Frequently Asked Questions

Usually, yes — but not always.

WordPress powers over 40% of the web for good reason: it’s flexible, well-supported, and cost-effective for most business websites, blogs, membership sites, and e-commerce stores.

But it’s not the right tool for every job. If you need a highly interactive web application, a mobile app backend with minimal content management, or something with very specialized performance requirements, there may be better options.

We’ll give you an honest recommendation during our initial consultation. If WordPress isn’t the right fit, we’ll tell you — and point you in the right direction.

WordPress.org is the open-source software you download and install on your own hosting. Full control, full flexibility, unlimited customization. This is what we work with.

WordPress.com is a hosted service run by Automattic. It’s easier to get started with, but comes with limitations on plugins, themes, and custom code depending on your plan.

If you’re currently on WordPress.com and need more flexibility, we can help you migrate to a self-hosted WordPress.org setup.

Yes, when properly maintained.

WordPress core is actively maintained by a large security team and receives regular updates. Most WordPress security issues come from outdated plugins, weak passwords, poor hosting, or skipping updates — not from WordPress itself.

We implement security best practices on every project and offer ongoing security maintenance through our retainer plans. See our security question above for specifics.

Yes. WordPress powers over 40% of the web and has a massive ecosystem of developers, plugins, and hosting providers. It’s not going anywhere.

The platform has evolved significantly — the block editor, full site editing, and the REST API have modernized how WordPress sites are built and managed. It’s a far more capable platform than it was five years ago.

That said, we’ll always recommend the right tool for the job. If your project would be better served by something else, we’ll tell you.

You own your hosting directly—no markup, no middleman. Some agencies bundle hosting to lock clients in or pad margins. We’d rather you have full control.

We’ve seen clients pay thousands to recover their own websites from unresponsive developers or lose everything when an agency’s server disappeared. Both were avoidable.

We advise on hosting setup, optimization, and migrations. We have experience with dozens of web hosts; our favorites include Kinsta, WordPress VIP, WP Engine, Linode, DigitalOcean, Cloudways, AWS, and Cloudflare across WordPress, custom PHP, and static site deployments.

We prefer hosts that support modern deployment workflows (Git, CI/CD, SSH/rsync) over legacy FTP-based setups. (It’s amazing that those types of hosts still exist.)

And for WordPress, we suggest managed hosts such as Kinsta, which offers top-tier 24/7 chat support, solid backups, and security.

We’re happy to recommend a provider and help with configuration, but the account stays in your name.

Yes, monthly retainers are available with guaranteed capacity.

Includes development, consulting, support, maintenance, and security.

We’ve worked with a wide range of industries, including but not limited to:

Banking & Financial Services
Healthcare
E-commerce
Education
Wellness
Travel
Networking
Advertising & Marketing
NGOs

In short, we have broad experience and do not focus on any single industry.

Yes. We’ve built WordPress solutions for healthcare organizations, including patient-facing portals, provider directories, appointment systems, and API integrations with healthcare platforms.

We build with HIPAA considerations in mind — proper data handling, access controls, encryption, and hosting recommendations — but we are not a HIPAA compliance auditor. We recommend working with a compliance specialist for formal certification.

Yes. Financial services is one of our most active sectors. We’ve built custom integrations with banking platforms, loan application workflows, secure customer portals, and marketing automation for banks and fintech companies.

We understand the security requirements, compliance expectations, and approval processes that come with financial services development. We’ve worked with banks of various sizes and are comfortable with their vendor review processes.

Yes. We build with accessibility best practices including semantic HTML, ARIA attributes, keyboard navigation, color contrast compliance, and screen reader compatibility.

We target WCAG 2.1 AA compliance and can work with your accessibility auditor or recommend one. Full WCAG compliance requires ongoing attention — it’s not a one-time checkbox — so we can include accessibility maintenance in a retainer if needed.

Yes. Data migrations and platform transfers are a core service.

We’ve migrated from Drupal, Joomla, and other popular CMSs, as well as proprietary and in-house CMSs, static sites, and legacy platforms, to WordPress.

Includes content migration, URL preservation, SEO maintenance, and custom functionality replication.

