Did you read The Crazy Easy guide to getting traffic part 1? Take a couple of minutes now to go and check it out.
Now that you're finished, let's take a look at free promotion for your website.
Everyone loves free things.
As soon as people hear "free", they charge forward. But before charging into any of this, remember – it's free, but takes a lot of work.
That said, there's a powerful 1-2 punch you can use to skyrocket traffic, sales and build the reputation of your brand.
Let's look at what you need to do.
Remember that in the spirit of our Crazy Easy guides, this is not comprehensive. It's the first place you can learn about free site promotion – but do further reading to find more answers.
This is where most people would write "SEO" and leave it at that.
But I'm not most people. SEO is only one part of the picture.
A search engine is a giant digital confession booth, shopping mall and information directory.
And it's got only one job: to give people what they want. It's a very simple sentiment, but it bears repeating over and over until it's completely imprinted on your brain.
Search engines give people what they want based on what they're looking for.
Let's say you've got a sporting goods company in Melbourne and your site ranks high for the phrase "buy tennis balls in Melbourne".
That's awesome. People who want to buy tennis balls and are looking for a place to get them are going to come right to you. Once they're at your site, you know that they want tennis balls (they searched for them, after all) so the chances of buying them are high.
So how do you rank for this search query?
You make sure that when the search engine decides to give people a great site, it decides to give them yours. You can break it down into three important areas:
This can be understood as making sure your site works properly and that search engines can read it. Obviously if things are broken, then your site isn't what people want.
If it takes fifteen seconds for a page to load, that isn't what people want.
This is pretty obvious… but what is less obvious is that there are things that search robots don't understand.
Is your site text delivered using pictures? Bots can't read pictures.
Do you have a bunch of pages with similar or thin content? Bots see them as being all the same.
Is your site an unreadable piece of junk on mobile? Bots really don't like that.
Are your pages isolated with no links between them? Bots can't find them.
Do these questions make your head hurt? We haven't even scratched the surface.
Now you know why SEO firms can charge thousands of dollars a month.
Luckily, for many small sites with simple technology behind them (WordPress, Joomla!, Magento) these problems are mostly resolved – not completely, but to the level that the majority of people will need. These platforms are good because they are fairly SEO-friendly.
You can use plugins like Yoast to help you with the technical optimisation of your WordPress site.
But there's more.
Next, we deal with how well the search engine is able to understand your content and how much it likes it.
Text should be readable by search engines – that means it needs to be delivered in HTML, not images or Flash.
But there's much more to it than that.
Your method of delivering content just lets the bots understand what your page is about.
People, on the other hand, care about what you write. And search engines care about what people care about.
Everyone tells you to write good content… but few people tell you how.
Luckily, I'm not everyone.
There are a few vital things you need to remember when writing.
1. Be relevant and specific about a single topic.
Let's go with an example.
Imagine writing a post about nutrition and targeting the keywords "high-protein snacks".
What are people searching this term interested in?
They want snacks, so they're interested in small things they can eat throughout the day.
They want options, so give them a list.
They want high protein, so include the nutrition facts.
And, most importantly, you search the competition.
The best article might have 25 snack ideas.
Bump that to 50. Sit and sweat and rack your brains until you come up with a piece of content that's so much better than everything else that it blows it out of the water.
See what I mean about it being a lot of work?
On the technical side, make sure our robot overlords absolutely understand what your post is about.
Include the subject in:
- The title tag (50 High-Protein Snacks That You Can Make in Five Minutes)
- The URL (my-site.com/high-protein-snacks)
- Any image alt text (Greek yogurt is a high-protein snack)
- The content itself (but not too many times, and not trying to artificially stick it in places where it doesn't belong)
2. Provide unique content
"Unique" doesn't mean that you read Wikipedia and shuffled the words around.
It means that your content not only hasn't appeared anywhere else on the internet, it also provides a unique viewpoint, new ideas, or expert analysis.
3. Link to your other content
If you write the post above about high-protein snacks, you might also have written a post about healthy meals that people can make in a hurry.
Link back to it. Maybe your readers will be interested in that post.
If you have a store and you sell jackets, include a link to pairs of mittens or boots or other items that people often buy together.
This helps the robots navigate your site and provides your users with even more value.
It's all about relationships.
Search engines look at a number of external factors to understand how much people value your content and, basically, why they should rank you.
Think about it:
If you go to a web page that solves half of your problems, are you going to put a link to it on your site?
Are you going to share it on social media?
Of course not.
You want something that your visitors will also find valuable.
So how do you get links and social shares?
If you think that links and sharing are primarily a reflection of how good your site is, without any other considerations, you're in for a nasty shock.
Reach out. Build relationships with other websites – after all, we often forget that the internet is a network.
If you are truly offering value on your site and being genuine in your outreach, people will respond. Obviously don't spam people with requests for links, but if you can get on someone's radar and build a real relationship with them, that can be worth a fortune.
This can be as simple as mentioning their product in your articles and on Twitter a couple times, or it may require a lot of email outreach.
This is a short, very condensed version of what you need to do to get your site to rank in search engines.
There's another way of promoting your site for free, though.
Excited? Think it's going to be easier?
Social media marketing
SMM is a much less exact science than SEO, which is saying quite a lot.
