The Long and Short of It: Choosing the Right URL in 2026

January 15, 2026

Author: Sean H.

Remember when everyone said your domain name had to be short, snappy, and memorable? Well, the internet has changed, and so have the rules for choosing a URL. Let’s talk about what really matters when selecting a domain name today.

The Google Effect: Why Short Isn’t Everything Anymore

Here’s the truth: people don’t type URLs into their browser bar like they used to. Instead, they Google you. They search for your pizza place, your law firm, or your handmade soap business, and Google delivers your website right to them. This fundamental shift in how people find websites has made the old “keep it short at all costs” advice less critical than it once was. A domain that is just an acranym, might not serve you as well as one that has your full name now, and there a quite a few reasons why.

That said, you still want a URL that’s easy to write and looks professional on your business cards, brochures, and promotional materials. Nobody wants to see “www.bestpizzaandgrindersandcookiesinthewholecityofLouisvilleKentucky.com” crammed onto the side of a pizza box. But could you get away with something longer than the traditional wisdom suggests? Absolutely.

When Long URLs Work (and When They Don’t)

Take a look at some pizza boxes next time you order delivery. You might see URLs like “joespizzaandgrinders.com” complete with stop words like “and” that SEO experts once told you to avoid. Does it hurt their business? Not really. Customers find them through Google Maps, delivery apps, or word of mouth. The URL on the box is just one more touchpoint, not the primary discovery method.

But here’s where it gets interesting. Someone out there owns the domain chargoggagoggmanchauggagoggchaubunagungamaugg.com. Yes, really. It’s the name of a lake in Massachusetts (also known as Lake Webster, for obvious reasons), and it’s been registered since 2010 to a Bill Murray from Greenville, South Carolina.

Now, before you get too excited, this is probably not that Bill Murray. The famous actor has strong ties to Charleston, South Carolina, where he owns a home and serves as part-owner and Director of Fun organizations locally, but it’s also a common name so who know.

It would definitly track with his long history of excenrtric endevers so for the fun if it maybe it was him? If so, what could the beloved actor possibly be planning with a 45-character domain name? For that matter what would anyone being doing with something so unweldy? We’d love to know. Sadly, there’s no website up at the time of this writing, just the tantalizing mystery of what could be.

Funny or long website URLs chargoggagoggmanchauggagoggchaubunagungamaugg.com that someone owns

The .com Question: Does Your Extension Matter?

For years, .com was king. It still carries weight, particularly for businesses targeting American audiences. People trust it. They expect it. When someone hears your business name, they’ll often default to typing “.com” at the end, much like adding the antiquated “WWW” to the start, although that is a whole other issue for another article.

Custom extensions have become more accepted. A tech startup using .io or .ai? That’s expected. A creative agency with a .design domain? That can actually enhance your brand. A local business using .local or your city extension? That makes sense too.

The key is context. If you’re a traditional business targeting general consumers, .com is still your safest bet. If you’re in a niche industry or targeting a tech-savvy audience, a relevant custom extension can actually work in your favor.

Keyword Stuffing: Should You Load Up Your Domain?

Here’s where modern SEO comes into play. Google is smart enough now that stuffing your domain with keywords like “bestaffordableplumbersinKentuckyandSouthernIndiana.com” isn’t going to boost your rankings the way it might have in 2005. In fact, it might hurt your credibility.

Instead, focus on:

Brandability: Is your domain name something people can remember and recommend?
Clarity: Does it clearly communicate what you do or who you are?
Legitimacy: Does it look professional enough to build trust?

A domain like “smithplumbing.com” beats “bestcheapplumberLouisville.com” every time because it’s cleaner, more trustworthy, and easier to recommend.

A Note on Domain Privacy

Here’s something worth considering when you register your domain: privacy protection. When we looked up that Lake Chargoggagoggmanchauggagoggchaubunagungamaugg domain, we found the registrant’s name and location because domain privacy wasn’t enabled.

Was this just a wild hair research tangent while writing about funny long domains? Absolutely. Did we stumble on something potentially interesting, perhaps a connection to a famous actor? Probably not. But we’ll enjoy the fun of it all anyway.

The point is, domain registration information is public unless you pay for privacy protection. If you value your privacy or don’t want unsolicited contact from domain brokers and marketers, it’s worth the small additional fee.

So, What’s the Verdict?

In 2026, here’s what really matters for your URL:

Make it easy to spell: If you tell someone your URL verbally, can they spell it correctly on the first try?
Keep it pronounceable: Can people say it out loud without stumbling?
Make it look good in print: Will it fit nicely on business cards and promotional materials?
Choose an appropriate extension: .com is safe, but context-specific extensions can work well too.
Skip the keyword stuffing: Focus on brand and clarity instead.
Consider privacy: Protect your registration information if that matters to you.

The beautiful thing about the modern internet is that there’s more flexibility than ever before. You don’t need to stress about finding that perfect six-letter .com domain. Google will help people find you regardless. Just choose something that represents your brand well and makes sense for your business.

And if you happen to own a ridiculously long or funny name domain and want to do something fun with it, reach out, especially if you happen to be one of our favorite comedy actors, which, fun fact, shot parts of the movie Stripes right here in our Downtown office location at the Normandy Buisness Center!

Dollars to Donuts, we bet that paper “bill” is not what you think.

January 9, 2026

Author: Sean H.

Is the Domain Notice in the Mail a Scam?

We get calls about these all the time. A client receives something in the mail that looks like a bill for their domain registration. It has their domain name on it, an amount due, a payment deadline. It looks official, but is it? They ask us, is it a scam, and sometimes it is. Sometimes it is just an advertisement. Sometimes it is junk.

