Follow iThemes: Premium WordPress Plugins & Tools on Feedspot

Continue with Google
Continue with Facebook


We recently interviewed freelance rookies and now we want to talk to some freelance veterans. People who have been in the business for a while have learned some valuable lessons. We want to mine those lessons and share with the WordPress freelancer community.

Today we talk with designer, brand strategist, and teacher Dana James Mwangi. She’s the founder of Cheers Creative, a creative agency that builds brand visuals and websites for creative professionals, industry leaders, and art platforms. She’s been featured by Forbes and Essence, as well as a host of podcasts.

“It doesn’t matter how great a website looks or how many bells and whistles it has. If the site’s messaging isn’t clear or telling a great story then it still won’t work as well.”

-Dana James Mwangi

We talked with Dana about sharing the right message, setting up systems, and always learning.

How has your work changed over the years? What’s changed in your approach or your business since you started?

I spent a lot of years learning web design and learning WordPress. In those early years, my number one goal was to make websites that looked amazing. Today this is still my goal, but my focus has grown to include making sure a site’s messaging is just as good as its visuals. Today’s digital space is congested and loud like the traffic on a six-lane street. In knowing that, the main question I now ask myself before I start a web project is “How can I make the noise from the digital traffic quiet down when a user visits this particular website? How can I make an intimate user experience that’s like a relief from all of that noise?”

I would say that the bulk of my time now is spent helping my clients craft the perfect message on their website for their audience. That’s where the magic happens. Have you ever seen an episode of Dancing with the Stars, the television series where celebrities/personalities are paired with expert dancers and compete to win a multi-episode dance competition? Sometimes either the celebrity is a great dancer or may not have a lot of dance talent. In the latter case, it doesn’t matter how seasoned the celebrity’s dancing partner is. If the celebrity doesn’t have fluid moves, then the performance can’t be saved. In my mind, that’s the same dance between good website visuals and content. It doesn’t matter how great a website looks or how many bells and whistles it has. If the site’s messaging isn’t clear or telling a great story then it still won’t work as well. I believe this shift in thinking is what has helped me transition into being valued as a website consultant who puts strategy first.

I spent so many years learning the tech and design principles behind making a website work. Now that I have that foundation (and WordPress is what helped me get there), I am finding ways to make digital spaces feel more human through authentic storytelling and visuals that are less cluttered.

How did you break through and become successful? What strategies or approaches seemed to work the best?

My projects became more successful and seamless when I set up systems and workflows on how my company delivers websites from start to finish. Like a lot of designers first starting out, I used to walk around with my process in my head, and that was the only place where my process existed. This put me in a bind, and I wasn’t even in a position to receive help and delegate tasks because I had no “handbook.” Now I have automated almost all the steps on what happens from the time I get an email inquiry about my services to the date I publish a client’s project. My team and I now have more time to be creative because we’re not lost in a sea of unorganized client emails or performing redundant tasks.

Whenever I use a WordPress theme or plugin, I view the creators as my extended team. I get involved in their online forums and communities, and I share my work/insight. Back in 2014, I shared my work with one of the fastest selling WordPress themes on the market. This led to me becoming one of their endorsed partners and getting endless press. I had no idea all of those things would happen, but that experience taught me to share what I know and share my process even while things are imperfect.

In sharing my design process, I also learned how to share my personal “why.” In today’s digital space, people literally have millions of choices when deciding who to hire for web design. I realized quickly that doing great design work isn’t enough. I had to make connections with people and talk about why I became a web designer in the first place. Storytelling is the number one tool that increased awareness of my company. I talk about my “why” and my journey in going from print design to web design every chance I get.

What mistakes have you made over the years that you’ve learned from?

In the early years, underpricing was one of my biggest mistakes. When you underprice, you can’t invest in the best tools and the best people to get a project done and you can’t offer great value.

While you are a veteran, there are always areas where we can learn and grow. Where do you think you need to improve?

It’s hard for me to embrace the term “veteran” when it comes to WordPress because it and the experience on the web keeps evolving. I remember when website responsiveness was an “option.” Now it’s necessary if you want website users to see your content just as you intended on a mobile device. A couple of years from now it may be the standard for WordPress websites to incorporate virtual reality experiences or standard for a website’s text and images to completely change based on a viewer’s demographic. As with any significant change, I’ll be rolling up my sleeves again and excited to learn something new. I know now to embrace change early.

The post Veteran Freelancers: Dana James Mwangi Is Always Learning appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Hosting is what makes the web go round, but it doesn’t get a lot of attention. That can be OK, because hosting is just supposed to work. Unfortunately, that’s not always the way it goes.

We recently started offering our own WordPress hosting solution, so we wanted to talk to some WordPress experts about why hosting is an important decision to consider.

Aaron Reimann built his first website in 1996, and today he does it for a living with his company, Sideways8. He’s spoken at multiple WordCamps and often writes about WordPress.

“I want to know that a top-level support person will be available on a weekend.”

– Aaron Reimann

We talked with Aaron about support availability, WordPress-specific issues, and the value of good hosting.

Do you have a hosting horror story?

I have a couple, but nothing compares to what my company went through in 2013. At that time, we were hosting 80 sites for various clients—and we lost two of them thanks to this story.

It started on a Friday morning when our Virtual Private Server (VPS) was using too many resources on the host machine and the server went down. I contacted them and they informed me that my instance was going to have to be migrated to “bare metal.” Meaning it needed to be on its own dedicated box. So they started the migration around 10:00 a.m.

I contacted them at 5:30 p.m. asking for an update, and they told me the migration failed and it would have to be restarted. What they didn’t tell me is that the support team that does migrations stopped working at 5 p.m. and they (tier three support) wouldn’t be available until Monday morning.

The company dragged their feet without telling me that no one was going to be able to get the sites up. It took until Sunday afternoon before they gave me that vital piece of information. When Monday rolled around, tier three came in and the sites were finally up late in the afternoon. We had over 80 hours of downtime.

What’s the most important factor in choosing a hosting company?

I would say that up-time is the most important, but in light of the story I just told, I want to know that a top-level support person will be available on a weekend.

How does the hosting conversation change when you’re talking specifically about WordPress?

It doesn’t change much because we do 95% WordPress development. The only difference is that I expect there be a top-level WordPress development team available to troubleshoot WordPress-specific issues.

How do you convince people of the importance of investing in hosting?

