Close
Close

Top 10 WordPress Security Myths

This guest post is by Anders Vinther of The WordPress Security Checklist.

WordPress Security is about as sexy as cleaning your house. And as a serious blogger, you already know that securing your site properly is not a trivial task.

That makes it a fantastic topic for myth fabrication.

In this post, I’ve compiled the top ten WordPress security myths for your easy consumption, followed by a light sprinkle of facts to debunk the myths.

Here are the myths:

  1. WordPress is not secure.
  2. Nobody wants to hack my blog.
  3. My WordPress site is 100% secure.
  4. I only use themes and plugins from wordpress.org so they are secure.
  5. Updating WordPress whenever I log in is cool.
  6. Once my WordPress site is setup my job is finished.
  7. I’ll just install xyz plugin and that’ll take care of security for me.
  8. If I disable a plugin or theme, there is no risk.
  9. If my site is compromised I will quickly find out.
  10. My password is good enough.

Myth 1. WordPress is not secure

When people experience security problems with their WordPress sites, they tend to blame WordPress. However, the WordPress core is very secure. And when a security hole is found, the development team is very quick to respond.

The most frequent causes for compromised WordPress sites are in fact:

  • outdated software
  • insecure themes and plugins
  • bad passwords
  • stolen FTP credentials
  • hosting problems.

For more on this topic, see WordPress Security Vulnerabilities.

Myth 2. Nobody wants to hack my blog

Most hacking attempts are automated. There are rarely personal or political motives behind WordPress hacking—more often the motives involve financial gain.

Maybe you’re thinking, “But I don’t have anything for sale on my site. I don’t have credit card information or any other sensitive information. What could they possibly steal from my site?”

What you do have is resources.

Possible ways to exploit your site are:

  • the insertion of spam links in your content to boost SEO for other sites
  • through malware infections of your visitors computers, e.g. to steal their financial information
  • redirecting your traffic to other sites.

For more details, see Are Small Sites Targeted For Hacking?

Myth 3. My WordPress site is 100% secure

No site that’s accessible on the internet will ever be 100% secure. Security vulnerabilities will always exist.

That is why you need a backup and recovery plan. If disaster strikes, you need to have a good backup available, and a plan for how to restore your site.

For more, see:

Myth 4. I only use themes and plugins from wordpress.org so they are secure

The WordPress Team reviews themes and plugins before they are included in the wordpress.org repository. However they do not have the resources to review updates.

Themes and plugins are developed by programmers from all over the world. Their experience and programming skills vary greatly, and so does the quality of their work. Even the best programmers make mistakes and all software contains bugs. Just pick a random plugin, look at the change log and you will see that bugs are routinely discovered and fixed. Even the best plugins developed by the most renowned people could contain undiscovered security risks.

Is it safer to get your themes and plugins from wordpress.org? Absolutely.

Is it guaranteed that there are no security problems with themes and plugins from wordpress.org? Absolutely not.

For more information, see:

Myth 5. Updating WordPress whenever I log in is cool

You need to keep WordPress core, plugins, and themes updated at all times. Whenever a security update is released the whole world can see what the problem was. This obviously exposes any site that has not been updated. Unless you log in to your WordPress admin dashboard every day, you’ll need a plugin that will notify you when updates are available.

More information can be found in the article, Update Notifications.

Myth 6. Once my WordPress site is set up, my job is finished

Having a WordPress site is an ongoing commitment—it’s like having a dog. As a bare minimum your WordPress blog needs to be maintained when new updates come out. This is crucial even if you do not write new posts or otherwise update the content.

If you simply leave your WordPress site behind like an abandoned holiday pet, chances are that you will be helping the bad guys carry out their malicious schemes to control the world. So if you will not or cannot keep your WordPress site updated, it’s better if you take it down!

Myth 7. I’ll just install xyz plugin and that’ll take care of security for me

You do need security plugins. And you need the right mix of security plugins. However, keeping your WordPress site secure goes well beyond what you install on your site.

Other factors you need to consider include:

  • securing the computer you use to connect to your hosting account (anti-virus, malware and firewalls)
  • creating and managing strong passwords
  • using Secure FTP to access your hosting account
  • protecting sensitive WordPress files from access from the internet
  • off-site WordPress monitoring.

Myth 8. If I disable a plugin or theme, there is no risk

All files that exist in your WordPress folder are accessible from the internet unless you specifically protect them. This means even disabled themes and plugins can be exploited if they are vulnerable.

The best practice is to remove anything you do not use. Or, at a minimum, make sure you keep de-activated themes and plugins updated.

Myth 9. If my site is compromised I will quickly find out

Professional hackers are not interested in you finding out that your site has been compromised. Therefore you might not find out what has happened until quite some time after a hack has occurred—if you find out at all.

Some types of hacks that are difficult to spot include:

  • redirection of all traffic coming from a search engine (so if you enter the URL in your browser or use a bookmark, everything will look normal)
  • the inclusion of hidden text in your posts and pages.

You need some kind of off-site monitoring of your WordPress site. For more details, see:

Myth 10. My password is good enough

Unless your WordPress admin password looks something like LR!!g&6uTFL%MD8cyo, you need to change your password management strategy. And make sure you do not reuse passwords on multiple websites.

