The latest version of iThemes Security Pro, our WordPress security plugin, includes a new update to the Passwords Requirements settings module. You can now refuse compromised passwords and force users to use passwords which do not appear in any password breaches tracked by the Have I Been Pwned API.
Refuse Compromised Passwords with Have I Been Pwned Integration
Themes Security Pro now uses a service by Have I Been Pwned to detect whether passwords have appeared in a data breach. A data breach is typically a list of usernames, passwords and often other personal data that was exposed after a site was compromised.
Have I been Pwned keeps track of the passwords compromised in many data breaches and makes them available via an API. To check if a password is included in a data breach, we send the first 5 characters of a hashed (sha1) version of the password.
Note: iThemes Security never sends plaintext passwords to Have I Been Pwned. Instead, 5 characters of the hashed password are sent over an encrypted connection to their API. Read the technical details here.
Has Your Password Been Found in a Data Breach?
If your password was found in a data breach, iThemes Security will require you to update your account’s password immediately. This does not mean that the website you are visiting is compromised, only that the password you use has been found in one or more data breaches of popular websites.
If you are reusing this password for other accounts, you should choose a new unique password for each of them. (We recommend using a password manager like LastPass to generate and store strong random passwords.)
Attackers often use compromised passwords as a starting point for cracking accounts because it is faster than brute forcing all possible password combinations. If your password is exposed and you’re reusing your credentials across multiple websites, attackers could compromise your account in just one or two attempts instead of millions.
Enabling the Refuse Compromised Passwords Setting in iThemes Security Pro
1. After updating to iThemes Security Pro 5.3, navigate to the iThemes Security > Settings page.
2. From here, navigate to the Password Requirements module. Click the Configure Settings button.
3. Next, scroll to the bottom of this module until you find the Refuse Compromised Passwords section.
4. Check the box to enable the setting. You can also select the minimum role at which a user’s password must not appear in a breach.
5. Click the Save Settings button.
Warning Users of Compromised Passwords + New Password Prompt
After the Refuse Compromised Passwords setting has been enabled, users who attempt to log in with a compromised password will see this notice on their WordPress login screen, prompting them to update their password using a strong password generator.
Once the password has been updated, the user can now successfully log in using a secure password.
Secure & Protect Your WordPress Site from Compromised Passwords with iThemes Security Pro
To take advantage of this update, you’ll need iThemes Security Pro (v 5.3). Current iThemes Security Pro, Plugin Suite and Toolkit customers will find the 5.3 update available now as an automatic update from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.
Email marketing should be a major focus for anybody hoping to effectively connect with people. It’s proven to work, if you do it right. So we’ve got some email marketing tips to help you make your email list the best it can be.
Let’s look at just five email tips from Christie’s recent webinar:
1. Make emails mobile friendly.
80% of people check email on their phones. That’s a pretty astounding number. If your email isn’t easy to digest on a small screen, it’s time to change that. And if you don’t know if your emails are mobile friendly, you really need to find out.
You can start simply enough by proofing your email on a device. Start seeing your email the same way the vast majority of your subscribers do. You might start to see simple things to change right away.
In general, make sure you have short text with good headers and sub-heads and lots of white space. It’s hard to say how long or short an email should actually be. Some successful emails are really long, but they also have really good content in short, digestible bursts.
2. Frequency matters.
How often do you send emails? Some successful freelancers are sending emails out every few days. But it’s not a saturation strategy—they’re sending out super engaging emails that develop connections. Others send out emails monthly or even quarterly and find great success.
There’s no one right answer. You need to experiment and see what works.
But a sure way to lose subscribers is frequent emails that don’t provide value. Always make sure you’re offering value to your subscribers.
3. Segment your lists.
Email marketing is known for having some incredible response rates. Often that happens thanks to segmentation.
Simply put, segmentation is making sure people get emails they want to see.
Demographic segmentation is common, but what might be more helpful is psychographic segmentation—focusing on what people want.
So how do you get that kind of data on subscribers? Just ask:
For new subscribers: Ask them to fill out a subscriber profile as part of an onboarding or automated welcome email process.
For old subscribers: Send a segmented list to your old subscribers who haven’t indicated preferences and ask them to do so.
For both groups, make it clear why you’re doing it. Explain that you want to make sure your emails are relevant to them and that they’re getting emails they want to see.
4. Utilize other types of email.
When we talk about email marketing, it’s easy to focus on the direct blast email. But don’t overlook transactional emails, onboarding emails, or cart recovery emails. These are all an important part of email marketing:
Transactional emails: These are action-based emails. Someone purchased something and that triggered a transaction email: here’s your download, confirm your purchase, thanks for ordering, etc. These emails are about doing something, so keep it simple and direct. They are still an opportunity to show your company culture, so find the balance between doing that while still doing what needs to get done.