That is sometimes difficult to do. As our company has grown, so has our clientele and the larger the company the bigger the budget for IT. I always tell a client something like this:

“The difference between good hosting and bad hosting is around $30 a month. Sure, you can get hosting at $5 a month, but you could pay $35 and have a dedicated WordPress development team available to fix things if something as simple as an upgrade takes the site down. What is your product worth? What if the most profitable client goes to your web site when it’s down? How much will that cost you? If it’s more then $30, invest more.”

The post Hosting Insights: Aaron Reimann appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In August of 2017, we announced the release of our newest product, iThemes Sales Accelerator, and why we felt it was a good move to serve you better with a tool for WooCommerce reporting. Over the next year, we released several additional add-ons to iThemes Sales Accelerator, hoping to add new, appealing features to a great product for WooCommerce.

Unfortunately, iThemes Sales Accelerator never took off in the way that we hoped, so we have made the tough decision to officially sunset iThemes Sales Accelerator as of April 1, 2019.
What does this mean for current iThemes Sales Accelerator customers?
  • We’ll continue to provide support for iThemes Sales Accelerator until March 1, 2020, to give you time to transition to another WooCommerce reporting tool or service.
  • Beginning March 1, 2020, we’ll officially discontinue support for iThemes Sales Accelerator.
  • Access to your plugin downloads will remain active until March 1, 2020 (or the remaining duration of your subscription length to iThemes Sales Accelerator through 2020).
  • Your current iThemes Sales Accelerator subscription won’t be renewed.

As for current Plugin Suite and Toolkit members, you’ll still be able to access downloads and get support for iThemes Sales Accelerator through March 1, 2020.

We’re Still Innovating For You

From all of us at iThemes, thank you for supporting us and we look forward to serving you with the launch of two more plugins (coming soon!) and with continued development of our key WordPress tools: BackupBuddy, our WordPress backup plugin; iThemes Security Pro, our WordPress security plugin; iThemes Sync, our tool to manage multiple WordPress sites; iThemes Hosting for stellar WordPress hosting and new WordPress training events.

The post We’re Sunsetting iThemes Sales Accelerator appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Money management is one of those super important things freelancers would rather forget. Taxes and bookkeeping and spreadsheets—oh my!

But it doesn’t have to be that bad. Getting your finances under control can free you up to focus on what you love while also saving you money. Now is the time to get serious about your finances. Do right by your business and take accounting seriously.

We talked with veteran accountant Joanie Gable and peppered her with questions about freelance finances. You can watch the full webinar, and we’ve pulled out some insights below.

1. Get an Accountant

First and foremost, get yourself an accountant. That’s right—you don’t have to do it yourself. You should always hire people to do what you’re not good at. You encourage your clients to hire a website expert instead of doing it themselves, so take your own advice and hire a financial pro.

For most freelance businesses, it’s not going to be that expensive to have someone look over your books and file your taxes. In most cases, you can do your bookkeeping yourself and bring in the account for the big issues—setup, questions, and tax season.

2. Find the Right Accountant

So how do you find a good accountant? Look for someone eager to work with small businesses. You also want someone who’s going to help you improve your systems and think long term. In other words, you want a strategist, not just a bookkeeper.

Plenty of accountants will be happy to go through a box of receipts or compile your numbers into a tax return. While that’s helpful, it doesn’t help you maximize your deductions or make the most of your money. You want an accountant who’s going to tell you how to do things differently to save more money.

3. Ask Questions

Whenever your accountant says something or gives advice, you should understand it. If you don’t understand, ask questions. Finances for a freelance business aren’t so complicated that you can’t comprehend it. Your accountant should be willing to take the time to explain things to you—that’s their job. You don’t have to love accounting, but you should understand what you’re doing and why.

4. Corporate Setup

Even if you’re a solo freelancer working at home, you should have a corporate setup. A corporate structure is a smart way to separate your business and personal life. If something terrible happened and someone sued your business, a corporate setup would mean they could only go after your business assets and not your personal assets (like your house).

Your corporate setup can have various advantages and an accountant can help you weigh the pros and cons. Setting up an S-corp can avoid some payroll taxes, while a single-member LLC is super simple and cheap to set up.

5. Keep ‘em Separated

That corporate structure is just the beginning of keeping things separate. You also need to keep your personal and business accounts separate. Create a separate business banking account where you pay for expenses and deposit income.

You need to be careful about moving money back and forth between personal and business accounts. Whenever you do that you should have a reason—you’re paying yourself a salary or reimbursing an expense or giving your business a loan. Be sure to document it clearly. Otherwise you risk “piercing the corporate veil,” which is legalese for trouble. In short, you separate personal and business to protect yourself, but if you blur those lines you endanger that protection.

6. Home Office

The home office is a big deduction and an accountant can help you sort through all the details. In short, a proportion of any expenses that go to maintaining the house can be deducted. You need to do the math based on square footage, but if your office is one-tenth of your house, you can deduct 10% of all expenses—power, water, trash, internet, etc. If you see clients or contractors in your home, this can also apply to expenses like yard care or a maid service.

But if you do see clients in your home, that also opens you up to liability. You should have an umbrella insurance policy or a business ownership policy. Talk to your insurance agent.

7. Vehicle Deduction

A vehicle can be another big deduction, though there are specific rules you need to pay attention to. One approach is to track business mileage on a vehicle and then take the per mile deduction. But if you do a lot of driving it might make more sense for your business to purchase the vehicle and make the entire thing (and its maintenance) an expense. In order to do this you have to use the vehicle at least 50% of the time for business, and there’s also a way to pay proportionally for any personal use.

8. End of the Year Purchases

The end of the year can be a good time to make big purchases, especially if you had a good year and have cash on hand (and will therefore also have a big tax bill). You can take a Section 179 expense deduction, which basically claims the entire amount in that year as opposed to spreading it over multiple years by capitalizing and depreciating it.

9. Nonprofit Deductions

A frequent question is if you can deduct work you do for a nonprofit. Unfortunately, the answer is no. Charitable donations are deductible, but volunteer work is not.

10. Dealing With the IRS

Sometimes we treat the IRS like the boogieman, but don’t be afraid of the IRS. Especially at this level, audits are mostly random and not based on specific behavior. So a home office deduction is not going to make you more likely to be audited.

If you do get a letter from the IRS, talk to your accountant before paying anything. The IRS does make mistakes and it’s easier to let your accountant sort it out first.

