see a large button there to view their shared hosting plans. Typically most new sites need just the basic shared hosting plan. These run somewhere around $5 a month.
Click that and you’ll have a window with just 2 options.

Do you have a Domain Name?
If you need a domain you can start searching with the box on the left. If that domain is taken they’ll suggest options or you can try other ideas. If the domain name is not taken you’ll have the ability to purchase it right there!
If you already have a domain name, enter it in the box on the right.
Step 3: Billing Information
Now just fill out the form…
IMPORTANT: Enter your billing information and when it comes to the package you’ll need make sure you buy at least 1 year of hosting in advance. Google looks poorly on websites with short lifespan hosting. Spammers and malicious types will setup sites and host them for days or months. You don’t want to look like one of them!
When you are done – click the “Create My Account” button and you’ll be on your way.
BONUS: You’ll next be taken to a page of options that you might be interested in adding on. Items like privacy, backup and the like. Generally speaking most people don’t need these – and they can always be added on later.
* they’ll need to confirm your account as well – typically this is just a quick phone call in the next few hours.
Want to explore other Hosting options? Check out my post on Web Hosting Ideas.
What is CSS?
A few people asked what CSS was and what it did. Here’s a quick and easy video explaining exactly what CSS (a Cascading Style Sheet) is and what it does.
Most every site these days runs a main style sheet but there are also many others running as well. Every plugin has it’s own style sheet. CSS can dictate colors, underlines, padding and margins and so much more.
The browser looks at all of them. If and when it finds there are competing items (i.e. multiple instructions for a specific item) the browser will use the last one as it’s rule. That’s the cascading part.
Here’s a sample test:
Imagine having a single page of rules. Near the top you have a rule that says, “Anytime a post uses an element with an ID of Bananas, put a dotted border around it“. (why you would do that, I don’t know)
In the middle of the page you might have a rule that says, “Anytime the ID of bananas is used, make the text Yellow and make the border a solid line.”
And then at the bottom you might have a rule that says, “ID of Bananas? Make the border color Red.”
The browser would look at all three and for our fictional ID of bananas we would end up with… Can you guess?
A section with Yellow text and a solid Red border. Did you get that too?
What is a Custom Post Type?
A normal install of WordPress comes with the option of creating a few different kinds of content. Typically these are Posts and Pages. Posts are for time sensitive content while pages generally are for static, evergreen stuff that doesn’t change often (like your About or Contact).
A Custom Post Type (CPT) is created by a developer in addition to Posts and Pages. This FAQ that you are reading right now is a custom post type. It’s neither a post, nor a page, it’s simply yet another way to add content.
Other uses for custom post types might be Listings, Testimonials, Past Clients or Portfolio to name a few. There’s really no limit to the number of CPTs a site can have.
Once you have a custom post type built you can then choose how you want to present them. In this particular instance (FAQs) I show them all combined here, or I can also embed them within a page like I did for this site, or they can be shown individually.
An added bonus of a CPT is that since it is a separate entity within your site, you can then create a sitemap for that CPT and then submit that to Google for indexing. That’s great for SEO!
Can I have multiple Authors

Absolutely! WordPress comes with the ability not only for multiple Authors but for individual roles.
You can add people and assign them any one of the following roles…
- Subscriber
- Contributor
- Author
- Editor
- Administrator
- And in the case of MultiSite there’s a Super Administrator
Subscriber only allows the person to read and comment on the site. They cannot create new posts.
A Contributor can write and manage their own posts but cannot publish them.
Authors can can publish and manage their own posts, but only there posts.
Editors can publish and manage posts and pages including the posts of other users.
Admins can do it all. They can also add plugins, change themes.
There’s a long article in the WordPress Codex HERE or I’ve written a blog post about it HERE.
Can I upload a .pdf?
Yes you can. One of the best ways of delivering expanded content is to offer a .pdf as a download, or to have it open up in their browser.
The Media Manager make it easy to upload and insert all sorts of media types into your pages and posts.