Onboarding emails: In some ways, these might be a subset of transactional emails, but it’s important to focus on them. These are the emails you send to welcome someone to your list and help them know what to expect or how to use your product. These often come from a company founder or president, but here’s an email tip: send them from a support manager or someone close to the customer. Nobody believes these emails come from a founder anyway.
Cart recovery emails: These can be a huge opportunity to make up for lost sales. Jilt is one helpful tool (we interviewed Jilt product manager Beka Rice about cart abandonment). A lot of these tools offer templates and you’re welcome to change the template—but don’t. A lot of research went into the effectiveness of those templates. Use their well-researched approach with minimal tweaks.
5. Build your list.
None of the potential of email marketing can be realized if you‘re not building your list.
Website: Put sign up forms on your site (make sure they’re GDPR-compliant—you might need to use a modal window or some other approach, depending on your email service). And you should definitely plug your email list in more than one place.
Social media: Make sure your social media followers are on your list. Add sign up links to social profiles and talk about your list on social media.
Give an incentive: Use a lead magnet to encourage people to sign up (we talk more about lead magnets in our post).
Testimonials can be a powerful boost to your business. They offer social proof to back up what you’re saying and encourage potential clients to get on board.
When done well, testimonials can establish your credibility, promote your business, and improve your sales. If they aren’t done well, they don’t matter at all. They’re just extra words taking up space.So you need to make sure you get them right.
We’re going to share some testimonial insights from business coach Diane Whiddon. She offered a free, one-hour Marketing With Testimonials webinar that goes in-depth with practical strategies to help you make the most of rave reviews from your clients or customers.
According to Nielsen, 92% of people will trust the opinion of someone they know, and 70% will trust “consumer opinion posted online” of someone they don’t know. Those numbers beat out everything else, including websites (58%), emails, (50%), and online ads (33-40%, depending on the type of ad).
Good testimonials work because they clearly illustrate the problem your customers have and, most importantly, explain how to solve it.
Customer reviews that simply say “Awesome!” or “Loved it!” aren’t helpful. What really makes a testimonial so effective is when people can connect to the story and see their own struggle in it. It’s the, “Hey, I had that problem, too!”
Outline of a Good Testimonial
So if a simple “They’re great!” isn’t a useful endorsement, what is? You want a testimonial that tells a complete story: problem, obstacles, solution, resolution.
A solid testimonial needs to answer these questions:
What problem did you have? This establishes a baseline, giving potential clients something to identify with.
What product/service did you purchase? This seems obvious, but it grounds the reader in the experience of working with you.
What was your biggest obstacle to buying this product/service? People’s barriers to purchasing aren’t always what you expect. This can give you real insight, while also reinforcing that connection (“Oh yeah, I struggled with that too.”)
What did you expect to get? This can be a helpful question to establish expectations, and then pay off how you met or exceeded those expectations.
What was the result? This is the payoff, where they explain the benefit they received from working with you. Ask them to be as specific as possible. You could also extend this question and ask for more benefits, how it has changed their life, or what they’re doing now because of this.
How to Get Testimonials
OK, that’s a lot of questions to ask. How is anyone supposed to do this?
You Have to Ask
The single most important factor in getting testimonials: You have to ask. You can’t get what you don’t ask for.
Busy freelancers can have a hard time with this. We make excuses and we never quite get to it. Sometimes there’s an issue of confidence hiding in all those excuses. We’re reluctant to ask for testimonials. Sometimes it’s weird to have people rave about us. This is one of the challenges of marketing, and you’re going to need to come to terms with it.
If you’re a successful businessperson, you do good work. People want to rave about you. So let them. Don’t apologize for asking. Just ask.
Create a Process
The best way to get reviews is to create a consistent process. Make it a part of your freelance business system and ask for them every time.
Ask right away: As soon as a project is finished and you’ve delivered, ask for a testimonial. Your client is thrilled, so now is the best time to ask.
Tailor to the situation: Be sure to adjust your questions based on what a client purchased. If you did a giant project, spend some time with the client getting these answers. If you sold them an ebook, make it quick.
Nice emails: What if a client says something great in an email that’s almost a testimonial? Ask if you can use it. If there’s something missing, ask if they’ll add to it.
Deadline and incentive: Give clients a deadline and follow up with them. Also, let them know you’ll link to their website, so it’s a promo opportunity for them.
Discount or rewards for testimonials?: No, don’t bribe people to get an endorsement. There is the rare industry where this is more common, but in general, avoid this practice (it may also run afoul of Federal Trade Commission policies).
Legalese: Make sure you disclose how you’ll use someone’s endorsement. Something simple like, “I’ll be using this on my website and other promotional materials,” is fine.
Remember: People want to gush about you. This process makes it easy for them.
Another way to get even more bang from testimonials is to get them in other formats. Text is great, but video and even audio can be even more effective.
There’s an authenticity factor when you see someone giving an endorsement via video. While it may not be true, people have the impression that a video testimony is a greater commitment. It seems like more work and not everybody is comfortable being on camera. It’s also harder to fake. It’s unlikely people will doubt the authenticity of written testimonials, but it could happen. But video removes all doubt (OK, maybe not all doubt. It is possible to fake video, but now we’re in the realm of massive conspiracy theories.)
So if you want to go above and beyond, use video to capture your endorsements.
You Have Testimonials, Now What?
You’ve scored some endorsements—nice work!—now what?
Can You Edit a Testimonial?
Yes, you absolutely should edit the endorsements you receive:
Grammar: At the very least, fix grammar and any spelling mistakes.
Lightly edit: Remove unnecessary comments, paraphrase, and smooth out any awkward language.
Lots of changes: If you have to make lots of changes to make the testimonial usable, that’s OK. Just send it back to your client and ask if they’re OK with the changes. They’ll be pleased you made them sound better.
Attribution: Testimonials should be attributed with a name, title, and company. You want the person to have a sense of authority. A photo will also make the endorsement feel more authentic and real.
Where to Put Testimonials
Once your testimonials are ready to go, you need to share them.
The most obvious place to put testimonials is on your website. But be intentional about where. They should go anywhere on your site where you’re trying to convince people to take action. So definitely on a services page, but an about page would also be appropriate. Good placement of testimonials is part of effective websites.
As long as you have testimonials all throughout your site, then it can be good to also have a single testimonial page that brings them all together in one spot. But do not have just a testimonial page and expect people to go there.
You should also share those endorsements elsewhere:
Social media: Sharing reviews can be a good way to offer that social proof in a very social setting.
Email newsletters: Endorsements can help close the sale in your email pitches.
Print materials: Don’t forget your brochures, postcards, or other print pieces.
More on Testimonials
For more insights on getting endorsements, watch the full webinar with Diane Whiddon. She gives more details on the anatomy of a testimonial, including questions to ask—and don’t forget the testimonial template. Diane also explores why you should give testimonials as well. Check out the full webinar for more.
iThemes Sales Accelerator Reporting Pro, our WooCommerce reports plugin, just got a new update to include WooCommerce reports for Products, Orders and Customers, so you can get a better look at the performance of your WooCommerce store. Now your WooCommerce reports include even more information on these important aspects of your WordPress e-commerce shop.
New! Introducing New WooCommerce Reports for Products, Orders & Customers
From your WordPress dashboard, navigate to your iThemes Sales Accelerator dashboard. There you’ll find the new tabs for Orders, Products and Customers, in addition to the standard WooCommerce Reports screen.
Note: You can sort the report information you see by using the tabs (custom date range, today, yesterday or the past 30 days).
New! Orders Report
On the new Orders page, you’ll get more information on your store’s orders.
You’ll now see Fast Facts for your orders, including:
Waiting to be Shipped
You’ll then see a table of recent orders, including links to the original order entry.
Finally, there’s an overview section that gives:
Average Order Amount
New! Products Report
On the Products page, you have 4 product-specific Fast Facts, a table with a list of available products and a table with last sold products. There are also 3 product-specific overviews stats.
Products In Stock
Low Stock Products
Out Stock Products
Products & Product Detail Page
From the main Products screen, you can also click on individual products to get more details.
Average Product per Order
List of products
New! Customers Report
On the Customers page, we have 4 customer Fast Facts, a table with the list of customers and 3 customer-specific overviews.
Returning vs New
Customers vs Guests
Customers & Customer Detail Page
You’ll then see a table of recent customers. By clicking on a customer, you can view a customer details page, with customer general information. From here, you can also add and view customer private notes.
From here, you can customize the contents of your report details, including the report type, date range, Fast Facts, overviews, tables and charts.
Update to iThemes Accelerator Reporting Pro 1.2
To take advantage of this update, you’ll need iThemes Sales Accelerator Reporting Pro (v 1.2). Current iThemes Sales Accelerator Pro, Plugin Suite and Toolkit customers will find the 1.2 update available now as an automatic update from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.
Get iThemes Sales Accelerator Reporting Pro with WooCommerce Reports
With Reporting Pro for iThemes Sales Accelerator, you can monitor the various sales aspects of your site from one convenient dashboard within your WooCommerce website. Reports are updated in real-time, plus you get access to the new Products, Orders and Customer reports. Also, be sure to download the free iThemes Sales Accelerator WooCommerce mobile app to manage your store on the go.
In this post, we recap the newest cool and useful (oh, and free!) WordPress plugins added to the WordPress Plugin Directory. This month’s list includes everything from a new way to add an image gallery plus several new block plugins for the Gutenberg WordPress Editor.
By Carl Alexander
Plugin Description: The goal of the Passwords Evolved plugin is to shore up WordPress authentication using standard security practice recommendations. The plugin improves WordPress authentication by doing the following: enforcing uncompromised passwords, and using stronger password hashing.
If a user’s password has been found compromised, they will be unable to log in until the password is reset.
This functionality defaults to administrator only, but can be added to any role on the settings page.
This functionality also works when a password is changed.
Replaces the standard WordPress password hashing to bcrypt
This will make decrypting passwords more difficult in the event of a data breach.
Important note: The developer says that if you remove this plugin, you’ll have to reset the password for all users on the site because they have been re-hashed with bcrypt. I was not able to reproduce this, however.
PhotoBlocks – Image Photo Grid Gallery
Plugin Description: The PhotoBlocks – Image Photo Grid Gallery plugin is an image gallery/photo gallery/portfolio gallery/tiled gallery in one plugin! You can zoom the images thanks to a fast lightbox. Add special effects to your grid gallery. Use our builder to create justified galleries.
One of the better gallery builders I’ve seen so far.
Doesn’t use standard WordPress interface to build the gallery, but it’s very intuitive.
Gallery embeds with a shortcode.
By Bill Erickson & Jared Atchison
Plugin Description: The Shared Counts plugin adds high-performance social sharing buttons that preserve your non-HTTPS share counts. Shared Counts was created with site performance in mind, even at large scale.
An excellent free alternative to maintaining share counts after you move a site to HTTPS.
Simple but powerful plugin with several built-in styles.
Insert before or after page content or by shortcode.
Uses native counting (contacting each social property individually) or the SharedCount.com API which allows 10,000 calls daily free.
WPA Clean Updates
By WP Assist
Plugin Description: With every major update from WordPress, WordPress pushes new versions of default themes to your server. Though the default themes are relatively safe, every line of unused code on your server forms a potential security risk. With the WPA Clean Updates plugin, your websites will not be bothered with the new plugins.
This plugin is a single line of code that can be added to your wp-config.php file.
Disables addition of new WordPress default themes and plugins.
This code is not a bad idea to add to your starter WP install (if you have one).
Years Since This Month’s Simple but Useful Plugin #1
By John Alarcon
Plugin Description: Texts such as “I have worked for x years in web dev” are quickly outdated within a year. The Years Since plugin keeps these types of time-span references up to date with a simple shortcode.
Keep year totals up to date dynamically with this shortcode.
I have been working in web development for [years-since y=1995].
It has been [years-since y=1776 m=07 d=04] since the United States declared independence.
Brozzme Change Username This Month’s Simple but Useful Plugin #2
Plugin Description: The Brozzme Change Username plugin is a one-click tool to modify any user username everywhere. To apply a new name, you just need to select a user and put its new username.
Core WordPress does not allow for usernames to be changed once created, and even has a message to that effect.
This plugin has an interface to select and change a username (at Brozzme > Change username), and adds a Change Username button to each user’s details.
WP Last Modified Info
By Sayan Datta
Plugin Description: Most WordPress themes usually show the date when a post was last published. This is fine for most blogs and static websites. However, WordPress is also used by websites where old articles are regularly updated. This last updated date and time is important information for those publications.
Add last modified info to the beginning or end of content or by shortcode.
Can be activated for pages, posts or both.
Doesn’t currently work with custom post types.
As mentioned in the past, there are some nice Gutenberg Block collections that are being added to the WordPress plugin directory. This is a trend that will likely continue for some time, as developers get more creative with the new options that Gutenberg offers. Here are a few examples of new development in this area.
Atomic Blocks – Gutenberg Blocks Collection
Plugin Description: Atomic Blocks is a collection of content blocks for the new Gutenberg block editor. Blocks are chunks of content such as paragraphs, images, galleries, columns, and more. Building blocks give you more control to quickly create and launch any kind of site you want!
Stackable – Ultimate Gutenberg Blocks
By Gambit Technologies, Inc
Plugin Description: The Stackable – Ultimate Gutenberg Blocks plugin adds the missing design blocks and options you need in the Gutenberg editor. Stackable gives you more customization options that aren’t found in the current set Gutenberg blocks, like adjusting corner radius for buttons and different styled dividers.
Gravity Forms Gutenberg Block
By Gravity Forms
Plugin Description: The Gravity Forms Gutenberg Block is a content block for the new WordPress Gutenberg page editor that allows you to add any of your saved Gravity Forms as a content block from directly within the Gutenberg editor. The Gravity Forms Gutenberg Block is available to any user who has an active Gravity Forms license.
By unCommons Team
Plugin Description: Gutenberg is a great editor but sometime you could want to disable it for Pages, Posts or other post types. Gutenberg Manager allows you to enable/disable the editor where you want. It will also allow you to disable default Gutenberg blocks.
CoBlocks – Gutenberg Blocks for Content Marketers
By Rich Tabor from CoBlocks
Plugin Description:CoBlocks is a collection of page builder Gutenberg blocks for content marketers, built by the fine folks at ThemeBeans. More coblocks blocks: Accordion Block, Alert Block, Author Block, Click to Tweet Block, Dynamic HR Block, Gif Block, GitHub Gist Block, Spacer Block, Social Sharing Block.
By Phpbits Creative Studio
Plugin Description: More controls over your WordPress Gutenberg Editor Blocks! Assign restrictions per devices, user logged-in/our state and custom display logic. Block Options feature-packed options below each block settings tab to help you better manage your editor blocks. Its main goal is to let you have better contents to serve your visitors on every devices and pages.
Un-Gutenberg Your Site
By WordPress Contributors
Plugin Description: Classic Editor restores the previous Edit Post screen and makes it possible to use the WordPress plugins that extend it, add old-style meta boxes, or otherwise depend on the previous editor.
Dismiss try Gutenberg Nag Dashboard Widget
By Luciano Croce
Here at iThemes, we’re taking GDPR compliance seriously. Have questions about the upcoming GDPR changes and how iThemes is ensuring compliance? We’re here to help.
Please note: We cannot offer legal advice for your website. Please consult a lawyer for more information on your website’s GDPR compliance.
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR EU 2016/679), which replaces the European Union (EU) Data Protection Directive (known as Directive 95/46/EC), is a European privacy law. The aim of the GDPR is to strengthen data privacy and protection for individuals within the EU, both citizens and non-citizens, as well as the transfer of EU personal data outside of the EU. The GDPR becomes enforceable on May 25, 2018.
The GDPR requires companies and site owners to be transparent about how they collect, use and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used and shared.
Is iThemes GDPR Compliant?
To Whom Does the GDPR Apply?
The GDPR applies to any organization that processes and holds personal data of EU data subjects, regardless of whether or not the organization is a member of the 28 EU member states. The GDPR also applies to both citizens of the 28 EU member states, as well as any individuals transmitting data outside of the EU while traveling within the EU member states.
GDPR Compliance As It Relates To iThemes Products
We know you may have specific questions about how GDPR impacts our products. Here’s a brief overview.
When using iThemes’ products and services, the customer maintains ownership of customer data and controls how such data is accessed and controlled. iThemes has no knowledge of the data that a customer stores with our plugins or themes. Therefore, all customers are responsible for ensuring compliance with applicable laws and regulations to protect such information.
Our plugins and themes are integrating with the built-in privacy tools offered in WordPress 4.9.6 to help website administrators ensure that their websites are GDPR compliant.
Our services are being updated to have privacy statements and necessary changes required for those services to be GDPR compliant.
Important: Update to WordPress 4.9.6
The latest version of WordPress (4.9.6) is an important privacy and maintenance release, so it’s important to update your WordPress website as soon as possible.
This release is unique as it includes a number of privacy-related features such as:
User data request handling
User data export and removal tools
Cookie opt-in for comments
Other features related to GDPR compliance
Data Exports & Data Erasure
The latest version of WordPress adds new screens to the WordPress > Tools menu. These new data handling features allow you to export and erase user data upon request.
Note: iThemes plugins will fully participate in the new WordPress data handling features by May 25, 2018.
Data Exports: Site owners can now export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins.
Data Erasure: You can now erase a user’s personal data, including data collected by participating plugins.
Still Have Questions about GDPR Compliance?
Please send all questions about the GDPR to privacy@iThemes.com.
We love to interview veteran freelancers and soak up the wisdom that comes with experience. There’s a different—but just as valuable—perspective to be had from rookie freelancers.
Those eager rookie freelancers may still be learning, but they’ve got that hungry spirit. Rookie freelancers have a fire and energy that can be inspiring for even the most jaded veteran.
We talked with five newish freelancers to glean insights from their perspective—and, honestly, to see if we could bottle some of their enthusiasm.
A Word About Rookies
Rookies are never rookies for long. We did some of these interviews nearly a year ago. By the time you come across this post, it’s possible these “rookies” are well on their way to seasoned-veteran status.
The difficult thing about talking to rookies is actually finding someone who’s still a rookie. Either they’re too green and don’t have anything to share, or nobody knows who they are.
So while we’re calling them rookie freelancers because it makes for a good title, it’s probably not accurate anymore. They keep growing and improving. But we can still learn from their early years and share their infectious eagerness.
Rookie Freelancers Get Started
It’s always interesting to hear how freelancers got their start, and it’s no different with these rookie freelancers.
Allie Nimmons started her design career by doing MySpace layouts back in the day. A lot of self-training led to an agency job, but it wasn’t the right fit. She had to find another agency job or start freelancing. She hasn’t looked back.
Stacey Bartron also found herself at an agency (after some early experience with Xanga layouts) that didn’t pan out. She wanted to do more. When a few opportunities fell into her lap, she went for it.
“Freelancing full time wasn’t something I had ever seriously considered before that point, and it was never a goal of mine,” Stacey says. “So I think I shocked myself mostly when I made the decision.”
Adam Soucie had a similar move from an agency to freelance work, doing smaller jobs that gave him the freedom to become his own boss.
“I started with two projects with two friends of mine. … Instead of putting any sort of agreement on paper, we just discussed the project and the details of the deal casually. … As you can probably already tell, I never got paid.”
A veteran in the tech space, Bianca Welds found herself helping friends with WordPress and it eventually turned into a side business. She’s both a freelance rookie and a veteran techie.
What Contributed to Success?
While these rookie freelancers are still finding their early success, they’re definitely making it. So what contributes to that success?
For Madalin Milea it’s one word: Persistence.
Learning from the mistakes of others really helped Allie Nimmons move forward.
For the veteran Bianca Welds it was her professional approach that set her apart.
Word of mouth and referrals have defined Stacey Bartron’s first year.
For Adam Soucie it was networking contacts that turned into recurring revenue: “My monthly maintenance contracts pay the bills and keep a roof over my head.”
“I’ve also been very selective about who I work with, which helps to ensure greater success in the projects I do implement.” -Bianca Welds
Where Can You Improve?
Rookie freelancers are early in their careers, so they have a lot of areas where they can improve. But there’s a difference between recognizing where you need to improve and actually doing it. Having the foresight to recognize those areas and actually improve is what will help freelancers shed that rookie label.
Allie Nimmons perhaps understands that best: “Learning to prioritize how I grow and when is an important lesson I need to learn.”
Pinpointing those areas of growth is definitely a challenge (for all of us).
Bianca Welds talked about the difficulty of doing marketing and attracting new clients. Madalin Milea needs more patience. For Adam Soucie, it’s figuring out how to sell: “Most freelancers I’ve met are terrible salespeople. I am too.”
For Stacey Bartron it’s all about confidence:
“I think the biggest area I need to improve upon is having confidence in my abilities. … It can be easy to forget that I am good at what I do, I love what I do, and I am competent.”
Advice for Veterans
Wise veterans don’t just scoff at rookie mistakes. They look at what rookies are doing right and learn some lessons. We asked the rookies what advice they have for veterans:
Keep learning: “Reserve some time to learn new things every day, even if you’ve been doing what you’re doing for X years.” (Madalin Milea)
Just as WordPress has come to dominate the web, WooCommerce is dominating the e-commerce space. So we’re talking to WooCommerce experts to learn some new strategies and insights.
Cody Landefeld is a WooCommerce pro and co-founder of Mode Effect. He started using WordPress in 2006 and hasn’t looked back.
“We’re seeing so many brands that have gone from turning one-time customers into fanatical card-carrying customers. This is the future of e-commerce. ” -Cody Landefeld
We talked with Cody about conversions, site speed, and the power of membership.
What makes for a healthy WooCommerce store? What do you look for?
From a sales perspective, conversions = good health. But even more important than conversions is the frequency of purchases after the initial conversion. Then the key is to determine the frequency of purchases after the initial sale. That gives a good preliminary understanding of how well a store is performing on sales from the outset.
From a technical perspective, it’s all about speed. Not only just how well your site performs on the marketing side, but what about once a customer starts to add items to their cart and continue a search for additional products? In cases where the site is not well optimized or running on a solid host, that will tend to be the breakdown.
What are some effective ways a WooCommerce store can increase its income?
Borrowing from the previous answer, the goal is always to use the little hinges to swing the door open. By taking a look at the chain of conversions, to purchases, and multiple purchases—we can work backward to market to loyal customers first and then use tactics to bring customers who only bought once to buy again and so on!
Can you give us an example of using data to improve a WooCommerce shop?
There are sales and technical data to get into that will uncover opportunities for improvement in the cases mentioned beforehand. In the case of a healthy store that is getting a certain amount of customers not completing purchases, you can always focus on the speed. There are data points to indicate a certain amount of sales that can increase based on improving the store’s responsiveness. Again, the key is working with a store that has that data available. Those are reflective of the best customers for us to partner with.
What’s in store for the future of e-commerce? Are there things on the horizon—either mundane realities or cool tech—that excite you?
I think it’s content and membership. We’re seeing so many brands that have gone from turning one-time customers into fanatical card-carrying customers. This is the future of e-commerce. Tech is always going to follow those trends in my opinion.
Too many websites are just static information dumps. We think of a simple site map with five or six pages of information:
The problem with that is your site visitors don’t know where to go. There’s just information, and no recognition of the process visitors go through when they go to a website.
Most people go to a website with a goal in mind. They need a service or they want to be entertained or they need something specific. So your site needs to focus on that process.
An effective website should take visitors on a journey where you convince them to do whatever it is you want them to do. You need to do that in an active way—you can’t just count on motivated visitors to be inspired by static information.
Your website needs to guide people through that information. It should anticipate and answer objections. It should offer proof to back up your claims. It should be painfully obvious what the visitor should do next.
Offering that kind of a journey is how you create an effective website.
Typical Website Journey
So what does that journey look like? Here’s the typical journey a visitor goes through on your website:
Landing page/Homepage: People start on whatever page they land on. This could be your homepage, a blog post, a sales page, etc. It depends on what they’re looking for and why they came to your site. Maybe they clicked on a link or typed in your address from a business card. They came looking for something specific and hopefully, this page delivers.
Services/Products/Store: If that first page delivered, the next step is finding out what you offer. People want to know how it will benefit them and if they can afford it.
About: If someone continues to be engaged, they’ll go to an about page to find out who this person is, what their qualifications are, if they can be trusted, etc.
Call to Action: Finally, an effective website needs to push someone to action. It could be buying a product, hiring you for a service, signing up for an email list, etc.
6 Tips for Effective Websites
How can you maximize that journey and create an effective website?
1. What’s Your Goal?
The most important thing you can do to create an effective website is to be clear about your goal. What do you want people to do? Are you trying to get leads or sell widgets or grow your email list?
You need to figure out what your goal is and relentlessly focus on it. How do you know if you’re focusing on your goal? You should have a clear call to action on every page. An effective website will guide people to what they need next, always pushing toward that goal.
Quick tip: A single page can have more than one call to action, but keep it simple. The narrower your focus, the clearer the next step will be to visitors.
2. Features vs. Benefits
Remember to always talk about benefits instead of just features. A feature is focusing on the product or service, while a benefit is focusing on the customer. You always want to focus on how it impacts the customer.
A timer on a coffee pot is a feature. The fact that it lets you sleep 10 more minutes is a benefit. Effective websites don’t just talk about features, they talk about how that feature makes things better. It should always be focused on the customer.
Quick tip: Reading through a site from the customer’s perspective can be hard. Try recruiting some friends to do that for you and give feedback.
3. Power of Social Proof
Don’t forget about testimonials. As you’re walking visitors through your site, you want to offer social proof to back up your claims. Testimonials are a solid tactic of effective websites because they show that you can deliver.
But don’t segregate those testimonials to a single page. Instead, sprinkle them throughout your site. Let people encounter testimonials as they journey through your site. One place you should definitely have testimonials: Your services page (or products or whatever it is you’re selling).
Quick tip: A good testimonial should say more than “You’re amazing!” That might make you feel good, but it doesn’t say much to your customers. Diane has another free webinar on marketing with testimonials.
4. Stack Panel Design
One-page design or stack panel design is a more modern approach to homepage or landing page design where everything is on one page. Each panel communicates one thing at a time, but the entire page can move people through several steps at once.
This new design approach has taken off thanks to mobile devices where it’s more natural to scroll than it is to click (effective websites love mobile).
As a result, you can forget the old mantra of “above the fold.”
People want to scroll, so it’s OK to make long pages with lots of scrolling.
The key is to be concise, clear, and always point to that call to action.
Linking to other relevant content on your site can be another way to keep visitors hooked and pull them through a journey on your site. An effective website will keep visitors around, and you need more content to do that.
So take any and all opportunities to use internal links to keep visitors on your site. You could link to examples of your services, case studies of successful projects, or blog posts that explain your process.
Quick tip: While deep linking on your own site is good, make sure you’re not pointing visitors to a dead end. The pages you link to should also have a call to action, so visitors always have a next step.
6. About Page
The about page is often overlooked, but it’s a crucial part of the journey. Visitors go to the about page because they want to know more about you (duh)—but that’s because they’re either on board or nearly there. They like what they see and want further confirmation. They want to know your qualifications and why they can trust you. They’re looking for some connection point, something that tells them you see the world the same way.
So two vague sentences isn’t going to cut it. Don’t let your about page be an afterthought.
Effective websites use the about page to close the sale. It’s not just a resume or a list of accomplishments, it’s the right details to connect with someone. An about page should prove you’re qualified and also offer the social proof to back it up.
Quick tip: If you need help to improve your about page, Diane Whiddon has a free tool to help you write a better bio.
Effective Websites Are a Journey
Don’t let your website be a static collection of information. Engage your visitors. Guide them through your site. Always have a goal in mind, and always be pushing visitors toward that goal.
In honor of World Password Day, we thought we’d check in on your WordPress password strength. Your WordPress security is only as good as your WordPress password security, so if you have a simple password, you have a simple website to hack.
Here’s a quick WordPress password quiz:
1. Have you been using the same password for more than 4 months?
2. Are you using “admin” as your WordPress username?
3. Have you used the password again someplace else, for a separate account?
4. Is your password a dictionary word?
5. Have you shared your password with anyone else?
6. Does your password have fewer than 12 characters?
7. Does your password include numbers, symbols and both upper & lower case letters?
8. Are you using two-factor authentication for your WordPress login?
If you answered “yes” to any of questions 1 – 6 or “no” to questions 7 – 8, it’s time to review your WordPress password security.
WordPress Password Tips
Your WordPress password should meet the following requirements:
Include numbers, capitals, special characters (@, #, *, etc.)
Be long (12 characters – minimum; 50 characters – ideal)
Can include spaces and be a passphrase (Just don’t use the same password in multiple places)
Changed every 120 days, or 4 months
Here are a few more things you can do today to protect yourself and your WordPress website by strengthening your password.
1. Start Using a Password Manager
We’ll start here, with password managers, because the biggest complaint we hear about adopting password security is the inconvenience. We understand—and that’s where password managers come into the picture.
We’re big advocates of using a password manager like LastPass or 1Password. A password manager allows you to generate a strong, complex password for all your website logins, and then securely stores your login information. You can then install the browser extension for the password manager so you can easily autofill your login information.
By using a password manager, adopting the rest of these password security best practices becomes a lot easier.
Tip: Because the master password for your password manager account is so important, don’t forget to enable two-factor authentication for your account!
2. Don’t Use the Same Password More Than Once, Ever
As an online security best practice, you need to have long, complex and unique password for every web account you use. If you use the same email address and passwords for multiple websites that you log into, what happens when one of those websites gets hacked? Your email address and password is now on a list that will be used to try to log into other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
3. Don’t Use the WordPress Admin Username
“Admin” used to be the default username for WordPress, so loads of people had the same username. If you’ve had WordPress for a while, you could still be using admin as a username. That’s a WordPress security no-no.
One simple way to combat vulnerable logins is to not use default usernames.
So if you’re still using “admin” as your username, change it now! Newer versions of WordPress don’t allow it and the iThemes Security plugin can change it for you.
Tip: Use the iThemes Security plugin’s tool to change your “admin” username without any headaches.
4. Require/Enforce Strong WordPress Passwords
If you have a website with multiple admin-level users, at a minimum, you should also be requiring those users to also have strong passwords. While you may have a strong password, if someone else doesn’t, your website is still at risk. That’s why it’s a good idea to enforce strong passwords for all users in your WordPress password security efforts.
Tip: Force users to use strong passwords as rated by the WordPress password meter. You can enable this setting using a WordPress security plugin such as the iThemes Security Pro plugin.
5. Generate Strong WordPress Passwords
Don’t try to come up with long, unique and complex passwords on your own. Take advantage of password generators to do the job for you. Either use your password manager to generate a strong password or the iThemes Security plugin.
Tip: After enabling strong password enforcement from the iThemes Security dashboard, visit any user profile page. In the Account Management section, you can generate a strong password with just one click.
6. Change your Passwords Frequently
If you haven’t changed your password in the last 4 months, change it now. Set yourself a reminder to change your password every 120 days.
Tip: With iThemes Security Pro plugin, you can enable password expiration for your WordPress website. With this setting, you can force users to change their passwords after a certain number of days.
7. Protect Your Website from Brute Force Attacks
Brute force attacks refer to a trial and error method used to discover username and password combinations in order to hack into a website. The brute force attack method exploits the simplest form of gaining access to a site: by trying to guess usernames and passwords, over and over again, until they’re successful.
So it’s a good idea to limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they’ll get locked out after a few attempts.
Tip: Enable Brute Force Protection within the iThemes Security plugin to limit the number of login attempts.
8. Enable WordPress Two-Factor Authentication
We’ve saved this tip for last, but it’s probably the most important. Two-factor authentication, also known as two-step verification, is one of the best ways to protect your login. WordPress two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.
With two-factor authentication, users are required to enter both a password AND a secondary code sent to a secondary device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account.
Tip: It’s easy to add two-factor authentication on your WordPress website using a plugin like iThemes Security Pro. Then you can configure your choice of authentication method: mobile apps such as Google Authenticator or Authy or email.
How’s Your WordPress Password Strength Now?
We hope this WordPress password quiz and the tips we’ve included in this post have helped you evaluate your current password security and take some steps to improve it. Strong, safe, unique passwords will protect not only your WordPress website, but the rest of your digital life as well.