Amazingly password and 123456 are still the two most used passwords! To find out more about this issue—and how to solve it—see:

Don’t get caught out!

Getting WordPress security right is not trivial. That’s probably the reason why too many bloggers stick their heads in the sand when it comes to protecting their valuable assets.

While you do need to be pro-active and take action WordPress Security is by no means an impossible task. The same way you would add an alarm to your car and get a guard dog for your house you need to secure your website. Don’t get caught with sand in your ears, nose, and mouth when the hackers come knocking on your door. Act now!

Check out ’s free WordPress Security Checklist, which is all about protecting your WordPress assets properly and sleeping well at night.

Protect Your Content from Being Copied in 3 Steps

This guest post is by Abhishek of Budding Geek.

Content scraping still haunts the entire blogosphere. No matter how hard you try to defend your creation, content thieves will always find a way to steal it!

It really feels terrible to find exact copies of your original work distributed all over the internet, often without any credit or link back to your blog as the source. The most frustrating part is when you find the copied content outranking your own blog in the search engines.

How can someone copy content from your blog?

Copycats can steal your content in a number of ways, but there are two key techniques:

  1. by directly copying text and images from your published post and re-publishing the content on the spammer’s blog (or splog!)
  2. by scraping your RSS feed. The truth is, this form of plagiarism is the most difficult to tackle.

Since plagiarism is impossible to obliterate, we need to safeguard our blogs from these vulnerabilities in such a way that it becomes at least extremely difficult for the content thief to plagiarize our content.

Protect your blog content

There are a few different ways you can protect your blog content.

1. Disable text selection on your blog

This is the first and most essential step to discourage direct copying of your content.

Users of the Blogger platform can disable text selection from their blogs by manually installing some JavaScript code before the closing <head> tag in the HTML of their blog.

WordPress users can add this feature by installing the wpcopyprotect plugin.

2. Watermark your images

It’s important to watermark all the original images you’ve created for use on your blog. A watermark proves that you are the owner of the copyright to all those images. Moreover, watermarks discourage others from using your photos and illustrations on their blog, since they’d have your blog’s name all over theirs!

Although there are many watermarking utilities available on the internet, I generally prefer to use Windows Live Writer’s inbuilt watermark plugin. Note that if you’re using photos from any other outside source on the web (like Flickr or Picasa), it’s up to you to take a notice of their licenses before reusing them—otherwise you might find yourself guilty of ripping someone else’s content!

3. Manage your RSS feeds

A few months ago, I encountered a terrible content scraper who, I think, was using content scraping software and publishing my posts under several different permalinks. Sounds scary, right? This software basically scans your main content and republishes your posts with the main keywords replaced by synonyms. Isn’t that irritating?

These auto-publishing sploggers target the RSS feed of your blog, where they scrape your creation in just a matter of seconds! In order to stop such exploitation you should either allow partial/short RSS feeds (so that the scraping software doesn’t take all of your content) or add a custom feed signature with a copyright notice in the feed footer section of your blog, like this:

© 2012, All Rights Reserved ¦ yourblog.com

Note that, like a waternark on an image, this note won’t prevent your content from being taken—but when it’s reproduced on another site, readers will see that the content is being used illegally.

Users of the Blogger platform can add a custom feed signature by navigating to Other settings for your blog, then in the Site Feed section, add the following feed signature in the post feed footer:

<p> © copyright 2012 – All rights reserved </p>
<a href=”
http://www.yourblogaddress.com“>Your Blog</a>

For the WordPress platform, I stumbled upon this excellent free plugin that adds a custom signature in the feed footer.

These tips can definitely help you to reduce plagiarism of your content. But what other techniques have you tried? Share them with us in the comments.

Abhishek is a part time blogger from Delhi who loves to write unique and interesting tech tips on a variety of topics like blogging, making money online, SEO, internet marketing and gadgets. Apart from that he is a die heart android fan and so don’t be surprised if you find loads of android tips on his budding blog!

Weekend Project: Sharing a WordPress War Story

While we love blogging, we all know there are some aspects that really do seem impossible sometimes—none moreso than transferring a WordPress.com blog to the WordPress.org platform.

We’ve discussed the differences between these two platforms before, because more than one blogger has been caught up by the limitations of WordPress.com (usually the limitation that this platform doesn’t allow you to monetize your blog). But it’s well known that swapping to the .org platform from .com can be a challenge.

This weekend’s project explains the WordPress war story of a blogger who chose to start a blog on WordPress.com, because it required so little technical knowledge. But when she wanted to monetize her blog—and switch to the .org platform—that lack of technical skill proved a major hurdle. It’s no wonder the process has gained such a bad reputation!

Actually, I think this is something that blog platform developers probably want to consider as they’re creating their platforms‚ because any help they can give to users who want to upgrade or switch to other versions of their products is always much appreciated.

If you’re one of those bloggers who’s itching to move your blog from .com to .org, but you’ve been too scared, clear some time in your weekend schedule to implement the process that our Weekend Project sets out. I’m giving you plenty of warning for this project—it starts tomorrow!