Of all things, I personally wrote the instructions in WordPress on this very topic! While it’s written for use by someone teaching a class I think you could get a lot of information out of it as a student.

Some of my clients create a .pdf and offer it as a free download in exchange for an email address.
It’s a powerful form of lead capture.
What can you use the FAQ custom post type for?
Typically when I build a custom post type for FAQs, it’s usually for a real estate agent. They tend to split them into categories like “For Buyers” (and “For Sellers”). That makes good sense as that FAQ could be embedded into the Buyers Page BUT there are so many other uses for them.
I’m working on a new website right now that is going to combine custom home searches for individual neighborhoods and use them on the neighborhood pages we’re building.
Here’s why this is brilliant…
While you could just list them all on the page there’s very little SEO in that. Google places value in content at the top of the page, not the entire page.
Instead, as a FAQ each search will be the ‘answer’ to the question. The question (or title) would look something like “3 bedroom, 2 baths currently available for sale in Sunny Acres right now“.
The answer would look similar to this: (although this is obviously not a search for 3/2)
The magic of all this is that each FAQ is it’s own single post.
Each post is instantly added to the sitemap and that sitemap is submitted to Google for indexing.
Remember, people search these days by asking their phone questions.
Questions like “Show me 3 bedroom, 2 baths currently available for sale in Sunny Acres right now..”
When that search matches very well with what Google has indexed you have SEO that nobody else has! Does that make sense?
What is a form?
While it may seem obvious to you, I had a client recently that needed clarification on what a form is and what a form does.
When I build a WordPress website I include the top premium form builder as part of the package. It allows you to create a form with virtually any fields and then do a number of different things with the data collected as well as what happens when they click the ‘submit’ button.
Possible fields include a single line of text, a paragraph box of text, checkboxes, radio buttons, address, email, phone and so much more.
As an example I’ll put one of the simplest forms (my newsletter signup form). Yes, you should sign up for my newsletter but in doing so you’ll also see how the whole process works. This is my Form.
Now back to my writing (this is not part of the form)
When you complete the form, for this form the data goes three different places.
1. a copy is stored in my sites database. I can then view or export that entry or all the entries.
2. a copy is sent to my email inbox
3. a copy is pushed over to my newsletter system at MailChimp. This triggers an email notification seeking confirmation to the email address listed.
You might notice that I make sure your inclusion to my list is Double Opt In, I’ll also send the email address a “Welcome Email”.
I’ve also setup a “thank you” page that you’ll end up on when you complete my form.
Forms can be simple like this or as complex as you want them to be. On the longer forms I’ll break them up into different pages and then show you how far along the form you are at the time. You can also setup a system where they can save a form to be completed later.
Essentially a form is something that collects data of sorts – what you do with the data is up to you.
Can you remove the dates from all my posts?
Absolutely. I actually did that for a while here. But let’s look at the Pros and Cons.
Why would you want to do this?
For most people I would guess that they don’t want readers put off by reading old content. The date usually shows up in a Google Search like this.

I know when I search Google I’ll often scan down the page a bit looking for the right result. Sometimes I’m put off by an older post. That’s why some authors like to hide the date.
Another reason is that they don’t write often and don’t want the blog to reflect that. That makes sense to me as well.
Why would you NOT want to do this?
- If a lot of your content is time sensitive (like current market reports) you’ll be doing your readers a disservice in not prominently showing the date. Nothing burns me more than wasting time reading a data report only to find out it was not for the time period I thought it was. Dates in blog posts were put there for that reason.
- It’s all of nothing. If you remove the dates from your posts it’s removed from ALL your posts. Even if you are not doing ‘market reports’, if you remove the dates you’ll look pretty silly having a post about some kid’s park from 5 years ago – because now it’s a condo development. Unless you plan on deleting or updating all your posts on a regular basis, your date helps you save face. I write a lot about social media (and it changes fast) and this is why my posts have dates again.
- Google knows exactly when you published posts and even if you try to hide the date, they might just show in the results anyway.
What’s a Pingback?
To a new WordPress user Pingbacks can be scary.

What is a pingback and why am I being notified?
None to worry. A pingback is an automatic notification that another site is linking to your site. They could also come from you linking to your own content. I wrote about pingbacks and trackbacks a while ago. (that link just created a pingback notification for me inside my site)
Pingbacks are useful in knowing when other people are linking to our stuff.
Perhaps they like what you wrote and are linking to you.
“I love what Mike Mueller wrote here...”
Perhaps they disagree with what you wrote.
“I can’t believe what Mike Mueller wrote…”
Either way, we would want to know about it, right?
That’s why pingbacks are wonderful.
When you get a notification it will ask you if you want to approve it.
This is a left over from the old days when we would list the sites that were linking to our posts, that doesn’t happen much any more so you can “approve” or “disapprove” the pingback as you see fit. It’ll have no effect on your site one way or another.
With the managed site, will I still need to add content and blog my self or is that included in the monthly fee?
This question was asked by Troy and I think it’s a fabulous question!
The short answer is No. If you were smart (and I am referring to the generic you, not specifically to Troy), you wouldn’t want me to. Here’s why…
The Fully Managed Websites that I create for clients come with what I call, “All the bells and whistles“. Those are features like FAQ’s as a custom post type (like this) and many others. I’ll typically stuff the site with dummy content as a placeholder.
One of the things I ask my clients is “How do you expect people to find your site?“. Essentially, I’m asking them to identify what “Sales Funnels” they plan on using. One of the more obvious would be Google and by that they are referring to what is called Organic SEO.
Everyone wants great SEO and every one of my sites has all the right tools to achieve it. Here’s why you’ll never get organic SEO from a site that provides you content.
Google doesn’t like duplicate content. Hate is just a tad bit stronger of a word but they come pretty close to that. When Google finds identical content on multiple sites it decides to index only the first instance it’s found. It’s what is called a Canonical Link. This far better than what they used to do – if they found duplicate content they used to remove your site completely from the index!
So, a service that writes content for you (and 500 other sites) is doing you a major disservice. While it seems like a pretty cool deal – only the first instance of any of those posts will be picked up by Google and you can bet it won’t be your site.
That said, if do have content from a service like that it still could be a benefit to one of your other funnels. Have a mailing list style newsletter? In that you can push that content out to your list. (I do include a newsletter like that as a Bell and Whistle). Of course that newsletter would be a different sales funnel (permission based marketing) and not related to SEO at all.
I do write local based SEO quality original posts for clients for a fee. I also manage sites where we’ve gone out and hired writers. It’s always better if they write it in their own voice but it’s always an option for those who just don’t want to write. In this instance each and every article is completely new and different from any other article on any other websites – Great Local SEO and No Duplicate Content.
I hope that all makes sense to you. If it doesn’t just give me a call! 🙂
What the heck are we talking about?
This FAQ on making your site “Secure” is going to walk you through the steps you’ll need to take.
The goal of this is to have your site url show a little green padlock in the visitors browser window.
You are going to hear a few new words and acronyms like SSL, SECURE and https. Here’s a quick definition.
SSL CERTificate: This stands for Secure Sockets Layer. It’s simply a data file that ties in the necessary items to make encryption possible between their browser, your host, and the files that create your website. We might say SSL or SSL Cert or SSL Certificate but we’re talking about the same thing.
https: This is the beginning of the url for a secure site. You might already know that the http stands for Hypertext Transfer Protocol and of course the added S would then stand for Secure.
SECURE: This is a general term that we are using to describe a site that has a valid SSL Cert combined with proper coding to continue what is called a daisy chain of security. If that chain is unbroken, we have encryption happening and have what is called a “SECURE” website.
So, no matter what words we’re using – the goal is going to be the same. That little green padlock.
How do you make an octopus laugh?
With ten-tickles.
Why did the tomato blush?
Because it saw the salad dressing.