Most of the time, it is not a bill for something they want.

Now before you lawyer up, keep in mind that if we have not seen your “bill”, we can’t verify anything, but stay with us, we can walk you through how we assess these paper surprise invoices and mystery expenses.

Here’s the Thing About Domains and Hosting

You almost never get paper bills for this stuff. When you set up hosting or register a domain, you put a credit card on file. At most you get an email saying it renewed automatically, or occasionally asking you to update your payment method. That’s it. It doesn’t track for a digital business who offers online services to send you… paper. That would be as silly as them sending you a fax. It’s just silly, and very very unlikely.

So when a paper notice shows up asking for $$$ for your domain, your hosting, or your website listing, that should feel strange. Because it is strange.

A Real Example

A client recently sent us one of these letters. It’s from a company called “Domain Listings” and it looks very much like an invoice to them. There’s a domain name, a service period, a total amount, a payment slip at the bottom.

But if you read the print, buried in a paragraph, it says: “We are not a domain registrar, and we do not register or renew domain names.” A little further down: “THIS IS NOT A BILL.”

They put that in there because legally they most likely have to. But they designed the whole thing a certain way, and our clients call us and say they think it looks like a bill. Is it a bill? Maybe. Is it a bill for a service you want or need? Probably not, but you can decide that for yourself once you know what it is for and what it is not for.

What are they actually selling? Well in the one we received from our client to review for them, it appeared to be listing in some internet directory for $288 a year. Did he want that? Well, after understanding what it was, no he didn’t. And he was frustrated with having to take the time to figure that out. He said, “I hate theses stupid scams!” and that is how a lot of people feel.

rScams DOMAIN LISTINGS still at it. Looks a lot like Reddit

So why do these get sent out if you don’t owe anything? Well, we can only speculate of course, but these companies would not keep mailing these out if people weren’t paying them. That’s the frustrating part. Are these people paying because they think they owe the money? Are they paying because they wanted an unsolicited service? Possibly. Is it a scam? Well, that is complicated. They do seem to be offering a service. If someone wants that service and they receive it after paying well, who are we to judge, but if you pay for something because you don’t understand it and you get something you don’t want, well that is another thing.

How to Protect Yourself

If you get a paper notice about your domain or hosting, don’t panic and read it carefully. If you get an email, don’t click the link in the message, go to the source and keep excellent records.

Instead:

Keep a record of where your domain is registered and where your hosting lives. When something comes in, check your records. Go directly to the website by typing the address yourself. Log in and make sure everything looks right.

If you’re not sure, give us a call. We’re happy to look at whatever you received and tell you if we think it’s legitimate or not. There’s no charge for that. We’d rather spend five minutes on the phone than watch you lose $288 to something you didn’t need or want.

The Short Version

Paper bills for domains are almost always worth looking at with a skeptical eye. Keep records of your actual services. Go directly to your registrar or host to verify anything. And when in doubt, ask someone you trust.

Save yourself the headache.

Why Are We So Affordable? (But Not Cheap)

January 5, 2026

Author: Sean H.

Sometimes people ask us how we keep our prices so reasonable. It’s a fair question. There are web developers out there charging $20,000 for a basic five-page website. We are not those developers.

Here is where we invest: good artists, good tools, good developers. That’s it. We can scale using trusted contractors when projects need it. We don’t mark up local services like hosting or photography. We just pass those costs along at what they actually cost, because adding a margin there felt strange to us.

What we really like is making genuine connections with people and figuring out exactly what you need. Not what sounds impressive in a proposal. Just the thing that will actually help your business or community.

What You Won’t Get From Us

We don’t meet in your office anymore. We don’t have a big office with a fancy boardroom. No chandelier. No barista.

That stuff is nice, I suppose. But someone has to pay for it, and it’s usually the client. We decided a while ago that wasn’t for us.

If you want to be wined and dined, we don’t mind that, but it’s not really our thing. What we get excited about is cool technology and making websites that actually work for you. That probably sounds less glamorous than a catered lunch meeting, but it’s honest.

So Why Aren’t We Cheap?

Affordable and cheap are different things.

Our work holds up. It’s built well. We use tools that aren’t proprietary locked-down services you get trapped in. We use standard products with excellent longevity because we know you want something great now and something great years from now.

Something you can keep updating. Something that can grow with you. Something you can edit and maintain yourself.

And here’s the part that matters: at the end of our relationship, you keep everything. No strings attached. If you want to work with someone else or need to bring it in-house, we make sure that process is easy. You maintain everything you’ve built over the years. It belongs to you.

One More Thing

We also focus on supporting nonprofits with free websites because it makes Louisville a better place to live. That’s not a business strategy, really. It just feels like the right thing to do. that is where we prefer to invest. It might not make us look fancy, but we are ok with that.

So no, we don’t have the fancy office. But we will set you up quickly, answer your questions honestly, and give you an excellent product for a great price.

Turns out you can have something that’s quick, affordable, and well-made. It just comes without the unnecessarily fancy overhead.

Why pay for your developer’s chandelier when you don’t have to?

Transition from call ads to responsive search ads with call assets

January 5, 2026

Author: Sean H.

Google Is Killing Call-Only Ads: Here’s What You Need to Do

If you’ve been running Google Ads for a while, you may have gotten an email recently with the subject line “Action Required: Transition from call ads to call assets.” Google has been talking about this change for a while, but now it’s official. Call-only ads are going away, and if you don’t make some updates, your ads will stop showing.