That's because search engines tend to prefer certain types of sites – authoritative sites with lots of links, engagement, and in-depth content.
Social media depends entirely on your audience, and that's a golden mantra you have to repeat to yourself over and over again.
It's not about me. It's about them.
One group of people likes cat videos, another scientific articles.
Sites can go from blank WordPress installations to having ten thousand visitors their first month all because their content appealed to social networks.
If you truly understand your audience, then your social media presence will be unstoppable. If you don't, you'll never make waves no matter how many times you try to optimise your campaigns.
If there's a golden rule to social media marketing, it's this:
These people have let you into their lives. Respect that.
If they complain, listen.
If they ignore you, post something different.
This is general advice, but there are specific rookie lessons everyone should learn.
The biggest ones are listed below:
1. Don't spread yourself too thin
It's tempting to create accounts on Facebook, LinkedIn, Twitter, Pinterest, Tumblr, Google+, YouTube, Medium, Flickr, LiveJournal, Reddit and Vimeo right away…
…but you shouldn't, for the simple reason that it's better to do one social platform well than to do fifteen badly.
2. Share other people's stuff
Remember your audience.
You might produce 2-3 pieces of content a week if you're prolific. In the meantime, give people something that might interest them. Other content creators will also thank you.
Just like in the SEO section of this article, you need to connect: because this is a network.
The idea that you can operate like the biggest, most famous brands in the world and just publish funny content only leads to frustration.
Reach out to other people – comment on their posts, share their content, and remember…
4. Be a human being, not a brand
That's what it takes to promote your site for free. On social networks and everywhere else, remember – people don't connect with brands, they want to connect with personalities.
You can optimise everything, but if you act like a robot, people are going to treat you like one.
Hopefully, you've learned something new about SEO and SMM and can go out into the world armed with those new acronyms to get more traffic for your site.
It's not easy, but nothing worthwhile is.
We hope you get a lot out of using these tips, and that your sites are successful in the future.
|d8nn / Shutterstock.com|
More than ever before in 2015, the world turned to search for its news. As stories big and small made the headlines, as we woke up on bright mornings to social media reports of events unfolding half a world away, or saw trending stories in our networks, we turned to our search engines of choice and searched for answers.
You declared to the world "Je Suis Paris"
|Sean Gallup/Getty Images|
France's capital city was hit twice in less than a year with terror attacks. The year was barely started when gunmen attacked the offices of satirical magazine Charlie Hebdo, killing 11 people and injuring another 11 – before the attackers were killed in a confrontation with police, they had shot a further five people.
Two million people joined 40 world leaders in Paris on January 11 for a a rally of national unity. Less than a year after the Charlie Hebdo attacks, on November 13 2015, the world was shocked by a series of co-ordinated terror attacks on the city as terrorists attacked a cafe, restaurant, stadium and theatre.
According to Google, that day saw the highest search interest for Paris in the history of search engine, as people around the world turned to the internet to try and find out what was happening, and if loved ones in the city were safe.
Google's trend data shows cities around the world asking questions such as "What is Pray for Paris?" and "What happened in Paris?" Microsoft's Bing search engine shows top search terms including "Tributes for Paris", "Paris sumbol", "Peace for Paris" and "How to help France."
You asked: why call me Caitlyn?
|Annie Leibovitz for Vanity Fair|
When former Olympian-turned-reality-tv-star Caitlyn Jenner announced her identity as a transgender woman in April 2015, it was big news. When Jenner then posed for the cover of Vanity Fair magazine, online searches went stratospheric.
In Australia, Jenner was Google's most-searched "global" person of the year, and high in the rankings for other countries around the world. According to Bing, following Caitlyn's TV appearance and magazine interview, searches for "Caitlyn Jenner" increased over those for "Bruce Jenner" by 3-to-1. Microsoft reports Caitlyn Jenner was Bing's Most Searched Celebrity, putting Miley Cyrus in the shade -- and bumping last year's "winner" Kim Kardashian all the way down to fifth place, like a Celebrity Big Brother runner up.
With over 366 million searches, Google reports that Caitlyn's story also "sparked record interest in the transgender community — with more searches recorded than ever before" with questions including "What is transgender?"and "What is the difference between transsexual and transgender?" topping its list. Google also recorded a spike in interest in Transgender issues since 2004.
You felt a disturbance in the force
|Star Wars: The Force Awakens|
In December 2015, the seventh installment of the Star Wars franchise – The Force Awakens – was released in cinemas.
Star Wars has been something of a trending topic, on and off, since 2012 when Disney took over the popular franchise from its original creator George Lucas – with periodic spikes and surges in interest with each new poster, rumour or teaser trailer to hit the internet.
The film went on to break various box office records in its opening weekend in December 2015, with Google recording over 155m searches for the film – making it also the most-searched Star Wars film to date.
Google also reports an incredible 61,998,525 (and rising) YouTube views of the film's official trailer, questions on the search engine including the ever-persistent debate "What order should I watch Star Wars?" and that the villainous Darth Vader from the original trilogy is the most searched-for character, bringing in 45% of all searches for the franchise's characters.
You wanted to know: how can I help Nepal?
|Niranjan Shrestha, AP|
When an 8.1 magnitude earthquake struck the Himalayan country of Nepal on 25 April 2015, "How can I help Nepal?" quickly became the world's most-asked question on Google (beating typically popular searches "How can I make my cat love me?"and "Why do men have nipples?").