For now, if you have a WordPress war story of your own that you’d like to get off your chest, feel free to vent in the comments.

10 Fresh Tips for Finding Time to Blog

This guest post is by Brian Milne of The Corporate Mentality.

Work. School. Friends. Family … and kids.

We’ve all got a lot going on in our lives, and I haven’t even mentioned our online worlds yet.

Twitter. Facebook. Google Plus. LinkedIn … and Pinterest.

The list is always growing, and as our offline lives get busier and online worlds more cluttered, our blogs are getting more and more neglected.

And while it’s great spending time learning everything the above social sites have to offer, let’s not forget the importance of our own blogs, and the significance of providing readers with quality content. After all, without quality posts, you’ll be slow to take your blog to the next level and will have little original content to push out to your followers.

And, in the end, isn’t that what it’s all about? Generating exposure, traffic, leads and potential customers or partners?

That said, here are ten ways I’ve been able to carve out more blogging time of late—despite running dozens of sites and having our third child in five years this past April. (And if these ten tips aren’t enough, ProBlogger’s timely Blog Wise ebook will certainly do the trick!)

1. Get up early

There’s nothing better than starting off the day with something you really enjoy, whether it’s a nice jog around the park, a bike ride through town, or a trip to the gym. And if you’re someone who truly enjoys writing, you’ll appreciate making blogging part of your morning routine.

Just be sure to do so before you get online and open your inbox. Your writing is more impactful when ideas are fresh in your head—and you aren’t bogged down by your list of tasks for the day.

2. Write at lunch

If you can’t get up early enough to write before work, get away from it all at lunch. Take the iPad or laptop with you to the park, fire it up on a shady bench next to your brown bag and write to your heart’s content.

3. Go offline

No wireless connection at your local lunch getaway? No worries. Disconnecting makes for a distraction-free hour of writing. In fact, while you’re at it, turn off your phone, Twitter alerts, Facebook messages, IM and email inbox—anything that’s going to keep you from getting your thoughts down.

If you get the inspiration to Tweet, take that clever 140-characters and expand on it in a blog post. Remember, it’s better to own your content than get owned by Twitter or Facebook. Make those platforms work for you, not the other way around.

4. Stay up late

All the hustlers do it. And don’t just stay up late and use the “free time” to soak up more David Letterman. Kill your TV and breathe new life into your blog.

As Gary Vaynerchuk writes in Crush It, “If you already have a full-time job, you can get a lot done between 7 p.m. and 2 a.m. (9 p.m. to 3 a.m. if you’ve got kids), so learn to love working during those predawn hours. I promise it won’t be hard if you’re doing what you love more than anything else.”

5. Use an app for that

Don’t have time to post, but have a second to snap a photo? Start photo blogging from your mobile device. Mobile content is becoming a lot more acceptable in today’s blogosphere, whether it’s an inspirational image or an event photo that’s related to your site, snap it, and post it in less than a minute.

You can use the WordPress app, which allows you to post images, text and even HTML straight from your mobile device. Or set up your blog to allow for email publishing, whether it’s straight from your mobile email client or through a third-party platform such as Flickr—which can auto post images to the site and your blog via email.

6. Use shortcuts

Take advantage of additional WordPress features that streamline posting. For example, did you know you can embed a YouTube video in the body of your WordPress blog by simply pasting in the URL of the video? In the latest version of WordPress, 3.4, you can do the same thing with Tweets, embedding an individual Tweet just by pasting the link to the Tweet in the body of your blog post.

Knowing shortcuts and quick tips like this can cut down your “time to publish” considerably.

7. Accept guest posts

I know, it’s your blog, and it’s tough to allow others to post on the site you’ve poured your blood, sweat and tears into. But there comes a time—when either you get too busy or your blog gets too popular—when you have to take a step back and ask for help.

It’s a good problem to have if you think about it, because your site has likely scaled to the point where it’s bigger than you ever would have imagined. To keep feeding the content machine, reach out to some folks you trust for regular contributions. Adding different perspectives to your site often brings in new readers, and also encourages those you trust to help build and promote your brand when they post.

8. Hire some help

If you’re not sure where to turn in terms of guest contributors, post an ad on a related freelance board for part-time writers. Be sure to ask candidates to include a résumé and links to from three to five related blog posts. That way you can see exactly what types of posts you could expect when outsourcing. You never know, you might just find someone who writes as well or—gulp—better than you do!

9. Post different types of content

Have you ever created a video for your audience? How about a podcast? Sometimes turning on a microphone or camera can be easier than sitting down to craft a solid 600-word blog post.

As noted earlier, photo blogging or producing short, informative videos or podcasts can be a quick way to whip up new content and complement your writing. And in some cases, audiences respond better to non-traditional content types. New mediums also allow your audience to digest your content on the go, which is becoming increasingly important in this mobile world we live in.

10. Put it down on paper

Maybe it’s the former journalist in me, but I still use an old-fashioned reporter’s notepad to jot down quick notes and sketch out illustrations when I’m not in front of a computer (during my commute, for example).

