Website Development

What is the cost of a WordPress website?

“I need a new WordPress website. How much is it?”

It’s a question I get asked frequently – with the answer never getting any simpler.

Recently, the question was changed up – and it made me sit and think more, if only for a few extra seconds.

Instead of asking “how much is it”, I was asked about the costs involved in a WordPress site.

Yes, fundamentally it’s the same thing – but the shift in the approach to the question made me sit down and actually consider all of the costs to an individual, as opposed to what the project cost would be.

I threatened the person who asked me that question with a blog post… so here goes.

Domain Name – from £6 per annum

The domain name is the easy-to-remember address for your website (and you’ll probably also use it for your email addresses, too) – so don’t make it too long, make it memorable and make it relevant and appropriate!

There are lots of top-level domains available, now, including some specialist ones like .accountant, .agency, .football and geographical ones like .london

Of course, the more familiar .com and .uk continue to exist, too.

Remember, you are only renting your domain, so make sure you get as many years as you can afford up-front or, alternatively, set a reminder in your calendar for the month before it’s due to expire.

Try not to shop around too much for your preferred domain. Some domain registrars will register a domain themselves if they have a high interest in a particular domain. This allows them to then set a higher price on the value of the registration, with some domains I’ve witnessed jumping from $6/yr to over $600/yr.

Hosting – from £5 per month

Another on-going fee, this time for the storage location of your website.

Even if your website is developed locally, i.e. on your network, it still needs somewhere to live where any-and-all computers connected to the internet can access it.

Many websites will be more than happy being housed on shared hosting – helping to keep your monthly hosting bill to a minimum.

For more robust hosting – e.g. where e-commerce is taking place or there are frequently high visitor numbers – either dedicated or a VPS hosting service would be more appropriate.

These services will typically be priced from £10+ per month, dependent upon your specific requirements.

Again, shop around for the best deal (not just the £ value, but also the specification of the server you’ll be using) – but without fear.

SSL Certificate – from Free

There was a time not too long ago when web hosts and domain registrars charged upwards of £50 per year for an SSL Certificate.

Not any more.

LetsEncrypt changed all of that, and now more hosts are offering basic SSL Certificates free of charge.

These certificates, whilst providing 256-bit encryption, may not be suitable for all websites as they don’t usually provide an insurance value should things go wrong.

Still, unless you’re handling card details yourself and need to be PCI-compliant or HIPAA-compliant, the free certificates will more than suffice.

WordPress – Free

Yes, WordPress is Open Source and so is free of charge for you to use. Nothing to pay for this software as-is. However, you may be charged for some plugins (more on that later).

Theme – from Free

So, this is where the WordPress-specific expenses start creeping in.

If we want to keep the costs to a minimum, there are plenty of free options available. At the time of writing, there are in fact 1100+ free themes inside the theme repository.

Some of these themes, however, will be freemium, meaning that you can use the free version but pay for some more added functionality.

There are also many premium themes available across a number of different markets. One of the most popular, ThemeForest, has over 1900 categorised as “Business” themes, and over 2000 categorised as “Blog”.

Premium themes typically start from around $49 (plus VAT if you’re in the UK) with a license that allows you to receive updates for 12-months from purchase.

Plugins – from Free

WordPress plugins extend the functionality of your website, allowing customisation dependent upon your specific needs and requirements.

Just like themes, plugins come in three price categories: free, freemium and premium.

Plugin development is far more extensive than theme development, so the choice and selection is vastly different with many duplications of functionality occurring.

To put this into context, the Plugin repository of at the time of writing, has over 50,000 free or freemium plugins available.

ThemeForest’s sister website, CodeCanyon, is an excellent source of premium plugins, listing over 7000 at the time of writing.

These plugins include categories such as SEO (to help improve rankings), post and page sharing, image galleries, contact forms, image compression, directories and calendars.

Many of the more common plugins, such as SEO and contact forms, have some fantastic free plugins available; more functionality or more specialised requirements may demand a price tag, however – typically starting from around $20. Once again, check the license to ensure you receive updates to the plugin as they’re released.

Backups – from Free

There are several reputable Backup plugins available, the majority of them being freemium versions.

The free version may suffice for smaller websites, but storage space will still need to purchased from somewhere – e.g. Amazon (AWS), Google (Google Drive), Dropbox or Microsoft (One Drive).

Some of the paid backup plugins come with storage space included.

Please, don’t rely on your website host company for backups. Yes, their servers will be backed up, but it is essential that you keep copies for yourself just in case anything goes wrong with the host’s backups or if, for some reason, you aren’t able to get in touch with the host company.


So, there you have it.

If you’re looking for a simple blogging platform or a simplistic business website, you could have a WordPress-powered website up-and-running for less than £100 per year if you’re prepared to do it yourself.

Hiring someone to get such a site set up may be a better option for the less experienced person – and they should help to ensure the site is submitted to the search engines, configured for receiving emails and is secure using SSL and backups.


Spoofing attacks on Instagram

Little Red Riding Hood. We all know the story, right?

Innocent little girl gets fooled by a wolf into thinking that her granny is lying in bed, sick. Meanwhile, said wolf has actually eaten the granny, and lying in wait (in the granny’s clothes) for the girl to visit.

This is a spoof attack – albeit a simplistic one.

And this type of attack occurs on- and off-line.

I’ve become aware this past week of a number of bloggers and social media influencers falling victim to spoof attacks, all of a similar nature, which has culminated in them being blackmailed for up to £3000 or losing access to their prized Instagram accounts.

Some of you may be wondering what the “big deal” about losing access to your Instagram is. For many, it won’t make much difference – may be losing access to a couple of hundred photographs.

For others, it’s their last five years (and more) work; it’s building an audience, a clan, that buys their products or courses.

We, of course, also know that some big companies pump some big money into marketing on these platforms with these influencers as their billboard.

So yes, it’s a big deal.

The scam, though, is relatively simplistic.

It starts with the target receiving an email offering the opportunity to collaborate with a well-known brand. Cleverly, the email links to the brands Instagram page – but doesn’t actively encourage you to visit Instagram. Instead, it links to the “company’s store” – with their Instagram URL as the text.

(for the sake of those searching their preferred search engine to find out more, I’ve included the email below):


I am creative and ad manager from @instagram-username. I’ve been following your blog since 2017.

I show your recent post to creative director of @instagram-username . Your recent post really resonated with me and my team, and we have an offer to you. We thought it was something our (@instagram-username) audience would appreciate, so we want to buy advertisement on your page with photo in our outfit and with mark of our brand.

Our outfits for advertisement you can find here: [instagram URL here, with a link]

I wanted to get in touch with you to discuss details of collaboration that would bring value to both our audience.

Creative and AD manager (@instagram-username)
ProSMM Team, New York

Once you click the link, you land on the Instagram login page.

The 'Instagram' login screen
The login screen presented after clicking the link in the email

Enter your login details to access the company’s Instagram profile and, sure enough, you get redirected to the company’s profile – verified, thousands of followers, thousands of photos, all legitimate.

But, let’s back up a bit. Where’s the hack? I’ll give you 10 seconds.

Worked it out, yet?

No, not some dodgy software downloaded in the background. Nor is it cookies-related.

The Instagram login page you enter your details into isn’t actually an Instagram login page.

The fake Instagram login page
Check the address bar – that doesn’t look like

It’s spoofed. It’s a fake.

The real Instagram login page
The real Instagram login screen

Entering your login details actually sends them directly to the hackers. Your username and password stored with them forever. They probably get alerted, too, that someone else has fallen for their trick and – whilst you browse the profile you landed on – they quickly log in to your account and change your password and email address.

So simple, right?

Shortly afterwards, you’ll receive an email stating they’ve taken control of your Instagram; you can’t request a forgotten password email – because they’ve changed the email address on the account. But you can get the account back for however-much-they-want – or face having the whole account deleted.

For added pressure, they throw in a time-limit too.

Meanwhile, they’re probably probing Facebook, Twitter, your website and countless other websites and services with your username, email address and password you just handed them to see if they work over there, too, because over half of internet users surveyed in 2018 admitted to using the same password for all of their accounts.

Don’t become a victim.

  1. Don’t use the same password for every account you have. Use a password manager like LastPass to generate and store your passwords securely. Using something like LastPass means that you only need to remember one password (the master), and implementing 2-factor authentication too means that you make it virtually impossible for anyone to access your accounts.
  2. Check the email sender address. If they’re claiming to be from company XYZ, their email address is likely to be [email protected] – not [email protected] or similar. Also, does the “name” of the email sender match the name they use in the actual email content, either when introducing themselves or bidding farewell?
  3. Unless you were expecting an email or SMS with a link included, don’t click on the link without checking it out first! Right-click on the link and choose “open in incognito window” or “open in private tab”, then check the URL in the address bar. Does the address match where you were expected to go?
  4. If you aren’t sure about a link in an email, type the website address in yourself manually.
  5. Before entering a password or username, check the website address bar for a padlock and/or “https://”. This means the connection is secure, making it more difficult for criminals to intercept the information.

If you aren’t sure, don’t click or enter details. It’s OK to leave it and ask for advice from a family member, friend or associate.

Fallen victim to a spoof attack? Contact the website’s support team immediately and, where appropriate, the police or Action Fraud (for example, where financial transactions have occurred).