Here are the key dates:

February 2026 is when you lose the ability to create new call-only ads. February 2027 is when your existing call-only ads stop running entirely.

So you have time, but not unlimited time. Let’s walk through what this means and what you need to do.

First, Check If This Even Affects You

Not everyone needs to worry about this. Call-only ads are a specific ad type where the only thing the ad does is trigger a phone call. There’s no website link. When someone taps the ad, it just dials your number. These were popular with service businesses like plumbers, auto repair, locksmiths, and anyone else who just wanted the phone to ring.

If you’re running regular search ads that happen to have a phone number attached, you’re already set up the way Google wants. That phone number is a “call asset,” and you’re good to go.

To check, log into your Google Ads account and look at your ads. If you see ads that have a website URL and a phone number, those are search ads with call assets. You’re fine. If you see ads where the only action is “Call” with no website destination, those are call-only ads, and those are the ones you need to replace.

Why Google Is Making This Change

Google wants everyone using responsive search ads. These are the ads where you provide multiple headlines and descriptions, and Google’s system mixes and matches them to find the best performing combinations for different searches.

The old call-only ads were simple. You wrote your headlines, attached your phone number, and that was it. Google is moving away from that kind of static ad format across the board. They want the flexibility to test different combinations and optimize automatically.

Whether that’s actually better for your business is a fair question, but it’s the direction things are going and it is always good to stay in compliance.

How to Make the Switch

If you do have call-only ads that need to be replaced, here’s the process:

Start by documenting what you have. Look at your existing call-only ads and write down the headlines, descriptions, and which campaigns they’re in. Note the performance numbers too so you have a baseline to compare against later.

Next, create your call asset. Go to Assets in the left menu, then click the plus button and select Call. Enter your business phone number. You can set it to only show during your business hours, which is useful if you don’t want calls coming in at 10pm.

Then create a new responsive search ad in the same campaign or ad group where your call-only ad was running. You’ll need at least 3 headlines and 2 descriptions, but you can add up to 15 headlines and 4 descriptions. Use the copy from your old call-only ad as a starting point, then add variations.

Once your new responsive search ad is running with the call asset attached, let both ads run side by side for a few weeks. Compare the results. When you’re confident the new setup is performing well, pause the old call-only ad.

So to recap here is what you need to do:

Create responsive search ads with call assets.

This is the actual migration. You’ll need:

3-15 headlines (at least 3 required)
2-4 descriptions (at least 2 required)
A call asset attached at the campaign or ad group level with your phone number

Set up the call asset

This is under Assets > Call. You can set it to show only during business hours, which is nice for a service business like auto glass.

Let both run in parallel for a bit

Compare performance before sunsetting the old call-only ads.

Don’t Wait Until the Last Minute

You have until February 2027 before your call-only ads stop serving entirely, but I wouldn’t recommend waiting that long. Making the switch now gives you time to test and optimize. If something isn’t working, you want to find out while you still have your old ads as a backup.

If you need help with this transition or want someone to handle it for you, feel free to reach out.

What to Do When Your Meta Business Page Gets Hacked (And Why Prevention Is the Real Answer)

January 5, 2026

Author: Sean H.

We recently helped a client recover their Facebook Business Page after it was compromised. It was a multi-day process involving notarized documents, multiple support tickets, and a lot of patience. We got it back. But the experience reinforced something we already knew: the best time to secure your account is before anything goes wrong. Quick disclaimer, we don’t represent META or any of its many divisions or associates, we just know what we have seen, what was successful for us and what fail miserably. We also acknowledge that these systems and any observations we make about them are purely speculative and are little more than anecdotal, meaning we are not giving you advice, just sharing our story. Your mileage can, and absolutely will very. Proceed with caution.

This post walks through what happened, what we did, and what you can do to protect yourself, maybe.

What Happened

An admin on the client’s Facebook Page had their personal account compromised. Before that account was disabled, bad actors used the access to add themselves to the Business Portfolio and the Page itself. They added fraudulent admin accounts, removed the legitimate owners, and started running scam ads using the client’s payment methods.

The first sign of trouble was an email notification that an unfamiliar person had joined the Business Portfolio. By the time the client saw it, the damage was done. They had changed the name of the business page, created content on the compromised personal page that got it banned and started running scam ads on the business page. They added several different accounts to the business portfolio page and removed all access.

The attack was acute and executed quickly like a well oiled machine going through a process I can only assume has been done many time before. Everything happened within an hour and it was done late at night so the client wasn’t even aware anything had happened until the next morning.

The Recovery Process

We have recovered pages from hackers before. We have done this work privately for clients ranging from small nonprofits to Fortune 500 companies. It is not a service we offer publicly due to the risk and complexity involved. We only take on cases where we can verify ownership and where the account history shows strict compliance with Meta’s community standards. We also only work with assets with a minimum followership and a minimum previous platform investment due to the risk involved in the recovery process. Associating with banned assets an banned accounts in itself can be a risk factor and we can not guarantee success. All of that said, we know you are looking for solutions if you have read this far, let us walk you through what has worked for us and why. Just because might not be able or willing to recover your page, we are more than happy to help you try it on your own. But take heart, this is a task for the tenacious and patient.

Here is what the process looked like:

Step one: Stop the financial bleeding. The hackers were running ads on the client’s payment method. We advised the client to contact their bank immediately, block charges from Meta, and request a new card number. This is urgent. Do not wait for Meta to fix things before protecting your finances. META is actually really great about catching unusual spending and will likely disable the account quickly and require verification of payment before continuing, but there is no reason to wait. Secure any financial account you have attached to the compromised assets.

