Author: Will Gallahue

Categories
Development

Common WordPress Security Issues and How to Fix Them

Dueling security cameras

Photo credit: The sublime Milosz Klinowski

WordPress is the world’s foremost content management system powering tens of millions of websites across the world. The platform is incredibly flexible powering everything from blogs to major corporate sites to eCommerce retailers.

However being the most popular CMS means that hackers will always try to find ways to target and compromise the platform and the millions of sites on it. Here is our list of the most common WordPress security issues and how to fix them.

Poor Username Policies

While it may be obvious that setting a username as admin or siteadmin is not a best practice, there are countless other ways that poor username choices can lead a site to be compromised.

The first way is setting usernames to be exact employee names or initial + last name. Often the people accessing your site backend to contribute content or edit posts will use their WordPress password for other services and if a service is compromised then it’s easy for hackers to then try and successfully access your site.  If a hacker can successfully guess a username, they can use brute force login techniques to try and guess the password and with frightening speed.

When assigning usernames for staff … use a naming convention that will be easy to remember but won’t be obvious to guess.

Allowing User Enumeration

Another way that hackers can gain access to username lists is with scripts that spam requests by taking advantage of WordPress URL redirects. A script can spam requests like domain.com/?author=1, domain.com/?author=2 … and so on and WordPress will resolve those numbers to user names.

Once a script gathers a list of user names, it can then attempt to brute force passwords and gain access similar to the above loophole. The solution is to edit the functions.php file so that it doesn’t route those requests to IDs or block those requests overall at the server level.

Missing HSTS Headers

These headers increase site security by ensuring browsers always access the HTTPS version of a site. If someone types in the domain or clicks a link to the site that doesn’t include https:// a browser may first connect to HTTP before routing to HTTPS and that non-secure to secure handoff can be a target for malware attacks.

Get these added to your site and improve your overall security in minutes.

Missing Content Security Policy Headers

These headers reduce vulnerability to XSS (Cross Site Scripting Attacks) by instructing browsers that they should only load scripts and resources from trusted domains.

Missing Secure Referrer Policy Header

If an external resource is compromised (example: a site you link to on your blog) and is accessed from the site, having a secure referrer policy header protects the amount of information sent to a hacked site and in turn could protect the site from exploit attempts

Not Appending External Links

Add rel=noopener to all external links. Should any external site get compromised, this will help prevent users from being redirected to a malicious URL and mitigate any SEO issues from Google seeing a link to a less reputable domain.

Security has unfortunately become the most important thing online and having a secured site should be the most important priority for your brand and customers. There are a number of companies that provide secure hosting, vulnerability testing and web development services that provide peace of mind and prevent against attacks.

Personally this site is on WPEngine and I would endorse them.

Categories
Paid Media

Common Reasons Your Remarketing Campaign Isn’t Working

Round Forest Bike Path

Photo Credit: The talented Thomas Bormans

Remarketing campaigns can be a great source of revenue but for many brands, remarketing is a poor performing channel because of overly broad audiences, mismatched messaging and poor funnel design.

If your remarketing campaign is a cost center rather than a revenue driver, here’s our list of common reasons for poor performance and how to address them:

Overly Broad Audiences

Most brands have just two remarketing audiences:

  1. All visitors
  2. Abandoned carts

Given the diversity of your users and the reasons for them to potentially convert into a lead or sale, these are simply not enough but brands often fail to diversify these lists as a result of resource or time constraints.

At the very least, you should have campaigns for each service you offer and product based remarketing for eCommerce. If you do want to keep an all visitors list then put gating around it with a minimum time on site or pages visited (in GA4 use engaged sessions). Adding rules and splitting out users will significantly cut down on waste and allow you to segment remarketing performance by audience to get feedback on where you’re strong and what pages may need work.

Mismatched Messaging

Brands that do have their audiences properly sorted often undo that work by serving the same creative to multiple audiences or in some cases every audience.

Similar to the broad audiences problem, brands often don’t have specific remarketing creative for each audience segment because of time and resource constraints. However implementing messaging that speaks to each audiences has never been easier with Google and some programmatic networks even offering dynamic remarketing creative that can automatically do this for you.

Ads that don’t speak to a user or their intent will never get clicked.

Poor Funnel Design

Another reason that brands lose money on remarketing is that even if they have the audiences segmented out and the right messaging to them, they consistently dump these visitors on pages where they have to restart the conversion process.

If any of your remarketing campaigns are dumping people on the homepage then you need to pause and really think through the user journey. The goal of a remarketing campaign should be a seamless transition back to where a user left off vs putting them on a page where they have to search or navigate toward their ultimate goal. In some cases brands design landing pages specific to conversion that allow users to restart and finish their journey in a space that doesn’t distract them.

Poor Placements

The final way that brands lose money on remarketing is with poor placement management. Similar to search query reports for Google Ads, most programmatic networks and GDN allow you to view performance by placement and if you’ve never audited where your ads show, odds are the bulk of your impressions are on sites and apps that won’t make sense for conversion.

In my experience 40-45% of programmatic impressions are served via in game ads and it takes a lot to convince a customer to stop their quest to beat level 100 in Candy Crush to go back and purchase a product or continue learning about a service. In fact most of your programmatic clicks are likely people in these apps accidentally clicking an ad between levels or battles and this takes budget away from placements where you’re performing well and have better contextual conversion opportunities.

Always audit your placements and make sure your ads are showing where it makes sense.

Categories
Paid Media SEO

Generating Leads in Competitive Industries for Less

Photo credit: The talented Zybnek Burival

Generating leads for ultra competitive industries can seem like a prohibitively expensive process. The reason is that for the last two decades brands have been stuck thinking that the only way to consistently generate inquiries is through high dollar Google Ads campaigns with the hope that over time and with enough investment they may be able to get organic visibility and direct traffic from branding.

It’s time for companies to break out of that cycle because there are evergreen and budget friendly ways to generate leads that diversify your marketing mix and improve your overall brand.

Here’s how to do it:

Build a Content Library

Content is king but brands often struggle from a lack of planning/organization or they develop content that is irrelevant, vague or doesn’t connect with their audience. A strong, well written, keyword optimized and interlinked content library that covers all stages of the buying cycle, customer needs, objections and features can generate a consistent volume of leads month in and month out.

Where to start:

The best part is that all the data you need to build a content machine is already out there.

Content Ideas

Google Ads (Free):  Their keyword tool is one of the most powerful business intelligence products on the market. You can literally see what people are searching for, how often they search, competition and other related queries.

AnswerThePublic (Free): This helpful tool scrapes Google Autocomplete data and organizes it by alphabetical, questions and prepositions and is a great way to develop taxonomies

SEMRush (Paid):  This tool offers both of the above and pulls in additional keyword data that won’t be found in Google Ads. One important thing to note with Google Ads data is that it only shows keywords where an ad matched to it so you don’t get the full spectrum of long tail searches that SEMRush provides.

Your CRM/Sales Team (Free): The best place to source content is your closed deals. Often you can find all the objections that had to be overcome, all the obstacles for approval, all the other vendors that were part of the selection process. Lea

Google Trends (Free):  If your business is seasonal, has a regional focus or is taking advantage of a new medium like NFTs then Google Trends is an incredible business tool.

Reddit (Free): Odds are your industry has its own subreddit(s) where your target audience is discussing questions, problems and solutions to what they’re encountering. Avoid spamming these discussions with self-promotion and instead focus on how to take common themes from the content and incorporating them into your content library

Quora (Free): The internet’s question database. Simply type in a keyword and find the most common questions or those with the most answers to uncover opportunity and points of confusion

Leverage Programmatic

Your customer’s search journey is so much more than a one or two word search phrase at the end of the funnel. They might go to 10-25 different places across multiple devices and channels and programmatic ad networks can help message your prospects throughout their journey.

Using lists, competitor sites/apps and other important customer attributes will help you get the best ROI from your campaigns and you can work with your programmatic provider to feed data back to their systems to help further hone in targets.

Where to Start: 

There are a number of great programmatic networks and providers that can help guide your business from setup to final execution.

Providers:

StackAdapt: They have a great dataset and offer a number of custom ad units that really make brands pop

Criteo: They have the best data of any network but their ad units are fairly generic. Perfect for service based businesses.

Airtory: They have an amazing ad builder that turns your static creative into engaging dynamic ads

Become an Industry Influencer

There are influencers in every industry and becoming one doesn’t mean having to do a catchy Tiktok dance or trying to make a video go viral. You can be an influencer by simply being a consistent source of quality information in the forums and mediums where it matters.

Where to Start:

Reddit and Quora should be the first places you being to establish a presence. What you’ll want to do is start involving yourself as often as you can in discussions relevant to your industry and most importantly you’ll want to give straightforward answers leveraging your experience while not being overly promotional.

Once you’ve taken 2-3 weeks to really involve yourself in these communities, it’s time to start leveraging video, specifically YouTube, Tiktok and Reels to rehash popular discussion topics (with your answers of course) and assert experience.

If you have a well defined audience, then we recommend boosting each post to that group to help with views and subscriber/follower counts and the key here is to consistently post rather than make 3 videos and call it a day.

For an added bonus, you’ll want to then blog about each video and tie to it existing relevant content or use it as the backbone for a strong well researched article.

Brands that do these 3 things will find themselves generating a consistent stream of inbound leads while putting there name out there at every step of the consumer journey.

Categories
Web 3

The Comprehensive NFT Marketing Launch Guide

Will Gallahue NFTs

Photo credit: My own NFT collection covering my Lake Tahoe trip

Launching an NFT project requires a combination of creativity, coding, marketing and attention to detail and when it all comes together, you can create successful collections that provide value to both you and the end purchaser.

Our ultimate NFT launch guide will help you plan a project from start to finish or help you get to the next step if you’re stuck. If DIY isn’t an option for you because of time, programming or creative constraints there are a number of boutique firms online that can help manage all aspects of design and launch.

What You Need to Get Started

  • Project idea
    • Goal
    • Incentives for holders
  • Art direction
    • Concept
    • Layering
  • Programming Resources
    • Generation
    • Storage
  • Cryptocurrency
    • Distribution (Ethereum vs Solana vs Matic)
    • Opensea
  • Marketing Resources
    • Discord server (launch and admin)
    • Website creation
    • Social media buildout
    • Promotion

Project Idea

Project Goal

I’ve seen a lot of projects where it’s clear the organizers skipped straight to the art and launch process without really thinking through the project value proposition. NFT projects can and should be so much more than just artwork. There should be a goal for the project and what you want to accomplish.

Incentives for Holders

One way to differentiate your project from other NFT collections is to have an incentive in place for whomever holds your token. It could be access to an exclusive members portal, real world benefits or any other designations.

Art Direction

Concept

This is actually the hardest part because your creative concept will ultimately define every part of the project in some way or another. There is infinite possibility so consider what’s not out already out there vs doing another pixel character line where you have limited differentiation.

Layering 

Whatever you decided to choose, the most important part is making it scalable. Whether you plan to do 1,000 tokens or 100,000 … you have to make the creation process scalable because you can’t reasonably do this by hand.

NFT artwork is structured in layers using Photoshop or Illustrator with layers for each element that will go into the final image. These layers will be different background colors, attributes and features that when generated should make a cohesive image and you can set rarity for each in the minting process.

Programming Resources

Artwork Generation

There are a number of scripts that can take your layered documents and automatically generate your entire series of NFTs. Using these scripts is fairly simple and requires some light programming knowledge to test and use.

Storage

Once your artwork is generated, you can store your art either on or off chain.  Ideally you’ll want to store on chain as it will make launch easier but if you decide to store off chain, you’ll want to make sure that in case of a failure or hack you won’t lose everything.

Cryptocurrency

Distribution

One of the most important factors is what cryptocurrency you’ll want to use for your tokens. Ethereum had been the preferred crypto for NFTs but high gas fees (transaction costs) meant that smaller projects were often untradeable because the transaction cost was more than the value of the token. Recently more projects have been aligning with Solana or Matic as they have the same advantages of Ethereum with significantly lower transaction costs.

If you plan to launch with Ethereum, it should be for limited runs or for very highly visible, highly touted projects. If you’re doing a series of 10,000 and have never launched before, then you’ll want to look at Matic or Solana as it will be more attractive to buyers.

Opensea

Their market is the easiest place to distribute and manage your project. You’ll be able to host, catalog and see real time transactions for your project through their marketplace and that’s where you’ll find all of your buyers.

Marketing Resources

Discord

Discord servers are the backbone of any successful project. They allow you to cultivate your community, stay in constant contact and let them know critical updates. If you don’t have time to manage and moderate your server, you’ll want to hire an experienced moderator to make sure your community is well managed and informed.

Website

The second component you’ll want to build is a site that talks through the project, allows minting and serves as a portal for your social media accounts and discord server. A site that names project participants will also lend credibility to the project vs using anonymous names.

Social Media Buildout

As part of the overall marketing asset buildout, you’ll want to make sure the project is visible on Twitter and Instagram. Aside from posting updates, you’ll want to sponsor posts targeting the community to help build visibility and gain traction.

Promotion

Most projects enlist known entities in the cryptocurrency space to promote and advocate for their projects. These can be individuals or collectives that have a strong sway in the community and can quickly generate traction. However creators need to be sure they choose the right promoter

Final Word

NFT projects can be an amazing distribution vehicle for brands and creators and the time to begin developing a NFT strategy is now.

Categories
SEO

SEO Spring Cleaning – Refresh Your Site in 2022

Cleaning a surface

Photo credit: The interesting Anton

It’s that time of year again when the seasons change and marketing budgets and expectations for the year have been set. Now that companies are turning their focus to performance, this is a great time to look at your site and more importantly how it’s producing organically. Here’s our guide to spring cleaning your site and making sure your organic presence hits the mark.

Crawl your site

Sites break over time for various reasons and if you haven’t run a crawl in the last few months, this is a perfect time to use Screaming Frog or similar tools to check your site. In addition to finding and fixing broken links, we recommend focusing on the following areas:

  • Sitewide redirects
  • Sitewide canonicals
  • Short H1 tags
  • Short Title tags
  • Missing meta descriptions
  • Buried pages (crawl depth of 6 or greater)
  • Short pages (100 words or less)
  • Low internal links

Once you have your crawl data, build a gameplay to prioritize and tackle everything over time. Sites can be nebulous so a schedule with accountability is a must have. 

Dust off your blog

Blogs work well for content development but for most sites on the web, the last entry is often months if not years ago. If you have a compelling value proposition, industry knowledge or want to address pain points in your market then you should consider creating a content calendar and holding your brand accountable for consistent, quality, content production. 

You’ll have new assets to share in social, Google will see new content and crawl your site more often and more importantly you’ll have new touchpoint for prospects looking for solutions. 

Cull your underperforming content

Similar to pruning a tree or rose bush, your site likely has content that isn’t getting any traffic and is taking link equity and crawl space away from more important pages. We recommend taking a list of current pages then doing an export of Google analytics for pages that received traffic over the last 6 months and comparing the two lists.

For most sites, you’ll see 5-10% of pages haven’t received traffic in the last 6 months and we recommend the following steps when reviewing whether to keep or remove content:

1. Is the content still relevant? A post about a new hire who has since left or a post wishing people a Happy 2017 are likely candidates for removal. Remember these posts take link equity and crawl budget away from your higher performing pages.

2. If it’s still relevant, can it be improved? This is something we consistently do with our corporate blog given the number of guides and how-to articles we create. Often steps need to be redone or a platform will make changes that require us to revisit and rewrite content which gives us the opportunity to make sure we’re up to date and let people know a post has been edited for 2022. 

For content you decide to update and improve on – make sure those changes get communicated to your prospects via social or email updates.

3. If you find content you need to delete, make sure to put redirects in place and crawl the site to make sure everything looks good.

Getting your site cleaned up and performing well is going to pay dividends throughout the year and if your brand is struggling to get your site to perform make this your top priority.