WordPress FAQ
Everything you need to know about WordPress
Straight answers about WordPress from someone who’s used it for every site I run. With 33 years of enterprise IT experience and dozens of WordPress builds under my belt, here are the questions that come up most often.
No pitch. No pressure.
About WordPress
WordPress powers roughly 40% of all websites on the internet. That popularity means there’s no shortage of questions about how it works, what it can do, and where the pitfalls are. This FAQ covers the basics for people who are new to WordPress, along with some deeper technical questions for those already building with it.
I use WordPress for all my sites and have built dozens of them over the years. If you need help with yours, check out my WordPress services.
WordPress basics
What is WordPress?
WordPress is a free, open-source content management system (CMS) for building websites and blogs. You can use it for anything from a personal blog to a full e-commerce store. It runs on PHP and MySQL, installs on almost any web host, and has thousands of themes and plugins that let you customize the design and functionality without writing code. A massive global community keeps it updated, well-documented, and well-supported. WordPress handles SEO well out of the box, works on mobile devices, and integrates with most third-party tools and services you’d want to connect.
What are some of the essential features of WordPress?
WordPress comes with a block editor that lets you design and format content visually, dragging elements into place without touching code. Themes control how your site looks, and thousands of free and paid options are available. The plugin ecosystem adds functionality: contact forms, image galleries, e-commerce, membership areas, and just about anything else you can think of. WordPress also has solid built-in SEO tools, user management with multiple permission levels, and a media library for organizing images and files. For developers, it offers custom post types, REST API access, and a hook system for extending core functionality.
What are WordPress plugins?
Plugins are add-ons that extend what WordPress can do. They install through the admin dashboard in a few clicks. Need a contact form? There’s a plugin for that. Want to add an online store, improve your SEO, speed up your site, or add a booking calendar? Plugins handle all of it. The official WordPress plugin directory has over 60,000 free plugins, and thousands more are available as premium purchases. The quality varies wildly, so stick with plugins that have strong ratings, recent updates, and active support.
What plugins come bundled with WordPress?
A fresh WordPress install ships with two plugins: Akismet Anti-Spam, which filters spam comments, and Hello Dolly, which is basically a demo plugin that displays random lyrics in your dashboard. That’s it. Everything else you install yourself. Popular plugins people add right away include Yoast SEO or Rank Math for search optimization, Wordfence or Sucuri for security, WooCommerce for e-commerce, and a caching plugin like WP Super Cache or W3 Total Cache for speed. None of these come pre-installed, but they’re all free to download from the plugin directory.
What limitations does WordPress have?
WordPress needs regular maintenance. Core updates, theme updates, plugin updates, and database optimization all need attention, or your site becomes a security risk. The learning curve can be steep for new users who get overwhelmed by the sheer number of options and settings. Poorly coded themes and plugins are the biggest headache: they cause slow page loads, break other plugins, and open security holes. WordPress can also struggle with very large sites (hundreds of thousands of pages) unless you invest in proper hosting and caching. And because it’s so popular, it’s a constant target for hackers and bots.
What is required to run WordPress?
Your web host needs to support PHP 7.4 or higher (WordPress recommends PHP 8.1+), MySQL 5.7 or higher (MySQL 8.0+ recommended) or MariaDB 10.4+ (10.5+ recommended), and HTTPS. Most modern hosting providers meet these requirements. If you’re shopping for hosting, look for companies that specifically advertise WordPress compatibility and offer one-click installs, automatic backups, and server-level caching.
What’s the difference between WordPress.com and WordPress.org?
WordPress.org is the free, open-source software you download and install on your own hosting. You control everything: your files, your database, your plugins, your theme, your content. WordPress.com is a hosted service run by Automattic (the company behind WordPress) that handles the technical side for you. The free WordPress.com plan is extremely limited: you can’t install custom plugins, you get a WordPress.com subdomain, and ads appear on your site. Their paid plans remove some restrictions but still lock you into their ecosystem. For any serious website, you want WordPress.org on your own hosting. That’s what people mean when they say “WordPress.”
Do I need to know how to code to use WordPress?
No. You can build and manage a WordPress site without writing a single line of code. The block editor handles content creation visually. Themes control the design. Plugins add features. Most day-to-day tasks (writing posts, updating pages, managing comments, uploading images) happen through a point-and-click admin dashboard. That said, knowing some basic HTML and CSS gives you more control over how things look, and PHP knowledge opens up serious customization. But for running a standard business site or blog, coding skills are not required.