11. Employees vs. Contractors

Another common question is the difference between employees and contractors. It’s an important question because there are much stricter rules for how you compensate employees. It’s also important to know the difference because it’s strictly enforced.

There’s a detailed checklist that determines the difference, though much of it comes down to control. If someone is free to choose when and where they work, they’re likely a contractor. If you set hours and mandate a location, they’re likely an employee.

12. Accounting System

Finally, you need to set up a system to keep track of your finances. Your accountant can help you set it up, but in most cases it needs to be something that you maintain. So find something that works for you, and use it.

It can help to set aside specific time each month to go through your accounts. This is a good way to avoid putting off your bookkeeping and having to catch up come tax time.

Speaking of tax time, another helpful strategy is to create separate bank accounts for things like salary, overhead, and taxes. You can allocate your income as it comes in and keep your money set aside for specific purposes.

More Accounting Help

Managing money has always been a big challenge for freelancers. But don’t be intimidated—it’s all about what you do: Money management is 5% knowledge, 95% behavior.

The key is to get started now.

Watch the Webinar: Ask the Accountant

The post 12 Money Management Tips for Freelancers from an Accountant appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We’ve heard from the freelance rookies, now it’s time for the veterans to step up. One of the best ways to learn is to talk to those who have walked the path before.

Today we talk with freelance WordPress developer Tom McFarlin. He runs Pressware, builds plugins, and blogs about WordPress—with a membership component for developers who want to learn more.

Tom has been self-employed since 2010 and has built a name for himself in the WordPress space.

“There’s always another hill to climb. No one I know who is ‘successful’ would consider themselves ‘there.’”
– Tom McFarlin

We talked with Tom about changes in the industry, defining success, and what’s next.

How has your work changed over the years? What’s changed in your approach or your business since you started?

It’s easy to say that “not much as changed” and in some sense, that’s correct; in others, not so much.

As far as the types of things I’m building, I’ve definitely moved away from theme development and focus almost solely on custom plugin development. Sometimes these plugins can be quite large, such that they are like applications running on top of WordPress (which is something I’ve long been advocating). Other times, though, they are still “just” plugins. For whatever reason though, the word “plugin” tends to encompass this “small project” idea which isn’t always true.

Just because some plugins may be small doesn’t mean they all are. That said, I’ve always been focused a bit on plugins—now just more so. So, in that sense, not much as changed.

What has changed, though, is my process. This includes the types of tools I use to the approach I use when communicating with customers. I spend a lot of time on things related to quality such as using PSR2 standards, third-party tools to enforce modern PHP development practices, unit testing, and so on. This isn’t to say I wasn’t focused on quality before, but the economy of PHP development outside of WordPress is arguably richer and more powerful than that inside of WordPress. So being able to bring that into the fold has helped continue to leverage the newer features of PHP, stronger object-oriented programming, and cleaner code through various code quality tools that I didn’t previously use to the degree I am now.

How did you break through and become successful? What strategies or approaches seemed to work the best?

I don’t know how to define “breakthrough” or what “success” looks like to other people. For me, being able to provide people with custom solutions that solve their problems all the while providing a living for my family is what defines success. It’s not necessarily the house or the car or whatever. (I mean we all have our things, right? There are a number of guitars I’d love to own but currently don’t.)

If I had to give someone advice on this, though, it would definitely be to know what it is you want to do (be it themes, be it plugins, be it both, be it something completely different) and then chase it down and make it happen. I can’t promise that it will. No one can. But striving to get better and continuing to move uphill is something that is a constant battle that requires a lot of sweat equity. And there’s always another hill to climb. No one I know who is “successful” would consider themselves “there.” Instead, they look back to see what they’ve achieved and then look forward to what they want to do.

Secondly, I think surrounding yourself with people who can help you formulate clear ideas around your business helps. Sometimes you hear these referred to as masterminds or something like that. I was hesitant to join one, but I had the opportunity to do so this past year and it’s proved invaluable. Part of that has to do with the people in the group, too. It’s not like a magical, “Let me join the group and have all things work out.” It’s a matter of the right people, articulating your problems correctly, and then applying what you all discuss.

What mistakes have you made over the years that you’ve learned from?

Perhaps this answer is cliché but there are too many to count. Some of them range from taking on projects that were not managed properly or things weren’t communicated between all parties involved (myself included) that kept things from progressing as they should have. Sometimes there are times were the estimates and cost of a project were less than the amount of work required to complete a project, and sometimes there are times where the amount of time I thought it would take to complete a project was far longer.

This ultimately reflects poorly, but I’ve found being upfront and honest—that is to say maintaining a level of integrity—in the face of such problems can go a long way in building a relationship and trust with a customer. And more times than not, I’ve had repeat business from someone because I’ll treat them with the amount of respect and honesty they deserve. I won’t short change them and I’ll take responsibility for the problems that ultimately fall on me.

While you are a veteran, there are always areas where we can learn and grow. Where do you think you need to improve?

Right now, the big thing that weighs on me is the aspect of focusing on what the business may look like, say, a quarter or six months from now. People like to have ideas for their business in terms of what it may look like in 10 years or five years, but I’m more of a one year to six months to the next quarter type of person. Sure, trying to generate more revenue is an easy answer but the how is the more interesting question.

Is it growing the business? Is it raising prices? Is it taking on fewer projects, but larger projects or is it the inverse? Is it taking on things such as stepping into the world of products or SaaS? I don’t know right now. But it’s something I certainly think about a bit. At the same time, I’m quite happy where I am with the customers I serve, the problems I solve, and the work I do.

There’s a balance to strike, but staying focused on the day-to-day is important, too, because it’s that which paves the way for you to have more work and opportunities in the future.

Check out more posts in our WordPress freelancer series.

The post Veteran Freelancers: Tom McFarlin Keeps Climbing the Next Hill appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

A few years ago, Jennifer Bourn looked back on 10 years of creating websites and realized she had sold more than $1 million in extra web design projects. This was beyond her bread and butter work of website development. But more than a great headline about a million dollars, it’s a great lesson in how to sell web design.

Most people don’t like to sell. It can feel gross, and freelancers especially like to avoid that necessary evil. But if you understand how to sell web design, you can have a conversation instead of making a pitch.

So we’re going to cover three things you need to know about selling web design and then apply it to the sales process. For more on these insights, you can watch the “Selling a Million Dollars in Design” webinar with Jennifer Bourn.

