Connect with us

SEO

Top 15 Ways To Secure A WordPress Site

Published

on

Top 15 Ways To Secure A WordPress Site

Thankfully, there are plenty of steps you can take to protect your WordPress website.

Start With These Easy Security Basics

When setting up your WordPress site security, there are some basic things you can do to beef up your protection.

Here are some of the first things you should implement to help protect your website.

1. Implement SSL Certificates

Secure Sockets Layer (SSL) certificates are an industry standard used by millions of websites to protect their online transactions with their customers.

Obtaining one should be one of the first steps you take to secure your website.

You can buy an SSL certificate, but most hosting providers offer them for free.

Next, use a plugin to force HTTPS redirection, which activates the encrypted connection.

Advertisement

This standard technology establishes an encrypted connection between a web server (host) and a web browser (client).

By adding this encrypted connection, you can ensure that all data passed between the two remains private and intrinsic.

2. Require & Use Strong Passwords

Along with obtaining an SSL certificate, one of the very first things you can do to protect your site is to use and require strong passwords for all your logins.

It might be tempting to use or reuse a familiar or easy-to-remember password, but doing so puts you, your users, and your website at risk.

Improving your password strength and security decreases your chances of being hacked.

The stronger your password, the less likely you are to be a victim of a cyberattack.

When creating a password, there are some general password best practices you should follow.

If you aren’t sure that you’re using a strong enough password, check the strength by using a free tool like this helpful Password Strength Checker.

Advertisement

3. Install A Security Plugin

WordPress plugins are a great way to quickly add useful features to your website, and there are several great security plugins available.

Installing a security plugin can add some extra layers of protection to your website without requiring much effort.

To get you started, check out this list of recommended WordPress security plugins.

  • Wordfence Security – Firewall & Malware Scan
  • All In One WP Security & Firewall
  • iThemes Security
  • Jetpack – WP Security, Backup, Speed, & Growth

4. Keep WordPress Core Files Updated

Keeping your WordPress up to date at all times is critical to maintaining the security and stability of your site.

Every time a WordPress security vulnerability is reported, the core team starts working to release an update that fixes the issue.

If you aren’t updating your WordPress website, then you are likely using a version of WordPress that has known vulnerabilities.

As of 2021, there are an estimated 1.3 billion total websites on the web with more than 455 million of those sites using WordPress.

Because it is so popular, WordPress is a prime target for hackers, malicious code distributors, and data thieves.

Don’t leave yourself open to attack by using an old version of WordPress. Turn on auto-updates and forget about it.

Advertisement

If you would like an even easier way to handle updates, consider a Managed WordPress Hosting solution that has auto-updates built in.

5. Pay Attention To Themes & Plugins

Keeping WordPress updated ensures your core files are in check, but there are other areas where WordPress is vulnerable that core updates might not protect – such as your themes and plugins.

For starters, only install plugins and themes from trusted developers.

If a plugin or theme wasn’t developed by a credible source, you are probably safer not using it.

On top of that, make sure you update your WordPress plugins and themes.

Just like an outdated version of WordPress, using outdated plugins and themes makes your website more vulnerable to attack.

6. Run Frequent Backups

One way to protect your WordPress website is to always have a current backup of your site and important files.

The last thing you want is for something to happen to your site and you do not have a backup.

Advertisement

Backup your site, and do so often.

That way if something does happen to your website, you can quickly restore a previous version of it and get back up and running faster.

Intermediate Security Measures To Add More Protection

If you’ve completed all the basics but you still want to do more to protect your website, there are some more advanced steps you can take to bolster your security.

7. Never Use The “Admin” Username

Because “admin” is such a common username, it is easily guessed and makes it much easier for scammers to trick people into giving away their login credentials.

Never use the “admin” username.

Doing so makes you susceptible to brute force attacks and social engineering scams.

Much like having a strong password, using a unique username for your logins is a good idea because it makes it much harder for hackers to crack your login info.

If you are currently using the “admin” username, change your WordPress admin username.

Advertisement

8. Hide Your WP-Admin Login Page

By default, a majority of WordPress login pages can be accessed by adding “/wp-admin” or “/wp-login.php” to the end of a URL.

This makes it easy for hackers to start trying to break into your website.

Once a hacker or scammer has identified your login page, they can then attempt to guess your username and password in order to access your Admin Dashboard.

Hiding your WordPress login page is a good way to make you a less easy target.

Protect your login credentials by hiding the WordPress admin login page with a plugin like WPS Hide Login.

9. Disable XML-RPC

WordPress uses an implementation of the XML-RPC protocol to extend functionality to software clients.

This Remote Procedure Calling protocol allows commands to be run, with data returned formatted in XML.

Most users don’t need WordPress XML-RPC functionality, and it’s one of the most common vulnerabilities that opens users up for exploits.

Advertisement

That’s why it’s a good idea to disable it.

Thanks to the Wordfence Security plugin, it is really easy to do just that.

10. Harden wp-config.php File

Your WordPress wp-config.php file contains very sensitive information about your WordPress installation, including your WordPress security keys and the WordPress database connection details, which is exactly why you don’t want it to be easy to access.

You can “harden” your website by protecting your wp-config.php file via your .htaccess file.

This basically means you are giving your site some extra armor against hackers.

11. Run A Security Scanning Tool

Sometimes your WordPress website might have a vulnerability that you had no idea existed.

It’s wise to use tools that can find vulnerabilities and fix them for you.

The WPScan plugin scans for known vulnerabilities in WordPress core files, plugins, and themes.

Advertisement

The plugin also notifies you by email when new security vulnerabilities are found.

Strengthen Your Server-Side Security

By now, you have taken all the above measures to protect your website.

However, you may still want to know if there is more you can do to make it as secure as possible.

The remaining actions you can take to beef up your security will need to be done on the server-side of your website.

12. Look For A Hosting Company That Does This

When looking for a hosting company, you want to find one that is fast, reliable, secure, and will support you with great customer service.

That means they should have good, powerful resources, maintain an uptime of at least 99.5%, and use server-level security tactics.

If a host can’t check those basic boxes, they are not worth your time or money.

One of the best things you can do to protect your site from the very get-go is to choose the right hosting company to host your WordPress website.

Advertisement

13. Use The Latest PHP Version

Like old versions of WordPress, outdated versions of PHP are no longer safe to use.

If you aren’t on the latest version of PHP, upgrade your PHP version to protect yourself from attack.

14. Host On A Fully-Isolated Server

Private cloud servers have a lot of advantages.

One of those advantages is that it ups your security.

All cloud environments require a strong combination of antivirus and firewall protection, but a private cloud runs on specific physical machines, making its physical security easier to ensure.

On top of security, a fully-isolated server has other perks such as very high uptime and easy integration of managed hosting.

Looking for the perfect cloud environment for your WordPress website?

Look no further.

Advertisement

With InMotion Hosting’s Managed WordPress Hosting you get server-to-server migrations, safer upgrading, on-the-fly security patching, and industry-leading speed all rolled into one.

15. Use A Web Application Firewall

One of the final things you can do to add extra security measures to your WordPress website is to use a web application firewall (WAF).

A WAF is usually a cloud-based security system that offers another layer of protection around your site.

Think of it as a gateway for your site.

It blocks all hacking attempts and filters out other malicious types of traffic, like distributed denial-of-service (DDoS) attacks or spammers.

WAFs usually require monthly subscription fees, but adding one is worth the cost if you place a premium on your WordPress website security.

Make Sure Your Website & Business Is Safe & Secure

If your website is not secure, you could be leaving yourself open to a world of hurt.

Thankfully, securing a WordPress site doesn’t require too much technical knowledge as long as you have the right tools and hosting plan to fit your needs.

Advertisement

Instead of waiting to respond to threats once they happen, you should proactively secure your website to prevent security issues.

That way, if someone does target your website, you are prepared to mitigate the risk and go about your business as usual instead of scrambling to locate a recent backup.

Get WordPress Hosting that is secure and fully isolated with free SSL, dedicated IP address, free backups, automatic WordPress updates, DDoS protection, and WAF included.

Learn more about how Managed WordPress Hosting can help protect your website and valuable data from exposure to hackers and scammers.

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window,document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);

if( typeof sopp !== “undefined” && sopp === ‘yes’ ){
fbq(‘dataProcessingOptions’, [‘LDU’], 1, 1000);
}else{
fbq(‘dataProcessingOptions’, []);
}

fbq(‘init’, ‘1321385257908563’);

fbq(‘init’, ‘164237177383067’); // custom pixel

Advertisement

fbq(‘track’, ‘PageView’);

fbq(‘trackSingle’, ‘1321385257908563’, ‘ViewContent’, {
content_name: ‘secure-wordpress-site-inmotion-spcs’,
content_category: ‘digital sponsored-post web-development wp’
});

Source link

SEO

How We Used a Video Course to Promote Ahrefs (And Got 500K+ Views)

Published

on

How We Used a Video Course to Promote Ahrefs (And Got 500K+ Views)

Creating and selling educational courses can be a lucrative business. But if you already have a product to sell, you can actually use courses as a marketing tool.

Back in 2017, about two years after joining Ahrefs, I decided to create a course on content marketing.

I had a very clear understanding of how an educational course would help me promote Ahrefs.

  • People like courses – Folks like Brian Dean and Glen Allsopp were selling theirs for $500 to $2,000 a pop (and rather successfully). So a free course of comparable quality was sure to get attention.
  • Courses allow for a deeper connection – You would basically be spending a few hours one on one with your students. And if you managed to win their trust, you’d get an opportunity to promote your product to them.

That was my raw thought process going into this venture.

And I absolutely didn’t expect that the lifespan of my course would be as interesting and nuanced as it turned out to be.

The lessons of my course have generated over 500K+ in total views, brought in mid-five-figures in revenue (without even trying), and turned out to be a very helpful resource for our various marketing purposes.

So here goes the story of my “Blogging for Business” course.

1. The creation

I won’t give you any tips on how to create a successful course (well, maybe just one). There are plenty of resources (courses?) on that topic already.

Advertisement

All I want to say is that my own experience was quite grueling.

The 10 lessons of my course span some 40K words. I have never attempted the feat of writing a book, but I imagine creating such a lengthy course is as close as it gets.

Scripts of the course in Google Docs.

I spent a tremendous amount of time polishing each lesson. The course was going to be free, so it was critical that my content was riveting. If not, people would just bounce from it.

Paid courses are quite different in that sense. You pay money to watch them. So even if the content is boring at times, you’ll persevere anyway to ensure a return on your investment.

When I showed the draft version of the course to my friend, Ali Mese, he gave me a simple yet invaluable tip: “Break your lessons into smaller ones. Make each just three to four minutes long.”

How did I not think of this myself? 

Short, “snackable” lessons provide a better sense of completion and progress. You’re also more likely to finish a short lesson without getting distracted by something. 

I’m pretty sure that it is because of this simple tip that my course landed this Netflix comparison (i.e., best compliment ever):

2. The strategy

With the prices of similar courses ranging from $500 to $2,000, it was really tempting to make some profit with ours.

I think we had around 15,000 paying customers at Ahrefs at that time (and many more on the free plan). So if just 1% of them bought that course for $1K, that would be an easy $150K to pocket. And then we could keep upselling it to our future customers.

Alternatively, we thought about giving access to the course to our paying customers only. 

This might have boosted our sales, since the course was a cool addition to the Ahrefs subscription. 

And it could also improve user retention. The course was a great training resource for new employees, which our customers would lose access to if they canceled their Ahrefs subscription.

And yet, releasing it for free as a lead acquisition and lead nurturing play seemed to make a lot more sense than the other two options. So we stuck to that.

3. The waitlist

Teasing something to people before you let them get it seems like one of the fundamental rules of marketing.

  • Apple announces new products way before they’re available in stores. 
  • Movie studios publish trailers of upcoming movies months (sometimes years) before they hit the theaters. 
  • When you have a surprise for your significant other (or your kids), you can’t help but give them some hints before the reveal.

There’s something about “the wait” and the anticipation that we humans just love to experience.

So while I was toiling away and putting lessons of my course together, we launched a landing page to announce it and collect people’s emails.

Advertisement
The landing page of the course.

In case someone hesitated to leave their email, we had two cool bonuses to nudge them:

  1. Access to the private Slack community
  2. Free two-week trial of Ahrefs

The latter appealed to freebie lovers so much that it soon “leaked” to Reddit and BlackHatWorld. In hindsight, this leak was actually a nice (unplanned) promo for the course.

4. The promotion

I don’t remember our exact promotion strategy. But I’m pretty sure it went something like this:

I also added a little “sharing loop” to the welcome email. I asked people to tell their friends about the course, justifying it with the fact that taking the course with others was more fun than doing it alone.

Welcome email with a "sharing loop."

I have no idea how effective that “growth hack” was, but there was no reason not to encourage sharing.

In total, we managed to get some 16,000 people on our waitlist by the day of the course launch.

5. The launch

On a set date, the following email went out to our waitlist:

Course launch email.

Did you notice the “note” saying that the videos were only available for free for 30 days? We did that to nudge people to watch them as soon as possible and not save them to the “Watch later” folder.

In retrospect, I wish we had used this angle from the very beginning: “FREE for 30 days. Then $799.”

This would’ve killed two birds with one stone: 

  1. Added an urgency to complete the course as soon as possible
  2. Made the course more desirable by assigning a specific (and rather high) monetary value to it

(If only we could be as smart about predicting the future as we are about reflecting on the past.) 

Once it was live, the course started to promote itself. I was seeing many super flattering tweets:

We then took the most prominent of those tweets and featured them on the course landing page for some social proof. (They’re still there, by the way.)

6. The paywall

Once the 30 days of free access ran out, we added a $799 paywall. And it didn’t take long for the first sale to arrive:

This early luck didn’t push us to focus on selling this course, though. We didn’t invest any effort into promoting it. It was just sitting passively in our Academy with a $799 price tag, and that was it.

And yet, despite the lack of promotion, that course was generating 8-10 sales every month—which were mostly coming from word of mouth.

A comment in TrafficThinkTank.
Eric Siu giving a shout-out about my course in TTT Slack.

Thanks to its hefty price, my course soon appeared on some popular websites with pirated courses. And we were actually glad that it did. Because that meant more people would learn about our content and product.

Then some people who were “late to the party” started asking me if I was ever going to reopen the course for free again. This actually seemed like a perfectly reasonable strategy at the time:

7. The giveaways

That $799 price tag also turned my free course into a pretty useful marketing tool. It was a perfect gift for all sorts of giveaways on Twitter, on podcasts, during live talks, and so on.

Giving away the course during a live talk.
Me giving away the course during a live talk.

And whenever we partnered with someone, they were super happy to get a few licenses of the course, which they could give out to their audience.

8. The relaunch

Despite my original plan to update and relaunch this course once a year, I got buried under other work and didn’t manage to find time for it.

And then the pandemic hit. 

That’s when we noticed a cool trend. Many companies were providing free access to their premium educational materials. This was done to support the “stay at home” narrative and help people learn new skills.

I think it was SQ who suggested that we should jump on that train with my “Blogging for Business” course. And so we did:

We couldn’t have hoped for a better timing for that relaunch. The buzz was absolutely insane. The announcement tweet alone has generated a staggering 278K+ impressions (not without some paid boosts, of course).

The statistics of the course announcement tweet.

We also went ahead and reposted that course on ProductHunt once again (because why not?).

All in all, that relaunch turned out to be even more successful than the original launch itself. 

In the course of their lifespan on Wistia, the 40 video lessons of my course generated a total of 372K plays.

Advertisement
Play count from Wistia.

And this isn’t even the end of it.

9. The launch on YouTube

Because the course was now free, it no longer made sense to host it at Wistia. So we uploaded all lessons to YouTube and made them public.

To date, the 41 videos of my course have generated about 187K views on YouTube.

"Blogging for Business" course playlist.

It’s fair to mention that we had around 200,000 subscribers on our channel at the time of publishing my course there. A brand-new channel with no existing subscribers will likely generate fewer views.

10. The relaunch on YouTube [coming soon]

Here’s an interesting observation that both Sam and I made at around the same time. 

Many people were publishing their courses on YouTube as a single video spanning a few hours rather than cutting them into individual lessons like we did. And those long videos were generating millions of views!

Like these two, ranking at the top for “learn Python course,” which have 33M and 27M views, respectively:

"Learn python course" search on YouTube.

So we decided to run a test with Sam’s “SEO for Beginners” course. It was originally published on YouTube as 14 standalone video lessons and generated a total of 140K views.

Well, the “single video” version of that same course has blown it out of the water with over 1M views as of today.

I’m sure you can already tell where I’m going with this.

We’re soon going to republish my “Blogging for Business” course on YouTube as a single video. And hopefully, it will perform just as well.

Advertisement

The end

So that’s the story of my “Blogging for Business” course. From the very beginning, it was planned as a promotional tool for Ahrefs. And judging by its performance, I guess it fulfilled its purpose rather successfully.

A screenshot of a Slack message.

Don’t get me wrong, though. 

The fact that my course was conceived as a promotional tool doesn’t mean that I didn’t pour my heart and soul into it. It was a perfectly genuine and honest attempt to create a super useful educational resource for content marketing newbies.

And I’m still hoping to work on the 2.0 version of it someday. In the past four years, I have accrued quite a bit more content marketing knowledge that I’m keen to share with everyone. So follow me on Twitter, and stay tuned.



Source link

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish