Posts

Posts Shortcodes

You can show the posts with Porto Blog, Porto Recent Posts shortcodes.


Recent

Easy WordPress Monetization Strategies – WPExplorer

We’re well into the new year which means it’s time to make good on your resolutions to do... read more

How NOT to Secure Your WordPress Website

What is the first thing you would do when you want to secure your WordPress site? Find out... read more

5 Reasons Why Your WordPress Website Isn’t Ranking in Google

You’ve set up your WordPress site and read a lot of “How To” articles about search engine optimization.... read more

How to Migrate Your Website from Joomla to WordPress

Do you have a website that you want to move from Joomla to WordPress? In our opinion this... read more

WordPress WallPapers & Swag: Show Love for WordPress

You know how much we love WordPress. Throughout our blog you’ll find tons of WordPress related articles, our... read more

WordPress Black Friday & Cyber Monday 2017 Sales, Coupons & Deals

While many folks are looking forward to a shorter work week, football games, parades and day with friends... read more

Flywheel Managed WordPress Hosting Review

Back with another WordPress Hosting review, this time it’s Flywheel turn. In this article I’m going to explore... read more

How to Prevent Spam and Protect Your WordPress Blog

Your comments section gives you a convenient way to engage with your website’s readers. Unfortunately, opening your website... read more


Timeline

February 2018

Easy WordPress Monetization Strategies – WPExplorer


We’re well into the new year which means it’s time to make good on your resolutions to do well for yourself and your business. If you’ve built your site from the ground up, have a good flow of traffic, and are now looking for WordPress monetization strategies, you’re in the right place.

There is more; as we delve into different WordPress monetization strategies we’ll uncover a treasure trove of tips you can use to boost engagement on your site. As such, you can think of this post as a two-pronged approach to WordPress monetization.

The first tip being it is important to use methods that align with your target audience. How else do you make the most of your WordPress monetization strategies?

Another quick note: we focus on self-hosted WordPress blogs (WordPress.org) and not free WordPress.com blogs, as the latter ships with some limitations as far as monetization goes.

If you’re a bit curious, wildly successful blogs include the likes of HuffPost (est. $14,000,000/month), Moz (est. $4,250,000/month) and TechCrunch (est. $2,500,000/month) among others. And yes, that’s in American dollars.

With the preliminaries out of the way, let’s show you how to make money with WordPress in 48 hours. To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

1. Advertising

coca-cola advert from 1890s

Coca-Cola Advert from the 1890s

Since the days of yore, the advertisement sector has always been a big earner. According to a report by emarketer.com, advertisers all over the world spend more than $220 billion per year on digital ads.

That’s a huge chunk of change, don’t you agree? If you have good traffic, you can rack up the dollars in no time. But how do you start?

Self-Managed vs. Ad Networks

For starters, there are two advertisement options available to you. You can choose ad networks such as Google AdSense for WordPress. This is just one of many – Bing has their own ad network, as does Facebook, Yahoo and Amazon. For an extensive list just search “ad networks” on Google to see what’s available.

Alternatively, you can host your own advertisements. You choose the ads, fees, how and where to display each ad among other things. To sell self-managed ads it’s typically easiest to use on the the reputable ad management plugins available for WordPress or to go through a third party service such as BuySellAds to manage available ad spots.

That said, the main difference between ad networks and self-managed ads is the higher level of control you enjoy with the latter. In other words, ad networks usually show your reader adverts that are most relevant to their recent browsing history. If the user was looking at jewelry prior to coming to your site, they’ll most likely see an ad related to jewelry, even if your site is all about automobiles. You have zero control regarding the adverts the ad network shows on your site.

Things are a bit different with self-managed ads, you sell adverts that are in tune with your target audience. So, instead of showing jewelry ads, you show ads for vehicle spare parts, engine oil and so on.

Each advertising option has different pricing models. A majority of ad networks usually offer the CPC (cost per click) model, which means you’re paid for all the clicks you generate. You can make between $0.02 and $15 bucks per click depending on the niche.

With a high volume of traffic, you can make quite a killing with ad networks, keeping in mind they offer other ad models. Self-managed ads usually attract higher ad rate, since you’re essentially selling ad space to interested businesses at a flat monthly fee.

The advertising topic is an extensive read, but as it’s one of the most lucrative WordPress monetization strategies it’s worth your time to dig in.

2. Affiliate Marketing

affiliate summit west 2017

Affiliate Summit West 2017

Affiliate marketing is much like advertising; you earn for sending the merchant an interested prospect. Instead of getting paid for clicks and impressions, you receive a commission for all of your hard work.

While affiliate marketing sounds like mumbo-jumbo to the perfect beginner, it is easy to comprehend. According to Neil Patel, affiliate marketing is “…the process of earning a commission by promoting other people’s (or company’s) products. You find a product you like, promote it to others and earn a piece of the profit for each sale that you make.”

Sounds quite basic, this affiliate marketing business, don’t you think? Plus you can recommend any product under the sun. In essence, you’re just a promoter, which means you can engage in any promotion strategy that comes to mind… just keep it legal.

In other words, affiliate marketing is a versatile animal in terms of payment models and your level of involvement. What does that even mean?

Affiliate Marketing Payment Models

We are privy to three main payment models, but feel free to chip in if you know of any other models.

  • PPC (Pay Per Click) Affiliate Marketing – The company pays you a commission for all the clicks you generate, whether the prospects make a purchase or just browse and leave.
  • PPL (Pay Per Lead) Affiliate Marketing – In this scenario, you earn a commission whenever the prospect you refer completes any desired action e.g., subscribe, sign up for a free trial, create an account and so on. Examples of websites offering this kind of affiliate marketing include ShareASale and Cj Affiliate among others.
  • PPS (Pay Per Sale) Affiliate Marketing – The traditional form of affiliate marketing, you only earn a commission if the prospect you refer makes a purchase. This is the most popular model of affiliate marketing and usually results in better returns than PPC and PPL affiliate marketing – holding other factors constant. Examples include Amazon Associates, Envato Marketplace, and most independent online theme/plugin stores.

Levels of Involvement in Affiliate Marketing

Now that you know you can make money via clicks, leads and sales, let’s look at three more types of affiliate marketing in terms of involvement.

As Pat Flynn explains, we have three levels of affiliate marketing involvement namely:

  • Unattached – In this type of affiliate marketing, you have absolutely no presence or authority in the niche. You just create affiliate links to products via social media or any other platform. But since we are monetizing your WordPress site, you can use this type of affiliate marketing to complement your earnings.
  • Related – Here, you have some presence online and are promoting products related to your niche, but the affiliate links are for products that you don’t actually use. For example, if you have a blog that covers WordPress, you could promote themes, hosting and plugins, without trying out each product first.
  • Involved – You only promote products that you use and believe in. You swear by the products and recommend them as part of the “dream” or the process you’re outlining on your blog.

Concerning affiliate WordPress monetization strategies at your disposal, you can use coupons, deals, product reviews, text links, banner links, product aggregation, email newsletters, and offline methods among others.

3. Monetize WordPress with Memberships

WordPress monetization strategies - create membership site

Let’s say you have built an engaged audience thanks to the great content you’ve been offering for free. You can add paid memberships to a section of your site where you offer courses and any other form of premium content.

Many website owners capitalize on paid membership to create a recurring source of passive income. And all you have to do is create some high-quality content and hide it behind a paywall. With a huge collection of WordPress membership plugins at your disposal, you can start right this minute.

If you have a product, you can release it under a membership program, in the sense that the user needs an active (and preferably recurring) membership to use the product. Instead of selling the product, you can sell memberships instead.

We have seen WordPress entrepreneurs convert their already existing readers into paying members with little effort. Good examples of websites making a killing with memberships include Elegant Themes, Moz and more (though it’s important to note these sites are often employing multiple WordPress monetization strategies).

4. Sell Products or Services

the buying process for online stores

One of the most popular WordPress monetization strategies is selling stuff online. In fact, if no one sold anything, we would have no advertisers, membership sites and affiliate programs to cash on.

If running advertisements, promoting somebody else’s products or hosting a membership site isn’t your cup of tea, you can try build an online store with WordPress to promote a service or product to your audience.

There is no shortage of products to sell, plus you can always sell specialized skills via a hire page. For instance, you could offer design or blogging services like yours truly. You could consult and sell any service your readers need. If you don’t have a ready product, consider reselling a product or service via your WordPress site.

If you’d like to go full-blown e-commerce, you can set up an online store easily using a plugin such as WooCommerce. An online store helps you to sell both digital and physical goods, meaning you can use e-commerce to boost your stone-and-mortar store. Better still, you can use affiliate marketing to boost your sales.

If you decide to build an e-commerce website, make it unique and target a niche. There is strict competition out there in just about any market, so focus on what you’re best at or most interested in.

5. Sponsored Posts/Reviews

using sponsored posts to monetize wordpress site

Think of the Race Car as Your Sponsored Post, Just Don’t Overdo It

As a blogger, you can make a quick buck from sponsored posts or reviews. If you have earned authority and are popular in your niche, businesses will start approaching you to write favorable reviews about their products.

As a beginner, it will prove fruitful to approach the companies with good proposals. Just ensure you review products and services that are relevant to your target audience. Reviewing products just for the money will tarnish the authority you worked so hard to earn.

Additionally, don’t make your site all about sponsored posts when the businesses start calling. Keep publishing the content that earned you traffic and authority. An occasional sponsored post works great, but overdoing it is not a long-term strategy.

According to BobWP, “…others may want to sponsor a post that just mentions their product in the context of some news in their industry—or simply pay for a banner ad or mention at the end of the post.”

As such, there are many opportunities to explore with sponsored posts especially if you can secure monthly/yearly arrangements with the companies. Just don’t be biased in your reviews as this is detrimental to your integrity.

6. More WordPress Monetization Strategies

There are many other ways of monetizing your WordPress site, but since covering all of them would need an eBook (perhaps you could create one and sell it?), here are a couple of honorable mentions:

  • Donations – You can make money via your WordPress site by asking your readers to donate. This strategy works like magic, which is why most non-profit and NGOs thrive on donations. Just ask your readers.
  • Dropship – When starting your own online store you don’t necessarily need your own goods to promote. Dropshipping for WordPress allows you to make money on products you don’t own or have in inventory. You place the product on your site and collect the payment from the buyer. Then, you buy at a cheaper rate from the supplier who ships the product directly to the buyer.
  • Create a job board – If you’re content producer catering to bloggers, you can create a job board. Do you cater to WordPress designers and developers? You can create a job board for them. Work with nonprofits that needs to be connected with businesses for donations? You can design a board for that too. Here are a couple of popular WordPress-related job boards for inspiration to get your ideas flowing.

Final Remarks

These WordPress monetization strategies will help you to make money on your WordPress site in no time. However, keep in mind everything worth having in life takes hard work. As we all know success is 99% perspiration and 1% inspiration. So continue to work on building your website and your brand by creating quality content, focusing on SEO and continuing to optimize your site for your readers.

Today, we just offered you the 1% inspiration you need. Are you up for the challenge? Do you think you have what it takes to provide that 99% of perspiration?

Do you know of other WordPress monetization strategies we didn’t mention? If so, let us know in the comment section below, so we can add it to this post and credit you by mentioning your name. Cheers and good luck making the moolah this year!



Source link

How NOT to Secure Your WordPress Website


What is the first thing you would do when you want to secure your WordPress site? Find out the top five security plugins, consider how affordable they are and then go ahead and install one. That done, now you can sit back and relax, right? Wrong!

Using a security plugin does not ensure security. Security is not an absolute thing and no one can guarantee complete security. The best we can do is reduce the risk of a hack. And contrary to popular belief, the site owner needs to be involved in keeping the website safe. Knowing what you should do and shouldn’t is significant.

While there are several guides to what you should do to keep your WordPress site safe, we are offering you a guide on what you should AVOID doing instead. You will note that the advice here are in conflict with the general belief. But from our experience, a lot of advice out there are outdated and offers a false sense of security.

If the matter of WordPress security nags you as much as it does to us, take a look at the following.

1. Don’t Use Too Many Security Plugins

Given the wide range of plugins available out there, with various feature sets, it’s tempting to use more than one WordPress security plugin. To be honest, it’s an overkill. Being anxious about your site’s security is normal but you have to ask yourself if you really need more than one security plugin? What are the features essential to your site’s requirement? Are the features going to step on each other’s toes?

For instance, a conflict could arise when the plugins begin modifying files such as wp-config.php or htaccess. Plugins can easily fiddle with these files but they are not modifying them in a single unanimous way. This could create conflicts and make your website slow.

With WordPress sites, things can go wrong now and then. Everyone hates the dreaded White Screen of Death. Having multiple plugins that deeply affects your website can make debugging issues difficult.  Now, had there been just one plugin, finding and fixing the cause of the error would have been easier and less complicated.

2. Do Not Change DB Prefix

There are several ways in which a WordPress site can be compromised. Hacker may gain access to a site’s database through SQL injection attack. A vulnerability in a plugin or theme can be used to break into the site’s database (which is why we suggest you instead use a WordPress database backup plugin to avoid similar pitfall). One popular method of preventing hackers from going deeper into your site is by changing the default table prefix. As you can see in the image below, in WordPress, the default table prefix is ‘wp_.’ WordPress allows you to change table prefix (to say, ‘xzy_’) so as to hide certain tables.

WordPress Database Prefixes

On the surface, this looks like a good idea. If the hackers do not know the table name, then they can’t retrieve the data from it. This is, however, a false reasoning. Once someone hacks into your database, there are still ways to find out the tables. Hence changing the names of the prefix is of no use. Moreover modifying the default prefix can cause several plugins to misbehave.

Furthermore, changing the database prefix midflight is difficult to implement and can cause your website to crash. This is because there are many changes that need to be made on every level. Any error in the process will prove to be catastrophic to your site.

3. Avoid Hiding Your Login Page

There is always someone trying to break into your site by cracking your password. During brute force attacks, hackers try to log into your website using a combination of popular usernames and passwords. So what if we hide the login page? That will kill two birds with one stone, right? Hacker wouldn’t be able to find the login page and the load on your server will be reduced.

WordPress has a default login page. URL to the page usually looks like this example.com/wp-login.php. One well-known way of saving your website from brute force attack is by hiding or changing the default login page to something else like example.com/mylogin.php. Although this sounds like a foolproof plan, let’s find out how effective the method is in keeping your WordPress site secure.

Server Load Reduction

After you hide or change the location of your login page, every time someone tries to open it, they’ll face a 404 error. However, login attempts are a heavy process. Whenever the 404 error page loads, it eats up a lot of your server resources. And ends up slowing down your website. Hence, the common belief that hiding your login page will reduce the load on the server is incorrect.

Alternative URL Not Hard to Guess

Part of WordPress’ success as a CMS is due to plugins that make modifications to a website easier. It’s not surprising that a popular way of hiding a login page of a site is by using a plugin. These plugins come with a set of default alternative login URL like xzy.com/wplogin.php, etc. We have been trained to just go with default settings. Once we install the plugin and change our URL, we don’t give much thought to it. But there are only so many URL a plugin can offer. It’s not too difficult to find out these preset login URL. Therefore, using alternative URL may be ineffective in most cases.

Usability Issues

The beauty of WordPress is that it’s easy to use. It’s a familiar platform. For a site with a multitude of users, changing or hiding the login page could pose certain issues. Several times we have come across posts on WordPress forums where users are locked out of a site because of a change in the login URL. In most case the changes were made using a plugin and the users were not made aware of the situation causing chaos.

4. Don’t Block IP Addresses Manually

If you have a security plugin installed on your site, you’ll be notified whenever someone tries to log into your website. You can easily get hold of the IP sending those malicious requests and block them using the .htaccess file. It’s a manually intensive work and not a very convenient practice.

Not User-Friendly

A non-technical person trying to modify the .htaccess files is a recipe for disaster. A content management system like WordPress has very strict formatting. Even using the most popular tools like FTP/SFTP are very risky. A minor error or an incorrect placement of command can cause the site to crash.

Too Many IPs to Block

To avoid getting blacklisted, hackers use IP addresses from around the globe. Previously, we discussed about manually blocking IP addresses who are constantly trying to break into your site. The work (as we’ve mentioned before) requires a lot of time and effort but isn’t exactly a very efficient use of time. But if you use any of top WordPress security plugins, for instance, Malcare, you can automate the blocking process. Such security plugins take care of all WP security loopholes.

5. Hiding WordPress

There is a general assumption that concealing your CMS makes it harder for people with vile intention to break into your site. What if we could hide the fact that your website is running on WordPress. That would protect your site from hackers wanting to exploit common vulnerabilities. An easy way of doing this is by (you guessed it) using a plugin. But the method fails when the hackers don’t care what platform your website is running on. Besides, there are a multitude of ways to find out if a site is running on WordPress.

Besides using a plugin, one can choose to do the work manually. But it’s a time-consuming process. A single WordPress update can undo all you work within a few seconds. Which means, you’d either have to repeat the process over and over again or shy away from WP updates. Skipping WordPress updates is like opening the front door for a hacker to walk right into your home.

6. Password Protecting wp-admin Does Not Work

The default WordPress login page (that looks like this – example.com/wp-admin) is a gateway to your site. A typical login page looks like the picture below.

Here you’ll need to use your credentials to access the WordPress dashboard. Password protecting the login page helps hide or protect this gateway to the dashboard. It’s a good idea but not without its loopholes.

First off, it’s difficult to maintain or even change the password, if you happen to lose it. Besides being ineffective in providing additional security, such modifications to your site can prove to be very dangerous. For instance, when you password protect the admin page, request such as /wp-admin/admin-ajax.php cannot bypass the protection. There are plugins that could be dependent on the Ajax functionality of your site. And when they are not able to access this functionality, they start misbehaving. Hence, this can cause the website to break.

Over to You

If you have any questions or suggestions regarding what one needs to avoid to secure one’s WordPress site, let us know in the comments.



Source link


Grid

Easy WordPress Monetization Strategies – WPExplorer


We’re well into the new year which means it’s time to make good on your resolutions to do well for yourself and your business. If you’ve built your site from the ground up, have a good flow of traffic, and are now looking for WordPress monetization strategies, you’re in the right place.

There is more; as we delve into different WordPress monetization strategies we’ll uncover a treasure trove of tips you can use to boost engagement on your site. As such, you can think of this post as a two-pronged approach to WordPress monetization.

The first tip being it is important to use methods that align with your target audience. How else do you make the most of your WordPress monetization strategies?

Another quick note: we focus on self-hosted WordPress blogs (WordPress.org) and not free WordPress.com blogs, as the latter ships with some limitations as far as monetization goes.

If you’re a bit curious, wildly successful blogs include the likes of HuffPost (est. $14,000,000/month), Moz (est. $4,250,000/month) and TechCrunch (est. $2,500,000/month) among others. And yes, that’s in American dollars.

With the preliminaries out of the way, let’s show you how to make money with WordPress in 48 hours. To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

1. Advertising

coca-cola advert from 1890s

Coca-Cola Advert from the 1890s

Since the days of yore, the advertisement sector has always been a big earner. According to a report by emarketer.com, advertisers all over the world spend more than $220 billion per year on digital ads.

That’s a huge chunk of change, don’t you agree? If you have good traffic, you can rack up the dollars in no time. But how do you start?

Self-Managed vs. Ad Networks

For starters, there are two advertisement options available to you. You can choose ad networks such as Google AdSense for WordPress. This is just one of many – Bing has their own ad network, as does Facebook, Yahoo and Amazon. For an extensive list just search “ad networks” on Google to see what’s available.

Alternatively, you can host your own advertisements. You choose the ads, fees, how and where to display each ad among other things. To sell self-managed ads it’s typically easiest to use on the the reputable ad management plugins available for WordPress or to go through a third party service such as BuySellAds to manage available ad spots.

That said, the main difference between ad networks and self-managed ads is the higher level of control you enjoy with the latter. In other words, ad networks usually show your reader adverts that are most relevant to their recent browsing history. If the user was looking at jewelry prior to coming to your site, they’ll most likely see an ad related to jewelry, even if your site is all about automobiles. You have zero control regarding the adverts the ad network shows on your site.

Things are a bit different with self-managed ads, you sell adverts that are in tune with your target audience. So, instead of showing jewelry ads, you show ads for vehicle spare parts, engine oil and so on.

Each advertising option has different pricing models. A majority of ad networks usually offer the CPC (cost per click) model, which means you’re paid for all the clicks you generate. You can make between $0.02 and $15 bucks per click depending on the niche.

With a high volume of traffic, you can make quite a killing with ad networks, keeping in mind they offer other ad models. Self-managed ads usually attract higher ad rate, since you’re essentially selling ad space to interested businesses at a flat monthly fee.

The advertising topic is an extensive read, but as it’s one of the most lucrative WordPress monetization strategies it’s worth your time to dig in.

2. Affiliate Marketing

affiliate summit west 2017

Affiliate Summit West 2017

Affiliate marketing is much like advertising; you earn for sending the merchant an interested prospect. Instead of getting paid for clicks and impressions, you receive a commission for all of your hard work.

While affiliate marketing sounds like mumbo-jumbo to the perfect beginner, it is easy to comprehend. According to Neil Patel, affiliate marketing is “…the process of earning a commission by promoting other people’s (or company’s) products. You find a product you like, promote it to others and earn a piece of the profit for each sale that you make.”

Sounds quite basic, this affiliate marketing business, don’t you think? Plus you can recommend any product under the sun. In essence, you’re just a promoter, which means you can engage in any promotion strategy that comes to mind… just keep it legal.

In other words, affiliate marketing is a versatile animal in terms of payment models and your level of involvement. What does that even mean?

Affiliate Marketing Payment Models

We are privy to three main payment models, but feel free to chip in if you know of any other models.

  • PPC (Pay Per Click) Affiliate Marketing – The company pays you a commission for all the clicks you generate, whether the prospects make a purchase or just browse and leave.
  • PPL (Pay Per Lead) Affiliate Marketing – In this scenario, you earn a commission whenever the prospect you refer completes any desired action e.g., subscribe, sign up for a free trial, create an account and so on. Examples of websites offering this kind of affiliate marketing include ShareASale and Cj Affiliate among others.
  • PPS (Pay Per Sale) Affiliate Marketing – The traditional form of affiliate marketing, you only earn a commission if the prospect you refer makes a purchase. This is the most popular model of affiliate marketing and usually results in better returns than PPC and PPL affiliate marketing – holding other factors constant. Examples include Amazon Associates, Envato Marketplace, and most independent online theme/plugin stores.

Levels of Involvement in Affiliate Marketing

Now that you know you can make money via clicks, leads and sales, let’s look at three more types of affiliate marketing in terms of involvement.

As Pat Flynn explains, we have three levels of affiliate marketing involvement namely:

  • Unattached – In this type of affiliate marketing, you have absolutely no presence or authority in the niche. You just create affiliate links to products via social media or any other platform. But since we are monetizing your WordPress site, you can use this type of affiliate marketing to complement your earnings.
  • Related – Here, you have some presence online and are promoting products related to your niche, but the affiliate links are for products that you don’t actually use. For example, if you have a blog that covers WordPress, you could promote themes, hosting and plugins, without trying out each product first.
  • Involved – You only promote products that you use and believe in. You swear by the products and recommend them as part of the “dream” or the process you’re outlining on your blog.

Concerning affiliate WordPress monetization strategies at your disposal, you can use coupons, deals, product reviews, text links, banner links, product aggregation, email newsletters, and offline methods among others.

3. Monetize WordPress with Memberships

WordPress monetization strategies - create membership site

Let’s say you have built an engaged audience thanks to the great content you’ve been offering for free. You can add paid memberships to a section of your site where you offer courses and any other form of premium content.

Many website owners capitalize on paid membership to create a recurring source of passive income. And all you have to do is create some high-quality content and hide it behind a paywall. With a huge collection of WordPress membership plugins at your disposal, you can start right this minute.

If you have a product, you can release it under a membership program, in the sense that the user needs an active (and preferably recurring) membership to use the product. Instead of selling the product, you can sell memberships instead.

We have seen WordPress entrepreneurs convert their already existing readers into paying members with little effort. Good examples of websites making a killing with memberships include Elegant Themes, Moz and more (though it’s important to note these sites are often employing multiple WordPress monetization strategies).

4. Sell Products or Services

the buying process for online stores

One of the most popular WordPress monetization strategies is selling stuff online. In fact, if no one sold anything, we would have no advertisers, membership sites and affiliate programs to cash on.

If running advertisements, promoting somebody else’s products or hosting a membership site isn’t your cup of tea, you can try build an online store with WordPress to promote a service or product to your audience.

There is no shortage of products to sell, plus you can always sell specialized skills via a hire page. For instance, you could offer design or blogging services like yours truly. You could consult and sell any service your readers need. If you don’t have a ready product, consider reselling a product or service via your WordPress site.

If you’d like to go full-blown e-commerce, you can set up an online store easily using a plugin such as WooCommerce. An online store helps you to sell both digital and physical goods, meaning you can use e-commerce to boost your stone-and-mortar store. Better still, you can use affiliate marketing to boost your sales.

If you decide to build an e-commerce website, make it unique and target a niche. There is strict competition out there in just about any market, so focus on what you’re best at or most interested in.

5. Sponsored Posts/Reviews

using sponsored posts to monetize wordpress site

Think of the Race Car as Your Sponsored Post, Just Don’t Overdo It

As a blogger, you can make a quick buck from sponsored posts or reviews. If you have earned authority and are popular in your niche, businesses will start approaching you to write favorable reviews about their products.

As a beginner, it will prove fruitful to approach the companies with good proposals. Just ensure you review products and services that are relevant to your target audience. Reviewing products just for the money will tarnish the authority you worked so hard to earn.

Additionally, don’t make your site all about sponsored posts when the businesses start calling. Keep publishing the content that earned you traffic and authority. An occasional sponsored post works great, but overdoing it is not a long-term strategy.

According to BobWP, “…others may want to sponsor a post that just mentions their product in the context of some news in their industry—or simply pay for a banner ad or mention at the end of the post.”

As such, there are many opportunities to explore with sponsored posts especially if you can secure monthly/yearly arrangements with the companies. Just don’t be biased in your reviews as this is detrimental to your integrity.

6. More WordPress Monetization Strategies

There are many other ways of monetizing your WordPress site, but since covering all of them would need an eBook (perhaps you could create one and sell it?), here are a couple of honorable mentions:

  • Donations – You can make money via your WordPress site by asking your readers to donate. This strategy works like magic, which is why most non-profit and NGOs thrive on donations. Just ask your readers.
  • Dropship – When starting your own online store you don’t necessarily need your own goods to promote. Dropshipping for WordPress allows you to make money on products you don’t own or have in inventory. You place the product on your site and collect the payment from the buyer. Then, you buy at a cheaper rate from the supplier who ships the product directly to the buyer.
  • Create a job board – If you’re content producer catering to bloggers, you can create a job board. Do you cater to WordPress designers and developers? You can create a job board for them. Work with nonprofits that needs to be connected with businesses for donations? You can design a board for that too. Here are a couple of popular WordPress-related job boards for inspiration to get your ideas flowing.

Final Remarks

These WordPress monetization strategies will help you to make money on your WordPress site in no time. However, keep in mind everything worth having in life takes hard work. As we all know success is 99% perspiration and 1% inspiration. So continue to work on building your website and your brand by creating quality content, focusing on SEO and continuing to optimize your site for your readers.

Today, we just offered you the 1% inspiration you need. Are you up for the challenge? Do you think you have what it takes to provide that 99% of perspiration?

Do you know of other WordPress monetization strategies we didn’t mention? If so, let us know in the comment section below, so we can add it to this post and credit you by mentioning your name. Cheers and good luck making the moolah this year!



Source link

How NOT to Secure Your WordPress Website


What is the first thing you would do when you want to secure your WordPress site? Find out the top five security plugins, consider how affordable they are and then go ahead and install one. That done, now you can sit back and relax, right? Wrong!

Using a security plugin does not ensure security. Security is not an absolute thing and no one can guarantee complete security. The best we can do is reduce the risk of a hack. And contrary to popular belief, the site owner needs to be involved in keeping the website safe. Knowing what you should do and shouldn’t is significant.

While there are several guides to what you should do to keep your WordPress site safe, we are offering you a guide on what you should AVOID doing instead. You will note that the advice here are in conflict with the general belief. But from our experience, a lot of advice out there are outdated and offers a false sense of security.

If the matter of WordPress security nags you as much as it does to us, take a look at the following.

1. Don’t Use Too Many Security Plugins

Given the wide range of plugins available out there, with various feature sets, it’s tempting to use more than one WordPress security plugin. To be honest, it’s an overkill. Being anxious about your site’s security is normal but you have to ask yourself if you really need more than one security plugin? What are the features essential to your site’s requirement? Are the features going to step on each other’s toes?

For instance, a conflict could arise when the plugins begin modifying files such as wp-config.php or htaccess. Plugins can easily fiddle with these files but they are not modifying them in a single unanimous way. This could create conflicts and make your website slow.

With WordPress sites, things can go wrong now and then. Everyone hates the dreaded White Screen of Death. Having multiple plugins that deeply affects your website can make debugging issues difficult.  Now, had there been just one plugin, finding and fixing the cause of the error would have been easier and less complicated.

2. Do Not Change DB Prefix

There are several ways in which a WordPress site can be compromised. Hacker may gain access to a site’s database through SQL injection attack. A vulnerability in a plugin or theme can be used to break into the site’s database (which is why we suggest you instead use a WordPress database backup plugin to avoid similar pitfall). One popular method of preventing hackers from going deeper into your site is by changing the default table prefix. As you can see in the image below, in WordPress, the default table prefix is ‘wp_.’ WordPress allows you to change table prefix (to say, ‘xzy_’) so as to hide certain tables.

WordPress Database Prefixes

On the surface, this looks like a good idea. If the hackers do not know the table name, then they can’t retrieve the data from it. This is, however, a false reasoning. Once someone hacks into your database, there are still ways to find out the tables. Hence changing the names of the prefix is of no use. Moreover modifying the default prefix can cause several plugins to misbehave.

Furthermore, changing the database prefix midflight is difficult to implement and can cause your website to crash. This is because there are many changes that need to be made on every level. Any error in the process will prove to be catastrophic to your site.

3. Avoid Hiding Your Login Page

There is always someone trying to break into your site by cracking your password. During brute force attacks, hackers try to log into your website using a combination of popular usernames and passwords. So what if we hide the login page? That will kill two birds with one stone, right? Hacker wouldn’t be able to find the login page and the load on your server will be reduced.

WordPress has a default login page. URL to the page usually looks like this example.com/wp-login.php. One well-known way of saving your website from brute force attack is by hiding or changing the default login page to something else like example.com/mylogin.php. Although this sounds like a foolproof plan, let’s find out how effective the method is in keeping your WordPress site secure.

Server Load Reduction

After you hide or change the location of your login page, every time someone tries to open it, they’ll face a 404 error. However, login attempts are a heavy process. Whenever the 404 error page loads, it eats up a lot of your server resources. And ends up slowing down your website. Hence, the common belief that hiding your login page will reduce the load on the server is incorrect.

Alternative URL Not Hard to Guess

Part of WordPress’ success as a CMS is due to plugins that make modifications to a website easier. It’s not surprising that a popular way of hiding a login page of a site is by using a plugin. These plugins come with a set of default alternative login URL like xzy.com/wplogin.php, etc. We have been trained to just go with default settings. Once we install the plugin and change our URL, we don’t give much thought to it. But there are only so many URL a plugin can offer. It’s not too difficult to find out these preset login URL. Therefore, using alternative URL may be ineffective in most cases.

Usability Issues

The beauty of WordPress is that it’s easy to use. It’s a familiar platform. For a site with a multitude of users, changing or hiding the login page could pose certain issues. Several times we have come across posts on WordPress forums where users are locked out of a site because of a change in the login URL. In most case the changes were made using a plugin and the users were not made aware of the situation causing chaos.

4. Don’t Block IP Addresses Manually

If you have a security plugin installed on your site, you’ll be notified whenever someone tries to log into your website. You can easily get hold of the IP sending those malicious requests and block them using the .htaccess file. It’s a manually intensive work and not a very convenient practice.

Not User-Friendly

A non-technical person trying to modify the .htaccess files is a recipe for disaster. A content management system like WordPress has very strict formatting. Even using the most popular tools like FTP/SFTP are very risky. A minor error or an incorrect placement of command can cause the site to crash.

Too Many IPs to Block

To avoid getting blacklisted, hackers use IP addresses from around the globe. Previously, we discussed about manually blocking IP addresses who are constantly trying to break into your site. The work (as we’ve mentioned before) requires a lot of time and effort but isn’t exactly a very efficient use of time. But if you use any of top WordPress security plugins, for instance, Malcare, you can automate the blocking process. Such security plugins take care of all WP security loopholes.

5. Hiding WordPress

There is a general assumption that concealing your CMS makes it harder for people with vile intention to break into your site. What if we could hide the fact that your website is running on WordPress. That would protect your site from hackers wanting to exploit common vulnerabilities. An easy way of doing this is by (you guessed it) using a plugin. But the method fails when the hackers don’t care what platform your website is running on. Besides, there are a multitude of ways to find out if a site is running on WordPress.

Besides using a plugin, one can choose to do the work manually. But it’s a time-consuming process. A single WordPress update can undo all you work within a few seconds. Which means, you’d either have to repeat the process over and over again or shy away from WP updates. Skipping WordPress updates is like opening the front door for a hacker to walk right into your home.

6. Password Protecting wp-admin Does Not Work

The default WordPress login page (that looks like this – example.com/wp-admin) is a gateway to your site. A typical login page looks like the picture below.

Here you’ll need to use your credentials to access the WordPress dashboard. Password protecting the login page helps hide or protect this gateway to the dashboard. It’s a good idea but not without its loopholes.

First off, it’s difficult to maintain or even change the password, if you happen to lose it. Besides being ineffective in providing additional security, such modifications to your site can prove to be very dangerous. For instance, when you password protect the admin page, request such as /wp-admin/admin-ajax.php cannot bypass the protection. There are plugins that could be dependent on the Ajax functionality of your site. And when they are not able to access this functionality, they start misbehaving. Hence, this can cause the website to break.

Over to You

If you have any questions or suggestions regarding what one needs to avoid to secure one’s WordPress site, let us know in the comments.



Source link

5 Reasons Why Your WordPress Website Isn’t Ranking in Google


You’ve set up your WordPress site and read a lot of “How To” articles about search engine optimization. You feel pretty good about where your website stands, so you officially launch it. Now all you have to do is wait for Google to index your website and see where your website ranks… but why do you still find that your WordPress website isn’t ranking in Google?!

But maybe it’s been a while—maybe a few months, maybe a year or more—and you still can’t get past the third page. What are you doing wrong? There’s good news and bad news. The good news is that your low ranking is likely due to an issue that can be easily amended. And the bad news? You’ll just have to give it some more time to see if the fix helps your ranking.

Here are some of the most common reasons why your WordPress website isn’t ranking in Google.

1 . Your WordPress Site Has Weak Content

1 . Your WordPress Site Has Weak Content

For Google, content and links are its two most important ranking factors. So if you don’t have good content, your WordPress site doesn’t have much of a chance to rank. There are a lot of elements that go into making “good” content. To make your content the best it can be, use the following as a checklist:

  • Informative – Your content should leave the reader with the sense that they learned something and that their time was not wasted.
  • Grammatically correct – Adhere to proper English by staying mindful of issues like typos, fragment sentences, punctuation, and more.
  • Lengthy – Content should be a minimum of 400 words, but most well performing written content is 1,000 words or more.
  • Freshness – How old is your content? Do you frequently update your blog with new content? Never updating your site with new content is an issue that can ding your rankings. Strive to update something at least once a month,
    and preferably weekly.

By providing fresh, quality content on a weekly basis, you won’t have to worry about not ranking for one of Google’s most important factors.

2. You Changed Your Permalinks

2. You Changed Your Permalinks

Permalink refers to the permanent link to a page on your website or blog. You want these to be descriptive and, as often as possible, include the keyword that page or post is targeting.

If your permalinks have extra bits like “?p=3282949” or if they’re too long, or contain stop words (e.g. “and,” “by,” or “do”) they need to be changed to be more human and machine-readable. However, if you do it the wrong way then Google will lose track of those pages and you’ll lose rank.

If at some point you need to change your permalinks, here’s how you can change your permalinks without sacrificing your ranking.

3. The Site Is Not Mobile Responsive

3. The Site Is Not Mobile Responsive

A little over half of website traffic is generated through mobile phones. Web designers have the challenge of making one website to please multiple browsers on different devices—which is why many make websites “responsive.”

A “responsive” website will adapt to a format that is user-friendly for a particular device. A website that is not user-friendly will get dinged by Google during mobile- based searched queries. Google is all about promoting websites with a great user experience.

To check your website, use Google’s Mobile Friendly Test tool. It will tell you if your website is mobile friendly and alert you to any issues (such as pages partially loading) so you know what to fix. And if you find out that your current WordPress design is not optimal for your mobile readers, consider switching to one of the best business WordPress themes – all of which are fully responsive on most devices.

4. Your Website Is Not Visible to Search Engines

4. Your Website Is Not Visible to Search Engines

If your WordPress website isn’t ranking in Google and you are just starting out with WordPress, you may be unfamiliar with many of the options to customize your website settings. So it is possible you changed something without realizing how it would affect your search engine optimization.

Log into your WordPress dashboard and navigate to Settings > Reading Settings and scroll down to Site Visibility. The option “Allow search engines to index this site” should be selected.

Make Sure to Uncheck for Search Engine Visibility

If it is not selected, select it, and then allow some time for Google to index your site and see if your page ranking improves.

If it is selected, you may just need to wait a bit longer or you could be encountering another issue.

5. It’s Not You, It’s Your Keywords

5. It’s Not You, It’s Your Keywords

Keywords are important to optimizing for the search engine and helping your page rank, but if used incorrectly, they can actually do more harm than good. Here are three best practices of which to be mindful:

  • Don’t stuff keywords – Keyword stuffing involves filling paragraphs with the keyword(s) you are trying to target. Keyword stuffed content reads poorly and unnatural. You want to use keywords but in a way that is natural to read and elevates your thoughts and points throughout the piece.
  • Use long tail keywordsLong tail keywords are three or four (maybe even more) words long and are more specific to what a buyer wants. These keywords are easier to rank for. Plus, customers who use these keywords are likely to be further along in the buying cycle, because they know exactly what they want.
  • Don’t try to rank for too competitive of keywords with a weak site – If you are only trying to rank for keywords with a high competition rate, you are likely losing out to other websites. That’s why it’s best to start out targeting keywords with low or medium competitiveness. As you begin to rank for these, you can look into keywords with more competition. Just be sure to do your research first!

And if you want a bit of help with your keyword usage consider using a plugin. A great option is Yoast SEO, which includes a “focus keyword” option. Once you’ve set the keyword you want to focus on you’ll be able to analyze the keyword density, usage in headings, if the keyword is in your url etc. Plus if you upgrade to Yoast SEO Premium you can target up to 5 keywords on a page, making for even easier optimization.

Work Towards a Higher Ranking

Use this information to perform an audit on your website and see if you have been unknowingly sabotaging your website’s ranking. Some may be “easier” or “quicker” fixes than others, but all will help. Remember that for any of them you will need to give Google some time (think a few weeks) to adjust the rankings.

Do you have tips to add? Or a question about one of the reasons we covered as to why your WordPress website isn’t ranking in Google we mentioned? Leave a note in the comments section and get the conversation started.



Source link


Medium

Easy WordPress Monetization Strategies – WPExplorer


We’re well into the new year which means it’s time to make good on your resolutions to do well for yourself and your business. If you’ve built your site from the ground up, have a good flow of traffic, and are now looking for WordPress monetization strategies, you’re in the right place.

There is more; as we delve into different WordPress monetization strategies we’ll uncover a treasure trove of tips you can use to boost engagement on your site. As such, you can think of this post as a two-pronged approach to WordPress monetization.

The first tip being it is important to use methods that align with your target audience. How else do you make the most of your WordPress monetization strategies?

Another quick note: we focus on self-hosted WordPress blogs (WordPress.org) and not free WordPress.com blogs, as the latter ships with some limitations as far as monetization goes.

If you’re a bit curious, wildly successful blogs include the likes of HuffPost (est. $14,000,000/month), Moz (est. $4,250,000/month) and TechCrunch (est. $2,500,000/month) among others. And yes, that’s in American dollars.

With the preliminaries out of the way, let’s show you how to make money with WordPress in 48 hours. To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

1. Advertising

coca-cola advert from 1890s

Coca-Cola Advert from the 1890s

Since the days of yore, the advertisement sector has always been a big earner. According to a report by emarketer.com, advertisers all over the world spend more than $220 billion per year on digital ads.

That’s a huge chunk of change, don’t you agree? If you have good traffic, you can rack up the dollars in no time. But how do you start?

Self-Managed vs. Ad Networks

For starters, there are two advertisement options available to you. You can choose ad networks such as Google AdSense for WordPress. This is just one of many – Bing has their own ad network, as does Facebook, Yahoo and Amazon. For an extensive list just search “ad networks” on Google to see what’s available.

Alternatively, you can host your own advertisements. You choose the ads, fees, how and where to display each ad among other things. To sell self-managed ads it’s typically easiest to use on the the reputable ad management plugins available for WordPress or to go through a third party service such as BuySellAds to manage available ad spots.

That said, the main difference between ad networks and self-managed ads is the higher level of control you enjoy with the latter. In other words, ad networks usually show your reader adverts that are most relevant to their recent browsing history. If the user was looking at jewelry prior to coming to your site, they’ll most likely see an ad related to jewelry, even if your site is all about automobiles. You have zero control regarding the adverts the ad network shows on your site.

Things are a bit different with self-managed ads, you sell adverts that are in tune with your target audience. So, instead of showing jewelry ads, you show ads for vehicle spare parts, engine oil and so on.

Each advertising option has different pricing models. A majority of ad networks usually offer the CPC (cost per click) model, which means you’re paid for all the clicks you generate. You can make between $0.02 and $15 bucks per click depending on the niche.

With a high volume of traffic, you can make quite a killing with ad networks, keeping in mind they offer other ad models. Self-managed ads usually attract higher ad rate, since you’re essentially selling ad space to interested businesses at a flat monthly fee.

The advertising topic is an extensive read, but as it’s one of the most lucrative WordPress monetization strategies it’s worth your time to dig in.

2. Affiliate Marketing

affiliate summit west 2017

Affiliate Summit West 2017

Affiliate marketing is much like advertising; you earn for sending the merchant an interested prospect. Instead of getting paid for clicks and impressions, you receive a commission for all of your hard work.

While affiliate marketing sounds like mumbo-jumbo to the perfect beginner, it is easy to comprehend. According to Neil Patel, affiliate marketing is “…the process of earning a commission by promoting other people’s (or company’s) products. You find a product you like, promote it to others and earn a piece of the profit for each sale that you make.”

Sounds quite basic, this affiliate marketing business, don’t you think? Plus you can recommend any product under the sun. In essence, you’re just a promoter, which means you can engage in any promotion strategy that comes to mind… just keep it legal.

In other words, affiliate marketing is a versatile animal in terms of payment models and your level of involvement. What does that even mean?

Affiliate Marketing Payment Models

We are privy to three main payment models, but feel free to chip in if you know of any other models.

  • PPC (Pay Per Click) Affiliate Marketing – The company pays you a commission for all the clicks you generate, whether the prospects make a purchase or just browse and leave.
  • PPL (Pay Per Lead) Affiliate Marketing – In this scenario, you earn a commission whenever the prospect you refer completes any desired action e.g., subscribe, sign up for a free trial, create an account and so on. Examples of websites offering this kind of affiliate marketing include ShareASale and Cj Affiliate among others.
  • PPS (Pay Per Sale) Affiliate Marketing – The traditional form of affiliate marketing, you only earn a commission if the prospect you refer makes a purchase. This is the most popular model of affiliate marketing and usually results in better returns than PPC and PPL affiliate marketing – holding other factors constant. Examples include Amazon Associates, Envato Marketplace, and most independent online theme/plugin stores.

Levels of Involvement in Affiliate Marketing

Now that you know you can make money via clicks, leads and sales, let’s look at three more types of affiliate marketing in terms of involvement.

As Pat Flynn explains, we have three levels of affiliate marketing involvement namely:

  • Unattached – In this type of affiliate marketing, you have absolutely no presence or authority in the niche. You just create affiliate links to products via social media or any other platform. But since we are monetizing your WordPress site, you can use this type of affiliate marketing to complement your earnings.
  • Related – Here, you have some presence online and are promoting products related to your niche, but the affiliate links are for products that you don’t actually use. For example, if you have a blog that covers WordPress, you could promote themes, hosting and plugins, without trying out each product first.
  • Involved – You only promote products that you use and believe in. You swear by the products and recommend them as part of the “dream” or the process you’re outlining on your blog.

Concerning affiliate WordPress monetization strategies at your disposal, you can use coupons, deals, product reviews, text links, banner links, product aggregation, email newsletters, and offline methods among others.

3. Monetize WordPress with Memberships

WordPress monetization strategies - create membership site

Let’s say you have built an engaged audience thanks to the great content you’ve been offering for free. You can add paid memberships to a section of your site where you offer courses and any other form of premium content.

Many website owners capitalize on paid membership to create a recurring source of passive income. And all you have to do is create some high-quality content and hide it behind a paywall. With a huge collection of WordPress membership plugins at your disposal, you can start right this minute.

If you have a product, you can release it under a membership program, in the sense that the user needs an active (and preferably recurring) membership to use the product. Instead of selling the product, you can sell memberships instead.

We have seen WordPress entrepreneurs convert their already existing readers into paying members with little effort. Good examples of websites making a killing with memberships include Elegant Themes, Moz and more (though it’s important to note these sites are often employing multiple WordPress monetization strategies).

4. Sell Products or Services

the buying process for online stores

One of the most popular WordPress monetization strategies is selling stuff online. In fact, if no one sold anything, we would have no advertisers, membership sites and affiliate programs to cash on.

If running advertisements, promoting somebody else’s products or hosting a membership site isn’t your cup of tea, you can try build an online store with WordPress to promote a service or product to your audience.

There is no shortage of products to sell, plus you can always sell specialized skills via a hire page. For instance, you could offer design or blogging services like yours truly. You could consult and sell any service your readers need. If you don’t have a ready product, consider reselling a product or service via your WordPress site.

If you’d like to go full-blown e-commerce, you can set up an online store easily using a plugin such as WooCommerce. An online store helps you to sell both digital and physical goods, meaning you can use e-commerce to boost your stone-and-mortar store. Better still, you can use affiliate marketing to boost your sales.

If you decide to build an e-commerce website, make it unique and target a niche. There is strict competition out there in just about any market, so focus on what you’re best at or most interested in.

5. Sponsored Posts/Reviews

using sponsored posts to monetize wordpress site

Think of the Race Car as Your Sponsored Post, Just Don’t Overdo It

As a blogger, you can make a quick buck from sponsored posts or reviews. If you have earned authority and are popular in your niche, businesses will start approaching you to write favorable reviews about their products.

As a beginner, it will prove fruitful to approach the companies with good proposals. Just ensure you review products and services that are relevant to your target audience. Reviewing products just for the money will tarnish the authority you worked so hard to earn.

Additionally, don’t make your site all about sponsored posts when the businesses start calling. Keep publishing the content that earned you traffic and authority. An occasional sponsored post works great, but overdoing it is not a long-term strategy.

According to BobWP, “…others may want to sponsor a post that just mentions their product in the context of some news in their industry—or simply pay for a banner ad or mention at the end of the post.”

As such, there are many opportunities to explore with sponsored posts especially if you can secure monthly/yearly arrangements with the companies. Just don’t be biased in your reviews as this is detrimental to your integrity.

6. More WordPress Monetization Strategies

There are many other ways of monetizing your WordPress site, but since covering all of them would need an eBook (perhaps you could create one and sell it?), here are a couple of honorable mentions:

  • Donations – You can make money via your WordPress site by asking your readers to donate. This strategy works like magic, which is why most non-profit and NGOs thrive on donations. Just ask your readers.
  • Dropship – When starting your own online store you don’t necessarily need your own goods to promote. Dropshipping for WordPress allows you to make money on products you don’t own or have in inventory. You place the product on your site and collect the payment from the buyer. Then, you buy at a cheaper rate from the supplier who ships the product directly to the buyer.
  • Create a job board – If you’re content producer catering to bloggers, you can create a job board. Do you cater to WordPress designers and developers? You can create a job board for them. Work with nonprofits that needs to be connected with businesses for donations? You can design a board for that too. Here are a couple of popular WordPress-related job boards for inspiration to get your ideas flowing.

Final Remarks

These WordPress monetization strategies will help you to make money on your WordPress site in no time. However, keep in mind everything worth having in life takes hard work. As we all know success is 99% perspiration and 1% inspiration. So continue to work on building your website and your brand by creating quality content, focusing on SEO and continuing to optimize your site for your readers.

Today, we just offered you the 1% inspiration you need. Are you up for the challenge? Do you think you have what it takes to provide that 99% of perspiration?

Do you know of other WordPress monetization strategies we didn’t mention? If so, let us know in the comment section below, so we can add it to this post and credit you by mentioning your name. Cheers and good luck making the moolah this year!



Source link

Read more...

How NOT to Secure Your WordPress Website


What is the first thing you would do when you want to secure your WordPress site? Find out the top five security plugins, consider how affordable they are and then go ahead and install one. That done, now you can sit back and relax, right? Wrong!

Using a security plugin does not ensure security. Security is not an absolute thing and no one can guarantee complete security. The best we can do is reduce the risk of a hack. And contrary to popular belief, the site owner needs to be involved in keeping the website safe. Knowing what you should do and shouldn’t is significant.

While there are several guides to what you should do to keep your WordPress site safe, we are offering you a guide on what you should AVOID doing instead. You will note that the advice here are in conflict with the general belief. But from our experience, a lot of advice out there are outdated and offers a false sense of security.

If the matter of WordPress security nags you as much as it does to us, take a look at the following.

1. Don’t Use Too Many Security Plugins

Given the wide range of plugins available out there, with various feature sets, it’s tempting to use more than one WordPress security plugin. To be honest, it’s an overkill. Being anxious about your site’s security is normal but you have to ask yourself if you really need more than one security plugin? What are the features essential to your site’s requirement? Are the features going to step on each other’s toes?

For instance, a conflict could arise when the plugins begin modifying files such as wp-config.php or htaccess. Plugins can easily fiddle with these files but they are not modifying them in a single unanimous way. This could create conflicts and make your website slow.

With WordPress sites, things can go wrong now and then. Everyone hates the dreaded White Screen of Death. Having multiple plugins that deeply affects your website can make debugging issues difficult.  Now, had there been just one plugin, finding and fixing the cause of the error would have been easier and less complicated.

2. Do Not Change DB Prefix

There are several ways in which a WordPress site can be compromised. Hacker may gain access to a site’s database through SQL injection attack. A vulnerability in a plugin or theme can be used to break into the site’s database (which is why we suggest you instead use a WordPress database backup plugin to avoid similar pitfall). One popular method of preventing hackers from going deeper into your site is by changing the default table prefix. As you can see in the image below, in WordPress, the default table prefix is ‘wp_.’ WordPress allows you to change table prefix (to say, ‘xzy_’) so as to hide certain tables.

WordPress Database Prefixes

On the surface, this looks like a good idea. If the hackers do not know the table name, then they can’t retrieve the data from it. This is, however, a false reasoning. Once someone hacks into your database, there are still ways to find out the tables. Hence changing the names of the prefix is of no use. Moreover modifying the default prefix can cause several plugins to misbehave.

Furthermore, changing the database prefix midflight is difficult to implement and can cause your website to crash. This is because there are many changes that need to be made on every level. Any error in the process will prove to be catastrophic to your site.

3. Avoid Hiding Your Login Page

There is always someone trying to break into your site by cracking your password. During brute force attacks, hackers try to log into your website using a combination of popular usernames and passwords. So what if we hide the login page? That will kill two birds with one stone, right? Hacker wouldn’t be able to find the login page and the load on your server will be reduced.

WordPress has a default login page. URL to the page usually looks like this example.com/wp-login.php. One well-known way of saving your website from brute force attack is by hiding or changing the default login page to something else like example.com/mylogin.php. Although this sounds like a foolproof plan, let’s find out how effective the method is in keeping your WordPress site secure.

Server Load Reduction

After you hide or change the location of your login page, every time someone tries to open it, they’ll face a 404 error. However, login attempts are a heavy process. Whenever the 404 error page loads, it eats up a lot of your server resources. And ends up slowing down your website. Hence, the common belief that hiding your login page will reduce the load on the server is incorrect.

Alternative URL Not Hard to Guess

Part of WordPress’ success as a CMS is due to plugins that make modifications to a website easier. It’s not surprising that a popular way of hiding a login page of a site is by using a plugin. These plugins come with a set of default alternative login URL like xzy.com/wplogin.php, etc. We have been trained to just go with default settings. Once we install the plugin and change our URL, we don’t give much thought to it. But there are only so many URL a plugin can offer. It’s not too difficult to find out these preset login URL. Therefore, using alternative URL may be ineffective in most cases.

Usability Issues

The beauty of WordPress is that it’s easy to use. It’s a familiar platform. For a site with a multitude of users, changing or hiding the login page could pose certain issues. Several times we have come across posts on WordPress forums where users are locked out of a site because of a change in the login URL. In most case the changes were made using a plugin and the users were not made aware of the situation causing chaos.

4. Don’t Block IP Addresses Manually

If you have a security plugin installed on your site, you’ll be notified whenever someone tries to log into your website. You can easily get hold of the IP sending those malicious requests and block them using the .htaccess file. It’s a manually intensive work and not a very convenient practice.

Not User-Friendly

A non-technical person trying to modify the .htaccess files is a recipe for disaster. A content management system like WordPress has very strict formatting. Even using the most popular tools like FTP/SFTP are very risky. A minor error or an incorrect placement of command can cause the site to crash.

Too Many IPs to Block

To avoid getting blacklisted, hackers use IP addresses from around the globe. Previously, we discussed about manually blocking IP addresses who are constantly trying to break into your site. The work (as we’ve mentioned before) requires a lot of time and effort but isn’t exactly a very efficient use of time. But if you use any of top WordPress security plugins, for instance, Malcare, you can automate the blocking process. Such security plugins take care of all WP security loopholes.

5. Hiding WordPress

There is a general assumption that concealing your CMS makes it harder for people with vile intention to break into your site. What if we could hide the fact that your website is running on WordPress. That would protect your site from hackers wanting to exploit common vulnerabilities. An easy way of doing this is by (you guessed it) using a plugin. But the method fails when the hackers don’t care what platform your website is running on. Besides, there are a multitude of ways to find out if a site is running on WordPress.

Besides using a plugin, one can choose to do the work manually. But it’s a time-consuming process. A single WordPress update can undo all you work within a few seconds. Which means, you’d either have to repeat the process over and over again or shy away from WP updates. Skipping WordPress updates is like opening the front door for a hacker to walk right into your home.

6. Password Protecting wp-admin Does Not Work

The default WordPress login page (that looks like this – example.com/wp-admin) is a gateway to your site. A typical login page looks like the picture below.

Here you’ll need to use your credentials to access the WordPress dashboard. Password protecting the login page helps hide or protect this gateway to the dashboard. It’s a good idea but not without its loopholes.

First off, it’s difficult to maintain or even change the password, if you happen to lose it. Besides being ineffective in providing additional security, such modifications to your site can prove to be very dangerous. For instance, when you password protect the admin page, request such as /wp-admin/admin-ajax.php cannot bypass the protection. There are plugins that could be dependent on the Ajax functionality of your site. And when they are not able to access this functionality, they start misbehaving. Hence, this can cause the website to break.

Over to You

If you have any questions or suggestions regarding what one needs to avoid to secure one’s WordPress site, let us know in the comments.



Source link

Read more...

Large

Easy WordPress Monetization Strategies – WPExplorer


We’re well into the new year which means it’s time to make good on your resolutions to do well for yourself and your business. If you’ve built your site from the ground up, have a good flow of traffic, and are now looking for WordPress monetization strategies, you’re in the right place.

There is more; as we delve into different WordPress monetization strategies we’ll uncover a treasure trove of tips you can use to boost engagement on your site. As such, you can think of this post as a two-pronged approach to WordPress monetization.

The first tip being it is important to use methods that align with your target audience. How else do you make the most of your WordPress monetization strategies?

Another quick note: we focus on self-hosted WordPress blogs (WordPress.org) and not free WordPress.com blogs, as the latter ships with some limitations as far as monetization goes.

If you’re a bit curious, wildly successful blogs include the likes of HuffPost (est. $14,000,000/month), Moz (est. $4,250,000/month) and TechCrunch (est. $2,500,000/month) among others. And yes, that’s in American dollars.

With the preliminaries out of the way, let’s show you how to make money with WordPress in 48 hours. To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

1. Advertising

coca-cola advert from 1890s

Coca-Cola Advert from the 1890s

Since the days of yore, the advertisement sector has always been a big earner. According to a report by emarketer.com, advertisers all over the world spend more than $220 billion per year on digital ads.

That’s a huge chunk of change, don’t you agree? If you have good traffic, you can rack up the dollars in no time. But how do you start?

Self-Managed vs. Ad Networks

For starters, there are two advertisement options available to you. You can choose ad networks such as Google AdSense for WordPress. This is just one of many – Bing has their own ad network, as does Facebook, Yahoo and Amazon. For an extensive list just search “ad networks” on Google to see what’s available.

Alternatively, you can host your own advertisements. You choose the ads, fees, how and where to display each ad among other things. To sell self-managed ads it’s typically easiest to use on the the reputable ad management plugins available for WordPress or to go through a third party service such as BuySellAds to manage available ad spots.

That said, the main difference between ad networks and self-managed ads is the higher level of control you enjoy with the latter. In other words, ad networks usually show your reader adverts that are most relevant to their recent browsing history. If the user was looking at jewelry prior to coming to your site, they’ll most likely see an ad related to jewelry, even if your site is all about automobiles. You have zero control regarding the adverts the ad network shows on your site.

Things are a bit different with self-managed ads, you sell adverts that are in tune with your target audience. So, instead of showing jewelry ads, you show ads for vehicle spare parts, engine oil and so on.

Each advertising option has different pricing models. A majority of ad networks usually offer the CPC (cost per click) model, which means you’re paid for all the clicks you generate. You can make between $0.02 and $15 bucks per click depending on the niche.

With a high volume of traffic, you can make quite a killing with ad networks, keeping in mind they offer other ad models. Self-managed ads usually attract higher ad rate, since you’re essentially selling ad space to interested businesses at a flat monthly fee.

The advertising topic is an extensive read, but as it’s one of the most lucrative WordPress monetization strategies it’s worth your time to dig in.

2. Affiliate Marketing

affiliate summit west 2017

Affiliate Summit West 2017

Affiliate marketing is much like advertising; you earn for sending the merchant an interested prospect. Instead of getting paid for clicks and impressions, you receive a commission for all of your hard work.

While affiliate marketing sounds like mumbo-jumbo to the perfect beginner, it is easy to comprehend. According to Neil Patel, affiliate marketing is “…the process of earning a commission by promoting other people’s (or company’s) products. You find a product you like, promote it to others and earn a piece of the profit for each sale that you make.”

Sounds quite basic, this affiliate marketing business, don’t you think? Plus you can recommend any product under the sun. In essence, you’re just a promoter, which means you can engage in any promotion strategy that comes to mind… just keep it legal.

In other words, affiliate marketing is a versatile animal in terms of payment models and your level of involvement. What does that even mean?

Affiliate Marketing Payment Models

We are privy to three main payment models, but feel free to chip in if you know of any other models.

  • PPC (Pay Per Click) Affiliate Marketing – The company pays you a commission for all the clicks you generate, whether the prospects make a purchase or just browse and leave.
  • PPL (Pay Per Lead) Affiliate Marketing – In this scenario, you earn a commission whenever the prospect you refer completes any desired action e.g., subscribe, sign up for a free trial, create an account and so on. Examples of websites offering this kind of affiliate marketing include ShareASale and Cj Affiliate among others.
  • PPS (Pay Per Sale) Affiliate Marketing – The traditional form of affiliate marketing, you only earn a commission if the prospect you refer makes a purchase. This is the most popular model of affiliate marketing and usually results in better returns than PPC and PPL affiliate marketing – holding other factors constant. Examples include Amazon Associates, Envato Marketplace, and most independent online theme/plugin stores.

Levels of Involvement in Affiliate Marketing

Now that you know you can make money via clicks, leads and sales, let’s look at three more types of affiliate marketing in terms of involvement.

As Pat Flynn explains, we have three levels of affiliate marketing involvement namely:

  • Unattached – In this type of affiliate marketing, you have absolutely no presence or authority in the niche. You just create affiliate links to products via social media or any other platform. But since we are monetizing your WordPress site, you can use this type of affiliate marketing to complement your earnings.
  • Related – Here, you have some presence online and are promoting products related to your niche, but the affiliate links are for products that you don’t actually use. For example, if you have a blog that covers WordPress, you could promote themes, hosting and plugins, without trying out each product first.
  • Involved – You only promote products that you use and believe in. You swear by the products and recommend them as part of the “dream” or the process you’re outlining on your blog.

Concerning affiliate WordPress monetization strategies at your disposal, you can use coupons, deals, product reviews, text links, banner links, product aggregation, email newsletters, and offline methods among others.

3. Monetize WordPress with Memberships

WordPress monetization strategies - create membership site

Let’s say you have built an engaged audience thanks to the great content you’ve been offering for free. You can add paid memberships to a section of your site where you offer courses and any other form of premium content.

Many website owners capitalize on paid membership to create a recurring source of passive income. And all you have to do is create some high-quality content and hide it behind a paywall. With a huge collection of WordPress membership plugins at your disposal, you can start right this minute.

If you have a product, you can release it under a membership program, in the sense that the user needs an active (and preferably recurring) membership to use the product. Instead of selling the product, you can sell memberships instead.

We have seen WordPress entrepreneurs convert their already existing readers into paying members with little effort. Good examples of websites making a killing with memberships include Elegant Themes, Moz and more (though it’s important to note these sites are often employing multiple WordPress monetization strategies).

4. Sell Products or Services

the buying process for online stores

One of the most popular WordPress monetization strategies is selling stuff online. In fact, if no one sold anything, we would have no advertisers, membership sites and affiliate programs to cash on.

If running advertisements, promoting somebody else’s products or hosting a membership site isn’t your cup of tea, you can try build an online store with WordPress to promote a service or product to your audience.

There is no shortage of products to sell, plus you can always sell specialized skills via a hire page. For instance, you could offer design or blogging services like yours truly. You could consult and sell any service your readers need. If you don’t have a ready product, consider reselling a product or service via your WordPress site.

If you’d like to go full-blown e-commerce, you can set up an online store easily using a plugin such as WooCommerce. An online store helps you to sell both digital and physical goods, meaning you can use e-commerce to boost your stone-and-mortar store. Better still, you can use affiliate marketing to boost your sales.

If you decide to build an e-commerce website, make it unique and target a niche. There is strict competition out there in just about any market, so focus on what you’re best at or most interested in.

5. Sponsored Posts/Reviews

using sponsored posts to monetize wordpress site

Think of the Race Car as Your Sponsored Post, Just Don’t Overdo It

As a blogger, you can make a quick buck from sponsored posts or reviews. If you have earned authority and are popular in your niche, businesses will start approaching you to write favorable reviews about their products.

As a beginner, it will prove fruitful to approach the companies with good proposals. Just ensure you review products and services that are relevant to your target audience. Reviewing products just for the money will tarnish the authority you worked so hard to earn.

Additionally, don’t make your site all about sponsored posts when the businesses start calling. Keep publishing the content that earned you traffic and authority. An occasional sponsored post works great, but overdoing it is not a long-term strategy.

According to BobWP, “…others may want to sponsor a post that just mentions their product in the context of some news in their industry—or simply pay for a banner ad or mention at the end of the post.”

As such, there are many opportunities to explore with sponsored posts especially if you can secure monthly/yearly arrangements with the companies. Just don’t be biased in your reviews as this is detrimental to your integrity.

6. More WordPress Monetization Strategies

There are many other ways of monetizing your WordPress site, but since covering all of them would need an eBook (perhaps you could create one and sell it?), here are a couple of honorable mentions:

  • Donations – You can make money via your WordPress site by asking your readers to donate. This strategy works like magic, which is why most non-profit and NGOs thrive on donations. Just ask your readers.
  • Dropship – When starting your own online store you don’t necessarily need your own goods to promote. Dropshipping for WordPress allows you to make money on products you don’t own or have in inventory. You place the product on your site and collect the payment from the buyer. Then, you buy at a cheaper rate from the supplier who ships the product directly to the buyer.
  • Create a job board – If you’re content producer catering to bloggers, you can create a job board. Do you cater to WordPress designers and developers? You can create a job board for them. Work with nonprofits that needs to be connected with businesses for donations? You can design a board for that too. Here are a couple of popular WordPress-related job boards for inspiration to get your ideas flowing.

Final Remarks

These WordPress monetization strategies will help you to make money on your WordPress site in no time. However, keep in mind everything worth having in life takes hard work. As we all know success is 99% perspiration and 1% inspiration. So continue to work on building your website and your brand by creating quality content, focusing on SEO and continuing to optimize your site for your readers.

Today, we just offered you the 1% inspiration you need. Are you up for the challenge? Do you think you have what it takes to provide that 99% of perspiration?

Do you know of other WordPress monetization strategies we didn’t mention? If so, let us know in the comment section below, so we can add it to this post and credit you by mentioning your name. Cheers and good luck making the moolah this year!



Source link

Read more...

How NOT to Secure Your WordPress Website


What is the first thing you would do when you want to secure your WordPress site? Find out the top five security plugins, consider how affordable they are and then go ahead and install one. That done, now you can sit back and relax, right? Wrong!

Using a security plugin does not ensure security. Security is not an absolute thing and no one can guarantee complete security. The best we can do is reduce the risk of a hack. And contrary to popular belief, the site owner needs to be involved in keeping the website safe. Knowing what you should do and shouldn’t is significant.

While there are several guides to what you should do to keep your WordPress site safe, we are offering you a guide on what you should AVOID doing instead. You will note that the advice here are in conflict with the general belief. But from our experience, a lot of advice out there are outdated and offers a false sense of security.

If the matter of WordPress security nags you as much as it does to us, take a look at the following.

1. Don’t Use Too Many Security Plugins

Given the wide range of plugins available out there, with various feature sets, it’s tempting to use more than one WordPress security plugin. To be honest, it’s an overkill. Being anxious about your site’s security is normal but you have to ask yourself if you really need more than one security plugin? What are the features essential to your site’s requirement? Are the features going to step on each other’s toes?

For instance, a conflict could arise when the plugins begin modifying files such as wp-config.php or htaccess. Plugins can easily fiddle with these files but they are not modifying them in a single unanimous way. This could create conflicts and make your website slow.

With WordPress sites, things can go wrong now and then. Everyone hates the dreaded White Screen of Death. Having multiple plugins that deeply affects your website can make debugging issues difficult.  Now, had there been just one plugin, finding and fixing the cause of the error would have been easier and less complicated.

2. Do Not Change DB Prefix

There are several ways in which a WordPress site can be compromised. Hacker may gain access to a site’s database through SQL injection attack. A vulnerability in a plugin or theme can be used to break into the site’s database (which is why we suggest you instead use a WordPress database backup plugin to avoid similar pitfall). One popular method of preventing hackers from going deeper into your site is by changing the default table prefix. As you can see in the image below, in WordPress, the default table prefix is ‘wp_.’ WordPress allows you to change table prefix (to say, ‘xzy_’) so as to hide certain tables.

WordPress Database Prefixes

On the surface, this looks like a good idea. If the hackers do not know the table name, then they can’t retrieve the data from it. This is, however, a false reasoning. Once someone hacks into your database, there are still ways to find out the tables. Hence changing the names of the prefix is of no use. Moreover modifying the default prefix can cause several plugins to misbehave.

Furthermore, changing the database prefix midflight is difficult to implement and can cause your website to crash. This is because there are many changes that need to be made on every level. Any error in the process will prove to be catastrophic to your site.

3. Avoid Hiding Your Login Page

There is always someone trying to break into your site by cracking your password. During brute force attacks, hackers try to log into your website using a combination of popular usernames and passwords. So what if we hide the login page? That will kill two birds with one stone, right? Hacker wouldn’t be able to find the login page and the load on your server will be reduced.

WordPress has a default login page. URL to the page usually looks like this example.com/wp-login.php. One well-known way of saving your website from brute force attack is by hiding or changing the default login page to something else like example.com/mylogin.php. Although this sounds like a foolproof plan, let’s find out how effective the method is in keeping your WordPress site secure.

Server Load Reduction

After you hide or change the location of your login page, every time someone tries to open it, they’ll face a 404 error. However, login attempts are a heavy process. Whenever the 404 error page loads, it eats up a lot of your server resources. And ends up slowing down your website. Hence, the common belief that hiding your login page will reduce the load on the server is incorrect.

Alternative URL Not Hard to Guess

Part of WordPress’ success as a CMS is due to plugins that make modifications to a website easier. It’s not surprising that a popular way of hiding a login page of a site is by using a plugin. These plugins come with a set of default alternative login URL like xzy.com/wplogin.php, etc. We have been trained to just go with default settings. Once we install the plugin and change our URL, we don’t give much thought to it. But there are only so many URL a plugin can offer. It’s not too difficult to find out these preset login URL. Therefore, using alternative URL may be ineffective in most cases.

Usability Issues

The beauty of WordPress is that it’s easy to use. It’s a familiar platform. For a site with a multitude of users, changing or hiding the login page could pose certain issues. Several times we have come across posts on WordPress forums where users are locked out of a site because of a change in the login URL. In most case the changes were made using a plugin and the users were not made aware of the situation causing chaos.

4. Don’t Block IP Addresses Manually

If you have a security plugin installed on your site, you’ll be notified whenever someone tries to log into your website. You can easily get hold of the IP sending those malicious requests and block them using the .htaccess file. It’s a manually intensive work and not a very convenient practice.

Not User-Friendly

A non-technical person trying to modify the .htaccess files is a recipe for disaster. A content management system like WordPress has very strict formatting. Even using the most popular tools like FTP/SFTP are very risky. A minor error or an incorrect placement of command can cause the site to crash.

Too Many IPs to Block

To avoid getting blacklisted, hackers use IP addresses from around the globe. Previously, we discussed about manually blocking IP addresses who are constantly trying to break into your site. The work (as we’ve mentioned before) requires a lot of time and effort but isn’t exactly a very efficient use of time. But if you use any of top WordPress security plugins, for instance, Malcare, you can automate the blocking process. Such security plugins take care of all WP security loopholes.

5. Hiding WordPress

There is a general assumption that concealing your CMS makes it harder for people with vile intention to break into your site. What if we could hide the fact that your website is running on WordPress. That would protect your site from hackers wanting to exploit common vulnerabilities. An easy way of doing this is by (you guessed it) using a plugin. But the method fails when the hackers don’t care what platform your website is running on. Besides, there are a multitude of ways to find out if a site is running on WordPress.

Besides using a plugin, one can choose to do the work manually. But it’s a time-consuming process. A single WordPress update can undo all you work within a few seconds. Which means, you’d either have to repeat the process over and over again or shy away from WP updates. Skipping WordPress updates is like opening the front door for a hacker to walk right into your home.

6. Password Protecting wp-admin Does Not Work

The default WordPress login page (that looks like this – example.com/wp-admin) is a gateway to your site. A typical login page looks like the picture below.

Here you’ll need to use your credentials to access the WordPress dashboard. Password protecting the login page helps hide or protect this gateway to the dashboard. It’s a good idea but not without its loopholes.

First off, it’s difficult to maintain or even change the password, if you happen to lose it. Besides being ineffective in providing additional security, such modifications to your site can prove to be very dangerous. For instance, when you password protect the admin page, request such as /wp-admin/admin-ajax.php cannot bypass the protection. There are plugins that could be dependent on the Ajax functionality of your site. And when they are not able to access this functionality, they start misbehaving. Hence, this can cause the website to break.

Over to You

If you have any questions or suggestions regarding what one needs to avoid to secure one’s WordPress site, let us know in the comments.



Source link

Read more...

Large Alt

Easy WordPress Monetization Strategies – WPExplorer


We’re well into the new year which means it’s time to make good on your resolutions to do well for yourself and your business. If you’ve built your site from the ground up, have a good flow of traffic, and are now looking for WordPress monetization strategies, you’re in the right place.

There is more; as we delve into different WordPress monetization strategies we’ll uncover a treasure trove of tips you can use to boost engagement on your site. As such, you can think of this post as a two-pronged approach to WordPress monetization.

The first tip being it is important to use methods that align with your target audience. How else do you make the most of your WordPress monetization strategies?

Another quick note: we focus on self-hosted WordPress blogs (WordPress.org) and not free WordPress.com blogs, as the latter ships with some limitations as far as monetization goes.

If you’re a bit curious, wildly successful blogs include the likes of HuffPost (est. $14,000,000/month), Moz (est. $4,250,000/month) and TechCrunch (est. $2,500,000/month) among others. And yes, that’s in American dollars.

With the preliminaries out of the way, let’s show you how to make money with WordPress in 48 hours. To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

1. Advertising

coca-cola advert from 1890s

Coca-Cola Advert from the 1890s

Since the days of yore, the advertisement sector has always been a big earner. According to a report by emarketer.com, advertisers all over the world spend more than $220 billion per year on digital ads.

That’s a huge chunk of change, don’t you agree? If you have good traffic, you can rack up the dollars in no time. But how do you start?

Self-Managed vs. Ad Networks

For starters, there are two advertisement options available to you. You can choose ad networks such as Google AdSense for WordPress. This is just one of many – Bing has their own ad network, as does Facebook, Yahoo and Amazon. For an extensive list just search “ad networks” on Google to see what’s available.

Alternatively, you can host your own advertisements. You choose the ads, fees, how and where to display each ad among other things. To sell self-managed ads it’s typically easiest to use on the the reputable ad management plugins available for WordPress or to go through a third party service such as BuySellAds to manage available ad spots.

That said, the main difference between ad networks and self-managed ads is the higher level of control you enjoy with the latter. In other words, ad networks usually show your reader adverts that are most relevant to their recent browsing history. If the user was looking at jewelry prior to coming to your site, they’ll most likely see an ad related to jewelry, even if your site is all about automobiles. You have zero control regarding the adverts the ad network shows on your site.

Things are a bit different with self-managed ads, you sell adverts that are in tune with your target audience. So, instead of showing jewelry ads, you show ads for vehicle spare parts, engine oil and so on.

Each advertising option has different pricing models. A majority of ad networks usually offer the CPC (cost per click) model, which means you’re paid for all the clicks you generate. You can make between $0.02 and $15 bucks per click depending on the niche.

With a high volume of traffic, you can make quite a killing with ad networks, keeping in mind they offer other ad models. Self-managed ads usually attract higher ad rate, since you’re essentially selling ad space to interested businesses at a flat monthly fee.

The advertising topic is an extensive read, but as it’s one of the most lucrative WordPress monetization strategies it’s worth your time to dig in.

2. Affiliate Marketing

affiliate summit west 2017

Affiliate Summit West 2017

Affiliate marketing is much like advertising; you earn for sending the merchant an interested prospect. Instead of getting paid for clicks and impressions, you receive a commission for all of your hard work.

While affiliate marketing sounds like mumbo-jumbo to the perfect beginner, it is easy to comprehend. According to Neil Patel, affiliate marketing is “…the process of earning a commission by promoting other people’s (or company’s) products. You find a product you like, promote it to others and earn a piece of the profit for each sale that you make.”

Sounds quite basic, this affiliate marketing business, don’t you think? Plus you can recommend any product under the sun. In essence, you’re just a promoter, which means you can engage in any promotion strategy that comes to mind… just keep it legal.

In other words, affiliate marketing is a versatile animal in terms of payment models and your level of involvement. What does that even mean?

Affiliate Marketing Payment Models

We are privy to three main payment models, but feel free to chip in if you know of any other models.

  • PPC (Pay Per Click) Affiliate Marketing – The company pays you a commission for all the clicks you generate, whether the prospects make a purchase or just browse and leave.
  • PPL (Pay Per Lead) Affiliate Marketing – In this scenario, you earn a commission whenever the prospect you refer completes any desired action e.g., subscribe, sign up for a free trial, create an account and so on. Examples of websites offering this kind of affiliate marketing include ShareASale and Cj Affiliate among others.
  • PPS (Pay Per Sale) Affiliate Marketing – The traditional form of affiliate marketing, you only earn a commission if the prospect you refer makes a purchase. This is the most popular model of affiliate marketing and usually results in better returns than PPC and PPL affiliate marketing – holding other factors constant. Examples include Amazon Associates, Envato Marketplace, and most independent online theme/plugin stores.

Levels of Involvement in Affiliate Marketing

Now that you know you can make money via clicks, leads and sales, let’s look at three more types of affiliate marketing in terms of involvement.

As Pat Flynn explains, we have three levels of affiliate marketing involvement namely:

  • Unattached – In this type of affiliate marketing, you have absolutely no presence or authority in the niche. You just create affiliate links to products via social media or any other platform. But since we are monetizing your WordPress site, you can use this type of affiliate marketing to complement your earnings.
  • Related – Here, you have some presence online and are promoting products related to your niche, but the affiliate links are for products that you don’t actually use. For example, if you have a blog that covers WordPress, you could promote themes, hosting and plugins, without trying out each product first.
  • Involved – You only promote products that you use and believe in. You swear by the products and recommend them as part of the “dream” or the process you’re outlining on your blog.

Concerning affiliate WordPress monetization strategies at your disposal, you can use coupons, deals, product reviews, text links, banner links, product aggregation, email newsletters, and offline methods among others.

3. Monetize WordPress with Memberships

WordPress monetization strategies - create membership site

Let’s say you have built an engaged audience thanks to the great content you’ve been offering for free. You can add paid memberships to a section of your site where you offer courses and any other form of premium content.

Many website owners capitalize on paid membership to create a recurring source of passive income. And all you have to do is create some high-quality content and hide it behind a paywall. With a huge collection of WordPress membership plugins at your disposal, you can start right this minute.

If you have a product, you can release it under a membership program, in the sense that the user needs an active (and preferably recurring) membership to use the product. Instead of selling the product, you can sell memberships instead.

We have seen WordPress entrepreneurs convert their already existing readers into paying members with little effort. Good examples of websites making a killing with memberships include Elegant Themes, Moz and more (though it’s important to note these sites are often employing multiple WordPress monetization strategies).

4. Sell Products or Services

the buying process for online stores

One of the most popular WordPress monetization strategies is selling stuff online. In fact, if no one sold anything, we would have no advertisers, membership sites and affiliate programs to cash on.

If running advertisements, promoting somebody else’s products or hosting a membership site isn’t your cup of tea, you can try build an online store with WordPress to promote a service or product to your audience.

There is no shortage of products to sell, plus you can always sell specialized skills via a hire page. For instance, you could offer design or blogging services like yours truly. You could consult and sell any service your readers need. If you don’t have a ready product, consider reselling a product or service via your WordPress site.

If you’d like to go full-blown e-commerce, you can set up an online store easily using a plugin such as WooCommerce. An online store helps you to sell both digital and physical goods, meaning you can use e-commerce to boost your stone-and-mortar store. Better still, you can use affiliate marketing to boost your sales.

If you decide to build an e-commerce website, make it unique and target a niche. There is strict competition out there in just about any market, so focus on what you’re best at or most interested in.

5. Sponsored Posts/Reviews

using sponsored posts to monetize wordpress site

Think of the Race Car as Your Sponsored Post, Just Don’t Overdo It

As a blogger, you can make a quick buck from sponsored posts or reviews. If you have earned authority and are popular in your niche, businesses will start approaching you to write favorable reviews about their products.

As a beginner, it will prove fruitful to approach the companies with good proposals. Just ensure you review products and services that are relevant to your target audience. Reviewing products just for the money will tarnish the authority you worked so hard to earn.

Additionally, don’t make your site all about sponsored posts when the businesses start calling. Keep publishing the content that earned you traffic and authority. An occasional sponsored post works great, but overdoing it is not a long-term strategy.

According to BobWP, “…others may want to sponsor a post that just mentions their product in the context of some news in their industry—or simply pay for a banner ad or mention at the end of the post.”

As such, there are many opportunities to explore with sponsored posts especially if you can secure monthly/yearly arrangements with the companies. Just don’t be biased in your reviews as this is detrimental to your integrity.

6. More WordPress Monetization Strategies

There are many other ways of monetizing your WordPress site, but since covering all of them would need an eBook (perhaps you could create one and sell it?), here are a couple of honorable mentions:

  • Donations – You can make money via your WordPress site by asking your readers to donate. This strategy works like magic, which is why most non-profit and NGOs thrive on donations. Just ask your readers.
  • Dropship – When starting your own online store you don’t necessarily need your own goods to promote. Dropshipping for WordPress allows you to make money on products you don’t own or have in inventory. You place the product on your site and collect the payment from the buyer. Then, you buy at a cheaper rate from the supplier who ships the product directly to the buyer.
  • Create a job board – If you’re content producer catering to bloggers, you can create a job board. Do you cater to WordPress designers and developers? You can create a job board for them. Work with nonprofits that needs to be connected with businesses for donations? You can design a board for that too. Here are a couple of popular WordPress-related job boards for inspiration to get your ideas flowing.

Final Remarks

These WordPress monetization strategies will help you to make money on your WordPress site in no time. However, keep in mind everything worth having in life takes hard work. As we all know success is 99% perspiration and 1% inspiration. So continue to work on building your website and your brand by creating quality content, focusing on SEO and continuing to optimize your site for your readers.

Today, we just offered you the 1% inspiration you need. Are you up for the challenge? Do you think you have what it takes to provide that 99% of perspiration?

Do you know of other WordPress monetization strategies we didn’t mention? If so, let us know in the comment section below, so we can add it to this post and credit you by mentioning your name. Cheers and good luck making the moolah this year!



Source link

Read more...

How NOT to Secure Your WordPress Website


What is the first thing you would do when you want to secure your WordPress site? Find out the top five security plugins, consider how affordable they are and then go ahead and install one. That done, now you can sit back and relax, right? Wrong!

Using a security plugin does not ensure security. Security is not an absolute thing and no one can guarantee complete security. The best we can do is reduce the risk of a hack. And contrary to popular belief, the site owner needs to be involved in keeping the website safe. Knowing what you should do and shouldn’t is significant.

While there are several guides to what you should do to keep your WordPress site safe, we are offering you a guide on what you should AVOID doing instead. You will note that the advice here are in conflict with the general belief. But from our experience, a lot of advice out there are outdated and offers a false sense of security.

If the matter of WordPress security nags you as much as it does to us, take a look at the following.

1. Don’t Use Too Many Security Plugins

Given the wide range of plugins available out there, with various feature sets, it’s tempting to use more than one WordPress security plugin. To be honest, it’s an overkill. Being anxious about your site’s security is normal but you have to ask yourself if you really need more than one security plugin? What are the features essential to your site’s requirement? Are the features going to step on each other’s toes?

For instance, a conflict could arise when the plugins begin modifying files such as wp-config.php or htaccess. Plugins can easily fiddle with these files but they are not modifying them in a single unanimous way. This could create conflicts and make your website slow.

With WordPress sites, things can go wrong now and then. Everyone hates the dreaded White Screen of Death. Having multiple plugins that deeply affects your website can make debugging issues difficult.  Now, had there been just one plugin, finding and fixing the cause of the error would have been easier and less complicated.

2. Do Not Change DB Prefix

There are several ways in which a WordPress site can be compromised. Hacker may gain access to a site’s database through SQL injection attack. A vulnerability in a plugin or theme can be used to break into the site’s database (which is why we suggest you instead use a WordPress database backup plugin to avoid similar pitfall). One popular method of preventing hackers from going deeper into your site is by changing the default table prefix. As you can see in the image below, in WordPress, the default table prefix is ‘wp_.’ WordPress allows you to change table prefix (to say, ‘xzy_’) so as to hide certain tables.

WordPress Database Prefixes

On the surface, this looks like a good idea. If the hackers do not know the table name, then they can’t retrieve the data from it. This is, however, a false reasoning. Once someone hacks into your database, there are still ways to find out the tables. Hence changing the names of the prefix is of no use. Moreover modifying the default prefix can cause several plugins to misbehave.

Furthermore, changing the database prefix midflight is difficult to implement and can cause your website to crash. This is because there are many changes that need to be made on every level. Any error in the process will prove to be catastrophic to your site.

3. Avoid Hiding Your Login Page

There is always someone trying to break into your site by cracking your password. During brute force attacks, hackers try to log into your website using a combination of popular usernames and passwords. So what if we hide the login page? That will kill two birds with one stone, right? Hacker wouldn’t be able to find the login page and the load on your server will be reduced.

WordPress has a default login page. URL to the page usually looks like this example.com/wp-login.php. One well-known way of saving your website from brute force attack is by hiding or changing the default login page to something else like example.com/mylogin.php. Although this sounds like a foolproof plan, let’s find out how effective the method is in keeping your WordPress site secure.

Server Load Reduction

After you hide or change the location of your login page, every time someone tries to open it, they’ll face a 404 error. However, login attempts are a heavy process. Whenever the 404 error page loads, it eats up a lot of your server resources. And ends up slowing down your website. Hence, the common belief that hiding your login page will reduce the load on the server is incorrect.

Alternative URL Not Hard to Guess

Part of WordPress’ success as a CMS is due to plugins that make modifications to a website easier. It’s not surprising that a popular way of hiding a login page of a site is by using a plugin. These plugins come with a set of default alternative login URL like xzy.com/wplogin.php, etc. We have been trained to just go with default settings. Once we install the plugin and change our URL, we don’t give much thought to it. But there are only so many URL a plugin can offer. It’s not too difficult to find out these preset login URL. Therefore, using alternative URL may be ineffective in most cases.

Usability Issues

The beauty of WordPress is that it’s easy to use. It’s a familiar platform. For a site with a multitude of users, changing or hiding the login page could pose certain issues. Several times we have come across posts on WordPress forums where users are locked out of a site because of a change in the login URL. In most case the changes were made using a plugin and the users were not made aware of the situation causing chaos.

4. Don’t Block IP Addresses Manually

If you have a security plugin installed on your site, you’ll be notified whenever someone tries to log into your website. You can easily get hold of the IP sending those malicious requests and block them using the .htaccess file. It’s a manually intensive work and not a very convenient practice.

Not User-Friendly

A non-technical person trying to modify the .htaccess files is a recipe for disaster. A content management system like WordPress has very strict formatting. Even using the most popular tools like FTP/SFTP are very risky. A minor error or an incorrect placement of command can cause the site to crash.

Too Many IPs to Block

To avoid getting blacklisted, hackers use IP addresses from around the globe. Previously, we discussed about manually blocking IP addresses who are constantly trying to break into your site. The work (as we’ve mentioned before) requires a lot of time and effort but isn’t exactly a very efficient use of time. But if you use any of top WordPress security plugins, for instance, Malcare, you can automate the blocking process. Such security plugins take care of all WP security loopholes.

5. Hiding WordPress

There is a general assumption that concealing your CMS makes it harder for people with vile intention to break into your site. What if we could hide the fact that your website is running on WordPress. That would protect your site from hackers wanting to exploit common vulnerabilities. An easy way of doing this is by (you guessed it) using a plugin. But the method fails when the hackers don’t care what platform your website is running on. Besides, there are a multitude of ways to find out if a site is running on WordPress.

Besides using a plugin, one can choose to do the work manually. But it’s a time-consuming process. A single WordPress update can undo all you work within a few seconds. Which means, you’d either have to repeat the process over and over again or shy away from WP updates. Skipping WordPress updates is like opening the front door for a hacker to walk right into your home.

6. Password Protecting wp-admin Does Not Work

The default WordPress login page (that looks like this – example.com/wp-admin) is a gateway to your site. A typical login page looks like the picture below.

Here you’ll need to use your credentials to access the WordPress dashboard. Password protecting the login page helps hide or protect this gateway to the dashboard. It’s a good idea but not without its loopholes.

First off, it’s difficult to maintain or even change the password, if you happen to lose it. Besides being ineffective in providing additional security, such modifications to your site can prove to be very dangerous. For instance, when you password protect the admin page, request such as /wp-admin/admin-ajax.php cannot bypass the protection. There are plugins that could be dependent on the Ajax functionality of your site. And when they are not able to access this functionality, they start misbehaving. Hence, this can cause the website to break.

Over to You

If you have any questions or suggestions regarding what one needs to avoid to secure one’s WordPress site, let us know in the comments.



Source link

Read more...

Full

Easy WordPress Monetization Strategies – WPExplorer


We’re well into the new year which means it’s time to make good on your resolutions to do well for yourself and your business. If you’ve built your site from the ground up, have a good flow of traffic, and are now looking for WordPress monetization strategies, you’re in the right place.

There is more; as we delve into different WordPress monetization strategies we’ll uncover a treasure trove of tips you can use to boost engagement on your site. As such, you can think of this post as a two-pronged approach to WordPress monetization.

The first tip being it is important to use methods that align with your target audience. How else do you make the most of your WordPress monetization strategies?

Another quick note: we focus on self-hosted WordPress blogs (WordPress.org) and not free WordPress.com blogs, as the latter ships with some limitations as far as monetization goes.

If you’re a bit curious, wildly successful blogs include the likes of HuffPost (est. $14,000,000/month), Moz (est. $4,250,000/month) and TechCrunch (est. $2,500,000/month) among others. And yes, that’s in American dollars.

With the preliminaries out of the way, let’s show you how to make money with WordPress in 48 hours. To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

To make money from your WordPress site, here are a couple of strategies to point you in the right direction.

1. Advertising

coca-cola advert from 1890s

Coca-Cola Advert from the 1890s

Since the days of yore, the advertisement sector has always been a big earner. According to a report by emarketer.com, advertisers all over the world spend more than $220 billion per year on digital ads.

That’s a huge chunk of change, don’t you agree? If you have good traffic, you can rack up the dollars in no time. But how do you start?

Self-Managed vs. Ad Networks

For starters, there are two advertisement options available to you. You can choose ad networks such as Google AdSense for WordPress. This is just one of many – Bing has their own ad network, as does Facebook, Yahoo and Amazon. For an extensive list just search “ad networks” on Google to see what’s available.

Alternatively, you can host your own advertisements. You choose the ads, fees, how and where to display each ad among other things. To sell self-managed ads it’s typically easiest to use on the the reputable ad management plugins available for WordPress or to go through a third party service such as BuySellAds to manage available ad spots.

That said, the main difference between ad networks and self-managed ads is the higher level of control you enjoy with the latter. In other words, ad networks usually show your reader adverts that are most relevant to their recent browsing history. If the user was looking at jewelry prior to coming to your site, they’ll most likely see an ad related to jewelry, even if your site is all about automobiles. You have zero control regarding the adverts the ad network shows on your site.

Things are a bit different with self-managed ads, you sell adverts that are in tune with your target audience. So, instead of showing jewelry ads, you show ads for vehicle spare parts, engine oil and so on.

Each advertising option has different pricing models. A majority of ad networks usually offer the CPC (cost per click) model, which means you’re paid for all the clicks you generate. You can make between $0.02 and $15 bucks per click depending on the niche.

With a high volume of traffic, you can make quite a killing with ad networks, keeping in mind they offer other ad models. Self-managed ads usually attract higher ad rate, since you’re essentially selling ad space to interested businesses at a flat monthly fee.

The advertising topic is an extensive read, but as it’s one of the most lucrative WordPress monetization strategies it’s worth your time to dig in.

2. Affiliate Marketing

affiliate summit west 2017

Affiliate Summit West 2017

Affiliate marketing is much like advertising; you earn for sending the merchant an interested prospect. Instead of getting paid for clicks and impressions, you receive a commission for all of your hard work.

While affiliate marketing sounds like mumbo-jumbo to the perfect beginner, it is easy to comprehend. According to Neil Patel, affiliate marketing is “…the process of earning a commission by promoting other people’s (or company’s) products. You find a product you like, promote it to others and earn a piece of the profit for each sale that you make.”

Sounds quite basic, this affiliate marketing business, don’t you think? Plus you can recommend any product under the sun. In essence, you’re just a promoter, which means you can engage in any promotion strategy that comes to mind… just keep it legal.

In other words, affiliate marketing is a versatile animal in terms of payment models and your level of involvement. What does that even mean?

Affiliate Marketing Payment Models

We are privy to three main payment models, but feel free to chip in if you know of any other models.

  • PPC (Pay Per Click) Affiliate Marketing – The company pays you a commission for all the clicks you generate, whether the prospects make a purchase or just browse and leave.
  • PPL (Pay Per Lead) Affiliate Marketing – In this scenario, you earn a commission whenever the prospect you refer completes any desired action e.g., subscribe, sign up for a free trial, create an account and so on. Examples of websites offering this kind of affiliate marketing include ShareASale and Cj Affiliate among others.
  • PPS (Pay Per Sale) Affiliate Marketing – The traditional form of affiliate marketing, you only earn a commission if the prospect you refer makes a purchase. This is the most popular model of affiliate marketing and usually results in better returns than PPC and PPL affiliate marketing – holding other factors constant. Examples include Amazon Associates, Envato Marketplace, and most independent online theme/plugin stores.

Levels of Involvement in Affiliate Marketing

Now that you know you can make money via clicks, leads and sales, let’s look at three more types of affiliate marketing in terms of involvement.

As Pat Flynn explains, we have three levels of affiliate marketing involvement namely:

  • Unattached – In this type of affiliate marketing, you have absolutely no presence or authority in the niche. You just create affiliate links to products via social media or any other platform. But since we are monetizing your WordPress site, you can use this type of affiliate marketing to complement your earnings.
  • Related – Here, you have some presence online and are promoting products related to your niche, but the affiliate links are for products that you don’t actually use. For example, if you have a blog that covers WordPress, you could promote themes, hosting and plugins, without trying out each product first.
  • Involved – You only promote products that you use and believe in. You swear by the products and recommend them as part of the “dream” or the process you’re outlining on your blog.

Concerning affiliate WordPress monetization strategies at your disposal, you can use coupons, deals, product reviews, text links, banner links, product aggregation, email newsletters, and offline methods among others.

3. Monetize WordPress with Memberships

WordPress monetization strategies - create membership site

Let’s say you have built an engaged audience thanks to the great content you’ve been offering for free. You can add paid memberships to a section of your site where you offer courses and any other form of premium content.

Many website owners capitalize on paid membership to create a recurring source of passive income. And all you have to do is create some high-quality content and hide it behind a paywall. With a huge collection of WordPress membership plugins at your disposal, you can start right this minute.

If you have a product, you can release it under a membership program, in the sense that the user needs an active (and preferably recurring) membership to use the product. Instead of selling the product, you can sell memberships instead.

We have seen WordPress entrepreneurs convert their already existing readers into paying members with little effort. Good examples of websites making a killing with memberships include Elegant Themes, Moz and more (though it’s important to note these sites are often employing multiple WordPress monetization strategies).

4. Sell Products or Services

the buying process for online stores

One of the most popular WordPress monetization strategies is selling stuff online. In fact, if no one sold anything, we would have no advertisers, membership sites and affiliate programs to cash on.

If running advertisements, promoting somebody else’s products or hosting a membership site isn’t your cup of tea, you can try build an online store with WordPress to promote a service or product to your audience.

There is no shortage of products to sell, plus you can always sell specialized skills via a hire page. For instance, you could offer design or blogging services like yours truly. You could consult and sell any service your readers need. If you don’t have a ready product, consider reselling a product or service via your WordPress site.

If you’d like to go full-blown e-commerce, you can set up an online store easily using a plugin such as WooCommerce. An online store helps you to sell both digital and physical goods, meaning you can use e-commerce to boost your stone-and-mortar store. Better still, you can use affiliate marketing to boost your sales.

If you decide to build an e-commerce website, make it unique and target a niche. There is strict competition out there in just about any market, so focus on what you’re best at or most interested in.

5. Sponsored Posts/Reviews

using sponsored posts to monetize wordpress site

Think of the Race Car as Your Sponsored Post, Just Don’t Overdo It

As a blogger, you can make a quick buck from sponsored posts or reviews. If you have earned authority and are popular in your niche, businesses will start approaching you to write favorable reviews about their products.

As a beginner, it will prove fruitful to approach the companies with good proposals. Just ensure you review products and services that are relevant to your target audience. Reviewing products just for the money will tarnish the authority you worked so hard to earn.

Additionally, don’t make your site all about sponsored posts when the businesses start calling. Keep publishing the content that earned you traffic and authority. An occasional sponsored post works great, but overdoing it is not a long-term strategy.

According to BobWP, “…others may want to sponsor a post that just mentions their product in the context of some news in their industry—or simply pay for a banner ad or mention at the end of the post.”

As such, there are many opportunities to explore with sponsored posts especially if you can secure monthly/yearly arrangements with the companies. Just don’t be biased in your reviews as this is detrimental to your integrity.

6. More WordPress Monetization Strategies

There are many other ways of monetizing your WordPress site, but since covering all of them would need an eBook (perhaps you could create one and sell it?), here are a couple of honorable mentions:

  • Donations – You can make money via your WordPress site by asking your readers to donate. This strategy works like magic, which is why most non-profit and NGOs thrive on donations. Just ask your readers.
  • Dropship – When starting your own online store you don’t necessarily need your own goods to promote. Dropshipping for WordPress allows you to make money on products you don’t own or have in inventory. You place the product on your site and collect the payment from the buyer. Then, you buy at a cheaper rate from the supplier who ships the product directly to the buyer.
  • Create a job board – If you’re content producer catering to bloggers, you can create a job board. Do you cater to WordPress designers and developers? You can create a job board for them. Work with nonprofits that needs to be connected with businesses for donations? You can design a board for that too. Here are a couple of popular WordPress-related job boards for inspiration to get your ideas flowing.

Final Remarks

These WordPress monetization strategies will help you to make money on your WordPress site in no time. However, keep in mind everything worth having in life takes hard work. As we all know success is 99% perspiration and 1% inspiration. So continue to work on building your website and your brand by creating quality content, focusing on SEO and continuing to optimize your site for your readers.

Today, we just offered you the 1% inspiration you need. Are you up for the challenge? Do you think you have what it takes to provide that 99% of perspiration?

Do you know of other WordPress monetization strategies we didn’t mention? If so, let us know in the comment section below, so we can add it to this post and credit you by mentioning your name. Cheers and good luck making the moolah this year!



Source link

Read more...

How NOT to Secure Your WordPress Website


What is the first thing you would do when you want to secure your WordPress site? Find out the top five security plugins, consider how affordable they are and then go ahead and install one. That done, now you can sit back and relax, right? Wrong!

Using a security plugin does not ensure security. Security is not an absolute thing and no one can guarantee complete security. The best we can do is reduce the risk of a hack. And contrary to popular belief, the site owner needs to be involved in keeping the website safe. Knowing what you should do and shouldn’t is significant.

While there are several guides to what you should do to keep your WordPress site safe, we are offering you a guide on what you should AVOID doing instead. You will note that the advice here are in conflict with the general belief. But from our experience, a lot of advice out there are outdated and offers a false sense of security.

If the matter of WordPress security nags you as much as it does to us, take a look at the following.

1. Don’t Use Too Many Security Plugins

Given the wide range of plugins available out there, with various feature sets, it’s tempting to use more than one WordPress security plugin. To be honest, it’s an overkill. Being anxious about your site’s security is normal but you have to ask yourself if you really need more than one security plugin? What are the features essential to your site’s requirement? Are the features going to step on each other’s toes?

For instance, a conflict could arise when the plugins begin modifying files such as wp-config.php or htaccess. Plugins can easily fiddle with these files but they are not modifying them in a single unanimous way. This could create conflicts and make your website slow.

With WordPress sites, things can go wrong now and then. Everyone hates the dreaded White Screen of Death. Having multiple plugins that deeply affects your website can make debugging issues difficult.  Now, had there been just one plugin, finding and fixing the cause of the error would have been easier and less complicated.

2. Do Not Change DB Prefix

There are several ways in which a WordPress site can be compromised. Hacker may gain access to a site’s database through SQL injection attack. A vulnerability in a plugin or theme can be used to break into the site’s database (which is why we suggest you instead use a WordPress database backup plugin to avoid similar pitfall). One popular method of preventing hackers from going deeper into your site is by changing the default table prefix. As you can see in the image below, in WordPress, the default table prefix is ‘wp_.’ WordPress allows you to change table prefix (to say, ‘xzy_’) so as to hide certain tables.

WordPress Database Prefixes

On the surface, this looks like a good idea. If the hackers do not know the table name, then they can’t retrieve the data from it. This is, however, a false reasoning. Once someone hacks into your database, there are still ways to find out the tables. Hence changing the names of the prefix is of no use. Moreover modifying the default prefix can cause several plugins to misbehave.

Furthermore, changing the database prefix midflight is difficult to implement and can cause your website to crash. This is because there are many changes that need to be made on every level. Any error in the process will prove to be catastrophic to your site.

3. Avoid Hiding Your Login Page

There is always someone trying to break into your site by cracking your password. During brute force attacks, hackers try to log into your website using a combination of popular usernames and passwords. So what if we hide the login page? That will kill two birds with one stone, right? Hacker wouldn’t be able to find the login page and the load on your server will be reduced.

WordPress has a default login page. URL to the page usually looks like this example.com/wp-login.php. One well-known way of saving your website from brute force attack is by hiding or changing the default login page to something else like example.com/mylogin.php. Although this sounds like a foolproof plan, let’s find out how effective the method is in keeping your WordPress site secure.

Server Load Reduction

After you hide or change the location of your login page, every time someone tries to open it, they’ll face a 404 error. However, login attempts are a heavy process. Whenever the 404 error page loads, it eats up a lot of your server resources. And ends up slowing down your website. Hence, the common belief that hiding your login page will reduce the load on the server is incorrect.

Alternative URL Not Hard to Guess

Part of WordPress’ success as a CMS is due to plugins that make modifications to a website easier. It’s not surprising that a popular way of hiding a login page of a site is by using a plugin. These plugins come with a set of default alternative login URL like xzy.com/wplogin.php, etc. We have been trained to just go with default settings. Once we install the plugin and change our URL, we don’t give much thought to it. But there are only so many URL a plugin can offer. It’s not too difficult to find out these preset login URL. Therefore, using alternative URL may be ineffective in most cases.

Usability Issues

The beauty of WordPress is that it’s easy to use. It’s a familiar platform. For a site with a multitude of users, changing or hiding the login page could pose certain issues. Several times we have come across posts on WordPress forums where users are locked out of a site because of a change in the login URL. In most case the changes were made using a plugin and the users were not made aware of the situation causing chaos.

4. Don’t Block IP Addresses Manually

If you have a security plugin installed on your site, you’ll be notified whenever someone tries to log into your website. You can easily get hold of the IP sending those malicious requests and block them using the .htaccess file. It’s a manually intensive work and not a very convenient practice.

Not User-Friendly

A non-technical person trying to modify the .htaccess files is a recipe for disaster. A content management system like WordPress has very strict formatting. Even using the most popular tools like FTP/SFTP are very risky. A minor error or an incorrect placement of command can cause the site to crash.

Too Many IPs to Block

To avoid getting blacklisted, hackers use IP addresses from around the globe. Previously, we discussed about manually blocking IP addresses who are constantly trying to break into your site. The work (as we’ve mentioned before) requires a lot of time and effort but isn’t exactly a very efficient use of time. But if you use any of top WordPress security plugins, for instance, Malcare, you can automate the blocking process. Such security plugins take care of all WP security loopholes.

5. Hiding WordPress

There is a general assumption that concealing your CMS makes it harder for people with vile intention to break into your site. What if we could hide the fact that your website is running on WordPress. That would protect your site from hackers wanting to exploit common vulnerabilities. An easy way of doing this is by (you guessed it) using a plugin. But the method fails when the hackers don’t care what platform your website is running on. Besides, there are a multitude of ways to find out if a site is running on WordPress.

Besides using a plugin, one can choose to do the work manually. But it’s a time-consuming process. A single WordPress update can undo all you work within a few seconds. Which means, you’d either have to repeat the process over and over again or shy away from WP updates. Skipping WordPress updates is like opening the front door for a hacker to walk right into your home.

6. Password Protecting wp-admin Does Not Work

The default WordPress login page (that looks like this – example.com/wp-admin) is a gateway to your site. A typical login page looks like the picture below.

Here you’ll need to use your credentials to access the WordPress dashboard. Password protecting the login page helps hide or protect this gateway to the dashboard. It’s a good idea but not without its loopholes.

First off, it’s difficult to maintain or even change the password, if you happen to lose it. Besides being ineffective in providing additional security, such modifications to your site can prove to be very dangerous. For instance, when you password protect the admin page, request such as /wp-admin/admin-ajax.php cannot bypass the protection. There are plugins that could be dependent on the Ajax functionality of your site. And when they are not able to access this functionality, they start misbehaving. Hence, this can cause the website to break.

Over to You

If you have any questions or suggestions regarding what one needs to avoid to secure one’s WordPress site, let us know in the comments.



Source link

Read more...