Three Things You Need to Know About How to Sell Web Design 1. Web Design is Different Than Web Development

The first thing you need to understand is that design is different than development.

Design is subjective and emotional.
Development is straightforward and logical.

There’s certainly an art to coding, and some code is better than others. Some developers do a better job of writing clean code. But to a client, the website either works or it doesn’t.

But when it comes to design, there’s a whole range of subjective responses that aren’t a simple right or wrong. There are a thousand ways to design something, and they can all be right. How a client responds to a design is going to depend on a thousand factors, from their experiences to their preferences.

Everybody approaches design differently, and you have to navigate those waters.

2. Understand What Clients Want

Secondly, you need to understand what clients want. We’re talking much deeper than a new website or a pretty design:

  • Clients want to look better than their peers and competitors.
  • Clients want to look bigger, more expensive, and command higher fees.
  • Clients want to make more sales and close sales faster.
  • Clients want to create new opportunities without doing much more work.
  • Clients want to be listened to, valued, guided, and supported.

To understand how to sell web design, you need to understand these deep desires. It’s not so much about what the design looks like, but it’s about what the design can accomplish. The more you can focus on these intangible hopes and dreams, the less you’ll be struggling over trivial matters like drop shadows and font size.

3. Know How Decisions Are Made

To sell web design, you must understand decision making. If design is so subjective and emotional, how do people make decisions?

Decisions are made with hearts and then justified with brains. We make initial decisions with our guts. Something feels right. It’s based on emotion. We usually come to that decision through a conversation, something clicks, we make a connection with the person, and we want to buy.

Then our heads kick in and try to justify that emotional decision with logic. We rally facts to match our feelings and convince ourselves it’s a smart decision, not just a decision that feels right.

So when you’re selling design, you need to lead with benefits that connect to their emotional needs and desires (what the client wants). You help them make that decision with their heart. Then you back up the benefits with features, offering logic and certainty about what they’re going to get. The brain is trying to justify the decision, so you offer the right rationale at the right time. Make them feel like they made a smart decision.

Apply It to a Sales Process

OK, so how does all of that apply to an actual sales process. Here are some tips to help you refocus your sales process and sell more design.

Talk Less, Listen More

First, stop talking so much. The biggest mistake people make in a sales conversation is talking about themselves.

No, stop talking. You need to ask questions and listen. The whole goal is to hear where the client is coming from and begin to understand their specific hopes and dreams, their specific challenges, their specific fears—so you can offer solutions that solve those issues.

If you’re doing all the talking, you can’t learn all those things. Clients also value being listened to, so this is your opportunity to listen. Be an active listener, asking helpful questions that drill down to what’s important.

A word about silence: It’s OK. Silence makes people uncomfortable, which is often why we talk so much during sales calls. But you have to learn to be OK with silence. Let the uncomfortable silence linger and eventually, the client will step in to fill that silence.

Skip the Trivial Details

A sales call is not the time to be talking about fonts and colors. That’s part of the design process, not the sales process. Don’t worry about it until you’re getting paid to worry about it.

You’re not just selling web design, you’re selling expertise, experience, a process, and the results.

You want to focus on turning their vision into reality, so you need to hear about hopes, dreams, challenges, obstacles, expectations, etc. A favorite color or a preferred font choice are not any of those things, so skip them.

Prompts & Questions

To get clients talking and focused on the important details, you need to ask the right questions.

First, get the client talking about their dreams and needs:

  • Tell me about your business…
  • Why do you need this project done?
  • How is not having this affecting your business?
  • What will change if this is completed?

The answers to these questions should help you formulate your pitch. There’s pain and lost opportunity in not getting this project done, so when you deliver you’re helping them overcome those issues.

While you don’t need trivial details, there are some important details you do need to get to provide an estimate:

  • Are there constraints? Budget? Timeline?
  • Is content complete? Have a sample to reference?
  • Who are stakeholders?
  • What are the requirements, expectations?
Confirm Good News

Finally, you want to confirm to the client that you can help them:

  • Yes, we’re a good fit.
  • We are excited about the project.
  • Here is what we can do/what we recommend.
  • This is the investment (what it will cost).

Then you need to be quiet. Wait for them to respond.

Remember that silence is uncomfortable. But that’s OK. The client is either going to say yes or they’re going to express their concerns. Wait patiently for them to offer one or the other.

Be One Step Ahead

If the client has concerns, you need to be prepared to be one step ahead of them.

  • If the client is worried about not liking the final product, share your process and explain how they’ll have opportunities to give input.
  • If the client wants more revisions, let them know how you handle additional work or out of scope work.
  • If the client is worried about how much work they’ll have to do, review the divisions of labor and make it clear what’s expected of them and offer options to get help (bringing in a copywriter, etc.).
  • If the client is concerned that it’s too expensive, remind them about the harm of the status quo (you already asked about how not having this is affecting the business and what will change once it’s done). Tie this to income/profit if you can—explain how your work will pay for itself.
Mindset Matters

Finally, when you both agree, it’s time to send the client an agreement. Not a contract—an agreement that puts in writing everything you just talked about and agreed to.

At this point, it’s helpful to shift your attitude. You need to start thinking of your clients as partners. So start this new relationship with an agreement, not a legally binding contract that’s meant to cover your butt. (The contract will come, but don’t make it the first step.)

It’s easier to sell to existing or past clients, and easier to get referrals, so you want to build a relationship with the client. Make this project a partnership.

How to Sell Web Design

Ultimately, web design is about problem-solving. Selling design is simply identifying the problem.

By changing how you approach the sales process, you can be more effective and more profitable. Don’t treat web design like another commodity. Recognize how it’s different, and make more money.

Watch the Webinar: Selling a Million Dollars in Web Design

Remember to check out the full “Selling a Million Dollars in Design” webinar with Jennifer Bourn for more details and insights.

The post How to Sell Web Design: It’s Not the Same as Development appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

With access to search and maps in everyone’s pocket, the question “where should we go?” is answered in moments with local search. If a business doesn’t show up in the results, nobody is going to find them. Local businesses need to be found, and that happens by optimizing local search engine results (also known as Local SEO).

If you want to learn more, these insights are from the webinar “A Deep Dive Into Local Search” with Lindsay Halsey, cofounder of Pathfinder SEO.
What Is Local Search?

Local search is all about putting a business on the map so that you can be found by people in your area.

