Close
Close

Weekend Project: Sharing a WordPress War Story

While we love blogging, we all know there are some aspects that really do seem impossible sometimes—none moreso than transferring a WordPress.com blog to the WordPress.org platform.

We’ve discussed the differences between these two platforms before, because more than one blogger has been caught up by the limitations of WordPress.com (usually the limitation that this platform doesn’t allow you to monetize your blog). But it’s well known that swapping to the .org platform from .com can be a challenge.

This weekend’s project explains the WordPress war story of a blogger who chose to start a blog on WordPress.com, because it required so little technical knowledge. But when she wanted to monetize her blog—and switch to the .org platform—that lack of technical skill proved a major hurdle. It’s no wonder the process has gained such a bad reputation!

Actually, I think this is something that blog platform developers probably want to consider as they’re creating their platforms‚ because any help they can give to users who want to upgrade or switch to other versions of their products is always much appreciated.

If you’re one of those bloggers who’s itching to move your blog from .com to .org, but you’ve been too scared, clear some time in your weekend schedule to implement the process that our Weekend Project sets out. I’m giving you plenty of warning for this project—it starts tomorrow!

For now, if you have a WordPress war story of your own that you’d like to get off your chest, feel free to vent in the comments.

10 Fresh Tips for Finding Time to Blog

This guest post is by Brian Milne of The Corporate Mentality.

Work. School. Friends. Family … and kids.

We’ve all got a lot going on in our lives, and I haven’t even mentioned our online worlds yet.

Twitter. Facebook. Google Plus. LinkedIn … and Pinterest.

The list is always growing, and as our offline lives get busier and online worlds more cluttered, our blogs are getting more and more neglected.

And while it’s great spending time learning everything the above social sites have to offer, let’s not forget the importance of our own blogs, and the significance of providing readers with quality content. After all, without quality posts, you’ll be slow to take your blog to the next level and will have little original content to push out to your followers.

And, in the end, isn’t that what it’s all about? Generating exposure, traffic, leads and potential customers or partners?

That said, here are ten ways I’ve been able to carve out more blogging time of late—despite running dozens of sites and having our third child in five years this past April. (And if these ten tips aren’t enough, ProBlogger’s timely Blog Wise ebook will certainly do the trick!)

1. Get up early

There’s nothing better than starting off the day with something you really enjoy, whether it’s a nice jog around the park, a bike ride through town, or a trip to the gym. And if you’re someone who truly enjoys writing, you’ll appreciate making blogging part of your morning routine.

Just be sure to do so before you get online and open your inbox. Your writing is more impactful when ideas are fresh in your head—and you aren’t bogged down by your list of tasks for the day.

2. Write at lunch

If you can’t get up early enough to write before work, get away from it all at lunch. Take the iPad or laptop with you to the park, fire it up on a shady bench next to your brown bag and write to your heart’s content.

3. Go offline

No wireless connection at your local lunch getaway? No worries. Disconnecting makes for a distraction-free hour of writing. In fact, while you’re at it, turn off your phone, Twitter alerts, Facebook messages, IM and email inbox—anything that’s going to keep you from getting your thoughts down.

If you get the inspiration to Tweet, take that clever 140-characters and expand on it in a blog post. Remember, it’s better to own your content than get owned by Twitter or Facebook. Make those platforms work for you, not the other way around.

4. Stay up late

All the hustlers do it. And don’t just stay up late and use the “free time” to soak up more David Letterman. Kill your TV and breathe new life into your blog.

As Gary Vaynerchuk writes in Crush It, “If you already have a full-time job, you can get a lot done between 7 p.m. and 2 a.m. (9 p.m. to 3 a.m. if you’ve got kids), so learn to love working during those predawn hours. I promise it won’t be hard if you’re doing what you love more than anything else.”

5. Use an app for that

Don’t have time to post, but have a second to snap a photo? Start photo blogging from your mobile device. Mobile content is becoming a lot more acceptable in today’s blogosphere, whether it’s an inspirational image or an event photo that’s related to your site, snap it, and post it in less than a minute.

You can use the WordPress app, which allows you to post images, text and even HTML straight from your mobile device. Or set up your blog to allow for email publishing, whether it’s straight from your mobile email client or through a third-party platform such as Flickr—which can auto post images to the site and your blog via email.

6. Use shortcuts

Take advantage of additional WordPress features that streamline posting. For example, did you know you can embed a YouTube video in the body of your WordPress blog by simply pasting in the URL of the video? In the latest version of WordPress, 3.4, you can do the same thing with Tweets, embedding an individual Tweet just by pasting the link to the Tweet in the body of your blog post.

Knowing shortcuts and quick tips like this can cut down your “time to publish” considerably.

7. Accept guest posts

I know, it’s your blog, and it’s tough to allow others to post on the site you’ve poured your blood, sweat and tears into. But there comes a time—when either you get too busy or your blog gets too popular—when you have to take a step back and ask for help.

It’s a good problem to have if you think about it, because your site has likely scaled to the point where it’s bigger than you ever would have imagined. To keep feeding the content machine, reach out to some folks you trust for regular contributions. Adding different perspectives to your site often brings in new readers, and also encourages those you trust to help build and promote your brand when they post.

8. Hire some help

If you’re not sure where to turn in terms of guest contributors, post an ad on a related freelance board for part-time writers. Be sure to ask candidates to include a résumé and links to from three to five related blog posts. That way you can see exactly what types of posts you could expect when outsourcing. You never know, you might just find someone who writes as well or—gulp—better than you do!

9. Post different types of content

Have you ever created a video for your audience? How about a podcast? Sometimes turning on a microphone or camera can be easier than sitting down to craft a solid 600-word blog post.

As noted earlier, photo blogging or producing short, informative videos or podcasts can be a quick way to whip up new content and complement your writing. And in some cases, audiences respond better to non-traditional content types. New mediums also allow your audience to digest your content on the go, which is becoming increasingly important in this mobile world we live in.

10. Put it down on paper

Maybe it’s the former journalist in me, but I still use an old-fashioned reporter’s notepad to jot down quick notes and sketch out illustrations when I’m not in front of a computer (during my commute, for example).

It helps me organize and prioritize my thoughts, and keeps me from cursing iPhone autocorrect fails—which, when funny enough, lead me to waste another 15 minutes ridiculing those blunders with all of you on Twitter.

And that, my fellow bloggers, would be a waste of everyone’s time.

Brian Milne is founder of the BlogHyped Network of sites, where bloggers vote up posts and receive valuable links and exposure for their blog. Follow @BMilneSLO on Twitter to share your blog productivity tips and to be featured in his upcoming “Book on Blogging.”

Should You Use a Third-Party Commenting System on Your Blog?

This guest post is by Syed Balkhi of WPBeginner.

If you’ve been blogging for anything more than a few months, you probably have come across blogs using third-party commenting systems like Disqus, Livefyre, Facebook Comments, Intense Debate, and more. You may have asked yourself, “Why do other blogs use these systems? Are they helpful? Should I use a third-party commenting system on my site?”

I have used both the built-in WordPress commenting system and a third-party commenting platform for an extensive period of time. In this article, I will share the pros and cons, from my personal experience, of using a third-party commenting system, and point you to some of the plugins that I use to extend the power of built-in WordPress comments.