What’s the difference between posts and pages in WordPress?
Posts are time-stamped entries that show up in reverse chronological order, newest first. They’re what you use for blog articles, news updates, and regular content. Posts can be organized with categories and tags. Pages are static content that doesn’t change often: your About page, Contact page, Services page, legal pages. Pages don’t have dates, don’t appear in your blog feed, and can be organized in a parent/child hierarchy instead of using categories.
Where is WordPress content stored?
All content lives in a MySQL database on your web server. Posts, pages, comments, settings, user accounts, and plugin data are all stored as records across the 12 default database tables. Media files (images, PDFs, videos) are stored as physical files in the wp-content/uploads directory on the server, with references to them saved in the database. When someone visits your site, WordPress queries the database, assembles the content with your theme’s templates, and serves the finished page.
How many tables are there by default in WordPress?
A standard single-site WordPress install creates 12 database tables. The main ones are wp_posts (all posts, pages, and custom post types), wp_postmeta (extra data attached to posts), wp_users (user accounts and credentials), wp_usermeta (extra user data), wp_comments (visitor comments), wp_commentmeta (extra comment data), wp_options (site settings and configuration), wp_terms, wp_termmeta, wp_term_taxonomy, and wp_term_relationships (categories, tags, and custom taxonomies), and wp_links (blogroll links, mostly unused now). Multisite installs create additional tables for each site in the network.
Can you set a static page as the homepage?
Yes. Go to Settings > Reading and select “A static page” instead of “Your latest posts.” Choose which page you want as your homepage and which page should display your blog posts. This is how most business and organization sites are set up: a designed homepage with a separate blog section, rather than a reverse-chronological post feed as the first thing visitors see.
Customization, development, and security
Can you create custom post types in WordPress?
Yes. Custom post types let you go beyond posts and pages to create content types that match what your site actually does. A real estate site might have a “Properties” post type. A portfolio site might have “Projects.” A restaurant might have “Menu Items.” You can register custom post types by adding code to your theme’s functions.php file or by using a plugin like Custom Post Type UI. Each custom post type gets its own section in the admin dashboard with its own editor, and you can assign custom taxonomies (like categories) to organize them.
How do you create a plugin in WordPress?
You create a new PHP file in the wp-content/plugins directory. At the top of the file, add a header comment with the plugin name, description, and version. WordPress reads that comment and displays your plugin in the admin area. From there, you write PHP code using WordPress hooks (actions and filters) to tap into the system at specific points. Actions let you run code when something happens (like a post being published). Filters let you modify data before WordPress uses it (like changing how titles display). Once your file is saved, activate the plugin through the WordPress admin panel.
How do you create a custom page template?
Create a new PHP file in your theme’s folder. At the very top, add a comment block that tells WordPress this is a template:
<?php /* Template Name: My Custom Template */ ?>. Below that, write whatever HTML and PHP you need for the layout. Save the file, then when you edit any page in WordPress, you’ll see your new template as an option in the Page Attributes panel. Custom templates let you create pages with completely different layouts from the rest of your site: landing pages, full-width designs, pages with custom sidebars, or anything else you need.What is The Loop in WordPress?
The Loop is a block of PHP code that pulls posts from the database and displays them on the page. Every WordPress theme uses it. The Loop cycles through each post that matches the current query (your blog page, a category archive, a search results page) and outputs the content using template tags. You control what shows up by modifying the template files in your theme. If you’re a developer, understanding The Loop is fundamental to customizing how WordPress displays content.
What is the wp-config.php file?
It’s the main configuration file for your WordPress installation. It stores your database connection details (database name, username, password, and host), authentication keys and salts for security, the table prefix, debug settings, and the site URL. WordPress reads this file on every page load to know how to connect to your database and how to behave. It’s one of the most sensitive files on your server, so protect it with proper file permissions and never share its contents publicly.
How do you change the table prefix (wp_) in WordPress?
Open your wp-config.php file and change the $table_prefix value from ‘wp_’ to something unique before you run the installer. This makes automated SQL injection attacks harder since attackers often target the default prefix. Do this during initial setup. Changing it on an existing site requires renaming every table in the database and updating several rows in the options and usermeta tables, which is more complex and risky.