  • When you search Google for restaurants and it shows a map with local restaurants near you, that’s local search.
  • When you ask Siri where’s the nearest gas station, that’s local search.
  • When you can get the hours and phone number of a hair salon on the first page of results without wading through a website, that’s local search.
Why Does Local Search Matter?

It’s important to care about local SEO because that’s how people find businesses near them.

  • One in three searches are about a place.
  • 97% of consumers search for local businesses online.
  • 50% of local mobile searches are for business info (address, phone number, hours).
  • 50% of consumers who do a local search on their smartphone visit a store within a day.

The key to local search is realizing how important it is. A business may be focused on their website, but without local search, few potential customers will ever get to their website.

Who Needs Local Search?

Local search is vital for businesses who want to be found. That’s probably most businesses, but it’s especially true for any business with a storefront or other location that serves customers or a service area where they visit customers (think plumbers, photographers, etc.).

Any organization that interacts with people locally should care about local search. That includes restaurants, stores, local services, churches, etc. Getting Started With Local Search

There are three steps to implementing and optimizing local search.

Step 1: Verify Business in Google My Business

Google Maps is the hub of any local search presence, so start there. The first step is to officially verify a business in Google My Business.

  • 1. Find and manage the business: First you’ll want to find and manage the business in Google. Often businesses are already listed and you just need to find it and claim it. Sometimes a business isn’t listed yet and you’ll need to add it.
  • 2. Verify the business: Next you need to verify that you’re representing the business. You can do this with a phone call or postcard. You may need to coordinate with a client to make sure this verification process happens—given them a heads up to watch for a postcard or answer a call.
  • 3. Complete all information: Finally, you need to fill in all information completely and accurately. Pay special attention to the name, address, and phone number (NAP), as these are the building blocks of accurate local search information. Be sure everything is consistent (do they use “Ave.” or “Avenue,” a five-five digit ZIP code or the full ZIP plus four, does the business name always have “Inc.” on the end?). Don’t overlook any of the options—NAP, website, categories, hours, description, photos, services, attributes, opening date—they’re all helpful.

This can get complicated if you’re providing local SEO services to clients. As you help businesses through the process, here are a few tips that can make it easier:

  • One account: Use one Google account (email address) to manage all of your client listings. This means you have a master login and don’t have to save login info for every client.
  • Give access: Share the appropriate level of access with the business owner. The business owner should have owner access for the account and an agency representative or freelancer (you) should have manager access.
  • You can start without a site: If your client doesn’t have a website yet you can still get the listing started. While it’s important to complete all info in the Google My Business listing, the website is not required. You can have the listing go live before the website and just add the website when the site goes live.
Step 2: Distribute Your Data

While Google is the behemoth in the local search space, they’re not the only game in town. Google accounts for maybe 70% of local search traffic, so if you quit after setting up Google My Business, you’re saying no thanks to 30% of local search traffic.

There are two ways to get a business’ search data distributed:

Option 1: Manual Distribution

You can visit each mapping site and create, update, and verify the local business information manually. So that means after setting up the Google My Business listing, you’ll need to do the same with Bing, Apple, Yahoo, etc. This is a cheaper way to go and offers more control and customization. But it’s also incredibly time-consuming.

Option 2: Automated Distribution

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Hosting is the invisible infrastructure that makes a website work. It’s not the first thing we see, but it determines if we see anything at all.

Since launching iThemes Hosting, our WordPress hosting solution, we wanted to talk to some WordPress experts about the ins and outs of hosting.

Kim White is the founder of the website firm PixelPaper. She started building websites in 1998. Kim has spoken at multiple WordCamps and helped organize the Lehigh Valley WordPress Meetup.

“Shared hosting can be like living in a dorm, and ya’ll smell the neighbors sometimes.” -Kim White

We talked with Kim about hosting analogies, clients who cling to bad hosting, and juggling the cost of hosting.

What do you recommend when people ask you about hosting?

I can get pretty worked up about the “What host do you recommend?” question that gets asked at most every meetup.

My number one answer is not what people want to hear: “It depends.” Everyone has different needs and pain points. What I might recommend to one person I might never consider for another.

I try to put it into real-world words. I’ve been working on a “home buying” analogy, which works about 90% of the time when I talk to people.

Really it’s just my personal experience: When I bought a house it was great, but after living in it for a while I realized I didn’t like shoveling the corner lot. Also, not everybody likes the same things. Some like a condo association to take care of everything, while others like doing lawn work.

People need to evaluate their needs, and sometimes you don’t know what you need until you’ve used a host for a bit. And then it’s OK to move.

Shared hosting can be like living in a dorm, and ya’ll smell the neighbors sometimes.

Stuff like that. It’s not a fully formed theory.

Do you have a hosting horror story?

My horror stories are usually similar because they involve clients bringing hosting to a project and not being open to any change.

The worst was a client who gave us the hosting to work with after development was complete. For starters, it was a Windows machine, and when we finally got that changed to a Unix server, I spent over five hours on the phone with tech support just to get the bare bones of what we needed to run WordPress on their $10 per month service.

In the end, the client paid over $500 to make cheap hosting “work” with their site needs.

What’s the most important factor in choosing a hosting company?

The most important factors for choosing hosting depend quite often on the type of website it is. I don’t have any problem with most small hosting plans when I am building a “brochureware” type site. There is little interaction, and it’s mostly a place to have the client’s contact information. But once you start talking about any working parts, people filling out a form, viewing gallery images, calendars, etc., the hosting should be able to keep up with the activity.

The other thing is how techy you are. If you are taking care of a website, and you run your own business, say a jewelry store owner, do you really want to learn about security, backups, or updating WordPress? Think about the math on that: $10 hosting, $10 backup plan, $20 malware protections—and the time to make sure I’m taking care of things or $35 a month for managed hosting that takes care of the three above—and now you can take care of your business.

However, some people love doing the tech stuff so it’s not a loss for them to take on that responsibility.

How do you convince people of the importance of investing in hosting?

A few years ago a fellow developer said, “Would you pay only $5 a month for your phone? So why do you want to get cheap hosting?” Now more than ever the internet is where customers are going to interact with us. Investing in quality hosting that gives you peace of mind that it’s working when you’re not is worth the investment.

The post Hosting Insights: Kim White Compares Hosting to Housing appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Many hosts offer website backups … but are they really enough? In this post, we cover 10 questions to ask before you rely on a host’s backup alone.

Why Backup Your WordPress Website?

