Home & Office
Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


WordPress site 101: Free and low-cost tools to build a powerful web presence

Have you ever looked at a website and wondered what was going on under the hood? Let's take a deep dive inside an active WordPress site used for ecommerce and product support.
Written by David Gewirtz, Senior Contributing Editor

We've been running a series of articles here on ZDNet about setting up and running websites. With so much change going on in the world, it's more important than ever to have a compelling web presence.

Also: How to build a website: What you need to get started

In this article, we're going to look at all of the components that go into creating and maintaining an actively updated, mid-level website. What I mean by mid-level is that it's not a one-page brochure site, but it's also not a major site on the scale of ZDNet or CNET. We're going to look at the content management system, the extensions and themes, the hosting provider, and the SaaS services that support the site.

By the time you finish reading, you'll have a good  feel for what resources are used, so when it's time to plan out your site, you'll know what to look for.

Understanding the example site's purpose

The site we're going to discuss as an example is one of the WordPress-based sites I operate. Its purpose is to provide an online home for a few freemium software products I develop. The core products are open source, a donations add-on, and a privacy add-on for WordPress. Those core products are available for free on the WordPress.org plugin repository, which is essentially an app store for plugins.

My site provides more detailed product information than can be shown in the repository. It also provides an online store for users who want to buy add-ons for the free core products. Finally, it serves as a technical support hub for those who need help using both the free core products as well as the commercial add-ons.

One quick note: I'm not going to include the URL or name of my site here, because this isn't about promoting my site. The actual site I run isn't nearly as relevant from a site anatomy point of view as the resources and tools I use. So, I'll just refer to it as "the site."

I will, however, be mentioning and linking to the products and services I use. All of them are either free or I pay for them out of my own pocket. As with many products mentioned here, ZDNet may get a small commission, but none of that comes back to me.

If you're curious about all the tools I use to develop WordPress plugins, here's an article I posted last year:

Also: One developer's favorite Mac coding tools for PHP and web development

How the site is structured

Logically, the site is structured into four major sections: products, support, lab notes, and about. There are also a few main pages like the home page and privacy policy.

Internally, WordPress has a few main data structures. The post type data structure handles long-form rich text. There's a post metadata structure that handles data related to a post, like the date it was last edited and its publishing status. There's also an options data type that handles key/value pairs on a site-wide basis, like the name of the site and email address for the site owner.

Post type is most interesting because it can be customized for a wide variety of purposes. The most basic is post, which is for blog posts that are posted sequentially over time. Another basic post type is page, which is for fixed specific-purpose pages, like the home page and the about page. Various plugins extend those post types for products, donations, affiliate programs, and more.

My site uses the following post types:

Pages: Pages include home, about, contact us, an affiliate registration page, the main support page, a user profile page (which also has purchase and help ticket history), a beta download page, and a few other supporting pages.

Posts: My site calls posts "Lab Notes," because instead of blog entries about life, the universe, and everything, the blog posts on the site are really release notes and technical details about the products being supported.

Projects: The theme I'm using, Divi (more on that below) adds a custom post type called Projects. It's meant to help users create items for portfolio websites, but I co-opted it to display each of my products as one project.

Downloads: Because the site sells digital downloads, the ecommerce plugin I use creates the post type Download for each sales entry. Each Download post includes pricing, licensing details, links to the digital file distributed on sale, and more.

Tables: I use a table-making plugin that stores its data in a Tables post type.

Affiliates: I use another plugin to manage affiliates, and that data is stored in the Affiliates post type.

So now that you know, roughly, how the site is organized, let's get into the main components.

Primary site operations

We'll kick off with the four main legs that support the entire site's operations: WordPress, the ecommerce system, the hosting provider, and the theme. These are the elements that everything else has to integrate into or modify, so they need to be discussed first.

As discussed in How to build a website: What you need to get started, WordPress is used on 40% of all websites and 63.4% of all sites based on a content management system.

