How Can They Hack You? Let Me Count The Ways

flatlay blue desktop

Website Security Is Fluid

It’s definitely not just installing a plugin and then forgetting about it. It’s a constant battle to outwit those who would like to gain access to vulnerable information. There are different areas of your site that can be vulnerable if not secured.

Today, we’re going talk about those different areas and why and how you need to keep them locked uptight.

Insecure Webhosting –

WordPress sites are hosted on a web server. Some hosts do no properly secure their hosting platforms. This makes all websites hosted on their server vulnerable to hacking attempts.

Using those bargain web hosting companies who don’t have the assets to protect your property can really hurt you in the long run!

screenshot of hostgator web hosting pricing

Using Weak Passwords

You have different passwords for different parts of your site and all of them need to be kept secure. Below is a list of passwords that need to be checked and possibly changed.

  • Your WordPress Admin
  • Web Hosting Control Panel
  • FTP Accounts
  • MySQL Database used for your site.
  • Email Accounts are used for WordPress admin or hosting accounts.

WordPress login page

 

Unprotected Access To WordPress Admin (WP-ADMIN DIRECTORY)

This gives a user access to perform different actions on your site. It is the most commonly attached area of a WP site.

12 tips to secure your wp-admin section

Incorrect File Permissions

Are a set of rules used by your web server. These rules s help your server control access to files on your site. Incorrect rules can give a hacker access to write and change those rules. Here’s a great article on WP BEGINNER on how to change these!

changing your file permissions in WordPress

Not Updating WordPress

Each new version fixes bugs and security vulnerabilities. If you don’t update you leave those vulnerabilities.

screenshot of a wordpress update screen

Not Updating Plugins & Themes

Same as updating WordPress. Not updating plugins and themes is dangerous can leave your site weak.

screenshot of a wp plugin update page

Using Plain FTP Instead Of SFTP/SSH

You should always choose SFTP access instead of FTP it is much more secure.

The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn’t. With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted.

Using “Admin” As A WordPress Username

Never use “ADMIN” you should always use something unique. Enough said!

Nulled Themes & Plugins

Never use plugins and themes from unreliable sources. Malicious code can be put into either that can give a hacker access.

HERE’S WHY:

  • You Don’t Know What Else Is in the Code
  • Developers Need Money To Continue Improving Their Products
  • You Won’t Get Any Support From The Developer
  • You Won’t Get Any Automatic Updates

Not Securing WordPress Configuration WP_Config .PHP File

Wp_config contains your database login credentials. To keep that from happening add this piece of code.

The WordPress wp-config. php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall in the wrong hands, so WordPress wp-config. Here is a great article on how to secure these important files.

Not Changing WP Table Prefix

Change the wp_ prefix. Here’s a link that will take you to a blog post that will explain how to do this if interested.

The most important part of my job is to make sure your website stays safe, secure and user friendly and I take that very personally. If you’d like to have one person to go to with all of your website issues then let’s talk! Schedule a free consultation today!

LET’S TALK!

 

40Shares

Why Your Bargain Web Hosting Could Cost You More Than You Think

“We’ve all heard the old saying,

Time is money“,

well, it’s true and if you have “bargain” web hosting it could be costing you a fortune!

 

I’m sure you’ve seen those ads on Facebook, while you’re shopping, even when you’re trying to relax with a mindless game. $2.95 hosting! Save money!

Yes, it’s true you can get hosting from some companies for “VERY LOW PRICES“, but there’s another saying that I’m reminded of.

You get what you pay for”. Cheap isn’t always good especially when it comes to running your business or blog. 

 

First, it’s NEVER just $2.95 a month.

 

 Here is what you’re paying for an SSL Certificate if you have GoDaddy!

Can you say, “Ouch!”

An SSL is a necessary investment and if you can get it for free? Hello?!?

You’re Probably Asking, “Who Cares!”

 

This is one of the most important decisions that you will make for your business. Web Hosting is the necessary foundation and just like with everything else some foundations are stronger than others.

A 1-second delay in page load time can lead to:

  • a 7% loss in conversions
  • 11% fewer pageviews
  • 16% decrease in customer satisfaction.

 

graphic showing losses in dollars amount

When deciding on web hosting you need to take 3 main factors into account.

 

  • SPEED

  • SECURITY

  • SUPPORT

SPEED

As I said above even a fraction of a second adds up to $$ and as a small business owner, we need to get as much bang for our bucks as possible.

 

Like my husband always says, “the proof is in the pudding”.

Below are 6 of my web hosting clients who have agreed to let me share these stats with you.

As you can also see, every single one of them passed the tests with flying colors and it’s because of the foundation that the sites are hosted on.

HOW DO THEY DO THAT?


 

  • PROVIDING A CDN
  • UTILIZES FLYCACHE
  • INSTANT REFRESH

SAFETY

EVERY PLAN COMES WITH A FREE SSL CERTIFICATE

 

Every plan comes with a FREE SSL which was mentioned above (definitely worth mentioning again).
 

EACH PLAN COMES WITH MALWARE PROTECTION & MALWARE REMOVAL IF NEEDED!

SUPPORT

 

Last but certainly not last in this list of pros!

TRUE LIVE 24/7 SUPPORT

 

THEY DON’T “WALK YOU THROUGH” DIFFICULT SITUATIONS.

 

YOU ASK, THEY PERFORM…
THAT’S REALLY IT!

 

  • AUTOHEALING TECHNOLOGY

  • DAILY BACKUPS

  • ONE BUTTON RESTORE

 

 

We offer three plan sizes

We Have Just What You Need...

Website Maintenance

Website Maintenance is like an insurance policy for your business. Keeping your site maintained is an important responsibility. We take care of it so you don't have to.

What it includes:

  • Website backups w/ offsite storage
  • WordPress Update 2 x
  • Theme updates 2 x
  • Plugin updates 2 x
  • Database Optimization  2x
  • Malware Scan 2 x
  • Speed test 1 x
  • Site Performance Report 1x
  • "Eyes On" site checks
  • Discounted hourly rate
  • MailChimp support
  • Google Analytics support
  • 25% Discount on any services.
$199.99 Annually




Premium Website Management

With Premium Website Management you get the best of both worlds plus even more. This is for the girl who has everything and no time for anything.

 What it includes:

  • Premium hosting
  • CDN
  • Server-side daily backups
  • Offsite backups 2x monthly
  • WordPress core updates
  • Free SSL certificates
  • Uptime monitoring
  • One-button emergency restore
  • Malware protection
  • Staging site for development
  • Theme & plugin updates 2 x
  • Spam removal 2 x
  • Database optimization 2 x
  • "Eyes-On" site check 2 x
  • Speed check 1 x
  • Access to Genesis Framework
  • Access to StudioPress themes
  • Website performance Report 1 x
  • Integration Monitoring (MailChimp, Paypal, or Google Analytics.
  • Unlimited Tech Support

Save By Paying Annually. Get two months FREE!




Website Hosting

By partnering with Flywheel we offer a feature-rich plan that will keep your website secure & running its best. Unlike other hosts, you don't pay extra for the necessities needed to run an online business.

What it includes:

  • Onsite daily backups
  • Free SSL Certificate
  • CDN
  • Uptime Monitoring
  • One Button emergency restore
  • Malware Protection/removal
  • Staging Site For Development

 


 

Save By Paying Annually



BACK TO SCHOOL SALE TEXT

14Shares

It’s Coming, Are You Ready For Google Web Core Vitals?

flat lay desktop

Google is making a major update to the way they rank websites.

 

It’s a new set of website performance metrics that will affect your SEO rankings

 

I’m sure you’ve seen that term floating around the internet. If it’s new to you, you may in for a big shock come May of this year when your rankings tank and your SEO plan go down the tubes!

 

You do have an SEO plan, don’t you?. If you don’t have a successful SEO plan in place I suggest subscribing and you will receive your very own SEO Strategy Planner for FREE!

 

Google uses 3 tests (Web Vitals)

  • Largest Content Paint (LCP)
  • First Input Delay (FID)
  • Cumulative Layout Shift (CLS)

LCP

This metric measures how quickly the main content becomes visible to the user.

This can be an image, article, or description, etc.

EX: You may have a fast load speed, but the larger content takes longer.

 

SPEED TESTS TOOLS WILL GIVE YOU A HIGH SCHOOL BUT PROVIDING A POOR USER EXPERIENCE MAY BE WORSE.

These tests are meant to give you a clearer picture of your website’s performance.

 

FID

Measures the time it takes a user’s browser to actually be able to begin processing event handlers in response to a user’s interaction. 

Are you sensing a theme here?

This can be as contact form, comment, share button, opt-ins, etc.. How long does it take when they are able to click that link?

CLS

Measures the time it takes for a website to become visibly stable.

As a website loads, some elements take more time to load than others.

During this time, your website’s content may keep moving on the screen.

EX: A reader is reading a paragraph on a mobile phone and a video embedded loads above it, this makes the entire content move down.

Frustrating if a user is trying to accomplish an action such as adding a product to a cart.

These metrics should be

  • LCP     2.5 seconds
  • FID      <100 milliseconds
  • CLS     <.01

 

  • You can also access your Core Vitals report in your Google console. This allows you to see how many URLs need improvement, passed, or have a poor score.
  • You can also obtain this by using your Chrome browser by right-clicking on the page and choose Inspect Element, look at the top and you’ll see LIGHTHOUSE by clicking on the arrows where it says ELEMENT, CONSOLE SOURCE>> hit those arrows to see it. MUST BE IN THE INCOGNITO MODE FOR THIS TO WORK (in your Chrome Browser click those three dots and the very top right-hand side and click NEW INCOGNITO WINDOW.

Google has already announced that search algorithms update will include page experience as one of its ranking factors  5/21

HOW TO IMPROVE YOUR WEB CORE VITALS

  1. OPTIMIZE YOUR WEB HOSTING – Having good web hosting is becoming a necessity these days and the core web vitals are no different. This is an important part of your score. Bargain hosting is no longer adequate when you worried about rankings. Premium hosting can be a lifesaver. By providing security, SSLs and a CDN is the way that websites are being hosted these days. I HAVE THE ANSWER FOR THIS
  2. IMPROVE LCP SCORE – Optimize your images! Make sure that you are using a caching plugin if possible that includes image optimization. You can also use tools like Imagify, Smush, etc. (I recommend WP Rocket (make sure it’s compatible with your theme). Also, I find a lot that clients are using several of these thinking perhaps the more the better when in fact the opposite is true. I prefer to use caching in my premium web hosting instead of adding a weighty plugin. An example of LCP would be the featured image in a blog post. If it exceptionally large that could cause problems.
  3. IMPROVE FID –  Again a caching plugin will help with this. Changing the way you load your Javascript and CSS can also be a big help. Always, minify your CSS.
  4. IMPROVE CLS – Fix layout shifts. Make sure all of your images have size attributes. Right-click on inspect tool to check these. Cache plugin.
  5. ELIMINATE RENDER BLOCKING ELEMENTS (Elements that are slower to load). These are usually: Javascript & CSS that is added by plugins like Google Analytics, Facebook Pixel, etc.
  6. PROPERLY SIZE IMAGES IN WP – Wrong size images can cause issues on mobile devices.
  7. USE A CDN – I HAVE THE ANSWER FOR THIS. A CDN allows you to serve static content on your website from multiple servers around the globe which drastically decreases load times.
  8. IMAGES – When you upload an image to your WordPress media library three copies are automatically created. These sizes are THUMBNAILS, MEDIUM, LARGE. You can set these under SETTINGS>>MEDIA. If you put a “0” in that box it will skip that size if you aren’t using them. Also, if you’d like your thumbnails to be rectangular you could change the thumbnail size to something like WIDTH: 450px  HEIGHT: 200px. such as for food blogs.Larger images provide a clearer image but take up more storage space. Check the “Organize my uploads by month and year.

NEED MORE HELP WITH RENDER BLOCKING TEXT?

As I said, this is inserted by your plugins. If you’re using

  • WP Rocket uses the FILE OPTIMIZATION TAB.
  • Minify & combine your Javascript and CSS ** Make sure to check because this can cause some minor design changes.
  • Javascript deferred – Save mode for JQuery.

 

.WHY SHOULD YOU CARE?

A 1-second delay in page load time can lead to:

  • a 7% loss in conversions
  • 11% fewer pageviews
  • 16% decrease in customer satisfaction.

 

graphic showing losses in dollars amount

 

 

 

 

1Shares

Best & Worst Tools For Running Your Online Business

Each year I am approached by companies wanting me to try their products & services and ultimately share them with all of you. Some have been great additions to my business others have left me disappointed and flummoxed. I thought I would share with you the best & the worst from the past year!

To begin with, I’m going to break it down into 4 categories.

  1. Blogging tools
  2. Social Media
  3. Email Marketing
  4. Running your business

Blogging Tools

As you know (if you have a blog) there is always so much that needs to be done in a short amount of time so anything that I can find that will:

  • Save Time
  • Save Money
  • Improve My Skills

is a Godsend to me. Now, I want to share them with you!

Web Hosting  

I have my own hosting that I provide through Flywheel (owned by WPEngine) which runs $20 a month. We provide fast, secure hosting, free SSL’s, and amazing support. I only have three spots available.

For someone just starting out or on a tight budget I use **Bluehost. I have to say that I have set up hundreds of sites on Bluehost and not once have I ever had a problem. Once upon a time, Bluehost was considered the bottom of the barrel in terms of hosting, but a few years ago they turned it around and I have to say that I’ve been very impressed with how hard they have worked to improve every aspect of their service.

Themes

I have always been a Genesis girl and **Studio Press is the place to get the best themes. A few months ago I had the opportunity to work with **Divi by Elegant themes and I have to say that I absolutely love it! It’s so versatile and easy to use and saves me tons of time. There are so many things included that you hardly need any plugins at all!

Plugins

Listen I know that those sneaky plugins get you where it hurts. I’m sure you have seen the notices in your dashboard ‘get this pro version’, ‘buy this’, ‘do that’.  Nine times out of 10 you don’t need it. There are free plugins for just about anything. My go-to plugins are:

  • Updraft Plus for backing up.
  • Wordfence for security.
  • Jetpack lots of things.
  • Akismet for spam.

If you’re using Genesis then I add:

  • Genesis Enews (optins)
  • Simple Social Icons
  • Simple Social Share

If you’re using Divi

  • Bloom (optins)

All of those are free & if there’s something you want just search the plugin repository.

Free Courses

From WordPress

WP Beginners
Neliossoftware

Hubspot created a blog post with 60 free online courses that you can take to improve your skills. If you don’t follow Hubspot’s blog you really should. There is always so much valuable information.

Would you like to learn more about Facebook ads? Here’s a great post by Insane Growth that explains it all.

Social Media

Social media is the bane of my existence, but it’s also a necessary evil. I build websites and create content with business tips for bloggers, entrepreneurs & small businesses. I get asked to try a lot of different social media scheduling tool and here is my honest opinion.

**#1 For me is Sendible.com. I run three different websites and manage several clients’ social media accounts. Scheduling blog posts and monitoring keywords that I set up, even monitoring my competitor’s social media accounts. If you run multiple blogs or social media accounts

Sendible is the best.

Most places make you pay per account so for three sites I would have to have three different accounts. I would only be able to pick up one RSS feed unless I had three different accounts.

I could not run my business without Sendible!

Sendible is different. I have a set number of services I can set up and it doesn’t matter how many RSS feeds you pick up and auto-posts new pieces. You can schedule them to repeat however many times it’s all completely up to you. I post to five different FB pages for various people and with Sendible I can do it automatically saving myself lots of time.

Then there is **Tailwind

I love using it for Pinterest.

I know I’m not taking full advantage of the features but what I am using I love. BUT  I don’t like them for Instagram. I tried it I really did, but it was just too confusing and I wasting to much time trying to figure it out.

A few years ago I bought a lifetime membership for Grum.co for only $39 and I love it for scheduling Instagram posts. That’s all it does Instagram, but it’s so easy to use. Unfortunately, they are no longer taking on new customers. If I didn’t have this I would make the time for Tailwind, but this one is just to easy and it’s a lifetime purchase.

CoSchedule

I love Co-schedule I really do, but because of the limitations of only having one site on one account, I just can’t justify that expense when I have other options. It offers a boatload of features and it’s easy to use.

There is really no “free” service for scheduling your content. You can use “Publicize” inside your WordPress site and it will automatically post to FB, Twitter, & LinkedIn.

I know that Buffer offers a free version but I’m not sure of its limitations. I’ve always found it too confusing to use.

If you’re going to spend money this is one of the places where I say if you can pay for it then get it. A good social media scheduler can save you loads of time while helping you build your tribe.

Email Marketing

In today’s 24/7, 100mph world if you’re not marketing through email then you’re leaving a lot of money on the table. You should absolutely be sending a welcome email sequence & sending out an RSS to your subscribers.

A few months ago, I was singing the praises of **Engagebay and I learned a very valuable lesson. Sometimes quick decisions can be the wrong decisions. It can send beautiful emails, there are tools for marketing, sales or service. I feel as if it is an excellent platform, but it just didn’t fit my needs. The main problem was the RSS emails. There just wasn’t enough flexibility and I actually sent out a few crazy emails before I gave up.

If you’re running a small business then I cannot recommend Engagebay enough. It’s beautiful, easy to use and handles so many tasks. It’s also affordable. Here is a link to their Youtube channel which has a lot of info about its features. It’s a great platform I just tend to have a problem with change I guess.

So, I’m back at MailChimp and that’s where I’m staying! I know my way around, it’s easy to use (most of the time) and it’s cheap. They have changed things and unless you have a paid account you are limited in what you can do. Such as only having one audience(list), limitations on automation, etc. I pay for The Blogging 911 account and use the free version for Wanding Web Designer & The Diary of an Alzheimer’s Caregiver my other two sites. The paid version runs me $9.63 a month.

Have you seen my the MAILCHIMP EXPLAINED ebook in the 911 Resource Library? It’s just one of the many free resources inside.

 

 

I’ve worked with ConvertKit before and it is easy to use. I didn’t like the design limitations and figure if I’m going to spend $30 a month it needs to have a lot more.

Running your Business

There are several tools that I use every single day to run my business. Some are free (well most are free) but they are still necessary. Tools such as:

  • 17Hats – is an all-around scheduling tool, lead capture forms, templates such as contracts or estimates. It runs $39 a month for all of its features and there are many. I personally only use the free version because I use the templates & lead capture forms (those project inquiry forms you see around here).
  • Acuity Scheduling – If you need an easy way for people to schedule appointments I highly recommend Acuity. Their free version has always been more than enough for me.
  • Asana – This is my project management tool and it keeps me on track when I’m building out a new site, managing other projects or even just things I need to do. There is both a free and paid version and I’ve always found the free version more than enough for my needs.
  • Canva – There is a free version of Canva that works very well. I use Canva almost every single day and I love it for it’s easy to use dashboard, to the free and paid elements like stock photos, icons, frames, colors, and fonts. For this, I splurge and get the paid version so that I can store my own logos, my fonts (up to 25) and my brand colors for $12.95.
  • Google Drive – Also free. I use it to store all of my clients’ assets. I like how easy it is and it works great with Gmail which is another great free tool. I do use the paid version of this and it runs $6 a month and I have tons of storage and it’s easy to use.
  • One Drive – This is part of my Microsoft subscription which is about $7 a month. This is where I keep all of my assets. (Such as stock images, templates, or other graphics).
  • Dropbox – This is where I store all of the backups for my clients & my own personal websites. This costs around $10 but they’ve added a bunch of new features.
  • Screencast-o-matic – This another thing I purchased from Sumo. It was a lifetime subscription for only $39 and I use it whenever I need to make tutorials or other videos where I share my screen. It’s something I purchased on APPSUMO.
  • APPSUMO – is a great place to find great deals on products or services to run your business! They always have freebies or lifetime deals that will save you tons of time and money.

Know some great tools that I might not know about? Let me know in the comments below.

** Means that it is an affiliate link if you purchase a service, with the (**) beside it, means that I will earn a small commission that will in no way affect your cost.

9Shares