Triggering a landslide on Mount Everest and killing 9,000 people, Nepal's earthquake has the dubious accolade of being Google's second most-searched earthquake of all time, after the 2011 earthquake in Tōhoku, Japan.
Over 85m people searched for information about Nepal's earthquake, and how to help following the devastation. Around the world, search topics included "How can I donate to the Nepal earthquake?", "How can I help Nepal?" and "Where can I donate tents for Nepal?"
You wondered: is there water on mars?
The red planet has captured our collective imagination for hundreds of years. In the 19th century, an Italian astronomer saw straight lines on the surface of Mars and described them as canals -- even though he was mistaken, we have clung like a drowning man to the idea that there might be water and life on the planet.
In September 2015, the internet went wild when NASA confirmed that evidence shows there really is flowing water on Mars. David Bowie's song Life on Mars was played on repeat. Dr. Karl took the nation's questions live on Triple J. And in Australia alone, more than 10 million people searched Google for answers to their Martian queries.
While interest in Mars typically outperforms our other solar neighbours, Google's search trends show a big spike immediately following the announcement with visitors asking questions like "What did NASA find on Mars?" (while hoping desperately was intelligent life, or at least water, and definitely not Martian killing machines) and "How long does it take to get to Mars?"
According to Bing, reports "searches for ‘Mars’ spiked more than 530 percent from August to September after discovery of water on its surface."
With Google commanding 66 percent of online searches, it looks like in 2016 the world will continue to turn to it for answers to its questions – whether it is transgender issues, questions about cats and Star Wars, breaking news of tragedies around the world, or scientific discoveries, search remains our best indicator of what the world is asking. Celebrities and sport predictably outweigh politics and science, but what will be making you look in 2016?
|Gil C / Shutterstock.com|
So you created your site, you've got it up and running and everything works perfectly. You're ready to watch that return on investment start rolling in.
A day passes.
The reality is, your site needs something extra.
Here's the deal:
Sites are lost without promotion.
This post is going to let you get started promoting your site. It's an easy intro to a big and scary world.
It's the post I wish I'd had when I first started out.
Paid Site Promotion – The Quick and Dirty Guide
Paying to promote a website rubs a lot of people the wrong way.
Everybody does it.
How about Amazon?
Google advertises on Google – a bit meta here.
The Wall Street Journal?
Oh, and look at these handsome devils.
This is because there's profit to be made from paid online advertising – sometimes up to 5X the costs of promotion - source.
Here are some of the terms you'll need to get started:
Cost Per Thousand (CPM)
CPM (Cost per mille, or cost per thousand impressions) is a fairly dated advertising model, but it can bring in a great return on investment. You're paying for eyeballs pointed at the screen – for every thousand visitors a site gets, you pay a certain price to have your ad displayed.
So what can CPM ads do for you?
One reason is that they can be much cheaper than other types of ads. Instead of paying 1-5$ per click, you could pay $1 for 1000 ad impressions.
The problem with this is that the CTR, or click-through rate (the number of times people actually click on your ad) is usually low.
People just don't often click on online ads. When is the last time you did?
However, research from Nielsen suggests that clicks aren't everything. You can boost your brand recognition by having ads on well-trafficked resources, meaning that CPM functions much more like a traditional advertisement.
If you're advertising a brick and mortar business, then you might want to look into CPM advertising, especially if you have a local market that hangs out on specific sites.
It's slightly more difficult to measure the effectiveness of this type of “exposure” advertising.
You can measure the number of clicks they get (and you should) but the end result can be more than just the clicks.
If you want something that's easier to measure, or if your business is mostly conducted online, then you'll want to go further down the rabbit hole.
Pay Per Click (PPC)
This advertising model is still the most common, used on the biggest advertising platforms online.
You pay for actual interactions with the ad – if 1,000 people see your ad but only 10 people click on it, then you only pay for those 10 clicks.
PPC is popular because it's very effective. Whether you're buying banners or Google search ads, you can measure your ROI very precisely and make sure your ad is profitable.
Furthermore, your ad also gets shown, which gives you some of the benefit that CPM does – exposure.
PPC has its drawbacks, though:
Making a profitable PPC campaign is difficult and requires research. Even experienced marketers can have trouble making money with PPC, and the level of optimisation that some of us go to is daunting.
Additionally, the costs can reach $50 per click in competitive niches.
If you've got a well-optimized site, a local business, or aren't working in an ultra-competitive market, then PPC might be your ticket to great returns.
Cost Per Action (CPA)
This is when you pay the advertiser every time someone makes a particular action on your site – usually, this is a sale, but it can include providing an email address, signing up for a free trial, or any other action you can think of.
This type of advertising is not very popular for large, easy to join advertising networks (like Google's AdWords program). This automatically makes it less common.
Also, most site owners don't really like serving CPA ads.
Think about it:
You display a banner ad on your site, people come to your site and see it. Then they click on it, click around the site it's advertising a bit, then leave.
As an advertiser, I'd feel cheated by that scenario. The person was obviously attracted by the banner, but because of the site they landed on they didn't end up buying anything. That's not my fault, that's the fault of the site owner.