Step two: Document everything. We gathered page IDs, ad account numbers, Business Portfolio IDs, screenshots of the fraudulent admins as they were noted in the email notice when it was received, and evidence of ownership including business licenses and website records. This is a great time to show proof of you business ownership with notarized records and a copy of your ID. Also, before you submit your request clear your calendar. This is now your only focus for the next 12 hours because once you hit submit you are on call until the issue is resolved. We talk about this more in step three, but suffice to say, once you open a ticket, you are on the golden path, don’t step off the path because it can sometimes be your only opportunity to set this right.

Where do I find the Facebook Support Page?

Go to your Meta Business Suite and click on Help. Find a link to the Business Help Center page. This link can change so Google it or hunt for it in the help dashboard. Follow links like “Get Support” and look for your account overview. If you see a prompt, like “How can we help?” and it askes for “asset IDs” to get help you are in the right place!

Step three: Submit a support request. We went through Meta Business Suite to access the help and support tools. Here is where it gets tricky, you might not have access to this. Not all accounts have access to this level of communication and we call these accounts that do have this level of access, concierge accounts. If you do not have a concierge level account you may need to reach out to a trusted friend or a pro to help you get access to the secure META support portal. We don’t have any facts about who gets access and who doesn’t but what we have seen is concierge access level accounts tend to be owners of several pages which have a significant regular ad spend or other investment in the platform and have a pristine record. What is a pristine record? No community violations, and if you are not familiar with what these are you can read all about it. We wont share a link here because it often changes, but Google it and it should come right up. If you make it past this first hurtle, that is the most significant step to success. Keep in mind, that once you are in the chat, you are now on the right path, if you have a case number that is great, write it down and dont close the chat window!

Why can’t I close the chat window?

The support chat is not listed in your normal chat list. If you close it and you don’t know where to find it again, you may not be able to find it again!

What do I say when I first open my META support ticket? What should I upload?

If you have the opportunity to upload proof, this is your most essential opportunity to share everything they are going to need. Don’t blow it on a cellphone shot of your stolen page, write a report of exactly what happened, give evidence, show proof of ownership and provide pertinent details without any fluff. Keep it in an outline format and make it a PDF or a high resolution image. They will need all the ID numbers you can provide, one for your page, one for your ad account and one for your business portfolio. You should already have these, but if you don’t you can hunt them down using forensic data recovery techniques.

Step four: Be clear, brief, and persistent and give them all the information up front. Every message we sent was structured the same way: a short explanation of the problem, a numbered list of exactly what we needed Meta to do, and all the relevant reference numbers as well as proof of ownership. No life stories. No emotional appeals. Just facts and specific requests. The first few responses can feel generic and unhelpful but this is part of the process, you are on the right track, stay calm, be polite, and don’t fail to respond. Meta’s automated systems kept asking us to verify payment, which we could not safely do while hackers still had full control of the account. That is OK, they have to work through a process of elimination, starting with the basics and then escalating, sometime 3-4 or more times. Hang in there.

Step five: Escalate when necessary. We moved through several layers of support. AI responses, lower-level support staff, and eventually a specialist. Each time we were asked for more information, we responded within the hour. This process took days. Sometimes a request would come though after 4 hours sometimes after 2 days and you only have a short amount of time to respond or your chat request for more information of to make a confirmation. If you fail to respond in the time frame they need, they could close and resolve the case, which could add a new layer of complication, the cold period. We don’t really understand the cold period, but accounts that have a recently closed or resolved case can sometimes have difficulty opening anew case. For example, you submit a case, but you don’t respond in time to a request for more information or for a confirmation and so you try to open a new case, but when you try to submit your case, nothing. The page just opens a blank chat window. We don’t know if this a system issue or a dark pattern designed to reduce abuse of the support ticket services, but either way, once you have a case open and access to a chat window, don’t close the window and reply to every request IMMEDIATLY until your case is resolved.

My personal account was banned, how do I get support?

The hard answer is, banned personal accounts are some of the hardest accounts to recover. One, if your account is banned you have no way to access the recovery tools you need. This puts you at the mercy of a friend who can ask on your behalf, but that friend then opens themself up to risk if your account has community violations

Step six: Provide notarized proof of ownership. In the end, what unlocked the recovery was a notarized document signed by the business owner confirming their identity and ownership of the page. Meta’s security team used that to verify the claim and restore access to the business page an to the business accounts.

The Catch-22 You Might Encounter

Meta’s support process can create frustrating loops. In our case, they asked us to verify a payment method before they would help. But we could not safely add payment information while unauthorized users still had full control. It would put us at risk of letting the bad actors remove us again and keep access to our ad service with freshly verified financial details. Not ideal. We hung on, and kept giving our data and our request, and after 48 hours we were restored.

We had to explain this clearly and repeatedly. Eventually, someone understood and escalated the case appropriately. But it took persistence.

Why Your Facebook Account Might Not Have Access to the Tools You Need

Here is the uncomfortable truth: not all accounts have access to the same level of support. We don’t know why but from what we have seen Meta’s concierge services are generally available to accounts with significant ad spend and a clean history. If you have never run ads or if your account has had policy violations, you may not have access to the support channels that can actually resolve these issues. The service as far as we know doesn’t have public information on who gets what but this is what we have seen. So if you find yourself in need of help, look for someone with these kinds of accounts to help you.

Can my local social media manager or website developer help me recover a hacked Facebook page?