It helps me organize and prioritize my thoughts, and keeps me from cursing iPhone autocorrect fails—which, when funny enough, lead me to waste another 15 minutes ridiculing those blunders with all of you on Twitter.

And that, my fellow bloggers, would be a waste of everyone’s time.

Brian Milne is founder of the BlogHyped Network of sites, where bloggers vote up posts and receive valuable links and exposure for their blog. Follow @BMilneSLO on Twitter to share your blog productivity tips and to be featured in his upcoming “Book on Blogging.”

Should You Use a Third-Party Commenting System on Your Blog?

This guest post is by Syed Balkhi of WPBeginner.

If you’ve been blogging for anything more than a few months, you probably have come across blogs using third-party commenting systems like Disqus, Livefyre, Facebook Comments, Intense Debate, and more. You may have asked yourself, “Why do other blogs use these systems? Are they helpful? Should I use a third-party commenting system on my site?”

I have used both the built-in WordPress commenting system and a third-party commenting platform for an extensive period of time. In this article, I will share the pros and cons, from my personal experience, of using a third-party commenting system, and point you to some of the plugins that I use to extend the power of built-in WordPress comments.

Pros of third-party commenting systems

1. Single login (authenticity)

There are a lot of trolls on the web leaving anonymous comments. By using a third-party commenting system, you can require the user to register before the comment, and so cut down on trolling.

If you’re using a popular third-party commenting system like Disqus, Livefyre, or Facebook Comments, then the chances are that the user already has an account with those services. Users can surf from one website to another while staying logged in to the commenting platform, and this allows them to easily track all of their comments—and those of others—throughout the blogosphere.

2. Expanded social media presence

Almost all third-party commenting platforms offer some sort of expanded social media presence, Facebook Comments being the leader because it gives you the viral aspect. Your users’ comments can be posted on their walls, as long as they leave right the checkbox checked.

Other platforms allow users to integrate with Twitter and Facebook. Livefyre, in particular, allows the user to tag their Facebook or Twitter friends within the comments. This tagging sends a tweet or Facebook message to their friend(s) notifying them about your post.

3. Spam control

Requiring a commenter to log in to comment virtually eliminates the chance of a spam bot attacking your site.

4. Increased engagement

Most third-party commenting platforms claim to increase engagement. Some do it by making your comments appear in real-time, simulating a chat-like feel within comments. Others allow users to easily subscribe to comments via email to keep up with the conversation.

Cons of third-party commenting systems

1. Change and frustration

While the concept of using one login across all websites sounds noble, it doesn’t always work.

If your current commenting system doesn’t require user registration, then your users will likely be frustrated when you introduce a new system. This change “forces” them to create an account with a third-party service to leave a comment on your site—and that may seem as if they’re losing their freedom to comment on your site. This can drive some of your most loyal users away.

2. Lack of control

If you are the kind of blogger who likes to fine-tune and tweak every aspect of your blog, then third-party comment systems probably aren’t for you.

You will lose control over most aspects of your commenting platform in terms of formatting and design by adopting these systems. Your users will also experience slower page loads while the third-party commenting platform loads (especially during maintenance and occasional server outages), which is totally out of your control. Last but certainly not least, you will not be able to add features, such as lead-generation option or comment policy text links, without mastering the commenting system’s API.

My choice: default WordPress comments

After using a third-party commenting system, Livefyre, for over a year, I decided to switch back to the default WordPress comment system. While I could go into the excruciating details about why I switched away from Livefyre, the main point was the cons outweighed the pros. I wanted more control over the look and functionality of our comments, and I also wanted to keep our users happy. Lastly, I was able to replicate just about every advantage of a third-party commenting system using WordPress plugins.

So let’s go through that pros and cons list again, and see how it caused me to switch to WordPress comments.

  1. Authenticity: While requiring users to register is one way to ensure authenticity, it was really annoying. So we just use Gravatar, which allows others to recognize the same commenter over multiple platforms. No need to use a plugin for this! WordPress has built-in support for Gravatar as long as your theme is properly coded (most good themes are).
  2. Expanded social media presence: I was able to add Sign in with Twitter and Connect with Facebook options to my blog fairly easily while leaving the default method as is. I used the plugin called Simple Twitter Connect which allowed me to add the Sign with Twitter option. I used the plugin called Simple Facebook Connect to add the Connect with Facebook option for my comments.

    Social comment integration

  3. Spam control: While requiring registration can reduce spam, it is also very annoying. I thought of a less annoying method that has been working great for us—the awesome Akismet plugin, which comes with every WordPress installation and does a fairly decent job of detecting spam comments.

    I noticed the main reason why people leave spam comments is to get backlinks. Well, I decided to get rid of the link feature altogether. This required me to edit the comments.php file, but it wasn’t very hard. All I had to do was get rid of the Website field from the comment submission form. Then, I just edited the way our comments were displayed in the theme by removing the hyperlinks from the name and Gravatar image. This takes away the backlink incentive for most spammers. Another thing I did was disabled pingbacks/trackbacks on all posts. I noticed a lot of folks were trying to send trackback spam on our site, hoping for a backlink from posts. However by doing this, I totally avoided that issue.