If you can manage to get into a good CPA advertising network, then it's usually a good bet. CPA is the lowest-risk because you can use it to pay for leads – no important action, no payment.
Paid Promotion – What the Heck Do I Do Now?
Now that you've got a handle on the basic types of paid promotion, you probably realise the world of paid online promotion is a big, scary one.
While you can definitely get good results from doing it yourself (and I recommend you try once you do a bit more research), it's also a very easy place to lose money.
Here's how to do it right:
Tip #1: Do your research
Creating a campaign with a good click-through rate is useless if you don't know what the people who click on your ad actually want.
It is too easy to assume that everyone wants the same things that you do. Think like your customers – create a consumer profile and make sure you always pay attention to feedback that you receive.
Tip #2: Be purposeful
Sometimes a single campaign is successful, sometimes it isn't. But failing to plan is planning to fail.
If you don't have a global marketing strategy that involves paid promotion, then you're just gambling.
Tip #3: Understand the buying process
People don't often click on an ad then immediately make a purchase. They go through a process of doing research, understanding what benefits your business brings them, making a decision, then making a purchase.
Study the psychology of this process – it can only help you grow. It will be different for different customers at different businesses, but it should be something that you understand well.
Tip #4: Always be testing
Experiments are the lifeblood of this process. Small alterations in your campaigns can lead to big differences in the results. Don't be afraid to set a low budget on an experimental campaign – it could be your ticket to a new market.
Wrapping up, I want to stress that this is one thing that you don't get better at by reading rules and guides. You need to actually do it.
Don't get stuck wondering what's the best advertising platform for you. Remember that it all depends on how you connect and communicate with people.
If you don't want to spend a lot of time and money on experiments, there are professionals who can do it for you.
You can get a Google Ad Campaign right here at Crazy Domains. Get it here.
Next week we'll be going into some free ways that you can use to promote your site. You'll find out a great 1-2 punch to skyrocket your traffic and sales.
The Internet can be a scary place.
It seems like every day we're reading about some new weakness (Stagefright, anyone?) that, once you cut through the technical jargon, means that none of us are safe. As one of the most popular platforms for website creation, WordPress is a common target for hackers and often features in stories like this.
Even if we allow that some of the hype is media scaremongering, it's still a sobering thought that the sites you work so hard on can be taken away, broken, or used to distribute malware.
It's frustrating when your hard work gets stolen or ripped off. That's why we decided to write a quick tutorial on the common threats that WordPress sites face and some easy ways that you can reduce the threats to them. We tried to make this as easy as we could without too much technical mumbo-jumbo.
First we'll go over six of the most common threats to WordPress sites and how to fix them. At the end we have some suggestions on software and plugins to use when securing your site.
Threat #1: Brute Force Password Attacks
Brute force password attacks are when a computer tries to guess your login information by trying every combination of numbers and letters it knows. For a person, this could take years, but for a computer it could guess a relatively short password in minutes.
This is especially dangerous if the attacker already knows your username. It's just one fewer thing they have to guess.
But hang on, how could they know your username? Well, if you left it as “admin” then they already do.
Even if you've changed the username from “admin” (and you really should), there are still ways of finding it out.
Type in your browser window “my-site.com/?author=1” (replace my-site with your domain name and add your WordPress subdirectory if it's not on your main domain, so this could be example.com/blog/?author=1).
Most often, you'll see your username come up. If not, try typing the same thing again with 2 at the end, and keep going until 10. You'll see your username soon enough.
Once an attacker has your username, they can try to brute force your password.
If you have an easy password, then believe me – the only reason your site hasn't been hacked yet is that nobody has really tried to.
Solution: Strengthen Passwords and Limit Login Attempts:
There are plugins out there to prevent user enumeration, but the best ways to prevent brute-force password attacks are to choose a strong password and limit login attempts.
It goes without saying that “admin/123456” is not a good username/password combination (although it is distressingly common). A strong password is long, not a word from the dictionary or Wikipedia (in any language), and contains a variety of symbols.
CLU is the acronym to remember: Complex, Long, and Unique.
That, unfortunately, also makes your passwords almost impossible to remember.
One option is to use a pass phrase instead of a single word. A computer is going to take a long time guessing a 25-character phrase (assuming 1000 guesses per second, that's 550 years - source) that's comparatively easy for a person to remember – it's harder for a computer to guess a random phrase than it is to guess just one word. A password like "B0ndfriskingmaniacvillain" can be easy to remember, but very hard for a computer to brute-force.
Just remember - if your attempts to make a secure password lead you to writing it down and sticking it onto your monitor, then that's already a bad password.
If you prefer even more secure passwords, or want a way to avoid having to remember them, there are some resources you can use for that. We'll include a couple in our list at the end of this article.
You can also enable multi-factor authentication, and there are great programs in our list that let you do that as well. It can seem like a pain, but effective security measures often mean that we need to change our habits just a little bit.
Limit Login Attempts
No matter how strong your password is, if someone has an infinite number of attempts to guess it, they eventually will. On the other hand, even a relatively weak password can't be guessed in just a couple of tries.
Good security plugins and software (you can skip to the end of the article for our suggestions) will limit the number of unsuccessful login attempts and block IP addresses that try to brute-force your passwords.