About ten years ago, I did a very comprehensive search of content management systems and chose the open-source distribution of WordPress not only because of its wide variety of themes and plugins, but because it has such a vibrant user community. Here's a presentation from my early days of moving to WordPress from my proprietary CMS.

WordPress is distributed at WordPress.org, which also hosts the theme library and the plugin repository. If you're going to install WordPress on a host other than WordPress.com, you're going to start here.

I'm mentioning the ecommerce plugin before a lot of other items because so much of this site is built around this plugin.

EDD not only accepts money and releases files for download, but it manages payment gateways and product licensing and license codes. I have blocks of code embedded in each of my add-ons that call back to the site to validate the license keys for users' installation. EDD also manages updates of those add-ons, so when I issue a new release, users can download updates right alongside other WordPress plugins they've installed.

I'm using quite a few add-ons to EDD as well. They include the following licensed add-on plugins:

  • Software Licensing: Adds the software licensing system to Easy Digital Downloads
  • Recurring Payments; Lets me sell subscriptions
  • Advanced Reports: Provides tools to build custom reports for earnings, sales, and other data
  • Invoices: Lets customers display HTML-based invoices
  • PDF Invoices: For those who need to download invoices, this plugin creates PDF Invoices for each purchase available to both admins and customers
  • Mailchimp: Subscribes customers to my Mailchimp mailing list when they purchase products 
  • Manual Purchases: Provides an admin interface for manually creating purchase orders
  • Stripe Payment Gateway: Adds a payment gateway for Stripe.com

Each of the above add-ons is available for purchase separately or as part of a bundle. I bought the bundle and renew it each year.

Before we move on, I should mention that I chose EDD because it was one of a very few WordPress plugins that had the full range of features I wanted. There are a ton of ecommerce plugins on WordPress, including WooCommerce, the one owned by Automattic (the company that operates WordPress.com). But EDD had the best selection of features that matched my business model, and so that's why I picked it -- and then built everything else around that decision.

When I first set up my site, I used a relatively inexpensive hosting service. I ran into all sorts of performance and compatibility problems with Easy Digital Downloads. I moved the site around to a few other cheaper hosts and then decided to wise up.

I contacted the EDD folks and asked them which hosting provider they used. They sold EDD and its add-ons using EDD, and since my freemium model was similar to theirs, I decided that whatever host was good enough for them would be good enough for me.

They introduced me to their provider, Pagely, a premium managed hosting provider. The cost was more than I really wanted to spend, but I wanted the level of support and reliability Pagely promised. I haven't regretted the decision in the five or so years I've used them.

The next big structural element in the site is the theme. For some sites, the theme itself provides the look of the site. If you want a site that sells software products, for example, you'd buy a software sales theme. If you wanted to post your art portfolio, you'd buy a portfolio theme.

Somewhere in the mid-2010s, the theme-as-page-builder approach became popular on WordPress. The idea is that the theme became an entire framework for look and feel, and you'd construct the entire site inside this framework. Some themes, like Divi, offer pre-designed styles and themes, so you don't have to do all the look and feel yourself.

One additional benefit of this genre of themes is that some allow for front-end editing, so you can make changes in the site right where the change will be shown, rather than editing in the backend dashboard.

Divi provides the bulk of the look and feel of the site, but I use a wide range of little support plugins to tweak the look. But they're not nearly as central to the site's operations, so I'll come back to them later. Next up is the support system that lets me provide tech support to all my users.

Tech support management

When I first adopted the plugins I support, I had no idea tech support would be such an ongoing challenge. I fully expected all site operators to be reasonably sophisticated IT folks, people who were fully familiar with setting up and managing things like a CMS. I was completely wrong.

Instead of experienced techies who were setting up their first nonprofit sites, I wound up encountering nonprofit operators with barely any experience in tech setting up their first WordPress sites. Tech support was a far bigger deal than I ever expected.

Unlike many WordPress plugin authors with free and freemium plugins, I support the free users just as much as I support those who pay for add-ons. I feel that the free users provide me just as much information about plugin performance and behavior, and they're more a product and quality analysis asset to me than they are a drain on my time.

I had a very rough start but I eventually realized that getting to talk to these folks was a privilege, especially as a tech columnist who otherwise rarely spoke to the typical end-user. I developed a much better understanding of their needs.

The WordPress plugin repository provides a support forum for every plugin listed. I quickly discovered that the forums just didn't work for me. The biggest issue was that I was working with nonprofits and folks interested in privacy and the forums were public. They couldn't post screenshots and confidential information without all that being public.

I found a WordPress-based plugin that ran a support ticket system within my main WordPress site, and I used that for about four years. But I kept having problems with it, and ironically for a support ticket system, their support was abysmal. I later found out that the plugin had changed hands multiple times and it was pretty much languishing out there unloved.

So, I bit the bullet earlier this year and went with a well-respected, mainstream cloud-based SaaS support service...

Help Scout does most of its support via email. Users come to my site and open a ticket, and then the rest of the conversation occurs in their email inbox. I did a survey of other prominent WordPress commercial plugins and theme sellers and most of them recommended Help Scout, so that's what I chose.

So far, it's pretty good. My only complaint is that because it's email-based, I can't always attach zip files to tickets. Some email systems don't accept incoming zip files. So now, I also have to use Dropbox to host zip files I want to share, and then I just include a Dropbox link into the support ticket.

Beyond that, though, Help Scout has been pretty much problem-free. It allows me to automatically set up workflows. One that I like a lot is an automatic script that runs thirty days after a ticket was last touched, which closes the ticket and then sends a note to the user letting them know the ticket has been closed, but they're welcome to reopen it.

The only problem with Help Scout is that it has very limited integration with WordPress. I wanted users to be able to initiate tickets (and as part of that, answer questions about what product they were using, what version, who their hosting provider was, and more). I also wanted them to be able to come back to their profile page on my site and see all their open and historical tickets.

The Pro version of a relatively obscure WordPress plugin called Help Scout Desk does just this. Most of the folks who recommended Help Scout had no idea this resource was available. I had to write a few PHP scripts to customize the data gathering, but all that worked nicely in context with Help Scout Desk. By combining Help Scout with Help Scout Desk, I got the user experience I wanted for my support system. It was a nice little discovery that became a total win.

Mailing list management

Unlike most site operators, I don't use my email mailing list primarily as a marketing tool. I use it to let users know about critical updates and changes to the plugins. Yes, I've done a few updates telling folks that there's a new add-on available, but because so many nonprofits rely on my software, it's much more important to be able to tell them when something (like how payment gateways process payments) is going to be changing.

Unfortunately, only about 10% of my users subscribe to the mailing list. As a result, after a big change, I still get a raft of tech support requests that cover the exact topic I'd previously explained in my update mailings. To be fair, 10% is actually higher than normal participation percentage, but I still wish it could be better. That said, I use a number of tools for managing emails and capturing subscribers.

Mailchimp manages my email outreach. They maintain the list of email addresses and do the bulk mailing when I wish to reach users. For this, I pay them a monthly fee. Mailchimp does have a free tier, but I found I had too many email subscribers to remain eligible for the free tier (and, ironically, not enough email subscribers to reduce my tech support ticket load).

Mailchimp also provides a UI for composing mailings, and a wide variety of campaign tracking tools, most of which I haven't needed to use. The service also had an opt-in confirmation feature I enabled. That way, if one of the plugins mentioned below adds a user to the mailing list, that user has to proactively grant permission before mail is sent to the user's email address.