  4. Increase in engagement: You can add the Subscribe to Comments feature to your comments using a popular plugin called Subscribe to Comments. I also added an opt-in checkbox to our comments that allows readers to subscribe to our newsletter using Newsletter Sign-Up.

As you can see, I was able to get almost all of the benefits of a third-party commenting system that people want while still using the built-in WordPress comments. Not to mention that I was able to customize the look of our comments, so they look good and are in keeping with out site.

Do you use third-party commenting systems?

Despite my experience, third-party commenting systems work perfectly for some bloggers and their blogs. I’d be interested in hearing your experiences of using a third-party commenting platform—or choosing to use the default system that came with your blog.

Syed Balkhi is the founder of WPBeginner, the largest unofficial WordPress resource site that offers free WordPress videos for beginners as well as other comprehensive guides like choosing the best WordPress Hosting, speeding up WordPress, and many more how-to’s.

How to Back Up and Move a WordPress Blog

This guest post is by Caimin Jones of Genius Startup.

Sometimes you’ll need to move your blog from one host to another. It’s a bit of a pain and might seem a daunting task if you’ve never done it before.

But transferring a site is a fairly straightforward process that you can do yourself with an FTP program and this step-by-step guide.

Before trying the DIY method, it’s worth checking to see whether your new hosting company offers a site transfer service for new customers. Many do—but check whether there’s a cost involved. I’ve seen free services for this, but I’ve also seen prices around $300!

If you just need to learn how to make a simple backup of your posts, and don’t need to move hosts, take a look at this ProBlogger post.

But if you’re ready to back up and move your blog, let’s do it.

What you need to begin

To get stated, you’ll need:

  1. an FTP program (two good, free ones are FileZilla or FireFTP which works as a Firefox add-on)
  2. the FTP login information for your current host
  3. the FTP login information for your new host
  4. the MySQL username, password, and host name for your new server
  5. the nameserver information for your new host—there are usually two host names, sometimes more
  6. the login details for the registrar with which your domain name is registered.

It’s best to move hosts during a quiet time of the week for your blog, which probably means over the weekend. Check that support is available at your new host, and have the number handy. If something doesn’t work as it should, you’ll be glad you don’t have to go looking for that phone number.

Two preliminary steps to make life easier

If you’re using a cache plugin like Total Cache or WP Super Cache, deactivate and completely remove the plugin before you start the move process.

Cache plugins store file settings on the server, and these will be different for your new host, so you need to do a new install for those types of plugins. Most other types of plugins won’t need to be re-installed using the process I’m outlining here.

Secondly, it’s highly recommended go to your domain registrar or hosting company and lower the TTL value on your domain to something like 300 seconds, or the lowest value allowed.

TTL stands for Time To Live. It’s the number of seconds browsers should wait before refreshing the DNS information that connects domain names with web servers. Setting it to a low value means you won’t have to wait more than a few minutes for your host switching to take effect.

You’ll find the TTL as a setting under a DNS Zone file. For example, it looks like this in Media Temple:

TTL settings

And it looks like this in Go Daddy:

TTL settings GoDaddy

Make sure you change the TTL at least 12 hours before you plan to switch web hosts, so that the newer, faster refresh time has updated around the internet.

Making the move

Step 1. Install WordPress on the new hosting company

If the new host has a one-click install feature, use that to install WordPress—you’ll save yourself quite a bit of time and hassle.

If you have to install it manually, take a look at the official installation guide.

Step 2. Back up the database

The easiest way to make a complete database backup is to install the WP-DBManager plugin .

Once it’s installed, go to Database > Backup Database and click the Backup button. If you have a lot of posts or comments, this might take a few seconds.

When you see the message that the backup has been created, go to Database > Manage Backup DB and check the backup file is definitely there.

Step 3. Back up all the files from your old server

Using your FTP program, log in to your old host and navigate to your wp-content directory. Download everything in that directory to your computer.

At this stage you have a complete copy of your entire blog—and you’re halfway there.

Downloading the copy

Step 4. Upload your files to the new server

Now, it’s back to your FTP program. Log in to the new server and navigate to the wp-content directory.

Before you take the next step, double-check that you really are logged in to the new server and not the old one.

Now delete everything in the wp-content directory.

Then upload everything in the wp-content copy on your computer to your new host.

Step 5. Change nameservers

You’re nearly there! Now you need to log in to your domain name registrar and change the nameservers to those of your new hosting company.

Changing the nameservers

Changes to domain nameservers can take a few hours or more to propagate through the internet, so it may be a while before your blog is being served from its new home. However, if you followed the tip to reduce the TTL value before you began, you’ll only need to wait a few minutes for the changes to take effect.

Sep 6. Make the finishing touches

Visit your blog homepage and refresh it every few minutes until you see the WordPress install page (if you manually installed WordPress) or an empty blog using the standard theme (if you used a one-click install option).

Don’t panic! Log in to the Admin area and go to Database > Manage BackupDB. You should see the backup file you made on your old server. Select it and click Restore.

Now check your blog homepage and you should see a fully working blog, with posts, comments, theme, and plugins working correctly.

If everything looks good, you can now reinstall your cache plugin, if you were using one. I’d also say you’ve also earned a glass of your favorite beverage!