How do you disable comments in WordPress?
Go to Settings > Discussion in your dashboard to turn off comments site-wide by unchecking “Allow people to submit comments on new posts.” For individual posts or pages, open the post in the editor, find the Discussion panel in the sidebar, and uncheck “Allow comments.” If you want to disable comments on all existing posts at once, go to the Posts list, select all, choose “Edit” from the Bulk Actions dropdown, and set Comments to “Do not allow.”
What’s the difference between a theme and a page builder?
A theme controls your site’s overall design: colors, fonts, header layout, footer, sidebar placement, and the general structure of your pages. A page builder is a plugin that gives you drag-and-drop control over individual page layouts, letting you place content blocks, columns, images, and widgets wherever you want without coding. Popular page builders include Elementor, Beaver Builder, and Divi. Some themes come with built-in page builders. You can use a theme without a page builder (using the default WordPress block editor instead), but you can’t use a page builder without a theme. The block editor built into WordPress has gotten powerful enough that many sites don’t need a separate page builder anymore.
How do you increase WordPress website security?
Keep WordPress core, themes, and plugins updated. Use strong, unique passwords for every account. Turn on two-factor authentication. Limit login attempts to block brute-force attacks. Install a security plugin with firewall and malware scanning (Wordfence and Sucuri are the two big names). Choose a hosting provider that takes security seriously. Delete themes and plugins you’re not using (deactivated ones still present attack surface). And back up your site regularly so you can recover quickly if something goes wrong.
What should you do when your WordPress site gets hacked?
First, don’t panic, but move fast. Check for unauthorized admin accounts, unfamiliar files, and suspicious code injected into theme or plugin files. If you have a clean backup from before the hack, restore it. If not, use a security plugin like Wordfence to scan and remove malware, or hire a professional cleanup service. After the site is clean, figure out how they got in. The usual suspects are outdated plugins, weak passwords, and compromised hosting. Then lock things down: update everything, change all passwords (WordPress, hosting, FTP, database), enable two-factor authentication, and set up a security plugin with a firewall. Start making regular backups if you weren’t already.
Do deactivated plugins slow down WordPress?
Not directly. Deactivated plugins don’t load or execute, so they don’t affect page speed. But they still take up disk space and database entries, and here’s the real problem: if you don’t update them, they become security vulnerabilities sitting on your server. Hackers can exploit known flaws in outdated plugin files whether those plugins are active or not. If you’re not using a plugin, delete it. Don’t just deactivate it.
What should I do about plugins that haven’t been updated in over a year?
Replace them. A plugin that hasn’t been updated in a year or more is a security risk. WordPress core updates regularly, and plugins that don’t keep pace eventually develop compatibility issues and vulnerabilities. Check the plugin directory page for the last update date, the “Tested up to” WordPress version, and the support forum activity. If the developer has gone silent, find an alternative plugin that does the same thing and is actively maintained. Before removing the old plugin, note its settings and any content it manages so you can replicate the setup with the replacement.
WordPress and AI
Should I use an AI website builder instead of WordPress?
For most serious sites, no. AI website builders are good at one thing: getting something on screen fast. You answer a few questions, the tool spits out a site, and it looks fine at a glance. The trouble starts after that. You’re usually locked into that company’s platform, you don’t own the underlying code, you can’t move the site elsewhere without rebuilding it, and you’re stuck with whatever features they decide to offer. WordPress is the opposite: you own everything, you can host it anywhere, and 60,000+ plugins mean you’re never boxed in. AI is genuinely useful inside a WordPress build, for drafting copy, generating image alt text, writing a code snippet you then check, but that’s AI as a tool on a platform you control. An AI site builder is a tool that controls the platform. If you’re building something you intend to keep and grow, own it. If you offer a service or a real business, this matters more, not less. I can help you build it right on WordPress through my WordPress services.
Should I use AI to generate my WordPress content?