Why should you care about website backups? Just like insurance for your home or car, backups are “insurance” that protects you from website disaster.

It sounds scary, but the reality is your website could be lost forever if you don’t have a backup system in place.

For example, website backups are necessary to protect your website from:

  • Security issues (including hacks and malware)
  • User error (accidentally deleting files or running bad commands)
  • Updates that break things (like updating a theme or plugin to a new version, uploading a new plugin, changing themes or making tweaks to theme or plugin files)
  • Data loss outside of your control (like server crashes or fatal errors)

Since WordPress doesn’t include built-in backups, you’ll need to find a backup solution, whether that’s a WordPress backup plugin or an outside service provided by your host.

When reviewing a host’s backup service, here are some important questions to ask:

  • 1. How often do backups run?
  • 2. How long are backups stored?
  • 3. What are the backup size storage limits?
  • 4. What do the backups include?
  • 5. Can I initiate a backup whenever I want/need one?
  • 6. Can I access the backup files myself?
  • 7. Where are backups stored?
  • 8. How easy is it to do a restore from a backup?
  • 9. Can I restore just the files or database tables I need?
  • 10. Can I use a backup to migrate my website to a new host or domain?
Download the Infographic: Is My Host’s Backup Enough?

Let’s dive into each question in a bit more detail.

1. How often do backups occur?

You need to know how often backups run and when. Websites that have frequent changes need frequent backups to capture new content, edits to existing content and sales data (if you’re running an e-commerce website).

For instance, if your host runs backups once a week on Sundays, and you make a bunch of changes to your site on Monday and are hacked on Wednesday, you can restore your site, which is great!  But you’ve also lost all the work you’ve done on your site in the meantime.

For example:

HostGator’s automatic backup service runs once a week on a random day, and each run overwrites any previous backups. Only one week of backups are kept at a time. The terms of our backup policy vary depending on the type of hosting account.   – HostGator’s Backup Policy

A weekly backup isn’t bad at all if you’re not making frequent changes to your site. But if you’re running a very busy site with frequent changes, you’ll need to create backups more often.

2. How long are the backups stored?

Does the backup service keep multiple backups or does the latest backup overwrite the previous one? Can you access a backup that occurred before the latest backup? Check to see how long backup files are stored. You may need to revert back to a version of your website at a certain point in time.

In the previous quote from HostGator, they say they run one backup a week and keep one week of backups.  Which means, at any given time, you have access to … one backup.

That may be just what you need, and one backup is definitely better than none. But this won’t fit the needs of every website. For example, what happens if there was malware on your site for a while before you notice? A one-week-old backup probably isn’t going to help.

Or, if you’re running an e-commerce site, changes are probably happening often. Losing all that data hurts your website and your sales.

  • Bluehost keeps backups “…for a maximum of 30 days. Backups older than 30 days will be overwritten with a newer backup…”
  • SiteGround keeps backups of customers’ Shared and Cloud hosting accounts for a period of up to 30 and 7 days accordingly.”
3. What are the backup size storage limits?

Instead of storing backups by age or within a certain time period, other hosts such as GoDaddy give you a size limit per site; either 5GB or 100GB, both at an additional cost.

If you have a large site with lots of media files, size limitations could be a big issue and quickly add up. Check with your host on backup size limitations and the fees for storage.

4. What’s included in the backup?

WordPress websites have specific requirements for a sufficient backup. Does the backup include everything in the Media Library as well as all plugin and theme files? Make sure the backup contains more than just the database because that isn’t a complete backup of a WordPress website.

Make sure the backup system completely backs up:

  • WordPress database (contains your posts, pages, comments, links, etc.)
  • WordPress core files
  • Media Library files
  • Theme Files
  • Plugin Files
  • Any other files and directories in your WordPress installation

There are different types of attacks that can happen to your website. Not all of them will affect just your files or just your database, so having a full backup of your site is important.

What is in the backup that you don’t need? Sometimes, when a host creates a backup, they include server configuration files that are not compatible with a different or new host.  So if you decide that you need or want to move to another host, you can’t use your current host’s backup to make the move.

5. Can I initiate a backup whenever I want/need one?

If you’re running updates or actively making big changes to your website, it’s a good idea to make a backup before you begin.

Does the backup service allow you to run a backup whenever you need to or do you have to rely on their schedule?  If your host creates backups on a set schedule and does not allow you to create manual backups, then you either have to work on your site on their schedule or risk your changes without making a backup first.

If they don’t allow you to manually create backups, you could find yourself without one.

6. Can I access/download the backup files myself?

Do you have access to download your backup files? Do you even have that option? Would you have to contact support? If you truly own your website and its contents, you should also own your backup files and have access to them whenever you need them.

Many hosts assume that you don’t need to download backup files and don’t package backup files in downloadable formats. Backup files actually contain important information that can help if you need to compare file versions before or after an error or if you need to restore a single file.

7. Where are the backup files stored?

If your website and backup files are stored on the same server and the server goes down, you’re setting yourself up for trouble. Plus, backups can also eat up a lot of your server space.

That’s why backup files should be stored off-site in a secure, remote location, so make sure the backup service is storing backup files in a separate location than your website.

8. How easy is it to restore from a backup?

Can you get your website back if something goes wrong? What does that process look like?  Do you have to get support involved and will it cost you any extra? A good backup solution should make it easy to restore your website.

Some hosts have made this process very easy for you. DreamHost, for instance, allows you to select the backup you want to use and then simply click a restore button.

The process for restoring a website is especially important to consider because some hosts run free backups for you, but then charge you when you need a restore. We’ve seen the cost of restores range from about $15 to over $100.

9. Can I restore just the files or database tables I need?

Sometimes you don’t need to do a complete website restore. Can you restore individual files or database tables?

DreamHost makes the restore process simple but it appears they only offer a full site backup and restore.  Sometimes, though, that is more than you need.  And, if your backup isn’t recent enough, you would be overwriting everything on your site, not just the one file or database table you need to restore.

Make sure your host’s backup gives you the option to restore specific files and database tables.

10. Can I use a backup to migrate my website to a new host or domain?

Restoration is an important part of a solid WordPress backup solution, but what if you decide to move (migrate) your website elsewhere? Can your backup solution handle that need? Is that even possible?

Most hosts have no incentive to help you move elsewhere, so your website isn’t truly your own to take with you if you ever decide to leave your current hosting company.