Maybe, but not likely. This is a niche service with a hefty price tag starting at a minimum of $10,000 so your local tech savvy marketing team is not going to have the skills or the tools to navigate this kind of thing. They might, but it is very unlikely. Look for a media team that manages a minimum of 6 figures a year in META media ads. These tend to be the kind of teams that can dedicate themselves to handling hacked Facebook page recovery. We do provide this service, but we only accept a few clients at this level per year and it comes as part of a long term high level maintenance service contract.

Here is where we ask you kindly not to “shoot the messager.” This is not a system we have any control over. We work with what is available. For clients who do have access to these tools, we might be able to help navigate the process but we can not access you accounts if we have never had access to them before the incident. For those who do not, the options are more limited and in some cases, essential nothing. Follow the hacked page form protocol. Follow all the requirements, which might feel invasive, things like requiring a face scan are not uncommon. Have an account name that matches a legal name that you can verify with ID. Get verified.

What You Should Do Right Now (Before Your Business Page Gets Hacked)

The best cure is prevention. Here is what we recommend:

Secure your personal Facebook account. The Business Portfolio is only as secure as the personal accounts that have admin access. If one admin gets compromised, the whole page is at risk.

Enable two-factor authentication everywhere. Turn on 2FA for your personal Facebook account, your Business Portfolio, and your email. Consider using an authenticator app instead of SMS codes. Some authenticator apps include biometric confirmation, which is much harder to compromise remotely.

Require 2FA for your Business Portfolio. In your Business Portfolio settings, you can require all admins to have 2FA enabled. Turn this on.

Audit your admin list regularly. Remove anyone who no longer needs access. Make sure all current admins are active, responsive, and have secured accounts.

Never share your 2FA codes. No legitimate service will ever ask you to share a code via a link or third-party app. If something asks for your code outside of the official Facebook login flow, it is a scam.

Secure your email. If your email gets compromised, your 2FA can be bypassed through password resets. Add 2FA to your email account as well.

Document your account details now. Write down your Page ID, Ad Account ID, Business Portfolio ID, and the email addresses of all legitimate admins. Store this somewhere safe. If you ever get locked out, you will need this information to prove ownership and you will not be able to access it from inside the account.

Hire a Pro. Hire a team like us to document everything for you, audit your current security risks and maintain us on all of your accounts so we can catch issues quickly and know exactly how to respond as soon as an issue happens. We can’t guarantee it wont happen but we can help make sure it is less likely and we can help you recover it when possible using all the records we will create to make sure you have the data you need instantly should something happen. We know time is money and preparation is everything!

If It Happens Anyway – Hacked Facebook Pages Happen to Anyone

Even the most careful people can get tricked. Social engineering is sophisticated. If you lose access to your page, here is what to do (maybe):

Contact your bank and block any payment methods connected to the ad account.
Go to Meta Business Suite and navigate to the help and support section.
Submit a detailed report with all relevant account IDs and a clear description of what happened.
Be prepared to provide proof of ownership, potentially including notarized documents.
Respond quickly to any follow-up from Meta. Delays can reset your place in the queue.
Be patient. This process can take days, weeks, or even months.

And keep in mind: recovering the page does not always mean you are safe. In some cases, bad actors will still “own” the page through the Business Portfolio. They can wait quietly and remove you again later, or wait until you add new payment information and then run fraudulent ads on your account. If you have a security break, secure EVERYTHING. Secure emails and phones and check for unauthorized or unusual apps on your phone. Use an authenticator and lock everything down. Once your accounts have been breached it’s a good time to update all of your passwords especially if you use the same ones! (That is a big no-no!)

A Final Note

There is no step-by-step guide that works for every situation. Meta’s systems change constantly, and different accounts have access to different tools. What worked for us may not work exactly the same way for you.

But the fundamentals remain the same: secure your accounts before something goes wrong, document everything, and if something does happen, be clear and persistent in your communications with support.

Good luck out there. And go check your 2FA settings today.

Post Image Key: 1. Help, 2. META Business Suite, 3. Active cases you may have open, 4. Settings, 5. Search for the page or assets you need to fix – don’t reach out under the wrong account asset! 6. This may look like a place to start a case but it is just a feed back form. It’s great for providing feedback but is not likely to open a case which is the key to recovering your hacked Facebook page.

Hiring a Writer vs Hiring a Voice Clone

December 27, 2025

Author: Sean H.

We talk to a lot of small business owners. One of the most common things we hear is this: “I know I need to be putting out more content. I just do not have the time to write it.”

This is a real problem. Written content (emails, social media posts, blog articles) are often the biggest bottleneck for small businesses. The owner knows their business better than anyone. They know what makes it special. They know how to talk to their customers. But they are also running the business, which does not leave much time for writing.

The Usual Solutions are not always solutions.

Most business owners try one of two paths.
The first is AI. Tools like ChatGPT can generate first drafts quickly, and that is genuinely helpful. But the output tends to sound like ChatGPT. It is polished in a generic way. It does not sound like you.

The second is hiring a writer. This can work, but it is tricky. Professional American writers are expensive, and many small businesses cannot afford them. Writers on platforms like Upwork can fit the budget, but the results are often disappointing. You send them a ChatGPT draft and some direction. You get back something that is not much better than what you started with.

The writer is polishing AI-generated content rather than actually writing in your voice.

The core problem is that most writers do not know how you think, how you talk, or what makes your perspective different from everyone else in your industry. And teaching them is hard, especially when you are already short on time.

There is another option that has worked well for us, and for the clients we have recommended it to. It is called a voice clone writer.

Here is how it works. You spend about an hour on the phone with the writer. They interview you. They ask about your business, your customers, your goals, your opinions. They are not just gathering information. They are listening to how you say things. The rhythm of your sentences. The words you reach for. The way you explain complicated ideas.
Then you provide a few examples of your existing work. Emails you are proud of. Social posts that performed well. Anything that sounds like you at your best.