Use it to assist, not to mass-produce. AI is a fine drafting partner: outline a post, get past a blank page, rough out a product description you then rewrite in your own voice. Where people get burned is letting an AI plugin auto-generate hundreds of pages and publishing them unedited. That produces generic, often subtly wrong content that reads like every other AI page on the internet, and it doesn’t serve your readers. It also carries real SEO risk, covered in the next answer. The rule that keeps you safe is simple: a human decides what gets published, checks it for accuracy, and makes it sound like a person wrote it. AI can speed up the work behind that line. It can’t be trusted to stand on the other side of it. For the broader picture on AI and your content, copyright and platform questions included, see my AI and Your Book FAQ.
Will AI-generated content hurt my WordPress site’s SEO?
It can, and the deciding factor is quality, not the fact that AI touched it. Google’s position is about helpfulness: content made to help people ranks, content mass-produced to game search rankings gets demoted, no matter how it was made. A handful of AI-assisted posts that you’ve fact-checked and rewritten to actually help your reader are fine. A site flooded with hundreds of thin, auto-generated pages is exactly the pattern Google’s spam systems are built to catch, and getting hit with a manual action or a spam-update demotion is painful to recover from. The added danger on WordPress is how easy a content-generation plugin makes it to publish that volume in an afternoon. Publish less, make it genuinely useful, and keep a human accountable for every page. That’s both better SEO and a better site.
Are AI plugins safe to install on WordPress?
Same rules as any plugin, with one extra caution. A flood of new AI plugins has hit the directory, many from developers with no track record, some abandoned within months of release. An AI plugin is still third-party code running on your server with access to your site, so vet it the way you’d vet anything: strong ratings, a recent update date, a “Tested up to” version that matches current WordPress, and an active support forum. Be especially wary of AI plugins that want an API key and send your content off to an outside service, since that’s your data leaving your control. And remember the rule about abandoned plugins: an AI plugin that stops getting updates becomes the same security liability as any other stale code. Install fewer, vet harder, and delete anything you’re not actively using.
Building, hosting, and maintaining
How much does a WordPress site cost to build?
It depends on what you need. A basic site with a premium theme, a few plugins, and some custom configuration might run $500 to $2,000. A fully custom site with unique design, e-commerce, membership features, or complex integrations can range from $3,000 to $20,000 or more. On top of the build cost, you’ll pay ongoing costs for hosting ($5 to $50/month for most sites), domain registration ($10 to $20/year), and any premium plugins or themes that require annual renewals. The biggest variable is how much custom work you need versus how much you can accomplish with existing themes and plugins.
How long does it take to build a WordPress site?
A simple site with a few pages, a blog, and a contact form can be up and running in a few days. A more complex site with custom design, e-commerce, membership features, or lots of content takes two to eight weeks. The timeline depends less on the technical build and more on how quickly content gets finalized. Most projects stall because the content (text, images, product descriptions) isn’t ready, not because the development is slow. If you have your content prepared before the build starts, the whole process moves much faster.
How much does WordPress hosting cost?
Shared hosting starts around $3 to $15 per month and works fine for most small to medium sites. Managed WordPress hosting, where the host handles updates, caching, backups, and security for you, runs $15 to $50 per month. High-traffic or complex sites might need VPS or dedicated hosting at $50 to $200+ per month. I use SiteGround and it’s been fantastic. They offer solid performance, good support, built-in caching, free SSL, and easy WordPress management tools at reasonable prices.
What’s the best WordPress hosting provider?
I use SiteGround and recommend it. Their performance is consistently good, support is responsive, and they include useful WordPress-specific features like built-in caching (SG Optimizer), free SSL, automatic updates, staging environments, and easy site migration. Their pricing is reasonable for what you get. Other solid options include Cloudways for more technical users who want cloud infrastructure without managing a server, and WP Engine for fully managed WordPress hosting with premium support. Avoid the cheapest shared hosting plans from the big discount providers. The low price comes with slow servers, overcrowded resources, and support that reads from scripts.
Can WordPress handle e-commerce?
Yes. WooCommerce is the most popular e-commerce plugin for WordPress and powers millions of online stores. It handles product listings, shopping carts, checkout, payment processing, shipping calculations, tax management, inventory tracking, and order management. It’s free to install, though you’ll likely spend money on payment gateway extensions, shipping integrations, and premium add-ons depending on your needs. For digital products, downloads, or simple storefronts, WooCommerce is overkill and lighter options like Easy Digital Downloads work well. WordPress can handle everything from a ten-product shop to a store with thousands of SKUs, though larger stores need good hosting to keep things fast.