What are the strongest days of the week?
Saturday and Sunday. All the others are weekdays.
I’m never going to blog – why should I go with WordPress?
While WordPress makes a great blogging platform, it’s also perfect for building a static website.
Technically, WordPress is what is called a CMS (Content Management System) – a fancy term for something that allows publishing, editing and modifying of content.
There are plenty of CMS systems out there but the beauty of WordPress is that using it is as easy as sending an email. No waiting for a ‘developer’ to make the additions or changes you want. Simply log in and make the changes yourself!
- You don’t need to know code
- You can edit most anything on your site (yourself)
- You own the content, you don’t have to pay someone to maintain and update it.
- a properly built WordPress website has great SEO (get found in Google)
TL;DR
I get it – we’re all skimmers.
If you don’t know what TL;DR means my guess is that you probably skipped that part of the internet. (see what I did there?)
So if this whole post and it’s embedded FAQ was too long for you and you didn’t read it here’s the bullet point edition.
- You want your site to be SECURE today so that you show up in Google.
- There’s free options out there but I suggest you pay a little (can you afford $200?).
That’s it. Every site out there needs to be Secure these days and if your is not you’ll be left behind with ZERO traffic.
What is SEO?
Let me start with the simple definition.
SEO stands for Search Engine Optimization. The goal of SEO is to get more of your content to show up higher in the search engine results for particular keywords or searches.
SEO is part science and part art. You may hear of “White Hats and Black Hats”. Just like in the Wizard of Oz there are good witches and not so good witches. Black Hats try to trick Google into showing their content using shady tactics. White Hats better understand the issues and use proper technique to achieve better results. There’s a few specific things that you can do to better your SEO. Most are described HERE.
Every search engine ranks sites for keywords based on what is called an Algorithm. Google (or Bing) does not come out and specifically say what or how their algorithm works. We do know the search engines also tweak their algorithm on a regular basis. Google reportedly says they do this up to 6 times a day!
There are very smart people who conduct very smart tests to come up with educated guesses on SEO.
Conversely there are also a bunch of traveling circus clowns that mask themselves to look like smart people, pretend to have all the answers, which they will gladly sell to you to get you to the front page of Google for any keyword you want.
Does that sound familiar? That’s why I say that…
SEO is also the SNAKE OIL of the internet age.
SEO is never a one click and done, pay me and I’ll make you #1 kind of thing. If you hear that, turn around and walk away as fast as you can.
SEO is a marathon race, it’s a struggle to get to the top and then a constant struggle to stay there. To start you need a properly built website. From there you need to apply a specific and systematic approach to achieve your goals. Once there you need to constantly adapt and apply the new approach just to maintain your position.
Google recently applied a filter to their algorithm called “Panda”. You can read about what effect it might have on your site HERE
Why do I need to be Secure?
Three things, but I really could just say one…
GOOGLE.
Google has mandated that they want all sites to be secure. With that in mind, here’s three reasons why your site should be secure.
- SEO
Google is using it as a ranking signal. That means that secure sites will be ranked higher than equivalent ones without https.Since the Penguin update of 2012, Google has put in a great deal of effort to promote security and quality. Today, sites protected by SSL enjoy a higher priority in search engines.Experiment for yourself. Do a Google search concerning any topic. It’s safe to assume that most of the top 10 results are from sites with either an SSL certificate or have high domain authority.
- Authenticates Between the Site and Visitor
Using an SSL protects data to and from your website. It makes it more difficult for hackers to intercept or change information while in transit. For example, a hacker could change the images or even launch executable software within elements you view from an unprotected site.Think of adding SSL as creating a tunnel from your visitor directly to your website. The stronger you make that tunnel, the less chance someone can affect the visitor from the outside.The rain outside on the street doesn’t affect you if you’re in a subway system. This is a simplified example of what encrypting data with SSL does for your online guests. - Confidence
You wouldn’t enter your credit card on a site that isn’t secure, right? That’s because there’s a level of trust that happens when you see that green padlock. That trust conveys to sites that aren’t accepting credit cards and to the content that is in them, even if it’s a blog full of facts and statistics. Seeing that deep green message that a site is secure in the address bar makes an impact. Premium SSL certificates come with Dynamic Site Seals, warranty and other benefits that instill further confidence. When you consider the massive amount of competition on the Internet, the last thing you want to do is send away potential customers. And a lack of an SSL will do just that for a lot of them.Keep in mind that Google Chrome users make up nearly 60% of the online traffic worldwide. It’s safe to assume more than half of your visitors will see if your site is secure or not.