Pros of third-party commenting systems

1. Single login (authenticity)

There are a lot of trolls on the web leaving anonymous comments. By using a third-party commenting system, you can require the user to register before the comment, and so cut down on trolling.

If you’re using a popular third-party commenting system like Disqus, Livefyre, or Facebook Comments, then the chances are that the user already has an account with those services. Users can surf from one website to another while staying logged in to the commenting platform, and this allows them to easily track all of their comments—and those of others—throughout the blogosphere.

2. Expanded social media presence

Almost all third-party commenting platforms offer some sort of expanded social media presence, Facebook Comments being the leader because it gives you the viral aspect. Your users’ comments can be posted on their walls, as long as they leave right the checkbox checked.

Other platforms allow users to integrate with Twitter and Facebook. Livefyre, in particular, allows the user to tag their Facebook or Twitter friends within the comments. This tagging sends a tweet or Facebook message to their friend(s) notifying them about your post.

3. Spam control

Requiring a commenter to log in to comment virtually eliminates the chance of a spam bot attacking your site.

4. Increased engagement

Most third-party commenting platforms claim to increase engagement. Some do it by making your comments appear in real-time, simulating a chat-like feel within comments. Others allow users to easily subscribe to comments via email to keep up with the conversation.

Cons of third-party commenting systems

1. Change and frustration

While the concept of using one login across all websites sounds noble, it doesn’t always work.

If your current commenting system doesn’t require user registration, then your users will likely be frustrated when you introduce a new system. This change “forces” them to create an account with a third-party service to leave a comment on your site—and that may seem as if they’re losing their freedom to comment on your site. This can drive some of your most loyal users away.

2. Lack of control

If you are the kind of blogger who likes to fine-tune and tweak every aspect of your blog, then third-party comment systems probably aren’t for you.

You will lose control over most aspects of your commenting platform in terms of formatting and design by adopting these systems. Your users will also experience slower page loads while the third-party commenting platform loads (especially during maintenance and occasional server outages), which is totally out of your control. Last but certainly not least, you will not be able to add features, such as lead-generation option or comment policy text links, without mastering the commenting system’s API.

My choice: default WordPress comments

After using a third-party commenting system, Livefyre, for over a year, I decided to switch back to the default WordPress comment system. While I could go into the excruciating details about why I switched away from Livefyre, the main point was the cons outweighed the pros. I wanted more control over the look and functionality of our comments, and I also wanted to keep our users happy. Lastly, I was able to replicate just about every advantage of a third-party commenting system using WordPress plugins.

So let’s go through that pros and cons list again, and see how it caused me to switch to WordPress comments.

  1. Authenticity: While requiring users to register is one way to ensure authenticity, it was really annoying. So we just use Gravatar, which allows others to recognize the same commenter over multiple platforms. No need to use a plugin for this! WordPress has built-in support for Gravatar as long as your theme is properly coded (most good themes are).
  2. Expanded social media presence: I was able to add Sign in with Twitter and Connect with Facebook options to my blog fairly easily while leaving the default method as is. I used the plugin called Simple Twitter Connect which allowed me to add the Sign with Twitter option. I used the plugin called Simple Facebook Connect to add the Connect with Facebook option for my comments.

    Social comment integration

  3. Spam control: While requiring registration can reduce spam, it is also very annoying. I thought of a less annoying method that has been working great for us—the awesome Akismet plugin, which comes with every WordPress installation and does a fairly decent job of detecting spam comments.

    I noticed the main reason why people leave spam comments is to get backlinks. Well, I decided to get rid of the link feature altogether. This required me to edit the comments.php file, but it wasn’t very hard. All I had to do was get rid of the Website field from the comment submission form. Then, I just edited the way our comments were displayed in the theme by removing the hyperlinks from the name and Gravatar image. This takes away the backlink incentive for most spammers. Another thing I did was disabled pingbacks/trackbacks on all posts. I noticed a lot of folks were trying to send trackback spam on our site, hoping for a backlink from posts. However by doing this, I totally avoided that issue.

  4. Increase in engagement: You can add the Subscribe to Comments feature to your comments using a popular plugin called Subscribe to Comments. I also added an opt-in checkbox to our comments that allows readers to subscribe to our newsletter using Newsletter Sign-Up.

As you can see, I was able to get almost all of the benefits of a third-party commenting system that people want while still using the built-in WordPress comments. Not to mention that I was able to customize the look of our comments, so they look good and are in keeping with out site.

Do you use third-party commenting systems?

Despite my experience, third-party commenting systems work perfectly for some bloggers and their blogs. I’d be interested in hearing your experiences of using a third-party commenting platform—or choosing to use the default system that came with your blog.

Syed Balkhi is the founder of WPBeginner, the largest unofficial WordPress resource site that offers free WordPress videos for beginners as well as other comprehensive guides like choosing the best WordPress Hosting, speeding up WordPress, and many more how-to’s.

How to Back Up and Move a WordPress Blog

This guest post is by Caimin Jones of Genius Startup.

Sometimes you’ll need to move your blog from one host to another. It’s a bit of a pain and might seem a daunting task if you’ve never done it before.

But transferring a site is a fairly straightforward process that you can do yourself with an FTP program and this step-by-step guide.

Before trying the DIY method, it’s worth checking to see whether your new hosting company offers a site transfer service for new customers. Many do—but check whether there’s a cost involved. I’ve seen free services for this, but I’ve also seen prices around $300!

If you just need to learn how to make a simple backup of your posts, and don’t need to move hosts, take a look at this ProBlogger post.

But if you’re ready to back up and move your blog, let’s do it.

What you need to begin

To get stated, you’ll need:

  1. an FTP program (two good, free ones are FileZilla or FireFTP which works as a Firefox add-on)
  2. the FTP login information for your current host
  3. the FTP login information for your new host
  4. the MySQL username, password, and host name for your new server
  5. the nameserver information for your new host—there are usually two host names, sometimes more
  6. the login details for the registrar with which your domain name is registered.

It’s best to move hosts during a quiet time of the week for your blog, which probably means over the weekend. Check that support is available at your new host, and have the number handy. If something doesn’t work as it should, you’ll be glad you don’t have to go looking for that phone number.

Two preliminary steps to make life easier

If you’re using a cache plugin like Total Cache or WP Super Cache, deactivate and completely remove the plugin before you start the move process.

Cache plugins store file settings on the server, and these will be different for your new host, so you need to do a new install for those types of plugins. Most other types of plugins won’t need to be re-installed using the process I’m outlining here.

Secondly, it’s highly recommended go to your domain registrar or hosting company and lower the TTL value on your domain to something like 300 seconds, or the lowest value allowed.

TTL stands for Time To Live. It’s the number of seconds browsers should wait before refreshing the DNS information that connects domain names with web servers. Setting it to a low value means you won’t have to wait more than a few minutes for your host switching to take effect.

You’ll find the TTL as a setting under a DNS Zone file. For example, it looks like this in Media Temple:

TTL settings

And it looks like this in Go Daddy:

TTL settings GoDaddy

Make sure you change the TTL at least 12 hours before you plan to switch web hosts, so that the newer, faster refresh time has updated around the internet.

Making the move

Step 1. Install WordPress on the new hosting company

If the new host has a one-click install feature, use that to install WordPress—you’ll save yourself quite a bit of time and hassle.

If you have to install it manually, take a look at the official installation guide.

Step 2. Back up the database

The easiest way to make a complete database backup is to install the WP-DBManager plugin .

Once it’s installed, go to Database > Backup Database and click the Backup button. If you have a lot of posts or comments, this might take a few seconds.

When you see the message that the backup has been created, go to Database > Manage Backup DB and check the backup file is definitely there.

Step 3. Back up all the files from your old server

Using your FTP program, log in to your old host and navigate to your wp-content directory. Download everything in that directory to your computer.

At this stage you have a complete copy of your entire blog—and you’re halfway there.

Downloading the copy

Step 4. Upload your files to the new server

Now, it’s back to your FTP program. Log in to the new server and navigate to the wp-content directory.

Before you take the next step, double-check that you really are logged in to the new server and not the old one.

Now delete everything in the wp-content directory.

Then upload everything in the wp-content copy on your computer to your new host.

Step 5. Change nameservers

You’re nearly there! Now you need to log in to your domain name registrar and change the nameservers to those of your new hosting company.

Changing the nameservers

Changes to domain nameservers can take a few hours or more to propagate through the internet, so it may be a while before your blog is being served from its new home. However, if you followed the tip to reduce the TTL value before you began, you’ll only need to wait a few minutes for the changes to take effect.

Sep 6. Make the finishing touches

Visit your blog homepage and refresh it every few minutes until you see the WordPress install page (if you manually installed WordPress) or an empty blog using the standard theme (if you used a one-click install option).

Don’t panic! Log in to the Admin area and go to Database > Manage BackupDB. You should see the backup file you made on your old server. Select it and click Restore.

Now check your blog homepage and you should see a fully working blog, with posts, comments, theme, and plugins working correctly.

If everything looks good, you can now reinstall your cache plugin, if you were using one. I’d also say you’ve also earned a glass of your favorite beverage!

Caimin Jones is founder of Genius Startup which gives bloggers and small startups no fluff, practical strategies to build a successful web business.

10 Cheap Survey Tools for Bloggers Who Want Answers

This guest post is by Neil Patel of Quick Sprout.

Whether you want to write a persuasive post or a headline that grabs attention, or create a call to action that grows your RSS subscription count by 243%, you first have to understand who your reader is.

So how do you go about finding this out?

You could guess, measure, and repeat until you hit upon a winning formula … but that could take months or years.

The easiest and fastest way to find out what will resonate with your readers is to ask them. And the best to do that is with a survey.

How can surveys help you?

You probably have a good working understanding of who your readers are because of your experience in the field. This will help you create surveys, but it won’t help you get to those breakthrough insights that will turn your posts into reader magnets.

To do that you need to know information like this:

  • Demographics: A survey will tell you who’s reading your blog. It can tell you their sex, age, income, and interests.
  • Content: A survey will tell you what kinds of content your readers like. Do they like practical articles or more research-based posts? Do they want those to be long or short? What about frequency?
  • Products: A survey will also tell you what kinds of products your readers may be interested in.
  • Problems: Finally, a survey can tell you what problems that your readers want solved. This is probably the best piece of information you could have when it comes to creating engaging content, right?

Top survey tools

AJ showed how to create a survey that gets insightful answers from your readers earlier today.

Now, let’s look at some in expensive tools that will help you gather this all-important information professionally and securely.

Comments

One of the simplest ways to get feedback from readers is to write a post with survey-like questions, and then ask your readers to respond in the comments.

There are some disadvantages to this approach. For example, because people are free to say anything they want in the comments, it may be hard to get the exact information you want.

Also, with this approach, the survey responses are out in the open, and this may suppress the response since people may be a little timid to share information so publicly.

What I’ve found about using comments for surveys is that this approach is perfect for simple questions like “What was the worst work experience you ever had?” If you want something more specific, then you need to use one of the tools we’ll look at next.

WP-Polls

Using a WordPress plugin like WP-Polls on your blog will give you the option of asking very specific questions that should generate very specific answers over an extended amount of time.

WP Polls

This plugin is embedded on your site as a widget, and actually adds another element of interaction with your readers. Every month, you can change the questions.

The nice thing about WordPress plugins is that they’re simple to install from inside your WP admin control panel.

Google Docs

Google Docs offers a tool that will help you create surveys that you can link readers to (for example, in an email), or actually embed into your blog.

It creates these forms out of HTML, gives you several survey styles, and even gives you a huge selection of themes to choose from:

Google Docs Surveys

This is the form that Chris Brogan uses:

Chris's Google Docs Survey Form

On the back end, you can review the collected data in a charts and graphs:

Google Docs Survey Stats

Survey Monkey

Survey Monkey is the most well-known survey tool online, having been around since 2002.

While there are paid plans that won’t bankrupt you, I’ve found that the free online version suits most of my needs. The only drawback to this type of survey is that it will drive your readers away from your site, as they need to go to Survey Monkey to give their answers.

The service gives you a choice of 15 question styles to choose from.

Survey Monkey Question Selection

And you can even customize the survey to match your blog color scheme.

Survey Monkey Custom Color Selection

KISSinsights

This tool is one my team developed. KISSinsights is a simple tool that takes two minutes to install, and allows you to ask one question of your readers. You can update that question at any time.

What I really like about this survey tool is that we tried to make it as little a distraction from your site as possible: it pops up, but then the user can close it and move on to your site immediately.

Kiss Insights Survey Tool

WP Survey and Quiz Tool

This robust WordPress tool, WP Survey and Quiz Tool, will let you do more than just create surveys—as the name suggests, you can also use it to create quizzes and polls.

WP Survey and Quiz

There is no limit to the number of surveys or quizzes you can create, and the tool gives you these features as well:

  • Limit answers to one per IP address.
  • Send customized notification emails.
  • Send notification emails to one email address or a group of WordPress users.
  • Create custom contact forms.
  • Export your surveys and quizzes.

The drawback to this tool is that your survey is limited to s single post—it’s not available site-wide.

WordPress Simple Survey

The jQuery-based WordPress survey tool Simple Survey will allow you to create basic weighted surveys that route users to a location based upon their survey “score.”

The page doesn’t need to be reloaded as the user progresses through the quiz:

WordPress Simple Survey

You can have results emailed to you, or you can simply login into your WordPress dashboard to see the results.

SodaHead Polls

SodaHead gives you great options for customizing and publishing polls. In addition, you can:

  • add videos and photos
  • add questions with more than ten choices
  • protect against voting fraud with a Flash-based security code.

SodaHead Survey Tool

The feature that I really like about this tool is what it can do to help your poll go viral through features like one-click sharing to Twitter and Yahoo, and adding your survey to SodaHead’s network to get more exposure.

Polldaddy Polls and Ratings

This fully customizable survey tool for WordPress gives you the ability to post your poll on a single post or as a sidebar widget:

Polldaddy

The nice thing about Polldaddy Polls is that it supports 57 different languages, making it a better option for those serving audiences outside of the United States.

Unfortunately if you have the latest WordPress update, 3.3.2, then it may not be compatible with your site.

Survey Me

For the people who don’t code out there, SurveyMe is probably the WordPress plugin you want to use.

Survey Me

This simple install will allow you to role out a poll within minutes.

Maximizing responses

By the way, if you are concerned about how many responses you’ll get to your survey, don’t worry. People love to share their opinions—you’ll probably get as high as a ten percent turnout!

If you are interested in getting an even higher response, I’d recommend you tell your readers that you’re going to share some of the best responses that you get from the survey. With a promise that they might get some exposure on your site, more people will be motivated to leave a response.

If you want an even higher turnout, or if you have a small audience and want to maximize the number of answers you receive, you may want to offer some kind of incentive (for example, everyone who responds will be entered in a drawing for a $50 Apple iTunes gift card).

What survey tools do you use? Tell us your faves in the comments.

Neil Patel is an online marketing consultant and the co-founder of KISSmetrics. He also blogs at Quick Sprout.

The Blogger’s Essential WordPress Guide: 13 Top Tutorials

Over the last couple of months, we’ve taken a close look at WordPress here on ProBlogger.

WordPressI know that many readers do use WordPress—either the free or paid version—and it’s the content management system of choice for many high-profile sites. I’ve been using it for years, and I’d have to say that it’s served me really well over that time.

The articles we’ve published have covered many of the essential aspects of blogging using WordPress, from choosing the service that’ll suit you and weighing up different themes, to securing, posting to, and making money from your WordPress blog.

In case you’ve missed any of these great posts, I thought I’d compile them all here for easy reference.

Getting started

  1. WordPress.com or WordPress.org? Which one’s right for you?
  2. What you need to know before you start a WordPress blog
    Security
  3. Set safe, secure user roles on your WordPress blog
  4. Secure your WordPress blog without touching any code
    SEO
  5. Essential SEO settings for every new WordPress blog
    Themes
  6. How to select your first WordPress theme
  7. Install your first WordPress theme
    Plugins
  8. Install your first WordPress plugin
  9. 19 Essential WordPress plugins for your blog
  10. 5 WordPress plugins to help you make money from your blog
    Posting
  11. Use email to post to your WordPress blog
    Making money
  12. 9 Ways to make money from WordPress … without having a blog
  13. Premise 2.0 released: complete digital sales and lead generation engine for WordPress

Thanks to all the contributors who put in the work to help us get our heads around these finer points of WordPress, including Matt Hooper, Karol K of ThemeFuse, Anurag Bansal of Techacker, Eric Siu of Evergreen Search, Louise of MoneySupermarket.com, and Sean Platt of outstandingSETUP.

Of course, while this CMS dominates the blogosphere, there are many solid alternatives to WordPress (and no, I’m not talking about Blogger!). If you’re looking for a change for some reason, give them your consideration.

Do you have a favourite WordPress tutorial or resource that you can add to this list? Share it with us in the comments.

Boost Conversions Step 4: Run A/B Tests, Tweak, and Refine

This guest post is by the Web Marketing Ninja.

When it comes to conversion rate optimization, it’s easy to read about, and think about.

But when it comes to actually running a test, most people are at a loss.

It’s not that we don’t believe in testing; it’s that there’s barely enough time in the day to set up those key pages once, let alone set up variants, implement a test, measure, refine the pages, and test again. Trust me—I’ve been there!

But as we’re nearing the end of this series of posts about boosting conversions, I’m hoping you’re all fired up!

I’m going to use that motivation to push you to finally run that first test—a simple A/B test. In this post, I’ll run you , step by step, through a simple test that:

  • won’t cost you a cent
  • takes less than an hour of your time to set up
  • gives you that all-important glimpse of what testing can actually do for your blog.

I’ll bet once you’ve cracked that first A/B testing nut, you’ll become a testing junkie like me. And your conversion rates with never be the same—hopefully, they’ll be much better!

So let’s get testing.

1. Choosing a page

First things first—let’s pick a page to test.

In the second post in this series, Darren talked about reviewing your conversion funnel. That may have given you a few ideas about pages you could test—maybe they’re some of the pages you reworked after reading Tommy’s post yesterday.

My basic approach is, if you’ve got a sales or signup page that gets traffic, test that. (It’s likely to be on your list anyway.) If you don’t, pick your Contact page instead. Or, if you’re feeling brave you can go for the biggest bang for buck and test a “money page.”

2. Working out what to test

Our second step is to figure out what to test. When I’m looking at a page I want to test for the first time, I ask these six questions:

  1. Can everyone access it? We’re talking here about accessibility.
  2. Can everyone use it? Usability is the key for complex processes.
  3. Does it work? It should—on all browsers, mobile devices, non-javascript browsers, and so on. Don’t forget to consider page load speeds as well.
  4. How does it look? Does is communicate the mood you want it to?
  5. How well does is tell the story? Do the words engage users and drive the actions you want?

Ask these questions about any web page. and you’ll end up with a long list of stuff you can test, but for now, let’s start with a headline—a big part of telling the story, and probably a fairly strong element in any sales or signup conversion. It’s also something that Tommy was eager to test yesterday, in his third conversion goal, which was to get more high-quality leads.

As this is an A/B test, you need to come up with just one alternative to the page’s original headline. If one email can have over 500 different subject lines then I think we can probably come up with one.

Now we’ve got a page, we’ve got our original headline, and we’ve got an alternative headline. Let’s start our test!

3. Setting up the test

You can use a few different applications to run web page tests—some free, some not. To keep things simple, we’ll use Google Website Optimiser—one of the free options.

In order to use this tool, we first need to set up a couple of things.

  1. We need a publicly viewable version of your original page, and the one you want to test with the new headline. And you’ll need them at two separate URLS—it might be problogger.net/salespage.php and problogger.net/salespage1.php. These URLS will depend on the CMS or blog technology you’re using and your site structure, of course.
  2. We need access to a page that appears aftera user completes your goal action. So, in the case of a contact form, this page would be your “thanks, your message has been received” conformation page.If you’re testing a sales page, this can be a little more tricky. Ideally you’d have access to the page that confirms that the user’s purchase has been successful. If you can’t access that page, you might have to settle for the page that appears when someone clicks on of your Buy Now links.(Note that there are ways around this problem, however you might need some technical assistance to access them. In this case, I would recommend you look at a service like Optimizely/, but it’s not cheap. The upside is that once you set it up, creating tests is extremely easy.)

Once you’ve got all of that done, sign up to Website Optimiser. Once you’ve signed up you should see a page like the one below. Click the link to start your experiment.

Click the link

You’ll then be asked what type of test you want to run. Pick the A/B Test.

Select A/B testing

You’ll then be asked to get your test pages and your conversion page ready. We’ve already done that, so we can confirm and move to the next step.

Confimation

Next, you’ll need to enter a name.

Provide a name

Include the links to the original page, and the version you want to test.

Include URLs

Finally, paste in the link to your goal or conversion page.

Goal page URL

Once you’ve completed all the fields, click Continue.

The next step is the most technical. You need to put a special piece of code into your original page, your test page, and your conversion page. (You can read more about the code snippets themselves here.)

If you’re using WordPress, there’s a handy plugin that will allow you to do this pretty easily, called Google Website Optimizer for WordPress.

Once it’s activated you’ll see a spot under each page and post to enable testing—add your special code in there. If you’re confident with editing the tags on particular pages, great. If you’re not using WordPress, you’re not technically minded, and you can’t find a Website Optimizer plugin for your CMS, you might need to ask nicely for some help.

I’m going to move on, assuming that you’ve got the codes in place. Next, you’ll need to validate them:

Validate pages

If the validation’s all good, you’ll get a screen that looks like this:
Validation successful

Click OK, then click Next. You’ll arrive at the final conformation screen, where you can preview or start your experiment.

Preview the experiment

Once you hit Start, you can sit back and relax for a bit: you’re now testing! After a few hours some of your preliminary results will start to come through. When you log into Website Optimizer you should see your experiment listed. To see the results, click on the View Report link. The report shows you how the two pages are performing against each other.

Viewing the report

4. Deciding the winner

You can expect to see some wild fluctuations in the data initially, so it’s important not to decide on a winner to quickly—let the data smooth out over time. In the case shown above, the results came in pretty even—and this is a test I ran over four months!

Most testing platforms will have an algorithm to let you know how confident they are that one version is beating another. In the case of Website Optimizer, it’s called a “high-confidence winner.” In the case of slight changes, it can take a while for a call to be made. You can either wait, or pick your own moment and move on. It’s really up to you.

Personally, I’ve made calls on tests that have only run for three days, and waited for some that have run over months and months. As your experience in testing grows, so will your confidence in making calls.

What to expect from your test

Within your tests, you’ll probably experience one of three things:

  1. Your new headline wins.
  2. Your original headline wins.
  3. The result is too close to tell.

In the first case, you’ve hopefully got a great understanding of the progress you can make with testing.

If your original headline wins, you’ve actually also made a small step forward: you’ve proven that your current headline is better than at least one other option—but I’m sure there’s a bunch more to try!

If it’s a to close to tell results, then, as is the case if the original wins, it’s time to think up some new headlines.

So hopefully you’re all able to identify, set up, run, and report on a simple A/B test. Even better, I hope you’ve found it so easy that you’re ready and raring to start your next test. Because if you’re happy with good, then produce. But if you aspire to great, then produce, test, iterate, test again—and you just might get there.

And that’s the key point here: to continuously improve your blog’s conversion rates for paid or unpaid offers, you really need to have in place an ongoing system of refinement that’s based on trial and testing.

Once you’ve got a handle on that,  you’ll be able to go back and apply the four steps for boosting conversions—reviewing your offerrevisiting your conversion funnelrevamping your communications, and running A/B tests—more broadly, to every segment of your audience. That’s what we’ll be looking at later today, in the final part of this series. Don’t miss it!

Stay tuned for more posts by the Web Marketing Ninja—author of The Blogger’s Guide to Online Marketing, and a professional online marketer for a major web brand. Follow the Web Marketing Ninja on Twitter.

Boost Conversions Step 3: Revamp Your Communications

This guest post is by Tommy Walker of Tommy.ismy.name.

“How do I get more people to interact with my stuff?”

It’s a question I ask myself constantly. I could go on all day about traffic strategies, guest posting, or any number of online marketing topics. But the truth is, at the end of the day, shares, subscribes, and leads, are just another conversion.

I wish I realized that when I designed my existing website. I wish I realized a lot of things when I designed my website.

See, when I first started my site, I hadn’t thought about things like list building, or selling things (I had nothing to sell) or even the type of content I was going to publish. I thought I’d figure that stuff out as I went along, but, as my style changed, every new thing started to feel like it was tacked on.

Sadly, my site has become this clumsy Frankenstein creature that haphazardly attempts to do my bidding, but never quite executes. That’s no discredit to my developer, who did an excellent job at the time. It was my own misguided direction that turned what could have been a beautiful creation into something hideous.

Learn from your mistakes

If you’ve been following this series over the last couple of days, you’ll know that we’ve talked a lot about learning from your mistakes—as they affect your free or paid offer, and your conversion funnel.

I worked through these processes myself, so that as I go to work on version 3.0 of my website, I know exactly what I want my conversion goals to be. And they’ll be reflected in every facet of the new design.

The new design isn’t yet operational, but if you’ll allow me to let you peek under the sheet, I’ll show you:

  • my conversion goals
  • how I plan to attack them
  • screenshots of the current design and what isn’t working.
  • screens of the new design and why I think it’s an improvement
  • what I plan to test.

Expect this post to be on the longer side, as it is meant to be a conversion-oriented website playbook. For your convenience, here’s a table of contents:

As we go through each section, I’ll also point out things to look out for on your own site, and ways that you might be able to fix them.

A quick note before we continue: Conversion optimization is about constant testing. Everything from copy, to layouts and button placement, and color schemes.

While I might give you some suggestions along the way, there is no one “surefire” way. Often times what works best†is the thing we least expect and if sell yourself short on your testing, you may never know what actually works best for you.

The Web Marketing Ninja will be showing us the complete process of setting up and running A/B (or split) tests tomorrow, so if you want some expert advice on that topic, stay tuned.

Become really friendly with your analytics

Now, before I get to the design, I want to dive deep into my analytics.

As we’ve seen over the last couple of days, patterns in the data give a great starting point for the areas of your conversion funnel that can be improved, and even provide hints for how to improve them.

For instance:

  • Posts designed to drive conversation and high “time on site,” but which have few shares or interactions, may be lacking a clear sharing mechanism; alternatively, the comment call to action may be lacking.
  • Sidebar offers that receive traffic, but don’t convert, may need to be redesigned or scrapped entirely.
  • Landing pages with high time but few conversions require further testing to improve conversions.
  • Common click paths users take can determine pages that could be optimized for subscriptions or sales.

Your analytics tell the story of you and your users. When you fix your part, they’ll be able to give you more of what you want.

Define your conversion goals early

I imagine we’re a lot alike, you and I, in our goals. Mine are:

  • get more social shares
  • build a bigger subscriber base
  • attract more qualified leads that can be turned to sales.

What I didn’t realize on the first two iterations of my website was that each goal can be attacked very strategically within the design.

So instead of trying to get every page to do every thing, as I create version 3.0 of my website, I will be looking at each aspect with a different conversion goal in mind.

Goal #1: Get more social shares

The first goal, get more social shares, is pretty straightforward.

According to my analytics, my weekly blog articles get the most steady traffic and the highest time on site (four to seven minutes; I primarily video blog).

Knowing that, I want that traffic to turn into more traffic, because right now, the social sharing on the site is low.

With the time on site being so high, my best guess is the posts aren’t getting shared because the sharing functions are a little less than obvious.

Sharing options aren't obvious

The trick to getting more social shares is two-layered.

  1. Create engaging content.
  2. Make sharing as painless as possible.

According to my video analytics, just over 70% of people watch my videos through to the very end. Looking at the current design however, it’s incredibly clear that sharing is not painless.

To address this in the new design, on an individual post page, the video will be featured at the top, filling most of the screen, and the sharing icons will be featured on the bottom left, just before the fold.

Next to the share icons will be a short link that can be copied to the clipboard with a single click.

Next to that, I’ll show a Share Via Email button that, when clicked, will drop down an email form where users can email the page link without ever leaving the site.

New sharing layout

Key takeaway:

To improve shares on individual blog posts, create excellent content, and make sharing the primary call to action.

If the sidebars on your individual pages aren’t selling products, or bringing in email subscribers, get rid of those calls to action.

Something you can do right now is install the ShareThis hovering share bar and have it appear on all of your sharable content pages.

What I’ll be testing:

In order to get maximum shares, I’ll need make sure the sharing icons are in the most optimal positions on the page.

My tests will include:

  • the share icons being located on the left of the page (as pictured)
  • share icons on the right of the page
  • the “share bar” taking up the full width of the page below the video.

To do this, I’ll have my developer run a test using Google Website Optimizer, and track the results. (As I mentioned, the Ninja will show you how to do this yourself tomorrow). The layout with the most shares will win.

Goal #2: Increase email subscriber base

There are a few ways I plan to build my email list. Pay close attention here, because each and every one of these ideas is something you can do, too.

Email subscriber plan 1

The first tactic is persistent navigation throughout the site. This feature allows the top navigation bar on your site to remain in view as the user scrolls down the page. With persistent navigation, the fundamental action points are always in view, and available to users.

Persistent navigation seems to be where forward thinking websites are headed (Facebook, Google+, Lifehacker, WordPress). Using persistent navigation through my site allows me to create a subtle call to action that stays with the user.

On the above image, you may have noticed the word “subscribe” in the navigation bar.

Persistent navigation

I believe this will eliminate the need to create a big, obtrusive opt-in form to occupy the sidebar (but this will need to be tested, of course).

When the user hovers over the “subscribe” button, a dropdown with an opt-in form will appear:

Accessing the dropdown

In my opinion, this makes the website a little more “fun” to interact with, which leads me to believe this will increase actual engagement with the site, and, thereby, email subscriptions.

Key takeaway:
The web is evolving much faster than most people realize. Incorporating elements like persistent navigation and interactive elements gives your website more depth than text and images alone. The more you give your users to “play” with, the more likely they will want to hang around on your blog, and hear more from you.

If you’re code junkie, this tutorial will teach you how to create your own persistent navigation menu.

Or, if you’re afraid of code (like me), you could always install the Hello Bar. While it’s not as full-featured as custom navigation, it has been proven to increase clickthrough rates for many of its users, and can be very effective when you use the right messaging.

What I’ll be testing:
I’ll test the messaging within the dropdown itself: “New episodes every week + exclusive bonuses” with “Submit” or “Subscribe” as the call to action, vs. “Learn online marketing and get exclusive bonuses” with “Teach Me!” as the call to action.

Email subscriber plan 2

According to my analytics, my homepage is usually the second stop people make when visiting my site … makes sense.

Sadly, also according to my analytics, this is where my traffic goes to die. My homepage isn’t really optimized for anything.

My current homepage

Realistically, my conversion goals for this new homepage have to be two-fold:

  1. Capture users’ email addresses.
  2. Pull people deeper into the content.

To capture email addresses, I’ll be using a slightly modified approach to the ever popular Halpern Header on my homepage.

Instead of using a static image, however, there will be a welcome video that’ll introduce visitors to the site and talk about the exclusive bonuses that come from being an Inside The Mind subscriber.

Welcome video

I believe that combining the Halpern Header with video will make the email subscription call to action both unmissable and fun to interact with.

As long as I’m able to clearly communicate the benefits of being a subscriber, I think this will lift subscription conversions dramatically.

Key takeaway:

The homepage is often the second most visited page on your website. If you’re not maximizing your email efforts here, first time visitors may never return. This is why it’s important to clearly communicate the benefits of your site, and make your opt-in form highly visible, not banished to your sidebar.

The Halpern Header/feature box method has been proven as an effective way to increase email subscriptions, for some by as much as as 51.7%.

Adding a personal touch like video or an image of yourself can build trust with your potential subscriber, increasing your conversion rates even more.

What I’ll be testing:

While I have a hunch that a welcome video will work well, it’s also possible people might find it more distracting than welcoming.

For that reason I’ll be testing a welcome video vs a welcoming image. I’ll also be testing layout with the video/image orientation on the left vs. the right, the copy, and the call to action.

Homepage Subgoal: Bring visitors further down the rabbit hole

Sadly, after visiting my homepage, most people drop off the site.

To address this, I will feature a scroller of randomized content from season one of my video stream directly underneath the feature box.

The video scroller

The reason for randomization is that it’ll mean that deeper (or older) content can also get some play.

Copyblogger uses a similar approach with the “popular articles” list on their sidebar. Using randomization, a fun slider, and engaging thumbnails for the posts just takes that idea a step further.

Note: The bar will never show posts that are also displayed in the main feed below. Rather it will only show content from deeper pages. This way, I can avoid duplicate content issues—I won’t be trying to push the same article in a handful of different ways.

Below that, I’ll show a fairly standard format blog, with reverse chronological posts on one side, and an offer for my ebook on the other.

The feed of blog posts

You may notice that everything seems to get a little bigger once we get into the main feed. The reason for that is fairly simple. The top of the site will act like a built-in landing page, but once a visitor goes below the fold, the focus will be on content.

The sidebar will display only two items at any given time, and will also be a persistent part of the interface once a certain scroll threshold is reached.

At the top, I’ll include a lead generation piece/ethical bribe (more on this later). Underneath that, a randomly generated episode link will appear (again, only one that is not currently present on the page).

Key takeaway:

If your homepage isn’t working to drive people back into your content, switch things up using your analytics as a guide. Just be sure to talk about it before hand so your faithful visitors don’t think something bad happened to you!

What I’ll be testing:

Not much here actually, but I will be measuring pretty heavily what content, in what position, gets the most clicks.

As far as I know, this is nothing remotely close to a “standard” blog format, so it will be interesting to see how people respond to features like the scroller and persistent navigation.

Email subscriber plan 3

Taking another leaf out of Derek Halpern’s book, I will have email optins in three critical places:

  • the About page
  • the footer
  • at the end of the single post pages.

The redesigned footer

Normally, I would recommend placing an opt-in on the top of the sidebar. However, because I am using persistant navigation with  the Subscribe link in prime view at all times, I feel, for me, that this space is better used for lead generation.

The About page

I plan on doing something a little different by putting the link to my About (and other) pages in the footer. This is more like a news site, and less like other online marketing blogs.

Keeping that in mind, the people who come to the About page will need to do a little more digging to get there. So why don’t I try to capture an email address in the process, since we’re getting a little more personal?

This is what Derek says about the About page:

Prime people for your websiteís content and why it’s important

  1. Opt-in form
  2. Show social proof
  3. Opt-in form
  4. Show personal backstory
  5. Opt-in form

For backstory, I plan to share a bit of my background as an actor, how I was fired over a pair of pants, how that eventually lead to online marketing, and the ups and downs I’ve seen while working for myself (there have been many).

Key takeaway:

When you address your users’ search intent first, then make a personal connection by sharing more about yourself, you give visitors more than one reason to subscribe.

What I’ll be testing:

The copy is what’s going to make the difference here. While it might not be a part of my initial relaunch plan, I’d also like to test using a cinematic “trailer” video that prompts visitors to “Join the journey” by becoming an email subscriber.

The footer

There’s a very simple reason for revamping the footer to include a subscription CTA. If someone’s scrolling to the bottom of the page, you can assume one of two things:

  1. They’ve read through all of your content and are primed to want more.
  2. They just like scrolling.

Either way, the footer is a great place to capture email, because your reader has gone all the way to the bottom of the page (and there’s nothing left to do).

Currently, I have an opt-in form in my footer, and it converts pretty well.

The current footer form

What’s lacking in this footer, and on my current site as a whole, for that matter, is a page that is dedicated to explaining the benefits of becoming a subscriber.

That’s why, instead of including an opt-in form in the new site footer, I will instead include a link to a landing page called Why Subscribe?

The new footer

This again comes down to a matter of search intent. Where most of my content is going to be front-and-center in nearly aspect of the design, I can only suspect that the people who scroll to the bottom of the page are more “deep information” types.

I believe many blogs do not reward these types of people, and instead only go after those who are willing to hand over their information with little friction. However, the “deep information” types aren’t so trusting. They need to have all of the information before they give up any personal details. That’s ok with me, because they also do a good amount of homework before making purchases, and I’ve found to be the most-action oriented customers.

So instead of giving them nothing to do when they scroll to the bottom, I will give them a landing page that talks about all of the benefits of subscribing to the show. This page will include information on how frequently emails are sent, the types of bonus content they can expect, and an outline of what will be included. Doing this also gives me another page that can be linked to from internal content, which is a nice bonus!

Key takeaway:

Keep your users’ intent in mind, and create content that appeals to as many different types of readers as possible. If you don’t currently have some form of a “why subscribe” page on your site, you’re not addressing all of your readers’ concerns.

What I’ll be testing:

I’ll be interested to see the difference in conversion between the footer opt-in box and the Why Subscribe? link.

Giving users one extra click may decrease the overall conversions, however the link to the landing page is more in line with user intent on that particular section of the page.

Either way, I’ll have more data on footer and landing page subscribers, which will help me focus my follow-up messages even further.

End of single post pages
This is fairly straightforward. If someone has decided to take the time to read through the content, they’re probably a good candidate to become a subscriber. So I’ll create a subscription option at the end of every post.

The subscription form at the bottom of posts

Key takeaway:

We often clutter the end of our posts with all sorts of garbage, like related posts, share buttons, subscribe to my email list, read my bio, leave a comment, and more. Every single one of these commands is a call to action, and the more calls to action you have, the more diluted each one becomes. Find ways to incorporate all of these things—just don’t cram them all in at the end of your posts.

Using a WordPress plugin like Post Ender, you can keep your calls to action focused, and will likely see higher subscription rates from the ends of your posts.

What I’ll be testing:

Not much more than the language: “Subscribe,” for example, vs. “Keep Me Updated.” Because my content is primarily video, and it’s showcased at the top of the page, this form is one of the least of my concerns.

Email subscriber plan 4

This is it! The Dreaded Popup. I believe there’s a classy way to use popups, and an annoying way. You’re probably pretty familiar with the annoying way.

My plan with the popup, however, is to have it triggered after the viewer has been on the site for a given amount of time, or clicks within a set number of pages. That way, I’ll know they’re engaging with the site, and are more qualified than, say, a first time visitor.

Personally, I hate the pop-up, so if I’m finding that it’s not converting, even when I target mostly engaged users, I will not hesitate to yank it.

Key takeaway:

Popups can be extremely valuable, but are often seen as annoying. The longer people are on your site, the more likely they are to qualify as potential subscribers.

Although your conversion rates may go down the longer you wait to trigger the popup, your subscriber quality will increase, because they’ve already spent more time with you—they’re qualified subscribers.

What I’ll be testing:

Here, I’ll test headline copy, the optin orientation, click and time triggers, and a number of other things I exaplained in detail in this article.

Goal #3: Get more high-quality leads

Subscribers do not equal leads.

I repeat: subscribers do not equal leads. While subscribers may eventually become leads, signing up to be on your email list does not mean they have an interest in buying anything.

In order to gather more leads through the site, I intend to offer a free ebook titled Why Quality Matters, in which we’ll explore different statistics on the state of the internet, how high-quality content excels, what defines high-quality content, and so on/

The landing page to “sell” the book will follow this formula.

The book itself will follow a similar format, but remain informative throughout.

As it is ultimately a lead generation piece, the goal is to simultaneously attract the right people, and repel everyone else. Not everyone who reads the ebook will recognize themselves in it, but those who do will find a link to request a strategy session at the end of the book.

In the strategy request form, I ask questions of the reader, like how long they’ve been in business, their previous yearly income, target yearly income, and if there are any major roadblocks that prevent them from moving to the next level.

This process is designed to help a person really decide whether or not they need help. Having had my prospects step through a handful of filters also saves me a lot of trouble “pitching” my services to them. By the time we get on the strategy call, I can really focus on helping them. I do have an offer, but I’ll only make it if it seems like it’ll be a good fit.

Key takeaway:

Qualify your leads. So many bloggers and marketers assume that list subscribers = people who might be interested in buying something eventually. But every time a pitch comes around, a good chunk of people either unsubscribe or ignore you all together, causing this endless cycle of list rebuilding.

When you let people qualify themselves, and say “I need help,” they’re more likely to open your messages and take action on what you have to say.

What I’ll be testing:

I’ll test the landing page copy, without a doubt. Using Premise, I’ll be able to apply the Google Website Optimizer to test headline and copy variations. Also, I’ll be testing pure copy vs. video, to find out which will be the most effective “pitch” on the landing page. Even though the investment for users is “free”, I’ll still want to put my best foot forward, due to the subject matter and the eventual lead into the sale.

Note: This is not the only way I will be generating leads. Far from it actually. I’ll also use several paid and organic strategies to better target those exposed to my content.

I mention this because popular content marketing wisdom does not advocate paid advertising, but the truth is, there is no faster or more precise way to target the right people for your content.

Test, get feedback, iterate

The designs and tests above were all conceived to address gaps in my data. I cannot stress to you enough the importance of knowing what your analytics are telling you, and testing to make improvements.

One thing I’ve learned  is that intuition doesn’t convert well. Yet data only tells you so much. That’s why I’ll offer an incentive to my list to get real people to “test drive” the site. Their feedback will be vital in making the necessary tweaks before I push the site live and test it with a larger audience. And even when it’s fully live, there will always be testing taking place.

The name of the game is to always be improving, and iterating on what you’ve learned from previous tests. Only let your data and user feedback drive your design. The next post in this series will show you how to set up, run, and adjust your own A/B tests.

I’m sure that by now, this series has probably encouraged you to look at your offer, conversion funnel, and offer communications more critically. You’ve probably come up with a few ideas you’d like to try. Share them with us in the comments below!

Tommy Walker is an Online Marketing Strategist and host of “Inside the Mind” a fresh and entertaining video show about Online Marketing Strategy.

Secure Your WordPress Blog Without Touching Any Code

This guest post is by Karol K of ThemeFuse.

Right now WordPress powers 48 of the top 100 blogs online. More than that, WordPress actually powers 19% of the web as a whole.

Essentially, this is great. Such a strong community of users and developers means that the platform is sure to evolve even further and provide us with lots of cool features that are yet to be developed.

Unfortunately, this creates some dangers as well… Whenever there’s a big number of people trying to make something happen, there’s another group of people trying to take it all down.

The cases where a blog owner loses complete access to their site are not uncommon. Actually, sometimes even whole domains get hijacked, and I honestly have no idea on how that’s done.

But we don’t have to know how hijacking a domain or stealing a blog works to be able to implement some basic security precautions. And that is exactly what this post is about—making your blog secure without playing with source code, understanding things, and stuff.

Typical WordPress security problems

WordPress as a whole (a website management platform) is very well designed. It doesn’t have any preposterous security issues that beginning programmers could exploit. The problems, however, arise when you try to tweak your installation of WordPress by adding new plugins or themes, implementing hacks, or doing anything else that interferes with WordPress.

Of course, this doesn’t mean that you should settle for the default installation, not use any plugins, and only blog using the default theme. What it means is that you simply need to be careful when installing new stuff on your blog, as well as when setting up your blog for the first time.

Let’s start by discussing some of the common security problems you’ll need to handle.

The basics

Excuse me for being obvious, but you really need to start with proper usernames and passwords for your user accounts. Everyone realizes the importance of this, but not as many people implement the best practices.

You must use complex passwords—letters, numbers, special characters, spaces—and usernames that are not obvious. A password of “admin,” for example, is extra-obvious.

For more information on account security, see my recent guest post here on ProBlogger, which explained user accounts and roles, and how to set them up properly.

The name of the next problem in line: shady, untested plugins. WordPress plugins have a fair amount of power over how your WordPress installation works. If a plugin contains some buggy code, it can crash your blog completely. The same goes for code that’s not secure. Finally, if one of your plugins doesn’t implement any security features, it can become the point of entry for malicious bots or direct attacks by hackers.

Remember, the weakest link is where the chain breaks. You only need one low-quality plugin to get into trouble.

The advice I have here is: don’t use any plugin that hasn’t been updated in a while, or hasn’t been officially tested with the newest version of WordPress. Being up to date is always the best precaution. Also, plugins that are more popular are usually more secure as well.

There’s one more big issue we have to in terms of shady code, and that’s WordPress themes. I will say this again—and I’m not sorry for it—free themes are evil.

Well okay, not all of them. There are two kinds of free themes: (1) the good ones, released by quality theme stores as a way of attracting new customers by spreading one or two great free themes, (2) the evil ones made primarily to look great, attract many users, and use the space in the footer for SEO purposes.

These SEO-focused themes often use some strange, encrypted PHP code that can’t be removed, otherwise the theme stops working. This code usually displays search-optimized links (sometimes in an invisible font).

You never, let me repeat, never want to have encrypted code on your site. Even when you get the theme for free in exchange for hosting this encrypted section, it’s not worth it.

If you’re planning to use your WordPress site as the base of your online business then buying a quality theme is a must. If you have a bigger budget, you could even hire a developer to build your theme on top of some popular theme framework.

Since we’ve now covered the basics—user accounts, plugins, and themes—let’s look into some of the things that you can do to actively make your blog more secure.

Steps to better security

First, let’s talk through some of the best practices in terms of security. Then, let me show you some cool security plugins.

Hosting security

Yes, it all starts here. The story is similar to the one about WordPress themes: if you want to have a secure environment, you simply need to invest money. Don’t use free hosting.

Make sure that your web host implements basic security features and that it has good reviews among users (search on forums; Google is likely to display only affiliate reviews, which aren’t always credible).

Secure your own machine first

This is not something that comes to mind immediately when we’re talking WordPress security, is it? But what’s the point of securing your WordPress installation on the host if you have a malicious key-logger installed on your computer that will pick up your password and send it to the attacker?

You always need to start by securing the machine you’re using to connect with your WordPress blog. There are many good antivirus apps available, so I won’t discuss this any further. Just keep in mind that this issue is equally as important as anything else described in this post.

Update, update, update

Update WordPress. Update your plugins. Update your theme. Try to install these updates immediately after the alert apepars in your Dashboard.

Here’s why. Fixes to new bugs and security holes are always a big part of every update. The minute an update gets released, all the changes are announced in the official doc that goes along with the update.

If a hacker wants to attack a site that hasn’t been updated yet, they just have to take a look at the document, do a little research and tackle the holes that the new version fixes.

For example, here’s an excerpt from the information on the newest version of WordPress:

“WordPress 3.3.2 also addresses: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.”

Essentially, such information is a guide for hackers on how to attack outdated sites. So be sure to update everything, without delay.

Back up regularly

No one likes to get hacked, but we can’t assume that it won’t ever happen. You always should have an up-to-date backup of your WordPress site, just in case something goes wrong and you have to restore your blog.

You can do backups manually, or you can sign up to a paid service or simply get a plugin to do this for you (more on this later).

Delete plugins you don’t use

There’s no point in occupying your server’s resources with stuff you don’t use. The same advice applies to themes. Leave just the theme your blog uses, and delete the rest (you can leave the default theme, just in case).

Handy plugins to improve your blog’s security

Everybody loves them some cool plugins, right?! So here’s a list of the ones I recommend you use to make your blog more secure:

  • AntiVirus: This plugin protects your blog against exploits, malware, and spam injections. It scans your theme’s files and notifies you if anything suspicious is going on.
  • Online Backup for WordPress: This app is the one I use for my backups. You can use a schedule or perform backups by hand, and have them sent to your email address or made downloadable. The plugin backs up the database as well as the file system.
  • Secure WordPress: This is where you stop scanning and start acting! This plugin performs a number of security tweaks to your blog. There’s no point in listing them here, so I invite you to check for yourself. Also, you can choose which ones you want to enable and which you don’t need.
  • BulletProof Security: The list of things this plugin does is quite impressive. It’s a really serious piece of software. Just to name a few features: protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts, one-click htaccess protection, wp-config.php protection, and loads of other tweaks. It’s really worth looking into.
  • Hide Login: This plugin has a very simple idea behind it. You can use it to hide your login page. In other words, it creates a custom login URL. It also lets you create a custom admin URL (instead of domain.com/wp-admin), and a custom logout URL.

Other considerations

Content security

Your content is the most valuable asset on your blog. You naturally don’t want it to get stolen by some evil content scrapers and SEO marketers who just want to launch thousands of sites with content from various RSS feeds.

Unfortunately, you can’t protect against this completely. There’s always a danger that someone can steal your content and republish it without attribution. But you can make it just a little harder, or at least let everyone know that your content is protected.

Try checking Copyscape. It’s a service that searches for copies of your content around the internet. If it finds some, you get an alert and some instructions on how to get it taken down. Copyscape offers a couple of different services, so it’s good to pay them a visit and choose one that suits you best.

The just-in-case approach

No matter what you do to protect your blog, something bad is always possible. That’s why you need to have a strategy set in place for the time when something goes wrong, and you need to act fast.

I invite you to check out two of my own: how to restore your blog after a crash, and what to do when you lose access to your blog. And I truly hope that you’ll never have to use either of these guides.

How secure is your blog?

There you have it. I think that’s it when it comes to securing your WordPress site without going into code and implementing various tweaks manually. There’s always a never-ending stream of things you can do, but if you take care of just the ones described here you’ll have a pretty secure blog, and you’ll be ready in case something bad happens.

How diligent are you when it comes to your blog’s security? And what security tweaks would you add to this list?

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Currently, he’s working on a new e-book titled “WordPress Startup Guide – little known things worth doing when creating a WordPress site.” The e-book launches soon, and now the best part … it’s free. Also, don’t forget to visit ThemeFuse to get your hands on some premium WordPress themes.