As with Help Scout, the Mailchimp SaaS service doesn't automatically integrate with WordPress. Instead, I use a number of different plugins to enable that integration. They include:

  • EDD Mailchimp: Mentioned above, part of the shopping cart software. Automatically (with confirmation, of course) subscribes customers to my Mailchimp list when they purchase products 
  • Bloom: This came with my Divi license and it presents a pop-up email subscribe box when users scroll 30% or more down a webpage, or when they linger on a webpage for a few minutes or more.
  • Divi block: DIvi has an email subscribe block that I've placed at the bottom and side of relevant pages to encourage users to subscribe.
  • MC4WP: Mailchimp User Sync: This synchronizes my user list with Mailchimp. That way, when someone creates a tech support ticket, they get added (subject to opt-in confirmation) to the mailing list. This plugin requires MC4WP: Mailchimp for WordPress, which, like Bloom, adds sign-up features. I've disabled all the sign-up features and use it simply to drive the user sync capability.

Marketing support

I don't do a whole lot of marketing beyond the listings of plugins on the WordPress plugin repository and some occasional social media promotion, but I do use a few plugins on the site to encourage some marketing activities. Let's take a look.

Monarch is another plugin from the Elegant Themes folks (who make Divi). This plugin creates a series of social sharing and social following buttons on the site. Social sharing buttons are like the buttons at the top of this page -- they let users easily post the current page or post to their own social feeds. Social following are buttons that users can press that subscribe them to your social networks as a follower. 

Except for Facebook. Facebook doesn't allow tools like this for personal Facebook pages, but if you do have a Facebook business page, you can use it.

Image: Sandhills Development

My latest addition to the site is AffiliateWP, a plugin that integrates with my ecommerce system and manages affiliate partners. Those who wish to promote the add-ons can sign up, and when they send a buyer to my site, they would get a commission.

AffiliateWP cost a little over $200 for this year, and so far it's on track to pay for itself... never. I've had it installed for a few months, managed to sign up one partner, and haven't had a single sale referred over. This isn't the fault of AffiliateWP, because I don't have the time to cold call possible partner sites and pitch the affiliate plan. If you do have a team that can do this sort of promotion, you'll probably do better. In that case, AffiliateWP, in concert with Easy Digital Downloads, might be a viable solution.

Additional tools for managing look and feel

In addition to the Divi theme, I use quite a few plugins to tweak certain aspects of how the site looks to visitors. Here's the list:

  • Crayon Syntax Highlighter: This plugin hasn't been updated for a while, but still works for me. It creates a text field that highlights code syntax appropriately for the language presented. I have an API built into my donations plugin, and this allows me to postcode that presents syntax highlighting automatically.
  • Divi Bars: This allows me to create a highlight bar at the top of my site. I often do this to spotlight key version changes or updates people need to know about.
  • Hide Admin Bar from Non-Admins: Normally, in WordPress, when a user logs in, a black admin bar is presented on the top of the page. Since my users are only support users or buyers, there's no reason for them to see that admin bar when they're on the site. This little plugin makes the bar go away.
  • TablePress: This is one of my favorite plugins. Making HTML tables is always a pain, and even if your theme supports tables, they're still a pain. TablePress is a complete system for editing, managing, and presenting tables. I use this for feature comparisons and lists of API calls. Can't recommend it highly enough.
  • Theme My Login: TML is a plugin that allows you to change how the login page looks. I didn't want users to have to go to a special page for logging in. I wanted to present it as part of the support pages. TML allows this to happen. Theme My Login also has a number of add-ons. I'll show you the ones I use below, in the security section.

Additional tools for managing security

The single most important way you can protect a WordPress site is by updating the WordPress core, plugins, and themes when updates are made available. Almost all WordPress penetrations come due to an exploit in older code. So if you keep your site up-to-date, you'll also help keep it secure. Here are some of the tools I use, beyond updates, to help me keep the site safe:

  • Backups: There are many backup plugins, but my hosting provider does daily backups for me.
  • ManageWP: This is a great tool, owned by GoDaddy. I use it primarily to update all my sites. Going through 12 sites and hand-updating them can be incredibly tedious. Instead, I just log into ManageWP and it does it all on one shot. It also has a variety of other tools that help manage sites and keep them safe. Worth a look.
  • BBQ Firewall: This plugin adds additional firewall protection to the site beyond the hardware firewall provided by the host. This tool protects against SQL injection attacks, executable file uploads, directory traversal attacks, unsafe character requests, excessively long requests, PHP remote/file execution, XSS, XXE, and related attacks, and bad bots, bad referrers, and a wide range of other bad requests.
  • Stop Spammers; My biggest problem with this site (and others I've operated over the years) are spammers who try to blast spam and other content through the site. This plugin helps reduce the level of spam. All-powerful, it's not. But it's part of my belt-and-suspenders approach to spam management.
  • Theme My Login 2FA: Allows me to require 2-factor authentication to admin users, but allows support users to login without 2FA (but they can enable it individually if they want to).
  • Theme My Login Moderation: Require users to confirm their email address or be manually approved. This is another part of my anti-spam system.
  • Theme My Login reCAPTCHA: Enables Google reCAPTCHA support on my registration and login forms. Yet another piece of my anti-spam puzzle.
  • User Role Editor: Many of the plugins I use to create specific user roles. This tool allows me to manage those roles and control the privileges each role is assigned.

Additional tools for site management

Finally, I use several plugins that tweak the site, help me manage it better, or add convenience in maintaining the site. Let's look at those now:

  • Admin Menu Editor: This lets you tweak the main WordPress admin menu, so if you want to move items around or bring more commonly used sections closer to the top, you can. 
  • Better Search and Replace: This is by Delicious Brains, one of the smartest makers of plugins for the WordPress community. It allows you to search and replace the WordPress database and make changes. You shouldn't use it often, but when you need it, you really need it.
  • Display PHP Version: This is such a simple little thing, but it's nice to be able to quickly ascertain the version of PHP the site is running. This does that.
  • Easy WP SMTP: When WordPress wants to send an email, it has to deal with a wide range of hosting environments and variables. This plugin helps cut through that and makes sending emails (like for password resets) much easier and more reliable. I use it primarily for new user registrations, password resets, and to send purchasers their license code information. I use Mailchimp for mailings in volume.
  • Enable Media Replace: The default interface for images in WordPress requires you to delete an old image before uploading a replacement. This saves time by allowing you to simply replace one image with another. It's another simple, but time-saving tweak.
  • Simple Page Ordering: This is another reordering tool, this time for pages in the Pages section of the admin menu. It allows you to move more commonly modified pages to the top. Yet another time-saver.
  • User Switching: This is an enormously helpful plugin for sites with different user roles. It allows you to switch to another user on the fly so you can see how the site is presented from that user level, make sure the right elements are hidden and other elements are showing. I used this a lot when setting up Help Scout to make sure users could get to their support tickets.
  • Widget Clone: Here's another time-saver. This one allows you to duplicate a widget (a type of WordPress UI element used a lot on sites). Some widgets are pretty complex and this saves having to reproduce all the settings.
  • WPCrontrol: WordPress has its own cron (automatic code execution) system. Normally what runs is pretty opaque to site operators, but if you have this plugin you can not only see what's scheduled to run but modify the cron as well.
  • Yoast Duplicate Post: Like Widget clone, but for posts and pages. It simply duplicates everything in a post or a page and lets you modify it later. It works well for pages and posts, but when I used it to duplicate a product listing, I kind of fell down a rabbit hole (which the EDD support folks thankfully dug me out of). Don't use it to duplicate product post types.

In addition to these tools, I also wrote three custom plugins that run the site. One creates a bunch of useful custom shortcodes I use on the site, one gathers and manages telemetry data from my users, and the last one contains lots of little site tweaks, like the setup code for the help desk software.


Well, if you made it this far, congratulations! As you can see, an active website has a lot of components that all have to work together. Just keep in mind that I've been running this site for about seven years. It didn't burst onto the web with all these capabilities and components. I work on the site a few times each year, improving it over time. If you set up a site and run it for a few years, your site will become more capable and reliable over time as well.

What about you? Are you running a WordPress site? What are some of your favorite plugins, themes, and features? What are some of the problems you're trying to solve or some of the lessons you've learned? Share with us in the comments below.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Editorial standards