Caimin Jones is founder of Genius Startup which gives bloggers and small startups no fluff, practical strategies to build a successful web business.

10 Cheap Survey Tools for Bloggers Who Want Answers

This guest post is by Neil Patel of Quick Sprout.

Whether you want to write a persuasive post or a headline that grabs attention, or create a call to action that grows your RSS subscription count by 243%, you first have to understand who your reader is.

So how do you go about finding this out?

You could guess, measure, and repeat until you hit upon a winning formula … but that could take months or years.

The easiest and fastest way to find out what will resonate with your readers is to ask them. And the best to do that is with a survey.

How can surveys help you?

You probably have a good working understanding of who your readers are because of your experience in the field. This will help you create surveys, but it won’t help you get to those breakthrough insights that will turn your posts into reader magnets.

To do that you need to know information like this:

  • Demographics: A survey will tell you who’s reading your blog. It can tell you their sex, age, income, and interests.
  • Content: A survey will tell you what kinds of content your readers like. Do they like practical articles or more research-based posts? Do they want those to be long or short? What about frequency?
  • Products: A survey will also tell you what kinds of products your readers may be interested in.
  • Problems: Finally, a survey can tell you what problems that your readers want solved. This is probably the best piece of information you could have when it comes to creating engaging content, right?

Top survey tools

AJ showed how to create a survey that gets insightful answers from your readers earlier today.

Now, let’s look at some in expensive tools that will help you gather this all-important information professionally and securely.

Comments

One of the simplest ways to get feedback from readers is to write a post with survey-like questions, and then ask your readers to respond in the comments.

There are some disadvantages to this approach. For example, because people are free to say anything they want in the comments, it may be hard to get the exact information you want.

Also, with this approach, the survey responses are out in the open, and this may suppress the response since people may be a little timid to share information so publicly.

What I’ve found about using comments for surveys is that this approach is perfect for simple questions like “What was the worst work experience you ever had?” If you want something more specific, then you need to use one of the tools we’ll look at next.

WP-Polls

Using a WordPress plugin like WP-Polls on your blog will give you the option of asking very specific questions that should generate very specific answers over an extended amount of time.

WP Polls

This plugin is embedded on your site as a widget, and actually adds another element of interaction with your readers. Every month, you can change the questions.

The nice thing about WordPress plugins is that they’re simple to install from inside your WP admin control panel.

Google Docs

Google Docs offers a tool that will help you create surveys that you can link readers to (for example, in an email), or actually embed into your blog.

It creates these forms out of HTML, gives you several survey styles, and even gives you a huge selection of themes to choose from:

Google Docs Surveys

This is the form that Chris Brogan uses:

Chris's Google Docs Survey Form

On the back end, you can review the collected data in a charts and graphs:

Google Docs Survey Stats

Survey Monkey

Survey Monkey is the most well-known survey tool online, having been around since 2002.

While there are paid plans that won’t bankrupt you, I’ve found that the free online version suits most of my needs. The only drawback to this type of survey is that it will drive your readers away from your site, as they need to go to Survey Monkey to give their answers.

The service gives you a choice of 15 question styles to choose from.

Survey Monkey Question Selection

And you can even customize the survey to match your blog color scheme.

Survey Monkey Custom Color Selection

KISSinsights

This tool is one my team developed. KISSinsights is a simple tool that takes two minutes to install, and allows you to ask one question of your readers. You can update that question at any time.

What I really like about this survey tool is that we tried to make it as little a distraction from your site as possible: it pops up, but then the user can close it and move on to your site immediately.

Kiss Insights Survey Tool

WP Survey and Quiz Tool

This robust WordPress tool, WP Survey and Quiz Tool, will let you do more than just create surveys—as the name suggests, you can also use it to create quizzes and polls.

WP Survey and Quiz

There is no limit to the number of surveys or quizzes you can create, and the tool gives you these features as well:

  • Limit answers to one per IP address.
  • Send customized notification emails.
  • Send notification emails to one email address or a group of WordPress users.
  • Create custom contact forms.
  • Export your surveys and quizzes.

The drawback to this tool is that your survey is limited to s single post—it’s not available site-wide.

WordPress Simple Survey

The jQuery-based WordPress survey tool Simple Survey will allow you to create basic weighted surveys that route users to a location based upon their survey “score.”

The page doesn’t need to be reloaded as the user progresses through the quiz:

WordPress Simple Survey

You can have results emailed to you, or you can simply login into your WordPress dashboard to see the results.

SodaHead Polls

SodaHead gives you great options for customizing and publishing polls. In addition, you can:

  • add videos and photos
  • add questions with more than ten choices
  • protect against voting fraud with a Flash-based security code.

SodaHead Survey Tool

The feature that I really like about this tool is what it can do to help your poll go viral through features like one-click sharing to Twitter and Yahoo, and adding your survey to SodaHead’s network to get more exposure.

Polldaddy Polls and Ratings

This fully customizable survey tool for WordPress gives you the ability to post your poll on a single post or as a sidebar widget:

Polldaddy

The nice thing about Polldaddy Polls is that it supports 57 different languages, making it a better option for those serving audiences outside of the United States.