If so, how are URLs handled during a migration? If you’re moving your site to a new domain name and the solution doesn’t handle changing your URLs for you, you’ll need to do this manually, which can be a tedious process.

You’ve gone through your checklist and you like your host, but they don’t quite tick all the boxes for your backup need.  So what do you do?

If you find that your host doesn’t quite fit your backup needs, you can use a third-party backup plugin to fill in the gaps.  Some hosts even recommend you use an additional backup solution:

“Customers with critical business information or important data are STRONGLY encouraged to seek a third party backup …” – HostGator

When you’re searching for your third-party backup solution, you’ll want to ask the same questions you asked of your host. That way you have all of your bases covered.

Need a Better WordPress Backup Solution? Get BackupBuddy, the Original 3-in-1 WordPress Backup Plugin

With both your host backups or the backups created by a plugin, it comes down to this: Backup files should be fully yours and you should have complete control over them!

  • BackupBuddy covers all the bases of having a solid WordPress backup solution by giving you full control over when your backups happen and where they are stored.
  • Store backups safely off-site with support for BackupBuddy Stash, Amazon S3, Google Drive, Dropbox & more
  • Schedule backups to run on your schedule (hourly, twice daily, daily, every other day, bi-weekly, weekly, monthly and more).
  • Download your backup files as zip files so you always have a complete copy of your website.
  • Website restores and migrations are easy with BackupBuddy’s ImportBuddy script.
Save 35% off all BackupBuddy plans during the BackupBuddy 9th Birthday sale with coupon code BUB9YEARS through March 31, 2019 @ 11:59 p.m. (CT).
Get BackupBuddy now

The post [Infographic] Is My Host’s Backup Enough? 10 Questions to Ask appeared first on iThemes.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

How secure is your WordPress website? Is your site an easy target for hackers? With a few steps and by adopting a few WordPress security best practices, you can greatly reduce your vulnerability to attack. In this post, we’ll cover a few tips for securing a WordPress website.

1. Keep WordPress core, plugins and themes updated to the lastest version.

Did you know that some of the most common WordPress security issues are related to running outdated versions of WordPress core, themes and plugins? That’s why keeping everything updated is so important.

Right now, if you login to your WordPress website to check, how many update notifications do you see in your WordPress admin dashboard? You’ll find this number in several places, including the top admin bar, in the sidebar menu and also as a notice (if you’re running an outdated version of WordPress).

WordPress update notifications appear in a number of places in your WordPress dashboard.

When your WordPress website is running outdated versions of plugins, themes and WordPress, you run the risk of having known vulnerabilities on your website.

Constant update notifications may seem annoying and it’s easy to put off running updates, but try reframing updates as being directly related to the security and health of your website.

Updates to WordPress core, themes and plugins often include patches for security issues as well as fixes for bugs and new features. That’s why these updates are a good thing.

WordPress Update Checklist

Here’s a checklist for running WordPress updates so everything goes smoothly:

  • 1. Before you run updates, make a current backup of your website. Don’t have a backup solution? Use a WordPress backup plugin like BackupBuddy to backup your entire WordPress installation, including the Media Library, as well as all theme and plugin files.
  • 2. Review the changelog for the version update prior to updating. Developers use changelogs so users can know the changes included in a version update. You can find changelogs on the Updates page in your WordPress dashboard by clicking the link “View version x.x.x” details link.
  • 3. Navigate to the Updates page in your WordPress admin dashboard. Click the Updates link in the sidebar of your WordPress dashboard or the icon in the top navigation bar to see the Updates page.
  • 4. Click the Update buttons to run the updates. You’ll see individual Update buttons for plugins, themes and WordPress core (if you have a pending WordPress core update), along with a list of the plugins and themes you’re about to update.
  • 5. Confirm everything is still working as expected on your website. While it’s usually not necessary, it’s a good idea to do a run-through of your website to make sure nothing is broken or looks strange after the update.
Tools to Help Save Time When Managing Version Updates

If you manage more than one WordPress website, the process of running updates can get time-consuming since you have to log in to each individual website to make updates. Thankfully, tools like iThemes Sync exist to help you manage multiple WordPress sites from one dashboard.

With iThemes Sync, you won’t have to log in to multiple websites to run updates. You can run updates across multiple websites with just a few clicks and see all available updates in one place.
2. Never install plugins or themes from untrusted sources.

Only install WordPress plugins and themes from trusted sources. You should only install software you download from WordPress.org, well-known commercial repositories or reputable developers and their websites.

If you find another version of a WordPress plugin or theme that isn’t being distributed directly from the developer’s website, do your due diligence before downloading and installing it on your website. Reach out to the developers to see if they are affiliated with the website that is offering their product at a free or discounted price.

Avoid “nulled” version of commercial plugins because they often contain malicious code. It doesn’t matter how you lock down your WordPress website if you are the one installing malware.
3. Review your WordPress password security.

This tip bundles a few password-related best practices. A successful WordPress security strategy should include steps to strengthen your WordPress login. This ultimately relates to the passwords used to login to your website.

Why? Your WordPress login is the most commonly attacked WordPress security vulnerability because it provides the easiest access to your website’s admin dashboard.

Brute force attacks are the most common method of exploiting your WordPress login. The brute force attack method exploits the simplest form of gaining access to a website: by trying to guess usernames and passwords, over and over again, until a successful login occurs.
Use a strong, unique and complex password.

How good is your WordPress password? Take this WordPress password strength quiz:

Here’s a WordPress password strength quiz:

  • 1. Have you used the password again someplace else, for a separate account?
  • 2. Are you using “admin” as your WordPress username?
  • 3. Is your password a dictionary word?
  • 4. Have you shared your password with anyone else?
  • 5. Does your password have fewer than 12 characters?
  • 6. Does your password include numbers, symbols and both upper & lower case letters?
  • 7. Are you using two-factor authentication for your WordPress login?
Sounds impossible, right? This is why you should use a password manager to generate random strong passwords and securely store them for all your account logins.

Your WordPress password should meet the following requirements:

  • Include numbers, capitals, special characters (@, #, *, etc.)
  • Be long (12 characters – minimum; 50 characters – ideal)
  • Can include spaces and be a passphrase (Just don’t use the same password in multiple places)
  • Changed every 120 days, or 4 months
Enforce Password Requirements + Refuse Compromised Passwords

Another important best practice for online security is using unique passwords for every account and website login you have. Why does reusing a password matter so much? If you use the same password for all your accounts and even one of those websites is compromised, you are now using a compromised password for all your accounts. Hackers can use data dumps of compromised passwords paired with your email address or username to gain access to all your accounts. That’s why best to not even take the risk.