How do you update WordPress?
Go to Dashboard > Updates to see what needs updating: WordPress core, themes, and plugins. Before updating anything, make a full backup of your site (files and database). Then update core first, then plugins, then themes. Check your site after each round to make sure nothing broke. If something goes wrong, restore from your backup. Most managed WordPress hosts handle core updates automatically, but you’re still responsible for plugins and themes.
How often should I back up my WordPress site?
That depends on how often your content changes. If you publish daily or run an e-commerce store with regular orders, back up daily. If you update your site weekly, weekly backups are fine. If your site rarely changes, monthly works. Always make a manual backup before updating WordPress core, switching themes, or installing new plugins. Store backups somewhere other than your hosting account: a cloud service like Google Drive or Dropbox, or a dedicated backup service like BlogVault or UpdraftPlus with remote storage. If your only backup lives on the same server as your site, a server failure takes out both.
What happens to my site if I stop paying for hosting?
Your site goes offline. Most hosts keep your files and database for a grace period (usually 30 to 90 days depending on the provider) before deleting everything permanently. If you let it lapse and want to recover your site, contact your host as soon as possible. Some will restore your account for a fee during the grace period. After that, your data is gone unless you have your own backups. This is why regular backups stored somewhere other than your hosting account matter. If your host disappears, your backups are the only thing standing between you and rebuilding from scratch.
Can I move my WordPress site to a different host?
Yes. WordPress sites are portable. The process involves copying your files (everything in your WordPress directory) and exporting your database from the old host, then importing both into the new host and updating your wp-config.php with the new database credentials. Migration plugins like All-in-One WP Migration or Duplicator automate most of this and work well for small to medium sites. For larger sites or complex setups, manual migration or a managed migration service from your new host is safer. Most quality hosts, SiteGround included, offer free site migration when you sign up.
Can I change my WordPress theme without losing content?
Your posts, pages, images, and other content are stored in the database and won’t disappear when you switch themes. What you might lose is theme-specific customization: custom widgets, theme-specific shortcodes, header and footer layouts, and design settings that only exist within that theme. If your old theme used a built-in page builder (like Divi), your page content may be full of shortcodes that the new theme can’t interpret, which means you’d need to rebuild those pages. Before switching, make a full backup, test the new theme on a staging site first, and check every page to see what broke. It’s rarely as clean as just hitting “Activate.”
Why is my WordPress site so slow?
The usual culprits: too many plugins (or a few badly coded ones), oversized images that haven’t been compressed, no caching plugin installed, cheap shared hosting that can’t handle your traffic, a bloated theme with features you don’t use, render-blocking scripts loading in the header, and no CDN. Start by testing your site with Google PageSpeed Insights or GTmetrix to see what’s dragging things down. Then tackle the biggest issues first. Installing a caching plugin, compressing images, and removing unused plugins often cuts load time in half without touching any code.
How do I improve my WordPress site’s SEO?
Start with an SEO plugin like Yoast SEO or Rank Math. Both guide you through setting up title tags, meta descriptions, XML sitemaps, and schema markup. Beyond the plugin: write content that answers the questions your audience is searching for, use descriptive headings that include relevant keywords, optimize your images (compress them and add alt text), make sure your site loads fast, get an SSL certificate for HTTPS, fix broken links, and build internal links between related pages. A word on AI: a few fact-checked, genuinely useful AI-assisted posts won’t hurt you, but mass-producing thin auto-generated pages is exactly what Google’s spam systems demote. Technical SEO matters, but the biggest gains come from publishing useful content consistently and making your site fast and easy to navigate.
How do I know if my WordPress site needs a redesign?
A few warning signs: your site looks outdated compared to competitors, it doesn’t work well on phones and tablets, your bounce rate is high, visitors aren’t converting, page load times are slow, or you’ve outgrown your original design and keep patching things together instead of building what you actually need. If your theme hasn’t been updated by its developer in over two years, that’s another red flag since abandoned themes eventually break with WordPress core updates. A redesign doesn’t always mean starting over. Sometimes updating the theme, reorganizing navigation, and refreshing the content is enough.
Need help with your WordPress site?
A 30-minute conversation is the fastest way to figure out what your site needs and what it would take to get there. No commitment, just a straight discussion of where you are and where you want to be.
No pitch. No pressure.