@bobjonkman having SSL optional for content implies a requirement for a 'canonical' meta tag in the head - Yoast WordPress SEO has a clean solution for that. I also crafted my own .htaccess to prevent hotlinking instead of All In One WordPress Security and Firewall's way, because that is too 'anal' and allows referrer only from current page - I want to allow from my whole domain. Also worth mentioning: disallow theme and plugin file editing in Admin area (also mentioned in the Codex article. ... and that's the SHORT summary ;-) 2/2