Threat #2: Plugins, WordPress Version, and Themes
Remember that no reputable developers try to make software with security flaws. That means that when something comes up, developers stay up all hours patching their software and fixing the code.
Imagine their disappointment when people don't update their sites. A new version of the code isn't going to help if you've still got the old version on your site because clicking the "update" button was too hard.
Check your plugins and themes regularly to make sure that they aren't out of date and that they don't have serious security risks. It also makes the developers happy that people value their work.
Another important thing to remember here – people who crack and distribute free versions of WordPress themes? They're usually including some of their own code in there. And when we say “code”, we mean “viruses, Trojans, and backdoors” that they can use to damage your site.
Solution: Update Your Plugins, WordPress Version, and Themes
Enough said. The latest versions are the versions with problems that nobody knows yet. In the world of information security that's as good as it gets.
Also, don't try to pirate themes. It's just not worth it. Only download themes from sources that you can trust, and if someone has created a great theme, just buy it. It saves time and trouble in the long run.
Threat #3: Table Access
Here's where we get into a little bit of code – but don't worry, it's very simple code.
The first of the two files we'll be looking at is wp-config.php. This is a very important file that WordPress uses to communicate with databases.
The databases are where posts, settings, and users are all stored. You want to make sure that nobody can access this file other than you.
The second is the .htaccess file. This is a file that Apache (the software that web servers use, not the tribe) uses to decide how to retrieve files.
It's also a very important potential vulnerability. The good news is, it can be used to close down access to both itself and to the wp-config.php file.
Just by seeing these files, attackers can gain valuable information about how your site is configured, which can lead them to discovering vulnerabilities. Obviously you don't want this to happen.
Solution: Your Own Coding
Here is the code you need to put into your .htaccess file:
<Files wp-config.php> order allow,deny deny from all </Files> <Files .htaccess> order allow,deny deny from all </Files>
Just go to your .htaccess file and put that code in there. If you need help finding your .htaccess file, check out our Support articles for an explanation.
This code will tell your server not to let anyone access those files, but won't stop you from getting to them with local access.
Threat #4: Phishing
This isn't so much a specific WordPress problem as it is a general security problem, but it's such an important one that it deserves a mention here.
Phishing, as we reported earlier can take many forms – it can come as spam emails that directly ask you for your passwords, as faked sites that ask for login details – basically, any way you can think of for someone to try and steal your username and password.
The Solution: Be Suspicious
Now, being suspicious is normally not a good thing. But online it can save you.
Don't use links that you get in emails to log onto sites. Log on in a separate window by navigating to the site as you normally would.
Also, never tell anyone your login details over email. No matter who they claim to be.
Threat #5: Cross-Site Scripting (XSS)
This is the most common threat to WordPress sites, and almost deserves an article to itself. It's a way that attackers can put their own code into your site. Let's look at how that's possible.
HTML is the language used to create web pages, and it's what is called a tag-based language.
For example, if I want to create bold text, I use a tag that is placed around the text that I want to make bold - like this: <strong>text that I want to make bold</strong>. The tags aren't shown to the person visiting the page, instead they change how the text inside them is displayed.
Note - I'm describing HTML in a really over-simplified way, but it works for the example I'm trying to make.
Almost all tags in HTML function like the <strong> tag, with one exception. That tag is <script>.
<script> says to the browser,
"Hey, what's written inside this isn't text, so don't show it to the user. Instead, it's a piece of code."
This is really useful for creating interactive sites, but it can lead to some big problems if it's misused.
Now, some fields in a site allow use of HTML - sometimes you want your visitors to be able to put a link in a comment, or make their text bold. That's fine, and it usually doesn't hurt anything (unless it's a spam link).
However, if they can put <script> in your pages, then that's a disaster waiting to happen. They use that vulnerability to change the way your site works, which is never good. Forget what you learned at nursery school - not everything needs to be shared, especially control over your site.
For example, if you have a page that prints the most recent search that a user has made (something that reads: "You searched for X", for example), then this is a sort of pseudo-code that might be what your server says (note: this is not real server code):
print "<html>" print "<h1>You searched for</h1>" print database.latestSearch print "</html>"
This lets an attacker search for
When the page loads, that script will execute because the page will read:
<html> <h1>You searched for:</h1> <script>doSomethingTerrible();</script> </html>
Because the page loads user input as HTML without blocking the <script> tag, the attacker is able to add this script to a page.
That's XSS in a nutshell, and while there are more complex ways of doing it (hence all the vulnerabilities related to it) that's the basic way that XSS works.
The Solution: Approve User Input
But hang on, you might think, there's nowhere that people can create user input on my blog. Why should I be scared of some script tag?
What about the comment section? The same place where people tell you how much your posts rock can also be the place that attackers inject code into your site.
This is how most XSS attacks are made, so protect yourself by manually approving comments. It may seem like a lot of work, but it can save your site.
Akismet is one of the most common ways of securing comments - it also helps you eliminate spam. No WordPress site should leave home without it.
You should never allow comments that have a bunch of what looks like nonsense in them - this is probably obfuscated (hidden or disguised) code, and you should delete those comments with extreme prejudice.
Apply this principle to all user input on your site, and again, make sure that you update your plugins as soon as new versions come out, as new XSS attack methods get found very often.