Unfortunately if you have the latest WordPress update, 3.3.2, then it may not be compatible with your site.

Survey Me

For the people who don’t code out there, SurveyMe is probably the WordPress plugin you want to use.

Survey Me

This simple install will allow you to role out a poll within minutes.

Maximizing responses

By the way, if you are concerned about how many responses you’ll get to your survey, don’t worry. People love to share their opinions—you’ll probably get as high as a ten percent turnout!

If you are interested in getting an even higher response, I’d recommend you tell your readers that you’re going to share some of the best responses that you get from the survey. With a promise that they might get some exposure on your site, more people will be motivated to leave a response.

If you want an even higher turnout, or if you have a small audience and want to maximize the number of answers you receive, you may want to offer some kind of incentive (for example, everyone who responds will be entered in a drawing for a $50 Apple iTunes gift card).

What survey tools do you use? Tell us your faves in the comments.

Neil Patel is an online marketing consultant and the co-founder of KISSmetrics. He also blogs at Quick Sprout.

The Blogger’s Essential WordPress Guide: 13 Top Tutorials

Over the last couple of months, we’ve taken a close look at WordPress here on ProBlogger.

WordPressI know that many readers do use WordPress—either the free or paid version—and it’s the content management system of choice for many high-profile sites. I’ve been using it for years, and I’d have to say that it’s served me really well over that time.

The articles we’ve published have covered many of the essential aspects of blogging using WordPress, from choosing the service that’ll suit you and weighing up different themes, to securing, posting to, and making money from your WordPress blog.

In case you’ve missed any of these great posts, I thought I’d compile them all here for easy reference.

Getting started

  1. WordPress.com or WordPress.org? Which one’s right for you?
  2. What you need to know before you start a WordPress blog
    Security
  3. Set safe, secure user roles on your WordPress blog
  4. Secure your WordPress blog without touching any code
    SEO
  5. Essential SEO settings for every new WordPress blog
    Themes
  6. How to select your first WordPress theme
  7. Install your first WordPress theme
    Plugins
  8. Install your first WordPress plugin
  9. 19 Essential WordPress plugins for your blog
  10. 5 WordPress plugins to help you make money from your blog
    Posting
  11. Use email to post to your WordPress blog
    Making money
  12. 9 Ways to make money from WordPress … without having a blog
  13. Premise 2.0 released: complete digital sales and lead generation engine for WordPress

Thanks to all the contributors who put in the work to help us get our heads around these finer points of WordPress, including Matt Hooper, Karol K of ThemeFuse, Anurag Bansal of Techacker, Eric Siu of Evergreen Search, Louise of MoneySupermarket.com, and Sean Platt of outstandingSETUP.

Of course, while this CMS dominates the blogosphere, there are many solid alternatives to WordPress (and no, I’m not talking about Blogger!). If you’re looking for a change for some reason, give them your consideration.

Do you have a favourite WordPress tutorial or resource that you can add to this list? Share it with us in the comments.

Boost Conversions Step 4: Run A/B Tests, Tweak, and Refine

This guest post is by the Web Marketing Ninja.

When it comes to conversion rate optimization, it’s easy to read about, and think about.

But when it comes to actually running a test, most people are at a loss.

It’s not that we don’t believe in testing; it’s that there’s barely enough time in the day to set up those key pages once, let alone set up variants, implement a test, measure, refine the pages, and test again. Trust me—I’ve been there!

But as we’re nearing the end of this series of posts about boosting conversions, I’m hoping you’re all fired up!

I’m going to use that motivation to push you to finally run that first test—a simple A/B test. In this post, I’ll run you , step by step, through a simple test that:

  • won’t cost you a cent
  • takes less than an hour of your time to set up
  • gives you that all-important glimpse of what testing can actually do for your blog.

I’ll bet once you’ve cracked that first A/B testing nut, you’ll become a testing junkie like me. And your conversion rates with never be the same—hopefully, they’ll be much better!

So let’s get testing.

1. Choosing a page

First things first—let’s pick a page to test.

In the second post in this series, Darren talked about reviewing your conversion funnel. That may have given you a few ideas about pages you could test—maybe they’re some of the pages you reworked after reading Tommy’s post yesterday.

My basic approach is, if you’ve got a sales or signup page that gets traffic, test that. (It’s likely to be on your list anyway.) If you don’t, pick your Contact page instead. Or, if you’re feeling brave you can go for the biggest bang for buck and test a “money page.”

2. Working out what to test

Our second step is to figure out what to test. When I’m looking at a page I want to test for the first time, I ask these six questions:

  1. Can everyone access it? We’re talking here about accessibility.
  2. Can everyone use it? Usability is the key for complex processes.
  3. Does it work? It should—on all browsers, mobile devices, non-javascript browsers, and so on. Don’t forget to consider page load speeds as well.
  4. How does it look? Does is communicate the mood you want it to?
  5. How well does is tell the story? Do the words engage users and drive the actions you want?

Ask these questions about any web page. and you’ll end up with a long list of stuff you can test, but for now, let’s start with a headline—a big part of telling the story, and probably a fairly strong element in any sales or signup conversion. It’s also something that Tommy was eager to test yesterday, in his third conversion goal, which was to get more high-quality leads.