We specialize in WordPress, but also take on development and AI projects outside of WordPress when they’re a good fit. Recent work includes headless architectures (WordPress + Hugo), standalone AI tools, and rescuing stalled projects built in various tech stacks.

Yes. Two ways:

AI-powered solutions: We build AI integrations and tools for clients, including content generation, lead analysis, workflow automation, and API integrations. See our AI Integration & Development page.

AI-enhanced workflows: We use AI tools to accelerate our own development process, reducing costs significantly. Clients may opt out in writing at any time. See our AI Policy for details.

Yes. Custom plugin development is one of our core services.

We build plugins for specific business needs — CRM integrations, custom workflows, payment processing, reservation systems, and data syncing between WordPress and third-party platforms.

We don’t build plugins for the WordPress plugin directory. We build tools that solve a specific problem for a specific business.

View examples on our case studies page.

Yes. We build custom WooCommerce solutions including payment gateway integrations, custom product types, shipping logic, subscription workflows, and third-party platform syncing.

We don’t do WooCommerce theme customization or store setup — we focus on the custom development side when a store needs functionality that doesn’t exist out of the box.

Yes. We build custom blocks and block patterns for clients who need specific content editing experiences beyond what’s available in core WordPress or existing plugins.

This includes blocks with dynamic data, API integrations, and custom admin interfaces.

Yes. Third-party integrations are a significant part of our work.

We’ve built integrations with HubSpot, Salesforce, various banking platforms, healthcare systems, payment processors, marketing automation tools, and custom internal APIs.

If your system has an API, we can connect it to WordPress. If it doesn’t, we’ll find another way or tell you upfront that it’s not feasible.

Yes. We build custom REST API endpoints, extend the existing WordPress REST API, and integrate WordPress with external systems via API.

This includes headless WordPress setups, mobile app backends, and custom admin tools that communicate with WordPress through the API.

Yes. We optimize WordPress sites for performance including database query optimization, caching configuration, asset optimization, lazy loading, hosting recommendations, and identifying plugins that slow things down.

We focus on measurable improvements — Core Web Vitals, server response times, and real-world load times — not vanity scores.

We have experience with WordPress multisite, but we generally advise against it unless there’s a clear operational reason for it. In most cases, individual WordPress installations are easier to maintain, more flexible, and less prone to unexpected issues.

If multisite is genuinely the right fit, we can build and manage it. We’ll give you an honest assessment during discovery.

Yes. You own all custom code we write for your project. It’s yours to use, modify, or hand off to another developer.

We don’t hold code hostage. You get access to your codebase, and we document everything so you’re never locked in.

The only exception is if we use our own pre-existing libraries or open-source components, which are licensed separately. We’ll always be transparent about this.

Yes. All custom code includes inline documentation and, for larger projects, external documentation covering architecture decisions, setup instructions, and maintenance procedures.

We write documentation for two audiences: your team (how to use it) and future developers (how it works and why we built it that way).

Yes. We regularly collaborate with in-house teams, other vendors, and agency partners.

We work within your existing workflows — your Git repos, your project management tools, your communication channels. We don’t require you to adopt our stack.

For agency partnerships, we offer white-label arrangements where we operate as an extension of your team.

After launch, we monitor the site closely for the first 30 days and fix any bugs at no additional cost.

Beyond that, we offer monthly maintenance retainers for ongoing development, security updates, performance monitoring, and support. Many clients transition from project work to a retainer after launch.

If you prefer to manage things yourself or hand off to another developer, we’ll provide documentation and a clean handoff.

Yes. We integrate AI capabilities into WordPress sites and build standalone AI tools. Examples include automated content generation, intelligent form processing, lead scoring, and API integrations with OpenAI, Anthropic, and other providers. See our AI Integration & Development page.

Yes. We take over half-finished AI projects—whether built in Replit, Cursor, or by a previous developer—and bring them to production readiness. This includes code cleanup, proper architecture, documentation, and deployment.

Yes. We identify the point of entry, remove malicious code, harden the site, and implement monitoring to prevent future incidents.

We also assess whether your hosting environment, plugins, or access controls contributed to the breach and recommend changes.

If the site is beyond repair, we can rebuild from your most recent clean backup.

Yes. We regularly take over projects from developers who’ve moved on, gone unresponsive, or delivered work that isn’t up to standard.

We start with a code audit to assess what we’re working with. Then we provide an honest assessment — what’s salvageable, what needs to be rebuilt, and what it’ll cost to get things where they need to be.

No judgment on the previous work. We just focus on getting your project back on track.

Yes. We’ll diagnose what’s causing the slowdown — whether it’s hosting, database queries, bloated plugins, unoptimized images, or poor caching configuration — and fix it.

We measure results with real performance data, not just PageSpeed scores. If the problem is your hosting provider, we’ll tell you that too.

Yes. We perform technical audits covering code quality, security vulnerabilities, performance bottlenecks, plugin conflicts, hosting configuration, and update compliance.

You’ll receive a written report with prioritized recommendations — what’s critical, what’s important, and what can wait.

Audit findings can lead into a maintenance retainer or a project engagement, but there’s no obligation.

We build custom solutions tailored for each client. There is no “one price fits all”.

We share example price ranges on our pricing page, but each client we assist receives a solution and price explicitly tailored to their needs.

$150 standard, $225 after-hours

Visit our pricing page for details on project-based pricing and monthly retainer options.

Both. Smaller projects are typically fixed-price after discovery.

Complex projects begin with a paid discovery phase (credited to project cost), followed by an hourly rate ($150/hour) or a fixed-price option, depending on the scope’s clarity.

Monthly retainers available for ongoing work.

The discovery phase ensures we understand your requirements before any development begins.

For small hourly tasks, micro projects, and/or those with a well-defined scope, discoveries are typically free — an email or call for a quick consultation to review the requirements.

For complex projects, a paid discovery phase is required. This involves meetings to discuss business requirements and goals. It requires access to the current website and web host for a review & technical audit, consulting, research, and ultimately a deliverable—a detailed estimate and a roadmap for your project.

All paid discovery phases will be credited towards the final project cost.

Video conferencing for discovery, planning, and regular updates as needed

Email or Slack for day-to-day communication

Trello (or your preferred platform) for project management.

Screen sharing for technical demonstrations.

Reference documents available for offline review.

Written documentation of all decisions and requirements

1 business day response times.

Changes are reviewed, estimated, and approved before implementation.

Fixed price projects:

Minor adjustments may be absorbed; larger ones require a change order.

Hourly projects:

Estimates adjust as needed, and you simply pay for the additional time as we go.

Small hourly tasks: A few business days

Small to mid-sized projects: A few business days to a few weeks

Complex and/or Enterprise projects: Several months or more.

Regular WordPress core, theme, and plugin updates

Security vulnerability scanning

Malware detection and removal

Access control and user role management

Two-factor authentication implementation

Strong password enforcement everywhere

SSL/TLS certificate management

Database security hardening

File integrity monitoring

Audit trails for everything

Principle of Least Privilege

Backup and disaster recovery planning

Secure payment gateway integration (e.g., Square,Stripe, PayPal, Authorize.net, etc.)

No credit card data stored on server (tokenization)

SSL/TLS encryption

Secure hosting environment

Regular security updates

PCI-compliant hosting recommendations

See Data Protection & Security section on our Privacy Policy.

Yes. Geographic location doesn’t affect the quality of WordPress development.

We use the same processes for clients in New York City, Los Angeles, Chicago, and 350+ other cities.

Many clients have worked with us for 15+ years without ever meeting in person.

No. 84EM serves clients across all 50 US states and around the world.

While headquartered in Cedar Rapids, Iowa, we’ve successfully collaborated with businesses since 2012 through video conferencing, screen sharing, and modern project management tools.

Not typically. WordPress development doesn’t require on-site presence. All work is done with video conferencing for meetings and screen sharing for technical demonstrations. This keeps costs lower and delivers faster results.

We’re in Cedar Rapids, Iowa.

US Central Time (CT).

Development and support hours: 6 AM – 6 PM CT Monday – Friday

Office Hours: 8 AM – 5 PM CT Monday – Thursday, and 8 AM – 12 PM CT Friday