Threat #6: Using Poor Software
There is so much software out there that you can use to harden your WordPress site that there is no excuse not to use the very best. These are just some programs that you can use to improve your security, categorized by the threat they cover. Using substandard software will bring you substandard results, so accept no substitutes.
Solution: The Crazy Easy Security Software List!
Now what you've all been waiting for – here's our Crazy Easy software list, solutions that you can use so you don't have to worry about your WordPress site getting hacked. We've divided it into solutions based on what problems they solve.
LastPass is a service that remembers your passwords for you.
Passwordcard is a free resource that lets you create a card that generates and stores your passwords. It's a great, comparatively low-tech solution to the problem of creating and remembering effective passwords.
1password is similar to LastPass – it creates strong, unique passwords for you and remembers them for all your accounts.
Clef is an app for two-factor authentication. It uses your smartphone as a sort of digital key and is very easy to use.
The Stop User Enumeration plugin makes it impossible for attackers to find out your admin username.
Theme, Plugin, and Version Checking Solutions
The WordPress security scan is a simple testing tool that will find many of the vulnerabilities that we discussed in this article. It works as a good checklist to make sure that you have implemented your security correctly.
wpscan.org is a black box WordPress vulnerability scanner. It takes a little bit of technical know-how to use and install, but is very effective. It gives you a full understanding of your site's vulnerabilities.
General WordPress Security solutions
The WordFence plugin is one of the most popular security plugins for WordPress and its advantages are enjoyed by literally millions of site users.
The BulletProof Security plugin is another very highly-rated security plugin and works as a general security solution with many interesting features. This one is great for the more technically-minded site owner.
The Crazy Domains All-in-one Site Protection and Scanner will monitor any site (not just WordPress) with daily site scans, malware and hacker protection, blacklist protection, and expert guidance. It's really Crazy Easy site protection.
One thing to remember is that WordPress security is not static – it's not something that you do once and forget about forever. Hacking is like all software development. It exists in a constantly changing world that now, more than ever, refuses to stand still. Make sure you're checking frequently. Even if you have software that checks frequently for you, it's always good to be sure.
We hope that you found this guide useful – make sure to share it with your friends if they also have WordPress sites. Together we can help each other make our sites more secure so that we can spend more time making them the best they can be.
They say to never judge a book by its cover. The uncomfortable truth is that most of us still make snap judgements on appearance.
It can't be said enough: appearances matter. When it comes to business, how you look is the most important element in boosting website traffic and driving sales.
Colour is Important
The psychology of colour is an essential consideration for any logo or website. From Coca-Cola's exciting, bold and youthful red logo, to the dependable and trustworthy blue logos of Wordpress and Twitter. Your brand's personality should match with the logo, if you find that your creative and imaginative brand's logo is telling customers something different, you may need to rethink it.
Colour is also important to your website. A light colored background with dark text is generally preferred: remember, simple is usually better. Consider again what the personality of your brand is when choosing the dominant colour of your website, and remember that colours like red can be used sparingly but to great effect when you want to draw a visitor's attention to important elements.
Over at ConversionXL Ott Niggulis considers which colour converts the best, and gives an excellent insight into the controversy and debate, particularly around "call to action" buttons. Niggulis says of test results that favour one colour button over another:
You look at those tests and results and you see amazing results that tell you that this color or that color converts the best.
That is, until you look closer. More often than not they reveal something similar e.g. there was no previous button or the button is just so much more prominent, it stands out from the rest of the page and thus converts way better.
Why have a logo at all?
Logos speak louder than words, and the ultimate success of a logo is to not need words at all to be recognisable. Consider Nike, McDonald's, and Apple: all three have evolved to exist simply and cleanly without a single word.
A logo makes your band memorable and unique in a way that your core values or mission statement never can. Care, thought and consideration should go into the right logo for your brand, and it should be as important as any part of your business.
According to a study published by Missouri University of Science and Technology, website visitors form a first impression in less than two-tenths of a second – and spend some of their longest time on a website looking at a company's logo.
A good logo doesn't need to cost a fortune
Consider the case of the London 2012 Olympics: a logo that was compared to looking like Lisa Simpson, it was widely mocked and considered a waste of money. On the other hand, Twitter have one of the most recognisable and famous logos of our current time, and was bought from a stock image site for $15. With Crazy Domains, you can get a professional logo designed in just 48 hours for less than $200.
How do you benefit?
An experiment cited on sciencedirect.com demonstrated that positive expectations gave users a related positive impression of a website. While in the experiment, users first read positive reviews, the same experience is given when users are greeted by a well-designed website – making users more forgiving of any later issues they might experience.
|Alexey Boldin / Shutterstock.com|
On any given day, your average customer will be exposed to 2,904 media messages, will pay attention to 52, and will positively remember only four.
You may have an amazing offer that you're dying to tell your customers about, but in your excitement it can be easy to forget some important elements, and you risk being ignored.
Here's our list of things Top 5 Things NOT to Do when sending emails!
#5. Ignore the subject line
You'd be surprised how many email newsletters and special offers are sent with subject lines still reading "Please Edit this Subject". We're not here to tell you how to write the most catchy, most engaging, subject lines - but they are often the last thing written, and can be easily overlooked.
Your subject line is the first thing your customer will see. What message do you give them if you neglect to change it from the placeholder text?
#4. Don't test your email on multiple platforms
You have worked hard creating a great-looking email, and have even checked the subject line. But have you checked how your email displays on other browsers or apps?
How an email displays will vary for your recipients, but there are tools, such as emailonacid, that you can use to check how it will look across dozens of email clients. You'll be glad you did, because if the images aren't displaying correctly, or your text looks bad, nobody is going to read the content.
#3. Forget proof reading
When you're crazy busy running your own business, it's easy to want to write an email, get it finished, and get it sent. You can feel like the time you've spent on writing your email is long enough, and on re-reading it's all so familiar you can miss little things.
Proofreading is important. Read the email out loud, get someone else to read it. A simple, careless mistake or broken link can speak volumes to your customers: it can suggest you don't care enough to proofread your emails. Is that the message you want to give?
#2. Don't verify addresses
It may seem like an unnecessary extra step, but by verifying email addresses you can reduce the number of "bounces" your emails receive, make sure that everyone receiving your email actively signed up for it themselves, and ensure that your customers get the information that's important to them.
If you pay per number of contacts in your database, it's cost-effective for you to make sure that you don't have duplicates or invalid email addresses that are taking up space.
#1. Leave out an unsubscribe link
However you manage unsubscribing from your messages, make sure it is easy and obvious. Not providing a clear link, or relying on customers to reply to ask to be unsubscribed, is bad practice - and it could get you blacklisted as spam.
It sounds obvious, but it's not always done - and you could be breaking the law if you don't have an unsubscribe link.
Start sending emails today
If you need a way to easily create and send bulk emails of your own, it's crazy easy and very affordable to get started with our Email Marketing mailing list manager. From as little as $6.99 a month you can begin sending great looking emails right away.
It's surprising how international the shopping "events" Black Friday and Cyber Monday have become, isn't it? In recent years, the US tradition of a pre-Christmas sale right after their Thanksgiving holiday has gone global, thanks to the internet.
Even though "Cyber Monday" was conceived as the online equivalent of "Black Friday", the two have both become bywords for getting the best deals in flash sales.
Many people are almost disappointed if their favourite retailers aren't offering sales for these special shopping occasions.
We'd hate to see anyone sad or feeling left out, so here's a whirlwind tour of some of the best offers we have for you as we head into December.
Save $500 Building Your Online Empire
Want a domain name and hosting? You got it. Need a Website Builder and Email protection? You've got that, too. Web Analytics? Email Hosting? Premium DNS? Check, check, check. All included. And that's not even everything. The best part is, you save more than $500 on the whole kit and caboodle, getting your Ultimate Empire off the ground quickly and affordably.
Unleash your wild side with a .rocks domain or wield your inner warrior with a .rocks domain name for your website. Both can be used to tell the world you are the best at what you do, and don't mind who knows it. Do you want to be the best? Snap up .rocks and .ninja now, before someone gets your ideal name.
Be part of generation .XYZ. Get a yours from 99c each
Already one of the most popular new domain names in the world, and a challenger to the traditional names of the old internet, .XYZ has surged in popularity since being featured in HBO's Silicon Valley, and it's the domain of choice for Google's parent company Alphabet, be part of it from just 99c.
Need a technical name for your website? Look no further: deals on .website .tech .online .space from $2.98
Got a brilliant start up? We've got an equally brilliant name for you! .online was the biggest new domain launch of this year, or you can paint your online identity on the blank canvas of .space, show your .tech credentials with the domain of the same name, or keep it simple with .website. All weekend you can get .website and .space from $2.98, and .online or .tech from $4.98.
Got an international business? it's time to go .global with a huge 50% off
If you have offices and customers all over the globe, multiple sites in various countries, and an international reputation, you need to get the name that says it all: global. With a massive 50% off for this weekend only, there's never been a better time to get that global name for your website.
We've hundreds more special offers throughout our site, so what are you waiting for? Head over to Crazy Domains and grab a limited time bargain!
Please note: Cannot be used in conjunction with any other offer, sale, discount or promotion. After the initial purchase term, discounted products will renew at the then-current renewal list price. Offers do not apply to Premium domains or renewals. All domain prices listed are USD.
Google have begun rolling out a new version of its often-overlooked social network, Google+.
Not only does the redesigned platform feature Communities and Collections with increased prominence, it also comes with a whole raft of performance improvements.
The tech giant's social media network never did kill of Facebook like it was predicted to — for that matter, it probably didn't even impact Facebook's traffic for more than a day or two. It may even come as a surprise to many people that Google+ is still going at all. But Google might just be able to save the platform.
Back in March of this year, Inc.com's contributing editor John Brandon wrote that Google was "Finally Putting Google+ Out of Its Misery". He expressed what many people felt about Google+ in a crowded social media market, saying:
You can post easily to Google+ (and I did, for a while), but few of us have time to manage Facebook posts, LinkedIn updates, our Twitter activity, and then jump over to see who has liked (er, plus one'd) a message, let alone track followers (er, circles)
Adding that it seemed like the reason Google was making the move at the time to split the platform into Photos and Streams was to save investment, keep the code, and shut down Google+ altogether.
So it's a little surprising that here we are in November, and not only is Google+ still, sort of, a thing, but that Google are still actively working on improving it.
Earlier this year, Google announced the introduction of Collections — where a user's posts are organised according to topic — and the similar-but-different Communities, that work a little bit like a Facebook group, except for looking much better and cleaner.
In today's update, Eddie Kessler (Google's "director of streams") writes that both features are growing tremendously, with Communities alone averaging over a million new joins per day.
It's because of this growth, Kessler says, that from today Google+ is putting both Collections and Communities front and centre. Now focused around interests, Kessler says, the new Google+ is much simpler.
Grigorik lists among these performance improvements a faster and leaner site.
The biggest problem for Google+ to overcome was, Grigorik says, that there were two different versions of their website — one for desktop, and one for mobile.
The latter was designed for older browsers, while Grigorik says the former became "slow and bloated." It can be hard to imagine such a forward-thinking company such as Google, a company that champions HTML5, being in this position. It's lucky for Google+'s users that Google made the obvious decision to embrace responsive design for a site that would work "across mobile, tablet, desktop, and beyond."
It's no exaggeration on Grigorik's part to call the improvements "massive": Google+'s new site has a total home page weight of just 327 KB (down from 22,600 KB) and an average complete page load time of 3 seconds (reduced from 12.)
Read more about the technical specifications and improvements here.
That title's not a typo – you really can get a free .uk domain for your website!
The jolly good people behind the short, sharp new domain name for the United Kingdom of Great Britain and Northern Ireland (to give the UK its full and proper title) are offering rather spiffing domains for a whole year: and at no cost.
These are available to every single person who is the rights holder for their domain. You may be surprised to know that for many people with an existing UK domain, the new extension is already reserved and waiting for you – so nobody can swoop in first and carry it away.
Why choose to register your reserved .uk domain name?
- It's a shorter UK focused web domain for businesses and individuals. It brings the UK domain space in line with the more familiar international format of other shorter country codes like .de and .fr
- A .uk domain puts the emphasis firmly on your brand – exactly where it should be, to help you reach a wider audience and increase sales
- It brings all the same benefits of trust, reliability and credibility as the.co.uk,.org.uk and other members of the UK domain family
- .uk is easier to remember and firmly states where you are and who your audience is
- Being shorter, the .uk domain lends itself well to social media channels, such as Twitter, where every character counts
- .uk is easier and quicker to communicate to your audience and easy to remember
Who is switching to .uk?
The first person in the UK to switch to the new .uk domain when it launched was British icon and tech enthusiast Stephen Fry. He has always supported the need to be able to have .uk on its own, without the .co, and his wish was granted last year. Since then over 400,000 additional businesses, families and individuals have registered their own .uk domain.
Many individuals and businesses have already or are in the process of switching across their existing website address to the new .uk – it's simple, quick and puts the focus right back on your brand. Others are setting up their .uk as a dedicated campaign page or landing page with new content, highlighting key areas of their business or as a blog or news space to gain additional web traffic and online visibility.
Start enjoying the benefits of a new .uk domain name today – free for the whole first year!
With Google's recent announcement that its new parent company, Alphabet, would be using a popular .XYZ domain, many people asked if this was the time that these "not-com" web addresses would break into the mainstream consciousness.
Now Apple, that other formidable tech giant, is giving them some light, too.
Recently, the company responsible for the iPod, iPad and iPhone launched News, a different kind of service found at apple.news, making use of a dedicated web address for the company's hot "News" app. The app collects the latest news from various sources and displays them all in one place. News is only slightly newer than the .news web domain, but it's already putting to rest any accusations that serious companies aren't using new gTLD addresses.
From beacon fires to jungle drums, town criers to broadsheet-selling street urchins, news has always travelled as fast as technology permitted. The printing press, the telegraph, radio, and television have all competed in the race towards live news, but it was is internet that truly gives us as-it-happens reporting.
The newly released .news domain is made exactly for times like these. The .news stands for the old media and the new From major outlets publishing in-depth investigations to grassroots rapporteurs spreading the word through social media, everyone in the business of reporting wants to know what’s happening, right now in this very moment. You can bring in a bigger audience with a more professional and industry-specific web address.
A (dot)APPLE Address
Apple's foray into new domain names doesn't seem to end with .news, either. Last month, TheDomains.com reported Apple had applied for their own .apple TLD, and been spotted registering some interesting new web addresses.
Among the 29 new names bought by Apple were AppleMusicApple.com, iTunesStoreApple.com, and AppleWatchApple.com. Reporter Jamie Zoch explained the logic of the strange-sounding registrations, saying they appear to be intended to anticipate misspellings.
"The above domain names somewhat look 'odd' just looking at them, because they all end in 'Apple'" Zoch said.
"What makes sense to me though and seeing these, if you replace Apple.com at the end with just .apple they make more sense... Since the new gTLD extension are "new" and .com has been around for so long… it is pretty common nature for people to type .com"
What does this mean for you?
The biggest takeaway we can get from this is new domains are here to stay. While undoubtedly some will sink and some will swim, with the weight of the likes of Alphabet and Apple behind them, we're going to see these names coming up in the news more often. You may even see .news in the news.
Like with Alphabet, there are lessons learned here. Apple are reinforcing positive messages about protecting your brand against typos or customers who get confused, they're also speaking volumes about the importance of a relevant web domain.