As this is an A/B test, you need to come up with just one alternative to the page’s original headline. If one email can have over 500 different subject lines then I think we can probably come up with one.

Now we’ve got a page, we’ve got our original headline, and we’ve got an alternative headline. Let’s start our test!

3. Setting up the test

You can use a few different applications to run web page tests—some free, some not. To keep things simple, we’ll use Google Website Optimiser—one of the free options.

In order to use this tool, we first need to set up a couple of things.

  1. We need a publicly viewable version of your original page, and the one you want to test with the new headline. And you’ll need them at two separate URLS—it might be problogger.net/salespage.php and problogger.net/salespage1.php. These URLS will depend on the CMS or blog technology you’re using and your site structure, of course.
  2. We need access to a page that appears aftera user completes your goal action. So, in the case of a contact form, this page would be your “thanks, your message has been received” conformation page.If you’re testing a sales page, this can be a little more tricky. Ideally you’d have access to the page that confirms that the user’s purchase has been successful. If you can’t access that page, you might have to settle for the page that appears when someone clicks on of your Buy Now links.(Note that there are ways around this problem, however you might need some technical assistance to access them. In this case, I would recommend you look at a service like Optimizely/, but it’s not cheap. The upside is that once you set it up, creating tests is extremely easy.)

Once you’ve got all of that done, sign up to Website Optimiser. Once you’ve signed up you should see a page like the one below. Click the link to start your experiment.

Click the link

You’ll then be asked what type of test you want to run. Pick the A/B Test.

Select A/B testing

You’ll then be asked to get your test pages and your conversion page ready. We’ve already done that, so we can confirm and move to the next step.

Confimation

Next, you’ll need to enter a name.

Provide a name

Include the links to the original page, and the version you want to test.

Include URLs

Finally, paste in the link to your goal or conversion page.

Goal page URL

Once you’ve completed all the fields, click Continue.

The next step is the most technical. You need to put a special piece of code into your original page, your test page, and your conversion page. (You can read more about the code snippets themselves here.)

If you’re using WordPress, there’s a handy plugin that will allow you to do this pretty easily, called Google Website Optimizer for WordPress.

Once it’s activated you’ll see a spot under each page and post to enable testing—add your special code in there. If you’re confident with editing the tags on particular pages, great. If you’re not using WordPress, you’re not technically minded, and you can’t find a Website Optimizer plugin for your CMS, you might need to ask nicely for some help.

I’m going to move on, assuming that you’ve got the codes in place. Next, you’ll need to validate them:

Validate pages

If the validation’s all good, you’ll get a screen that looks like this:
Validation successful

Click OK, then click Next. You’ll arrive at the final conformation screen, where you can preview or start your experiment.

Preview the experiment

Once you hit Start, you can sit back and relax for a bit: you’re now testing! After a few hours some of your preliminary results will start to come through. When you log into Website Optimizer you should see your experiment listed. To see the results, click on the View Report link. The report shows you how the two pages are performing against each other.

Viewing the report

4. Deciding the winner

You can expect to see some wild fluctuations in the data initially, so it’s important not to decide on a winner to quickly—let the data smooth out over time. In the case shown above, the results came in pretty even—and this is a test I ran over four months!

Most testing platforms will have an algorithm to let you know how confident they are that one version is beating another. In the case of Website Optimizer, it’s called a “high-confidence winner.” In the case of slight changes, it can take a while for a call to be made. You can either wait, or pick your own moment and move on. It’s really up to you.

Personally, I’ve made calls on tests that have only run for three days, and waited for some that have run over months and months. As your experience in testing grows, so will your confidence in making calls.

What to expect from your test

Within your tests, you’ll probably experience one of three things:

  1. Your new headline wins.
  2. Your original headline wins.
  3. The result is too close to tell.

In the first case, you’ve hopefully got a great understanding of the progress you can make with testing.

If your original headline wins, you’ve actually also made a small step forward: you’ve proven that your current headline is better than at least one other option—but I’m sure there’s a bunch more to try!

If it’s a to close to tell results, then, as is the case if the original wins, it’s time to think up some new headlines.

So hopefully you’re all able to identify, set up, run, and report on a simple A/B test. Even better, I hope you’ve found it so easy that you’re ready and raring to start your next test. Because if you’re happy with good, then produce. But if you aspire to great, then produce, test, iterate, test again—and you just might get there.

And that’s the key point here: to continuously improve your blog’s conversion rates for paid or unpaid offers, you really need to have in place an ongoing system of refinement that’s based on trial and testing.

Once you’ve got a handle on that,  you’ll be able to go back and apply the four steps for boosting conversions—reviewing your offerrevisiting your conversion funnelrevamping your communications, and running A/B tests—more broadly, to every segment of your audience. That’s what we’ll be looking at later today, in the final part of this series. Don’t miss it!

Stay tuned for more posts by the Web Marketing Ninja—author of The Blogger’s Guide to Online Marketing, and a professional online marketer for a major web brand. Follow the Web Marketing Ninja on Twitter.