The writer takes all of this and creates a style template based on you. Not a generic brand voice guide, but an actual model of how you communicate. And then they use that template to write content that sounds like you wrote it yourself, on a day when you had plenty of time and a clear head.

It is a little wild, honestly. The first time you read something back and think “that sounds exactly like me,” it catches you off guard.

What does a voice clone cost?

We charge around $55 an hour for this kind of work. That is not nothing, but it is also not the $150 to $300 an hour that top-tier American copywriters charge. And the return on investment is significant, because you are not just getting content. You are getting content that actually represents you.

The interview takes about an hour. After that, you have a style template that can be used again and again. The ongoing writing becomes much faster because the writer already knows your voice.

Your voice is one of the few things that cannot be commoditized. Anyone can use the same website template. Anyone can run the same kind of ads. But nobody else sounds like you, thinks like you, or has your specific perspective on your industry.

The problem is that capturing voice is hard.

It requires someone who knows how to listen, how to ask the right questions, and how to translate what they hear into written words. That is a real skill, and it is worth paying for.

If written content is your bottleneck (and for most small businesses, it is) this might be worth exploring.

Design Web Louisville is an employee-owned web development company. We build websites, and we believe your voice is worth preserving.

AI Is Just the Newest Tool in the Artist’s Kit

December 26, 2025

Author: Sean H.

We have been building websites for a long time now. Long enough to watch tools come and go, and long enough to notice a pattern.

Every time a new tool arrives, people push back. They say art made with the new tool is not really art. They said it about the printing press. They said it about the camera. They said it about Photoshop and Illustrator. They are saying it now about AI. And we understand, change is hard. It can feel like something is being lost.

But we have come to embrace these new tools, because we have seen what they actually do: they open doors.

Some believe art cannot be art unless it is made by an artist. But who decides who qualifies as an artist? We already celebrate conceptual artists who work entirely in ideas, artists whose vision is the art itself, executed by others or by machines or by time. The concept is the contribution.

Who is an artist?

So what about a small business owner who has a vision for their brand? They know exactly what they want to communicate. They understand their customers, their community, their story. If they use AI to bring that vision into the world, why should we dismiss them?

We think they are artists too.

Here is what we have seen and why we believe what we believe.

At Design Web Louisville, we have had clients come to us with AI-generated images, a logo concept they created, a visual direction they explored. They ask us to refine it, to convert it into proper file formats, to make it work across their website and print materials. Sometimes that means completely redrawing the design in vector format. Sometimes it means significant revision.

And honestly, this is not new.

Back in the day, people brought us logos drawn on napkins. Rough sketches. Ideas scribbled in the margins of notebooks a magazine ad with text written across an image they liked. The execution was never the point, the vision was. AI is just a different way of sketching. It’s the newest best napkin sketch and it’s so helpful for those who are afraid to try to create with their hands.

Ai opens doors to new artists who create with ideas.

We respect all artists. Firstly, we pay our artists well; photographers, illustrators, developers who create animations. They all use different tools. What they share is vision, and the ability to direct their tools toward that vision. So before you start in with how Ai is stealing jobs, at least for our small part of this industry we still pay the same artists the same wages. Partly because we love our team and entirely because they deserve to be compensated for their work, regardless of the tools they use.

A hammer does not build a house. A camera does not take a photograph. And AI does not create art. People do. The tool is just the tool.

This pattern repeats throughout history. In 1492, the German abbot Johannes Trithemius wrote that “printed books will never be the equivalent of handwritten codices.” In 1474, a Venetian scribe named Filippo de Strata called the printing press a “meretrix” (prostitute) and petitioned the Doge to ban it entirely. In Paris in 1476, a group of scribes attacked and physically destroyed a printing press, fearing it threatened their craft and their livelihoods.

Nearly four centuries later, the same arguments emerged against photography. In 1859, the French poet Charles Baudelaire called photography “art’s most mortal enemy,” warning that it would corrupt true art thanks to “the stupidity of the multitude.” Many painters believed the camera required no skill, no vision, and that it was purely mechanical, and therefore could never be art.

And more recently, in the 2000s, digital artists faced the same dismissals. Traditional artists rolled their eyes at Photoshop. The criticism was familiar: the computer was doing the work, not the artist. Digital art was not “real” art.

And here we are, still full of art, still creating, still animating and building and producing. The best work is still guided by the vision of the person behind it.

The raw truth, Ai isn’t even faster than traditional art. You still have to research the design, check it against IP that already exists, scour it for little failures like extra fingers and other funny things like oddly shaped stars in flags. It is not a fast tool because it requires so much QA and scrutinizing, it’s not even a cheap tool, costing more per month than most stock photography membership services when you use the professional level of access and use, and that price is bound to increase since the current model is running at a loss.

What Actually Matters

It is the humanity in the words, not the perfection in the grammar. It is the person, not the polish. The direction is what is beautiful. That is what we respect, and that is what we look forward to seeing, hearing, and experiencing more of, from anyone brave enough to pick up the tools and try.

AI will change everything. But it will stay the same too.

Design Web Louisville is an employee-owned web development company. We build websites, and we believe anyone with a vision deserves help bringing it to life.

Why Your Business Needs a Website Recovery Plan (+ How to Create One)

December 18, 2025

Author: Eleanor Hecks

Your website is often the first place customers interact with your brand, especially as more people shop or research online. If it goes down, whether intentionally or not, it could impact customer trust and revenue. A website recovery plan becomes indispensable in these situations. Setting one up early provides a solid safeguard when you actually need it.

What Is a Website Recovery Plan?

A website recovery plan is an organized and documented strategy that outlines how your organization will restore its site after an unexpected disruption. It aims to get the site back online as soon as and as securely as possible, with minimal losses in data or functionality.

Website downtime can happen for various reasons. It could come from malicious attacks, human error or server downtime. In October 2025, an Amazon Web Services outage took hundreds of websites that relied on its services down with it, including major brands and institutions like WhatsApp, The New York Times, Venmo and even the British government’s website and tax services.

Why a Recovery Plan Is Nonnegotiable

With over 1.1 billion websites on the internet, some downtime is inevitable. Still, actively fixing the situation through a recovery plan is essential to minimize losses and ensure business continuity. These are some of the key reasons why your business needs a website recovery plan.

Financial Protection

Website downtime costs money. Lost sales, missed leads, delayed campaigns and customer refunds can add up. A clear recovery process allows you to restore your website from trusted backups and avoid rushed fixes, protecting your finances and everyday operations.

Reputation Management

Customers expect reliability. Website issues without a clear response can affect their confidence in your company. Even if the problem is temporary, broken pages and unresponsiveness make you appear unreliable.

A website recovery plan enables you to develop a consistent and professional response for most scenarios. It defines how you address issues and share updates, ensuring you maintain credibility while fixing technical problems.

Reduced Employee Stress

Around 83% of U.S. employees report experiencing daily work-related stress, and reducing anything contributing to this number means happier employees, higher productivity and less turnover. When a website goes down, and the business has no documented plan, teams become stressed. They scramble to identify the problem, and pressure escalates, which usually happens outside their regular working hours or responsibilities.

A recovery plan brings clarity and reduces this burden. Employees know what to do and who to ask for assistance. This structure lowers anxiety and leads to more effective problem-solving.

5 Steps to Create a Website Recovery Plan

A website recovery plan should be tailored to each business, as each has unique priority assets or security needs. These steps present a quick guide to help you get started.

1. Identify and Assess Risks

The first step in forming a website recovery plan is identifying realistic threats, such as hosting outages, accidental deletions or cyberattacks. Then, evaluate how likely and damaging each would be. This assessment helps you prioritize planning efforts and ensures the recovery plan focuses on scenarios that can affect you the most.

2. Inventory Your Website Assets

A complete inventory ensures all critical assets can make it through the restoration process and that your website can remain functional. This inventory should include:

Hosting provider and login credentials
Domain registrar details
Content management system admin access
Database information
Essential plugins, themes and third-party integrations (APIs)

3. Define Roles and Responsibilities

An effective recovery plan clearly defines who is responsible for initiating recovery, restoring backups, contacting vendors and communicating updates to customers. Clear ownership ensures accountability and efficiency, minimizing confusion or missed steps.

4. Back Up All Critical Data

According to the Disaster Recovery Journal, only 42% of organizations recover all their data after a restoration process. This data highlights the importance of regular backups. You never know when an outage or attack can occur, so it’s essential to stay prepared.

Set up automated, frequent backups of files and databases to ensure you always have updated versions of your files. It’s also best to maintain multiple backup versions and keep them in an off-site or cloud-based storage solution separate from your hosting environment.

5. Test and Validate Your Plan

Regular testing through drills or mock restores can help you find gaps or outdated information in your current plan. It also builds confidence within your team by allowing staff to learn through practice, which can help them respond faster and more calmly when an incident does occur.

Preparation Pays Off

A website recovery plan is a practical tool to ensure resilience in a volatile online environment. It protects your revenue and reputation and maintains operational stability amidst high-stress situations. The risk of downtime will always exist. It’s what you do to protect your business that matters.

Why are my styles missing?

December 5, 2025

Author: Sean H.

WordPress 6.9 Is Doing Something Weird With Your Styles

Well, WordPress 6.9 dropped on December 2nd, and if your website suddenly looks like it forgot to get dressed this morning, you’re not alone.

What’s Happening

The WordPress core team made some performance improvements to how stylesheets load. The short version: they increased the inline style limit from 20KB to 40KB and changed how block styles load on-demand for classic themes. These are genuinely good changes for page speed.

The problem is that some themes and plugins—Elementor sites in particular—are now missing CSS. Layouts are collapsing. Fonts are wrong. Hero sections have wandered off somewhere. It’s the kind of thing that makes you stare at your screen and quietly say “huh” for longer than you’d like to admit.

The Fix

There’s a one-line code snippet that tells WordPress to load block styles the old way:

add_filter( 'should_load_separate_core_block_assets', '__return_false', 100 );

You can drop this into your theme’s

functions.php

file or create a simple must-use plugin. If those words mean nothing to you, that’s okay. Keep reading.

Your Options

Option 1: Turn off automatic updates and wait

This is the “I’ll deal with it when they fix it” approach. WordPress will patch this. They always do. In the meantime, you can disable auto-updates for core and stay on 6.8.3 until the dust settles.

To disable auto-updates, add this to your

wp-config.php:

define( 'WP_AUTO_UPDATE_CORE', false );

Option 2: Apply the fix yourself

If you’re comfortable editing theme files or creating a must-use plugin, the code snippet above should sort you out. Back up your site first. Always back up your site first.

Option 3: Hire someone to fix it

If you’d rather not touch code, we can apply the patch for you. It takes us just a few hours to get in there, verify the issue, apply the fix, and test everything. Our rate for this kind of quick fix is $500.

Should You Panic?

No. This is just WordPress being WordPress. The open-source sausage gets made in public, and sometimes a piece of gristle gets through. The core team is aware of the issue, Elementor is working on compatibility updates, and life will go on.

If your site looks fine, congratulations. You can close this tab and get back to your day.

If your site looks like a ransom note made of mismatched fonts and collapsed columns, well, now you know why.

Design Web Louisville helps businesses and nonprofits keep their WordPress sites running smoothly. If you’d rather not think about things like inline style limits and block asset loading, we offer monthly maintenance plans that handle updates, backups, and the occasional “WordPress is doing something weird” situation.

The Web Professional’s Guide to Industry-Specific Cybersecurity Standards

November 17, 2025

Author: Eleanor Hecks

For modern web professionals, building a great website is only half the battle — the other critical half is securing it. Cybersecurity is not a one-size-fits-all strategy because different industries have unique and often legally mandated standards. Every designer, developer and business owner must understand these industry-specific standards to protect their clients and their businesses.

This guide walks you through the different cybersecurity rules governing e-commerce and finance, health care, education and general data privacy, so you can build sites with confidence.

E-commerce and Finance — Complying With PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a global rulebook created by the Payment Card Industry Security Standards Council to protect payment data from the moment it is captured through transmission and storage. It applies to any business that accepts or transmits credit card information.

Protecting this data is a top priority. According to a PwC report, 78% of organizations expect their cyber budget to increase over the next 12 months, as businesses continue to face a widening array of cyber risks. Investment in artificial intelligence was identified as the top priority, followed by cloud security, network security and data protection. This points to greater scrutiny, more tools and higher expectations on anyone building checkout experiences.

For web professionals, the golden rule is never to store card data. Storing credit card numbers, expiration dates or CVV codes on the server creates a massive and unnecessary liability. While the client is responsible for compliance, the design and development choices directly affect their ability to follow standards.

The most effective way to handle this is to offload risk by integrating PCI-compliant gateways that handle sensitive fields in their own secure environment. On the developer’s side, a hardened network and application stack must be maintained. The standard expects strong passwords, patched software and no vendor-supplied defaults on any device or app that could touch the card data environment. These basics are directly addressed by the Council and remain among the leading causes of breaches among small merchants.

Health Care — Adhering to HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets national rules for protecting health information. The Privacy Rule limits when protected health information can be used or disclosed, while the Security Rule requires administrative, physical and technical safeguards for electronic protected health information (PHI).

The health care industry has been a frequent target for attackers, and the fallout can include exposed records, regulatory penalties, class action lawsuits and lasting loss of patient trust. High-profile incidents from recent years at major insurers and hospital systems have shown how a single compromised portal or third-party tool can compromise millions of records and disrupt care operations.

The cases of Anthem, Excellus, Premera and the UCLA Health System in 2015 alone exposed millions of patient records. These cases highlighted that overlooked systems, such as printers and portals, can be the weak link that triggers heavy regulatory and financial fallout. Anthem, for example, found its database of potentially up to 80 million people exposed after its administrator’s credentials were hacked. In the same year, up to 11 million client records under Premera Blue Cross were compromised.

The Meaningful Use program is designed to reward organizations for improving quality, safety and patient privacy by digitizing health records. Yet within most health care institutions, it is typical that 25%-35% of patient data is in analog format. This creates a need for IT to secure the flow of information and transfer physical documents into the digital world.

As a web professional, your projects should encrypt data in transit and at rest on servers that host any PHI. Use secure forms that never send protected details through standard email, and choose hosting and key vendors willing to sign a Business Associate Agreement, since they become part of the compliance chain. Enforce role-based access so only authorized users can see protected data, and document a risk analysis process that you can repeat with each major feature release.

Education — Understanding FERPA

The education industry is governed by the Family Educational Rights and Privacy Act (FERPA). This law protects student record privacy, including grades, class schedules, disciplinary records and other personally identifiable information. It applies to all schools that receive funds from the U.S. Department of Education, as well as to third parties acting on their behalf.

If you are building for an educational institution, design with those rights in mind. Student portals must require individual, secure logins. Do not publish grades or schedules on public pages, and use role-based access so students, parents and staff see only what their role allows. The Department of Education’s student privacy program provides guidance for edtech vendors, which you can use as a checklist during procurement and integration.

A practical pattern is to centralize authentication and authorization, then pass only the minimum data needed for each tool. Maintain an inventory of vendors that receive student information and map the fields you send to prevent accidental data sharing.

General Data Privacy — Navigating GDPR and CCPA

Beyond specific industries, general data privacy laws have a huge impact on web development. The two most prominent are the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA). These laws are not industry-specific. They are location-based and focus on giving individuals rights over their personal data. If you work with visitors from these regions, your site must respect these frameworks.

For day-to-day builds, this means three things:

Writing privacy policies in clear language, explaining what you collect and why
Presenting consent controls for cookies that process personal data, with an option to reject on the first layer and no pre-checked boxes
Preparing for user data requests by incorporating the export and deletion processes into your operational workflow

GDPR and CCPA require fundamental changes to how a site is built and managed, so focus on structured development from the outset. You can standardize privacy features across projects, such as preference centers, consent banners and data request forms by using well-documented, reusable parts. You can save money and stay compliant by designing versatile and easy-to-understand modules. This way, you do not have to write the same logic and behavior stays consistent across sites.

Building Trust Through Security

Security is part of your job. Knowing the different industry-specific security rules is not only important to avoid sanctions, but also to build trust, keep users safe and establish a reputation for quality and safety. Be a proactive collaborator with your clients as they work on their security.