What is Anchor Text
Anchor Text is simply the words we use when we link to somewhere. It’s an SEO tool.
Google likes it when we actually use words that are descriptive of what they’ll find at the links destination.
Here’s a great example of Anchor Text (it’s in RED) when I want to link to the page where I describe what I do for a living.
I build custom designed WordPress Websites that rock!
Contrast that to other text I might use to get you to that same page CLICK HERE.
Both the ‘custom designed…‘ and the ‘CLICK HERE‘ above are Anchor Text but one accurately describes the page itself.
Google looks at the words in the Anchor Text and treats them like keywords. While I might want to rank high in Google for custom designed WordPress Websites, there would be no value in ranking highly for “CLICK HERE”.
NOTE: I also used an ALT description on both links. You might see that when you hover over them depending on your browser settings.
Do I really need to be Secure?
In the past, Google has made a few adjustments to how it handles secured websites. There was talk about showing alerts to users in 2017, and now Google is pushing/pushed that notification.
Whether you have an online store or running a simple blog, the difference between HTTP vs HTTPS is huge. And I’m not talking simply about making a sale. In fact, how your site appears in Google Chrome will impact your overall success.
If your site is NOT Secure your visitors are going to get a red warning like this:
Do I need a Facebook Page?
- Are you a person? Chances are you DON’T need a page.
- Are you a person who also has a business? Chances are you SHOULD have a page.
- Do you want to run a Facebook Ad Campaign? You DEFINITELY need a Page.
Rule #1 of Facebook is that everyone needs to have a Profile.
Rule #2 is that each person only gets ONE profile.
If you created a 2nd Profile in an effort to separate friends from ‘work’ or any other reason, Facebook will eventually find out and delete BOTH accounts.
While Facebook has recently reduced the reach of Pages, if you want to maintain a commercial presence on the social network there is only ONE way to do that and that is with a Page.
Pages can run ad campaigns that when clicked can go to either an App on a Page or to a website outside of Facebook.
Want to go deeper?
- Read more about running a Facebook Ad Campaign
- Understand the difference between a Page and Group
- The Top 10 best practices for your Facebook Pages
How will Google Chrome’s update will affect my site?
As Google focuses more on security, the search engine giant is pushing a new feature to its popular browser. This integrated ability will determine if your website is using a Secure Sockets Layer.
The URL of your site in the address bar is preceded by “Not secure” if no SSL is detected.
or even worse there’s a new red notification coming soon…
Ok, I’m convinced, now what?
Ok, the first step in becoming “secure” is getting an SSL Certificate for your site/business.
SSL Stands for Secure Socket Layer and it’s simply a data file that binds or connects your domain name, server name, and or host name to your website.
If you want to get deeper, it’s all about the crypto keys. These are incredibly long strings of random numbers. There’s two – a public key and a private key. Together, they create a very complicated math problem for the browser to solve if one of the two are missing. That in the simplest terms is how digital encryption works.
Back to obtaining an SSL Cert…
So, there are many places to get an SSL Cert. There are also a few different levels of SSL Certs. At the most basic level, the SSL Cert will verify that the domain name matches the domain files and the host. That’s important as there are scripts out there that’ll mask and reroute domain traffic to the sites of the bad guys.
At the higher levels of SSL Certification – the issuing company will verify ownership of the company, the physical address and other details as well.
Most of the sites I build don’t need that. Simple is usually just fine. In SSL terms this called a Domain Validation SSL.
Where to get a Domain Validation SSL Certificate
Let me first mention that some of this is not for the DIY type. There’s just too much involved that you as a site owner are not going to know (like filling out the details for what is called your Certificate Signing Request) That said, you can still do this, you just need the help of your hosting company.
So instead of me giving you a list of places to buy your SSL Cert I’ll just refer you to your hosting company. You’ll simply want to ask them for a Domain Validation SSL. They’ll probably give you a link in their system to order/buy the SSL Cert.
Once that order is placed and the SSL Cert is issued the hosting company will need to install it on your account. Once again, this is yet another reason you can’t DIY this.
What about FREE?
I love free and yes there’s a free option of SSL out there too!
It’s called “Let’s Encrypt“ and it’s pretty slick!

Chances are that your host even offers them.
So that’s good, right?
Yes and no. I recently had a client’s website go down for a handful of days. They were fully encrypted using an SSL Cert from Let’s Encrypt. Why? Because unlike normal SSL Certs – Let’s Encrypt Certs last only 90 days. At that point, or rally before that point they need to be renewed. This renewal is done by your host and quite frankly some hosts just are not setup to stay on top of that. An expired SSL Cert doesn’t mean that your site doesn’t have the green padlock, it means there’s going to be a big ass warning for all to see – instead of your site.
I know exactly how it feels when your site is down. It’s happened to me. Every second it’s down I felt like the whole world was judging me. I was literally wringing my hands, pulling my hair. If your site is that important to you, I’d skip free – at least for now.
Set your Site to be SSL
With a valid SSL Cert installed on your hosting account you’ll want to tell WordPress about your new domain name.
I have a new domain name?
Well, not exactly. Technically speaking you have a new URL. With your SSL Cert you can now direct people to your https:// address.
The domain name stays the same, the prefix is the obvious change.
In your WordPress dashboard there’s two fields that you’ll need to change.
That’s a start. We’re not done yet.
Next, we want to force all visitors to load the https version of our site. There’s a few ways to do that but if you are not familiar with .htaccess files you might use a plugin.
HINT: modifying your .htaccess file is better.
Did you just add SSL to a new site?
Starting a new site from scratch and going SECURE is the easiest. Most anything you add to the site, moving forward is going to be uploaded and ‘called’ from a secure host. That means when you insert an image into a post like this:
The html that does that will look like this:
See that little S? We know know that it’s pulling that picture file from a secure source, right?
Remember that as the page loads it’s going to pull in stuff from all sorts of places. Most, like this, are going to be from your own server but that’s not always the case. If anything is being pulled from a non secure server (yours or someone elses) the daisy chain of SSL Security is going to be broken and you won’t have a green padlock.
Did you just add SSL to an Existing site?
Unlike the new site, we’re going to have files, images and other content that we uploaded previously to a non secure server.
That means the html that is going to pull in that image thing might look like this instead.
There’s an S missing after the http – and as the page attempts to load in the visitors browser their browser is going to see that some of the elements (in this case the picture) are not coming from a secure place. Their browser is going to throw them up a warning.
This is called “Poisoning The Well” and it’s something we need to avoid doing at all costs when we are secure.
So the fix is that you now have to go back to each of your posts, each of your pages, each of your headers, footers and widgets. You need to check and change the url of every single thing that is being pulled in to build your site or page. This isn’t just images, this could be CSS, this could be scripts, this could be embed codes. It’s time consuming for sure and that’s why it’s easier to start with a new site.
Can I hire you to make my site secure?
Yes, you can. 🙂
How much is it going to cost?
Good question. Breaking it down into two fees, you’ll have the fee for your actual SSL Cert and the fee for my labor.
The labor of course is a one time fee while the SSL Cert is usually an annual fee.
I would budget $100 for the SSL Cert and I am currently $100 for the labor.
If that seems fair enough to you – let’s start the conversation!
Step Two: Can’t find an answer? Just ask it here