WordPress Security Hardening

WordPress is an Open Source project that’s maintained by hundreds of people all over the world. Started in 2003 it has grown to be the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every single day. Pretty amazing for something that started as a single bit of code and used by only a handful of individuals.

Security of the WordPress environment is extremely critical, considering the vast reach that WordPress has garnered today and the number of people who depend on it. That is why the open source community supporting WordPress takes security so seriously. And you should too!

What is Security?

When it comes to computers, the concept of security is somewhat of an oxymoron. As long as a computer is turned on, someone, somewhere, somehow is going to try to break into it. In fact, the computer doesn’t even have to have any important information stored on it at all. If it’s on a network, it’s useful to someone and that’s why he or she will try to compromise it.

So at the end of the day a secure computing environment provides a trusted environment that protects the privacy, integrity, and availability of the software and hardware being accessed by the end user. When it comes to WordPress this encompasses the front-end webpages, the core environment files, and the backend databases used to deliver a WordPress website.

Security Vulnerabilities

There are two main vulnerabilities that need to be secured: hardware and software. Other than your own personal computer there’s not much you can do when it comes to securing hardware, unless of course you own the servers, routers, and networks that your WordPress environment runs on. In most cases you will have to rely on your web host and broadband providers to secure the core pieces of this infrastructure.

Good hosting providers will backup your site and do their best to provide a secure shared environment, so that nobody else that’s using the same hardware that you’re on will be able to infect our environment. Two web hosts that we recommend are HostGator and HostMonster.

Don’t forget that we are an affiliate for both of these services and if you haven’t read it yet make sure you read our Affiliate Relationship Disclaimer just in case you use one of our recommendations.

Although your service providers will also have some key software to secure across all the hardware supporting you, your main responsibility is making sure your WordPress environment is secure. So lets look at some of the key things that you control when it comes to securing your WordPress environment.

Level One Security

The following security steps are pretty basic. They are easy to implement and don’t required you to do anything outside of WordPress itself. Doing these are a minimum when it comes to security and taking just these few simple steps will help push intruders away from your site and towards someone else’s.

1. Applying WordPress Updates

The easiest way to keep your WordPress environment secure is to make sure you’re applying WordPress updates in a timely fashion. WordPress is no different than any other software package…it has bugs, bad guys exploit the bugs, good guys patch the bugs, and the cycle continues.

Prior to version 3.7 end users had to manually apply WordPress updates on their own, which many administrators never got to. However, automatic updates were introduced in WordPress version 3.7 that improved the overall global WordPress install base by enabling the direct push of update patches to installed environments.

NOTE: by default only minor point releases (3.7.1, 3.7.2, etc.) are applied automatically. Major release updates (4.0, 5.0, etc.) still need to be manually applied.

2. Theme and Plugin Updates

It’s no secret that themes and plugins are what make WordPress WordPress. If it weren’t for these two features, most WordPress sites would look identical and lots of cool features wouldn’t exists. Therefore, it’s extremely critical that any themes and plugins you purchase (or get for free) are acquired from reputable sources.

The last thing you want to do is install a theme or plugin that undoes all the other security steps you take to protect your visitors and your site. Just like WordPress itself, make sure you’re always applying the latest theme and plugin updates provided by your theme and plugin vendors.

There’s plenty of free stuff out there, just make sure the free stuff is trustworthy and not going to cause you more headaches down the road.

3. Strong Usernames

One of the easiest ways to keep the bad guys out of your site and moving on to the next site is to use strong usernames in place of default usernames. When doing a basic WordPress install a default administrative user named “Admin” is created. Using this or “Administrator” is not what you want to do.

When creating admin accounts you want to avoid usernames that are easily guessed like the two mentioned above or Webmaster, or your name, company name, etc. If you really want admin in the username of the account, then create something like “Admin_Acme” or “Admin_JD” for John Doe’s admin account.

4. Strong Passwords

Another easy way to keep the bad guys out of your site and moving on to the next site is to use strong passwords. And by strong password we don’t mean Happy123. Strong passwords are things that are hard to guess and hard to hack by brute force.

Using numeric and alphabetic (upper and lower case) letters, special characters, no repeating characters, minimum lengths of 10-12 characters, nothing related to your name, birthday, company, dictionary words (in any language) is starting to put you in the realm of strong passwords. And if this makes it too hard for you to come up with a password, then try the old phrase technique.

Take a phrase like “The red fox runs in the forest to the river every Sunday afternoon.” If you take the first letter of each word, alternate each character between upper and lower case, and then change a couple letters to special characters you can come up with a password like: TrFrItF2tRe$A – which will be pretty hard to guess or attach by brute force.

5. Modify Your WordPress Nickname

Each username you create in WordPress is given a nickname and by default the nickname will be the same as the username. Unfortunately this can open up a security hole, because the nickname is used as the author tag on post that you write. Hackers use scrapper programs to roam the web looking for WordPress author tags, which they then use as the login username to your site in a brute force password attack.

Make sure you update each users profile and modify your WordPress Nickname to something different than the username. And when doing so make sure you select the “Display name publicly as” option. This option will make sure the displayed author tag on your posts is not your username.

6. Limit Login Attempts

One of the easiest security hacks to prevent against a live site is a brute force attack. This is where an attacker uses a known username and then just tries password after password to access the account. Unfortunately, limiting login attempts is often overlooked…just ask Apple who not long ago had a number of celebrity iCloud accounts hacked in this manner.

The best way to prevent a brute force attack is to use a plugin that’s designed to do just this…limit login attempts. One we use is called Login Lockdown by Bad Neighborhood. In addition to doing what it’s designed to do, it has a nice feature that allows you to “Mask Login Errors.” When you set this feature to “Yes” WordPress will generate a more generic error message when incorrect login information is entered; you won’t be told that the password only is in error when a valid username is entered. This makes it a little harder for an attacker to determine if they have a valid username or not.

NOTE: if you’re really paranoid and want to implement even more security on your website, then you’ll want to install the plugin Wordfence Security. Not only does this plugin allow you to control many more security related options on your site, it also has an interesting Live Traffic option that allows you to see who’s attacking your site.

7. Schedule Regular Backups

If you do nothing else, not even the basic security steps, then the most important thing that you must do is have a solid backup strategy; although this will always be suspect, if you don’t do the basic stuff too. There are plenty of plugins that do this, so find one you like and use it to schedule regular backups.

Also, don’t just rely on your web hosting service provide to backup your WordPress environment. Having them help you recover is not only harder, but will take much longer as well. Instead, schedule regular WordPress backups using the plugin of your choice and make sure you always keep your backup files in a secure location. And by regular we mean hourly, daily, weekly, or monthly – it really all depends on how often your content is updated.

By the way, a secure location is NOT the same location where your WordPress environment is installed. A more secure environment, for starters, is a directory on your web host outside your WordPress environment, while an even more secure environment is on a totally different web host all together. A secure cloud environment, your own PC, or a stand-alone storage drive can provide you with a simple offsite storage solution.

Level Two Security

Up until this point we have been addressing security within WordPress itself. Now we’re going to tackle some things outside of WordPress. These next set of tasks are not that difficult to implement and will go along way in security your setup. Don’t worry if you’re not comfortable with editing files on your server, just make sure you backup any files before you edit them and you’ll have a quick recovery plan in place.

8. File Permissions

It’s important to have all the files within your WordPress environment secured properly and the easiest way to do this is with file permissions. At a minimum the security permissions of all files from your root level on down should be set to 644 and all folders should be set to 755.

When it comes to file permissions it’s best to secure things as much as possible and only when you have problems should you reduce the security permissions of a file or directory. Also, be careful and suspicious of any themes or plugins that require write access to core files.

9. Basic .htaccess File Security

The .htaccess file is a directory-level configuration file that is supported by most all web servers. Its main purpose is to allow for decentralized management of web server configuration.

There are a couple of things that we are going to secure via some basic .htaccess file security and we will need to Copy/Paste these parameters either before or after the # BEGIN and # END WordPress tags:

# Begin Security Updates: copy/paste from here down

# BLOCK Directory Access
Options -Indexes

# STOP Access to Sensitive Files
# BLOCK wp-config.php File Access
<files wp-config.php>
order allow,deny
deny from all
</files>

# BLOCK Include-only File Access
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>

# End Security Updates: copy/paste from here up

The first BLOCK section will prevent people from browsing directories on your server and seeing files that they shouldn’t. The second BLOCK section will prevent people from accessing your wp.config.php file. And the third BLOCK section will secure your “wp-includes” from unwanted access. NOTE: on Multisite environments you will need to remove the third RewriteRule for things to function properly, however that will reduce your overall security a little.

NOTE: the .htaccess file is already protected and forbidden to browsers, as long as, the file is named properly. To be sure, double check that the file is named “.htaccess” and not “htaccess” or “htaccess.txt”. The file must start with a dot.

**10. Secure Your wp-config.php File**

When it comes securing your wp-config.php file there are a couple of schools of thought on this one. Some people believe that moving the wp-config.php has minimal security benefits and, if not done properly, it will actually introduce serious security vulnerabilities to your site. Others disagree with this concept, including us, and prefer to NOT move the wp-confi.g.php file.

Instead we prefer to implement the second BLOCK concept in the .htaccess file as mentioned in Step 9 above. Implementing this method will secure your wp-config.php file and deny access to anyone surfing for the file. This method will also limit any additional security vulnerabilities that might arise by moving the file to a different location on your server.

11. Changing Your Database Table Prefix

This change is best done when you are first creating a new WordPress environment. Although it can be done to a live site, it’s much riskier and you can really mess things up if you make a mistake. We won’t tell you how to change a live site here, but if you need to just drop our support team an email and we’ll send you some notes on how to do it…totally at your own risk of course!

When installing a new WordPress environment the prefix “wp_” will be used for your default database table_prefix. Since there are plenty of automated attack tools out there looking for this default setting, it’s best if you change it to something else when you performing your install. It doesn’t really matter what you change it to, just change it to something other than the default.

12. Disable File Editing

By default the WordPress Dashboard allows users with administrator privilege to edit standard WordPress, Theme, and Plugin PHP files. An attacker who is able to login to a site will often use this feature as an attack method, since it allows code execution.

In order to disable file editing from the WordPress Dashboard the following code can be entered into the wp-config.php file:

define(‘DISALLOW_FILE_EDIT’, true);

Be aware that since you won’t be able to edit files through the WordPress Dashboard anymore, if the need does arise to edit files, then your best bet will be to do it through your CPANEL File Manager.

**13. Delete the readme.html File**

By default WordPress creates a readme.html file in the root directory of your site install. Unfortunately this file can provide some useful information to snooping eyes about the version of WordPress you’re running. After successfully installing WordPress just go ahead and delete the readme.html file. And you may want to delete any similar files that get installed by themes and plugins too.

NOTE: it’s possible that this file gets recreated when you update your version of WordPress, so if you do not want to keep checking for this file and deleting it over and over, you can add the following to your .htaccess file. By the way, not only will the below code prevent people from accessing the standard WordPress readme.html file, it will prevent users from accessing any readme.html file on your server… some plugins may have these files as well, so this is a good thing to do.

# Stop access to sensitive files
# BLOCK readme.html File(s) Access
<Files readme.html>
Order Allow,Deny
Deny from all
Satisfy all
</Files>

You can add this after you # BLOCK Directory Access and before you # BLOCK wp-config.php File Access.

14. Limit Bot Crawling

Although this doesn’t really provide you any real security, we’re still going to list it…just so we don’t have 13 Security Checklist Items for those who are superstitious. Google bot and other search engine bots crawl the web indexing everything they come across, that’s how they collect their content so they can provide all those search results when you go looking for things.

If you want to limit bot crawling and the directories that search bots have access to you can create a robots.txt file and place it in the root directory of your site. This file should contain at a minimum:

User-agent: *

Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /dev/
Disallow: /test/

Note: the last two entries are examples of how to prevent bots from accessing directories with the name “dev” and “test” under the root directory. If you don’t have these directories on your site, then you don’t need these lines in your robots.txt file.

Remember that this isn’t providing any real security. Although real search engine bots like Googlebot will abide by the rules you include in your robots.txt file, not all bots will and the bad ones will search directories that you tell them not to anyway.

When All is Said and Done

At the end of the day there really isn’t much you can do to prevent someone from hacking your system. Given enough time and resources, those who are determined will find away in. As the old saying goes…”the only secure computer is the one not turned on and buried six feet under ground.” Of course it’s also not a very useful computer either.

On the other hand, if you took the time to read this post and then spent another hour or two at the very most to implement everything we told you, then you’ll be 99% more secure than all your friends who are running WordPress and plenty of other people out there too.

There’s plenty more WordPress security hardening that you can do, and just doing a little goes a long way to make your would be attacker go looking for an easier site to hack.

December 9, 2014December 22, 2014

WordPress Training Video Series

One More Way to Help You Succeed

Watch Live or Download and Watch Later

When it comes to webpage creation these days, WordPress is quickly becoming the de facto standard for creating webpages. Not only is it easy, it’s free! And there are tons of places on the web where you can get all kinds of help for any of your WordPress questions.

Instructions

Depending on the browser you’re using, to download your files you can:

Right-click on any download link and choose “Save Link As…” (or “Save Target As…”) to save to your computer
Click on any download link and the file will automatically download to your computer

Support

If you experience any problems accessing these files, don’t panic, just contact Support and leave a brief message about your problem and we’ll get back to you as quickly as we can.

Tools You May Need

If your media player will not play MP4 videos download VLC player, it’s free too.

Lets Get Started

Click any of the video cover images to launch a Video Window and begin watching the related video or use the link below the video cover image to download the video to your computer and watch later. Enjoy!

NOTE: depending on your device and connection speed, some of the larger videos may take a bit of time to download, be patient.

And by the way, when you’re doing reviewing all our training videos make sure you read our WordPress Security Hardening post to learn 14-Steps that will make your WordPress environment more secure and less inviting to would be attackers.

November 18, 2014November 18, 2014

Finding Your Niche: One That Will Work For You

Selecting A Niche Is Complicated

Not really! Niche selection is something that most first time marketers make way more complicated than it needs to be and honestly, finding your niche shouldn’t be that complicated. In fact, there really are only a few questions that you need to consider when picking your niche. Is it a good one? Is it too big? Will it be profitable? See we told you it wasn’t that complicated, just three simple questions.

OK maybe it’s not that simple, but realize that you do not have to go and research things to death. Besides it’s not always about the numbers and more than one first time marketer has died from doing keyword research. Well maybe they didn’t literally die, but their online marketing career was killed via the “paralysis by analysis” bug. It’s true; some folks just analyze forever and never get their careers off the ground.

So instead of being one of those forever analyzing fatalities, think instead about: What are your interests? Your passions? What makes money? Once you have those figured out, then find where they intersect and you found your niche.

How Do You Approach Niche Selection?

There are many ways to approach niche selection and the first decision you need to make is whether you want to be in a niche that is your passion or makes money. Do you want to make money doing what you’re passionate about? Or do you want to make as much money as you can?

Just realize that at the end of the day your success will probably have less to do with your raw skills and more to do with your passion to succeed and how you position your skills to succeed. It’s really that simple and there is no wrong answer.

My Niche Is My Passion

If you want your niche to be based on your passion, then see if your passion can be related to one of the big money making niches:

Finance / Making Money
Relationships / Dating
Health & Wellness / Weight Loss

Being able to connect your talents and interest to these markets will make things much easier for you. Even though these are huge markets, you’ll be teaching what you love to a market that is interested in hearing, and more importantly, buying what you have to say.

Now don’t give up just because your passion doesn’t fit into one these three big markets. Your passion might be making “Chicken Coops” (which by the way is a pretty large market) and that’s fine. The mistake you don’t want to make is getting into a market that has no competition. Why? Because you probably won’t make any money in a niche with no competition. Never be afraid of lots of competition, because when the pie is “big” it doesn’t mean you can’t get a piece of it.

Realize that when picking your niche that you are different from everyone else and you will connect with someone. Again that’s why you want a niche with competition, because nobody relates well to everyone. You have your own unique selling points that no one else has, and those are the things you need to offer up to your niche.

Regardless of how low you start in your niche, you can always move up as you grow. You can combine parts of your niche with the larger market, preferably one that has lots of competition, into unique views that nobody else has.

The Let’s Make Money Niche

Just because you don’t have a passion about something tangible, doesn’t mean you can’t make a ton of money online. In fact, maybe your passion is just that… making a ton of money online? And if that is your passion, then the best way of going about it is to find out who is making money online and then doing it better than they are.

Stop! We didn’t say what you thought you read. When we say, “find out who’s making money and do it better than them” we’re not telling you go and rip-off someone else’s ideas. Never ever, ever, ever do that (period.) It’s down right dishonest, illegal, and not something you would ever want someone to do to you, right? But we didn’t say you couldn’t go off and improve on something that someone else created.

Finding out what works and improving on it is a great way to make money online. And one of the best places to find out what works and makes money online is Clickbank. The Clickbank Marketplace is a great place to find out what’s working and what’s not working online. Of course you’ll need to create an ID to access Clickbank, but don’t worry it’s free.

After you create your Clickbank ID, logon and access the marketplace. Go through the many different categories and look for ones that have ”High Gravity.” Usually the higher the gravity the more successful the product and the more money people are making with it online. NOTE: checkout our article “7 Tips To Consider Before You Build Your List“ for some more information about Clickbank gravity.

As you narrow down your choices of high gravity products try and see if you can find ones that are part of successful evergreen niches, niches that are going to be around making money for a long time. You don’t want to pick something that is short lived, unless of course you know you’re going to make a ton of money really fast and move on.

Once you pick the product that you think will work best, you’ll have your niche. Your next step will be to go and market it better than all the other people who are already marketing that same product.

Overcoming Niche Obstacles

Rest assured that you do not have to be an expert in the niche that you pick. Other marketers have gone before you, so leverage their knowledge to move forward faster. There are a number of things you can do to overcome potential obstacles in your niche.

First, it’s important for you to do some quick market analysis on your niche. One of the easiest ways to do this is to jump on Google and do a search using keywords in quotes that are related to your niche. You’re looking to confirm that your keywords have search volumes between 100K-500K results. Search volumes higher than this will probably mean the niche is too competitive for someone just starting out, while volumes lower than this mean the niche does not have enough competition.

Second, if you know of any experts in the niche you picked, interview them and use that material to educate your market. Remember that as long as you’re moving others who are behind you forward, then you are an expert to them.

Third, you need to provide value. Don’t forget that at some point in everyone’s career they were a newbie. When you first learned to walk you were a newbie, but now you probably walk without even thinking of how to do it. As you grow you’ll provide more value and you’ll pull people along with you while you become the expert.

Lastly, and this is a serious warnings, don’t ever teach anything that would put people in harms way. If you’re truly faking it and putting out total garbage, you’re not going to help anyone and you could get someone in serious trouble. Make sure your material is good stuff and that your material won’t harm others.

What Works In A Niche?

Often the things that work best to build a niche are simple step-by-step instructions on how to solve a problem. Having someone tell his or her story in simple terms is a great way to provide value. Yes, it’s hard to believe that simple boring advice, told by the “average Joe” via a compelling personal story, is what most often connects the so called expert and newbie the best.

And don’t worry or be afraid that you’re sharing the same information that others are already sharing. As we told you early, you want to pick a niche that you know is already successful. Unless you have something totally new and are 100% positive everyone needs, you don’t want to try to build your own niche out of nothing.

However, don’t lose site of your goal, which is just to do it better than others and in a way that gets people to take action. Think coaching programs or some other accountability factor that will get people to make a change in their life.

Features of Viable Niche Markets

One of the most important features of viable niche markets is that they are Evergreen Markets; markets in which stuff is always in demand and not seasonal. Additionally, viable markets also usually have a high lifetime value. Also, it’s best to find a niche that supports quick product development. If you can develop a product in 30 days or less, it’s much easier and cheaper to bring that product to market.

For example, the making money online niche, where you sell information about how to make money online, is non-seasonal and always in demand. And don’t forget that health, weight loss, and dating are other viable niche markets that never go out of season and will always be in demand.

If you’re not sure about your niche, you might want to create a simple opt-in or squeeze page that gives out a free report (niche related of course) and send some free traffic to it. Should you get an opt-in rate of 20+% or better you’re lucky and you probably picked the right niche to further develop your product in. Plus you’ll have started a list of people who you’ll be able to market to via a product launch, but that’s a whole different topic and we’ll save that one for another day.

Finding Your Niche

What can you develop? Write about? Get into? These are the questions that all new marketers struggle with when they first start out. Don’t worry, others have gone before you and it all worked out for them.

Don’t forget that the worst thing that can happen is that you think too much and you sabotage yourself. If you think you have to be the expert, if you think you have to develop the perfect product, if you just think and not do, then you’re doomed to fail before you even get started.

Think about it, products were meant to go through product upgrades. Nothing is perfect day one. And as long as you remember that all you need to provide is value, you can market yourself as an expert today and become the expert tomorrow.

Everyone starts out as a newbie, but as long as there is progress beyond that point, you are helping others and helping yourself.

The great classical scholar Desiderius Erasmus Roterodamus once said, “In the land of the blind, the one-eyed man is king.” Today you may be blind, but tomorrow you will be king.

As always, here’s to your success and the best of luck in finding your niche!

October 17, 2014November 18, 2014

7 Tips To Consider Before You Build Your List

What’s the key to most things on the Internet? Traffic of course. Now before you start saying that this sounds like another one of those “Chicken vs. Egg Theories” about which comes first “the List or the Traffic”, just realize that you already know the answer. Of course it’s the list. No traffic. Wait, I’m so confused!

Like everything else on the Internet, list building is no different and requires traffic it be successful. But before you go and get tons of traffic and explode your list building, you need to first complete a few other steps. Below are seven tips you should consider before you start building your list.

Pick Your Niche

Unless you already have a niche that you’re interested in and know will work, you can’t skip this step. On the other hand if you’re lucky enough to already have a niche you know will work, then feel free to skip on down to Step 2.

Don’t worry, you’re probably like most people and have no idea what niche you want to get into when starting out online. Just realize that you’re going to have to do some research into what’s being sold and more importantly into what’s being purchased online.

First and foremost you don’t want to pick a niche that’s too competitive or has to few buyers. Either of those will certainly make your millionaire success journey that much more difficult. However, you do want a good level of competition, because that will probably mean there is a good level of buyers as well.

So where do you start?

How about heading over to the Clickbank Marketplace. Note: if you don’t have a Clickbank account, you’ll need to create one… don’t worry, it doesn’t cost anything to create an account. Once you log into Clickbank you will want to review their “Categories” or niches like “Arts & Entertainment, Business / Investing, Education, Games, etc.”

These categories often have subcategories that break things down into even more detailed segments. As you go through each category or subcategory use the “Sort results by” feature to sort by “Gravity” and make sure you also select the “High to Low” option. The higher the gravity the better the sales, so you’ll want to look for products that interest you and have a high gravity.

If nothing strikes your fancy on Clickbank, then head over and checkout the Top Products on eBay. Not only will this show you the Best Selling Products, you’ll also be able to see Trending and New products as well. You can also explore eBay’s Trending Collections or just select the “Shop by category” dropdown and go through the multitude of categories until you find something that interest you.

Last of all, but of course not least, you can head on over and checkout the Amazon Best Sellers list. Not only is the list broken down by category making it relatively easy for you to go through and see what item are most popular, it’s also updated hourly which means you can go crazy trying to keep up with all the changes. Just kidding… don’t constantly check their listings to see what’s on top, just search through it for some ideas of what might interest you enough to make you want to promote it.

Determine Your Product

This will come easy, if you’ve already gone through Step 1. As you went through Clickbank, eBay, and Amazon as recommend above to get ideas about which niche to promote, you were probably also looking at what products were most popular. Hopefully you did and kept notes about which products you thought were worth promoting.

If you didn’t keep notes on products while determining which niche you want to market in or you skipped Step 1, because you already knew what niche you were going to market in, don’t worry because you’ll have your chance now to determine your product.

Now that you know your niche, lets log back into the Clickbank Marketplace and pick a product. Once in Clickbank go to the niche, category, you’ve picked and use the “Sort results by” feature to sort by “Gravity” and make sure you also select the “High to Low” option. You want to look at and review products that have a high gravity, because those are the ones that are selling well.

However, you need to remember that gravity is just a good starting point. Don’t forget to put yourself into the mindset of the customer you’re going to be marketing this product to. Click through to the product authors landing page and ask yourself, “Would I buy this product if I’m into this niche?”

Look for product authors whose landing pages come with videos, great sales copy, and buyer testimonials. Those are the ones you’re going to want to promote. Stay away from the ones that have cheesy ad copy, even if they have high gravity. Gravity can change quickly once people are no longer making money.

Marketing Your Product

If you’re lucky, the Clickbank product you picked will have come with an autoresponder email series already written for you and ready to use in the marketing of your product. And if it didn’t, then you’re going to have to do some more research into the features and benefits of your newly found product so you can market it to your client base.

At a minimum you’re going to want to come up with at least 5 emails to use in the marketing of your product, and probably no more than 10. It’s not uncommon for people to have to see and hear about something on average 5-7 times before they make a buying decision. Less than that and they probably won’t have enough time to convince themselves that they need it, while more than that and they’ll think you’re annoying them.

Your autoresponder series should cover the benefits of the product, include testimonies when possible from previous (happy) buyers of the product, and each subsequent email should add a little something different that the previous emails didn’t include. Once again, if you picked a really good product on Clickbank it will already have product-marketing emails written for you. And if it doesn’t you should be able to pull content for your emails from the product sales page that came with the product.

Create Your Landing Page

Speaking of product sales pages, the really good products on Clickbank will come with a complete sales page, also known as, a squeeze or landing page. And if it doesn’t, then there probably wasn’t an autoresponder series either and you might just want to rethink using this product… especially if this is the first product you’re trying to market. Creating everything on your own the first time you do this, is a little too much to ask for.

The main goal of your landing page is to capture leads, at a minimum the email address of the visitor to your page. If you don’t turn the lead into a subscriber, it’s going to be pretty hard to sell them your current and future product offerings. What’s the best way to turn a lead into a subscriber? Well it’s usually through a free offer or “ethical bribe.”

Ethical bribes can range from great tips that you send to your subscribers in the autoresponder emails you created, to an eBook or PDF report, a video, or some other valuable product that your lead would want in exchange for giving you their email address. Just remember, the more value you give away the more likely it is that you will gain a subscriber.

There are few key items you need to include on your landing page to help sell your offer. The first is a powerful headline. Your headline should be at the top of your landing page, be in big bold text, and include the most important benefit your product has to offer. A great headline will sell your lead and get them signing up all on its own.

The second item every landing page needs is a “Call to Action” indicator. Don’t take for granted that your lead will actually do what you ask them to do. You must tell your lead exactly what they need to do. Yes you TELL them what to do. Also, your call to action may appear in a few different formats. You can include some text like “Enter your Name & Email below” or a button that reads “Click to Get Your Free Report Now” or some graphic arrows that point to the button you want the lead to click. Whatever you do, don’t be “wishy washy.” Make sure you tell your lead exactly what to do.

And the last item all good landing pages need is the capture form. This will be where the lead enters their email and any other information you want to collect. Typically your call to action text will be just above your capture form, your forms submit button will include additional text that tells your leads what to do, and if you’ve designed your landing page correctly your capture form will appear “above the fold.” An “above the fold” capture form is one that appears and is viewable to the lead when the landing page is first displayed on the leads device (e.g. computer, tablet, phone, etc.) and doesn’t require the lead to scroll down to see the capture form.

Getting Your Traffic

You’re now to the point where everything is in place to sell your product and the only thing you need now is traffic, because once you get traffic your landing page will capture your leads, and your autoresponder series will sell your product. Or that’s what suppose to happen, if all goes according to plan.

Now don’t be surprised if only 1 out of 10 or even 1 out of 100 leads actually becomes a subscriber. Not everyone coming to your landing page is going to want what you have to offer, but also realize that once you turn on the traffic “faucet” that it’s on 24 hours a day, 7 days a week, 365 days a year.

Also, remember that things on the Internet aren’t static. If you’re getting traffic and few subscribers, then make some slight changes to your landing page. Adjust your headline or alter your call to action, modify your capture form or even switch out the free gift you’re using as your ethical bribe.

As to where you should get your traffic from, that’s the magic question everyone is looking to get answered. Depending on your niche and how competitive it is your traffic may come from search engines like Google, Yahoo, and Bing. Or maybe you can get traffic from social media sites like Facebook and Twitter. Video marketing on sites like YouTube is another great way to get traffic. And there are plenty of article sites on the web where you can distribute articles you write and include links pointing back to your lead capture page.

Note the one thing all those previous traffic methods have in common is that they generate free traffic, which is great but it’s not always easy to generate large volumes of leads via free traffic when you’re starting out. So if free traffic methods aren’t generating enough leads for you, then you may have to result to paid traffic methods. Paid methods includes things like Pay Per Click (PPC) advertising (think Google Adwords and Microsoft Adcenter), Ad Swaps, Solo Ads, Social Media Ads (Facebook Display ads, LinkedIn Ads, promoted Tweets), Affiliate Programs, and Paid Listings just to name a few.

Regardless of how you get your traffic the goal is to convert leads into subscribers, so you can convert subscribers into buyers.

Selling Your Secondary Products

Now don’t think you’re all done after you make that first sale to your new subscriber, unless of course your plan is to always get new subscribers. Well even if that is your plan, and it should be, you don’t want to rely on just one sale only per subscriber.

You should realize that as your list continues to grow, you have unlimited built-in (free) traffic at the push of a button. Setup a new landing page, write an email offer, and blast it out to your list. Nothing is better than a list of “targeted” subscribers that know and trust you, and are willing to buy from you again and again and again.

Just make sure you keep a good balance between selling and giving, and that your secondary products go hand-in-hand with or are complementary to the original product you sold. Treat your list well and they will treat you well too!

Stop, Drop and Roll

In most instances when you “catch fire” you’ll want to “stop, drop and roll.” Unfortunately this is not one of those instances. Once your Internet marketing activities catch fire you’re going to want to repeat, repeat, repeat!

Just remember that getting things up and running takes time and can get frustrating, but once you make your first sale it feels oh so good. And after you’ve done it once, all you need to do are the same 7 Steps over and over and over again. Nothing new. Nothing different. Keep testing and refining your actions and before you know it you’ll develop your own strategies and in no time you’ll be a pro.

As always, here’s to your success!

September 23, 2014October 1, 2014

Gaming Google: Private Blog Networks – The Latest Google Slap

Unless you were living under a rock this week or off exploring galaxies far far away, you probably heard about the Google crackdown on the concept of Private Blog Networks (PBN’s). It appears that the crackdown started on September 18^th via Google Webmaster Tools (GWT) manual action notices.

As Webmasters around the world logged into GWT that morning, they were greeted with manual action notices from Google informing them that their sites had “thin content” – shallow pages which do not provide users with much added value – also know as spam. Below is a screen shot of the message Spencer Haws, over at Niche Pursuits, received.

In fact, Spencer wrote a really interesting article “Alright Google, You Win…I’ll Never Use Private Blog Networks Again!” about his own experience with his latest Google Slap that’s worth a read.

Gaming Google

Again, unless you’re still living under that rock, you would know that Google considers thin content to be search spam and has a page in their Webmaster Guidelines explaining they can take action against this type of content.

As we saw in the example above a number of SEOs and Webmasters who have used PBNs to artificially inflate their Google rankings got “Google Slapped” with these manual actions.

Now we’re not hear to debate whether “Black Hat SEO” techniques are good or bad or if PBN’s fall under the black hat category, but apparently in this round of Google punishment and site slapping the holders of the keys to the kingdom have decided that PBN’s are on the bad side of the equation and that some sites needed to be de-indexed.

Since there can be only one site at the top of the totem pole there will always be those how try to Game Google and their ranking algorithm in an effort to have their site at the top spot. Of course, since Google controls the algorithm, they can pretty much do what they want in their attempt to provide what they feel are the “best” results for a search request that a user of their system performs.

Every time Google changes their algorithm there will be an endless debate about how unfair it was and how site rankings dropped. Nobody says you have to use Google to get traffic or even have your site indexed by them, so if you don’t like their rules then go get ranked on some other search engine and don’t complain.

Content at the End of the Rainbow

When all is said and done what “content at the end of the rainbow search” are people really looking for? Well, the answer to this question is probably one of those “it depends” type of answers. In some instances users are probably fine with thin content. A simple question or topic can often be answered in simple terms that don’t need 1200 words or some arbitrary amount of text to convey a perfectly sound answer.

On the other hand, there are times were page after page of content is needed to thoroughly explain a topic. Either way, as long as the “searcher” is happy with the end result the size of the content shouldn’t matter, right?

Recommended Action

Unfortunately, when your site violates one of Google’s recommended guidelines you’re usually left somewhat in the dark. It would be nice if they told you exactly what was wrong, but they don’t. Maybe they fear that if they did, folks would gain too much insight into how their algorithm works.

Oh well, in this case a quick read of the Google Support page for a recommended action related to thin content will tell you review the following sections of their Webmaster Guidelines:

Of course after you do that and check for duplicate content on your site, thin content, etc. etc. and you’re sure your site is no longer is in violation of Google guidelines, you can request reconsideration of your site. And then you sit back, cross your fingers, and hope after your site is reviewed that Google agrees with you and determines that your site no longer violates their guidelines. If they do agree with you, they’ll revoke the manual action and hopefully you’re site will once again rank and you’ll climb back to the top spot on the totem pole.

The Risk of Gaming Google

Just like everything else in life, there are those who make the rules and those who have to follow them. Those who don’t want to follow the rules will do anything they can to get their way and when the rule makers catch them, they usually whine and cry and try to blame everyone else rather than accept responsibility for what they did.

Did you think that SEO and ranking on Google was any different than any other rule based systems we have to follow? Nope. It really doesn’t matter if it’s PBN’s, Link Wheels, Black Hat SEO or any other method you use to get your site ranked on Google. If Google doesn’t like it, then you risk having months or years worth of work and money go down the drain. Trying to game Google and circumvent their rules for ranking will always be a game of cat and mouse.

Going Forward to Game or Not to Game Google

At the end of the day there’s really only one question you need to ask if you’re going to game Google and that’s “Can you make a profit before they catch you?” It really is that simple, well that is if you are just looking to make a quick buck and then move on to something else. If you’re going this route, then you’re probably not creating a long-term business anyway.

However, if you’re looking to create a long-term business, you may want to think twice before you try and game the rule makers. Instead you may just want to adapt and evolve, because when it comes to ranking your site you need to realize what works today my not work tomorrow anyway. Besides you really are at the mercy of Google to some degree anyway. It’s their algorithm and they make hundreds of changes to it each year, and that’s in addition to all those animal updates like Panda and Penguin they make too.

Instead of just trying to game Google and get quick results, you might just want to create good solid content that really does interest the people you’re trying to reach and then reach those people. Once you reach a few people, if the content is good enough, they will probably start to share it and your network reach will grow. As your network grows and you turn out more content, it won’t be long before even more people will be talking about your website.

Going forward we just don’t recommend you game Google, especially with your money site, the one you plan to have for a long time and be your business. If you do, Google will eventually catch you and your site may just fall off the face of the earth when it comes to ranking and being found by those who are looking for what you have to offer.

Of course we’re not naive and we know plenty of individuals will continue trying to game Google and do things to rank their sites fast, but in the long term we’re fairly certain those sites will not achieve the true potential that they could achieve.

And for those who are willing to put in the time and effort to get their site to rank based on the rules that Google set forth, we’re fairly certain that they will rank well regardless of how many algorithm changes Google makes. So stop trying to game Google, think twice about Private Blog Networks, and do your best to stay away from the latest Google Slap.

Your Long Term Business Vision

Besides Google is just like any other business, here today and possibly gone tomorrow. OK maybe not tomorrow, but maybe one day. You don’t want to put all your eggs in one basket, such that your business depends only on traffic from Google to survive. Build your business with Google and also without it.

Create content and solutions for your audience that they want to see. Treat your business like a real business. Determine what your long term business vision is and then go out and make it happen.

As always, here’s to your success!