The more users on your website that are reusing passwords, the weaker your WordPress login security will be. In a recent list compiled by Splash Data, the most common password included in all data dumps was 123456. The WordPress login security of your ebwsite is only as strong as the weakest link, so be proactive with strong password requirements.

You can protect WordPress from compromised passwords with a plugin like iThemes Security Pro. iThemes Security allows you to set up password requirements such as strong passwords, password expirations and the ability to refuse compromised passwords.

For the Refuse Compromised Passwords setting, iThemes Security takes advantage of the HaveIBeenPwned API to detect whether or not a password has appeared in a data breach.

Limit Failed Login Attempts

By default, there isn’t anything built into WordPress to limit the number of failed login attempts someone can make. Without a limit on failed login attempts, a hacker can keep trying an endless number of usernames and passwords until they are successful.

You can increase your WordPress login security by installing a WordPress security plugin like iThemes Security Pro to limit the number of failed login attempts on your website.

The iThemes Security Pro WordPress Brute Force Protection feature gives you the power to set the number of allowed failed login attempts before a username or IP is locked out. A lockout will temporarily disable the attacker’s ability to make login attempts. Once the attackers have been locked out three times, they will be banned from even viewing the website.

4. Add two-factor authentication for your admin login account.

Two-factor authentication is a system that requires two items to log in to your account: First is the usual username and password, but the second is a unique code that’s delivered via another format. The secondary code can be delivered via text, email, single-use codes, mobile apps or other formats.

Whenever you can, you should turn on two-factor authentication. It adds an extra step to the login process, but that layer of security protecting your accounts is worth it.

WordPress two-factor authentication is a huge way to boost your WordPress security and it’s one of the best features to iThemes Security Pro. The plugin also includes a two-factor onboarding section that explains how to use two-factor authentication and why it’s important for security.
5. Start making regular backups of your website.

Another way to ensure WordPress security is to backup your website. Backups ensure that if your website is ever compromised, you’ll be able to get it back. And since WordPress doesn’t include a built-in backup system, you’ll need to implement a backup strategy on your own (most host backups aren’t sufficient).

A good WordPress backup plan includes:

  • Scheduled backups that occur automatically
  • Scanning those backups for malware (an infected backup is no good)
  • Storing backups files off-site in a secure, remote destination
  • The ability to restore your website from a backup

BackupBuddy, our WordPress backup plugin, is our tool for backups—we actually created it out of necessity after losing our own site after a server crash and having no backup.

With BackupBuddy, you can set up backup schedules so backups run automatically. You can also activate Stash Live for real-time WordPress backups that actively track changes to your website so you always have a current backup.

6. Install a WordPress security plugin to handle security tasks.

As we’ve already noted a few times, using a WordPress security plugin can help with several WordPress security tasks that would otherwise take a log of time and technical knowledge.

A WordPress security plugin can help to fix common security holes and strengthen user credentials. The iThemes Security Pro plugin also includes a new real-time WordPress security dashboard to track WordPress security-related stats and activity.

7. Use a quality web host.

Not all web hosts are created equal and choosing one solely on price can end up costing you way more in the long run with security issues. Most shared hosting environments are secure, but some do not properly separate users accounts.

Your host should be vigilant about applying the latest security patches and following other important hosting security best practices related to server and file security. Your host should be vigilant about applying the latest security patches and following other important hosting security best practices related to server and file security.

Choose a reputable host for your website with a solid security record. Finding WordPress hosting that you can trust is the first of the WordPress security vulnerabilities you should try to mitigate.
8. Add SSL.

When someone visits your WordPress website, a line of communication between their device and your server begins. The communication isn’t a direct line, and the information passed between the visitor and your server makes several stops before being delivered to its final destination.

To better understand how encryption works, consider how your online purchases get delivered. If you’ve ever tracked delivery status, you have seen that your order made several stops before arriving at your home. If the seller didn’t properly package your purchase, it would be easy for people to see what you purchased.

When a visitor logs into your WordPress website and enters payment information, this information isn’t encrypted by default. So just like your unpackaged purchase, there is an opportunity for the login credentials and credit card details to be discovered at every stop between the visitor’s computer and your server.

Luckily, unencrypted communication is a WordPress security vulnerability that is easy to mitigate. Adding an SSL certificate to your website is a great way to encrypt and package the communication on your site to ensure that only the intended recipients can view the sensitive information being shared.

Your host may provide a service to add an SSL certificate to your WordPress website or you can add the SSL certificate on your own. If you decide to go the do-it-yourself route, we recommend using Certbot. Certbot makes it very easy to add a Let’s Encrypt certificate to your website as well as set it up to automatically renew your SSL certificate. You can also check out our WordPress HTTPS training to learn how to add an SSL certificate to your website.
9. Uninstall and completely delete any unused plugins and themes.

Do you have any unused plugins and themes just sitting on your WordPress website? These are plugins or themes that are currently marked as “Inactive.”

It’s a good idea to uninstall and completely delete any of these unused plugins or themes as they can pose a security risk if known vulnerabilities exist within the plugin or theme. You can speed up this process by bulk selecting all inactive plugins/themes and then clicking the Delete action from your WordPress admin dashboard.

10. Set up WordPress security logging.

WordPress security logs are another way to keep tabs on activity on your website related to your security. A WordPress security plugin like iThemes Security can set up logging to track several activities and can email you about certain suspicious activities.

Security logging in iThemes Security can track:

  • Brute Force Attacks – Suspicious/failed login attempts on your WordPress admin login screen.
  • File Changes – File Change detection tells you what files have changed in your WordPress installation, alerting you to changes not made by yourself.
  • 404 Detection – 404 detection looks at a user who is hitting a large number of non-existent pages and getting a large number of 404 errors. 404 detection assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and locks them out accordingly. This also gives the added benefit of helping you find hidden problems causing 404 errors on unseen parts of your website.
  • Lockouts – IPs locked out due to too many 404s, brute force attacks, etc.
  • Malware Scans – Results of malware scans on your website.
  • User Logging – Tracks changes/actions made by registered users on your website.
  • Version Management – Tracks updates made to themes, plugins and WordPress.
Tips for Securing WordPress

Hopefully this post has give..

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview