Many people dream of working for themselves, being their own boss, and having the freedom to only take on clients and projects they love.
What they don’t realize, though, is that there is a huge difference between building a business and being self-employed.
Business owners scale their income. Self-employed people trade dollars for hours
Business owners leverage the skills and talents of others. Self-employed people rely only on their own skills.
Discouraged yet? Don’t be. Every business owner started out self-employed. Just don’t stay there. These tips will help you build a sustainable business instead of just another job.
Don’t Try to Do It All Yourself
Building a sustainable business requires that you leverage the talents and time of others. While it might seem cost-effective to simply do everything yourself—especially in the start-up phase when you likely have more time than money—it’s a path to burnout and stress.
Instead, separate your tasks into those that you love and are especially suited for (such as marketing) and those you dislike and aren’t good at. Then make a solid plan to get those that you aren’t good at off your list of things to do. If you feel like you can’t afford to outsource it all right now, start with what you tend to procrastinate the most on, even if it’s just a few hours each month.
Don’t Allow Yourself to Work All the Time
The trouble with working at home is that you live at work. And that means that there’s no clear line in the sand between your work day and your home life.
Since there’s always work to do, it’s easy to find yourself working every available moment—often to the detriment of your family relationships.
You can help avoid this by:
- Setting—and maintaining—clear work hours
- Having an office with a door you can close when you’re done
- Scheduling time for family and other activities
- Taking time for yourself
Vacations and Downtime Are Important
Don’t create a business that requires you to be “in the office” every day. At the start, you may need to be available more, but you should definitely be planning for the day when you can be “off the grid” for extended periods of time.
- Have trusted contractors who can handle things when you’re not available
- Leverage automation tools such as autoresponders and auto-webinar systems
- Create repeatable systems so you’re not always re-inventing the wheel
While you might not be able to hit the road with no internet access for weeks at a time, at the very least you should be able to reduce your workload to a daily check-in.
Sound impossible? It’s not. With some forethought and planning, you can create a team—and the systems they need—to successfully run your business without becoming overwhelmed and overworked.
Are security concerns keeping you from enjoying the flexibility and power of WordPress? If you’ve bought into the hype that WordPress is inherently insecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.
The fact is, while WordPress sites do get hacked, they are no more dangerous than other PHP-based websites. The problem is that WordPress is open source, which means that anyone can read the code—even the bad guys who spend all their time looking for vulnerabilities they can exploit. Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.
But that doesn’t mean WordPress is unsafe. By implementing just a few security best practices, you can greatly reduce your risk of being hacked. Here’s another great website security resource my friend over at CloudLiving.com created a terrific guide called: WordPress Security: The Ultimate Guide To Secure Your Website In 2018.
Keep Your Site Up to Date
This is by far the biggest risk when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, and if your site is out of date, it is at risk. Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.
Updates are one of those things that most people know are important…but most people also quickly forget about.
Don’t be like most people.
WordPress has put in so many features to make updates easy. In fact, nowadays all you need to do is click a button and WordPress does everything for you.
If you’re not sure how it works, you just look for the red icons
Then, you can go to Dashboard → Updates and run all your updates at once:
A Few Notes On Updates:
- If you hold off on updates because you’re worried they might break your site…stop doing that. Instead, pick a host with a staging site feature so that you can quickly test on your staging site and then push the update live once you know it won’t break anything.
- If you can’t check your WordPress dashboard that often, you can use the WP Updates Notifier plugin to get email notifications when there’s a new plugin or theme update.
Follow Good Plugin And Theme Best PracticesThe great thing about using WordPress is how easy it is to extend your site with themes and plugins.
The bad thing about WordPress security is how easy it is to extend your site with themes and plugins.
That is, because it’s become so easy to install new themes and plugins, most people do it without thinking.
But as I showed you above, plugin and theme vulnerabilities are a huge attack vector.
I’m not trying to stop you from installing new extensions, you just need to be discerning about which extensions you actually install:
- Use trusted sources. While this won’t solve all problems, if you stick to extensions at WordPress.org or trusted third-party developers/marketplaces, you’re going to eliminate most issues.
- Don’t use nulled plugins. Yeah, I know you’re on a budget…but it’s not worth it to install the nulled plugin that might have malicious code added. Just find a free alternative if you can’t afford it.
- Check for known vulnerabilities. WPVulnDB does a good job of collecting these. Note that most of these vulnerabilities get fixed – so check whether or not the developer has addressed it before you write the plugin off.
- Read the reviews. Reviews are a great spot to see if any existing users have experienced any security issues.
- Read the support forums, too. Support forums can also help you spot issues. Better yet, they also let you see how responsive the developer is to issues, which is another helpful piece of information.
- Delete unused plugins/themes. Even if you disable a plugin or theme, its code is still sitting on your server, which means it can be exploited.
Be Smart About Your HostingUnlimited domains! Unlimited space! Unlimited bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.
Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites. Just as close proximity in crowded classrooms allows human viruses to quickly spread, the close proximity of websites on a shared server means one infected site is a risk to all the others.
Rather than looking for the least expensive (and riskiest) hosting option, choose a host that allows you to isolate each site on its own cPanel. Doing so will greatly improve the security of your website.
In the end, the safety and security of your site and its data is entirely up to you. Keep your software up to date, use good passwords, and choose a secure hosting environment, and you’ll be well ahead of the curve on this.
The right WordPress host can go a long way towards ensuring the security of your site.
There are two parts to this:
First, if you’re on shared hosting, you want a host that isolates your sites from other sites on that server. This ensures that your site doesn’t get cross-contaminated just because someone else’s site on your shared server got hacked.
You can get isolation even on cheap hosting, so this isn’t something that’s unique to premium hosts.
To figure out if your host offers isolation, you can:
- Ask the pre-sales support staff
- Look at the feature list (many hosts that offer isolation are proud to say it)
The other way that hosting can protect you is via proactive measures.
A quality managed WordPress host will:
- Properly configure your server to prevent many types of exploits
- Set up WordPress-specific firewalls at the server level
- Run malware scans and ensure file integrity
Kinsta’s Security page has a good explanation of the various ways in which a host can protect you from issues.
While you can get some of these same features via WordPress plugins, having your host implement them at the server level is a better approach for both performance and security.
Use Strong Passwords
Did you know that the most popular password is “123456”? If that’s you…well, hopefully, you change your ways after reading this post.
Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack. Simply put, a hacker sets a computer program to repeatedly attempt to log into your site using thousands of the most commonly used passwords and what are known as “dictionary” words.
This type of vulnerability can be easily avoided simply by choosing good passwords. Ideally, your passwords should:
- Should be longer than 12 characters
- Contain upper and lower case letters, numbers and symbols
- Never be used for more than one site
- Never be stored in plain text on your computer
- Never be sent by email
In that Wordfence survey of hacked website owners, 20% of the sites got hacked simply because the hacker somehow got ahold of a valid username and password combo.
That’s dangerous because getting access to a WordPress Administrator account basically gives someone complete control over your site.
To stop that from happening, you have a bunch of tools and tricks at your disposal:
Simple passwords are easy to guess via a brute force attack, which accounted for ~15% of the hacked sites in Wordfence’s survey.
The solution is pretty simple – always use a strong password.
To do that, you can just use WordPress’ password generator:
Then, because that password is impossible to actually remember (that’s kind of the point!), you can use a tool like LastPass to securely store all the passwords for your different sites (LastPass also includes a great password generator, itself).
If you have other users at your site, you can use the free Force Strong Passwords plugin to make sure they have strong passwords, too.
Don’t Use Admin As Your Username (Required)
Since WordPress has stopped forcing admin as the default username, this one is less of an issue.
But plenty of users still choose to use admin as their username, despite the fact that it makes them vulnerable to brute force attacks (if you use “admin” and “123456” at the same time, you should probably run a malware scan on your site right away!).
This one is easy to fix – just pick a unique username when you create a site.
If you’re already using admin as your username on an existing site, you can:
- Use the Username Changer plugin to change your username
- Manually create a new Administrator account and then delete the admin username
Use HTTPS On Your Site (Required)
Moving WordPress to HTTPS has all kinds of other benefits – but one great thing that it does is secure your login page.
Without HTTPS, your login credentials aren’t encrypted (which means that a malicious hacker can steal them if you’re, say, working over public WIFI). With HTTPS, though, those credentials are always encrypted.
Limit Login Attempts (Should Do)
Brute force attacks work by repeatedly guessing different combinations of usernames and passwords.
Using a strong username/password combo makes that much harder. But to make things even more difficult, you can limit the number of login attempts at your site with the Loginizer plugin.
With the plugin, anyone who enters incorrect login details too many times will be locked out for a period of time (that you can customize).
Move Your Login Page (Good Idea)
I don’t really think this makes your site any more secure if you’re following the above tips. But it is still a good idea because it can greatly reduce the botnet traffic to your site, which lessens the load on your site’s server.
So…not as big a security necessity as some people make it out to be, but still a good idea for other reasons. It’s also super easy to do with the WPS Hide Login plugin (many security plugins can do this as well).
2-Factor Authentication (Not Necessary For All Sites)
I don’t think this one is a necessity for most sites. But if you’re really concerned about people getting unauthorized access to your site, 2-factor authentication kicks things up a notch by requiring users to enter a one-time code in addition to their password (lots of banks use this technology).
They can get this code via email, SMS, or a smartphone app.
The Google Authenticator plugin makes this pretty easy and uses the free Google Authenticator app. The miniOrange plugin is a more flexible option, though the free version is limited.
Back Up Your Site Regularly
Backups are the ultimate security blanket.
They ensure that, in the event that something does go wrong, you’re never dead in the water.
If your host doesn’t already offer automatic backups, then I recommend:
- UpdraftPlus for a free solution that lets you schedule automatic backups
- VaultPress for a premium solution (that includes malware scans)
Make sure your backup is going to a place that you can easily get to. I have mine going to my Dropbox account, but there are lots of different options.
Keep a working backup of your site and any security issues will be a lot less catastrophic.
Let me be honest – I don’t use a security plugin on my own sites. A big part of the reason is that my hosting covers all of my security issues for me. If you’d like more information on my hosting plan you can go here.
But security plugins definitely exist for a reason – they can perform a good number of the hardening tips that I’ve discussed above. Especially if your host isn’t already doing these things for you.
Security plugins can definitely be helpful. But they’re not an absolute necessity if you follow all the other best practices and choose a proactive host. Nor are they a cure-all – you still need to keep the security philosophy I outlined above in mind if you want to keep your site secure.
If you want to try a security plugin on your site, two good options are:
Follow The Principle Of Least Privilege
If you’re giving other people access to your site, you should understand the principle of least privilege.
It essentially says, “only give someone as much access/power as they need to do their job”.
With WordPress, this means smartly using user roles.
For example, if you hire a new content writer, make sure you only give them the Author user role. They definitely don’t need the ability to install plugins, nor do they need the ability to edit Pages (the latter is something the Editor role allows).
Similarly, you should pretty much never give someone else an account with Administrator privileges unless you 100% trust them and they truly need that much power.
Has all of this caused your eyes to glaze over or has it instilled fear in your heart? Let me help!
Check out my annual maintenance plan. It covers all of this and is very affordable at only $120 per YEAR!!! Have questions or comments? I’d love to hear from you! Just leave a comment below.
We’ve all done the exercise. It’s the first thing you’re taught when you first start your business or blog:
Create an ideal client avatar.
This vision of your ideal client guides everything you do, including pricing (you can’t charge that single mom as much as you can the CEO of a Fortune 500 company), pain points (mom probably isn’t worried about shareholders), and even the color of your branding.
So you spend a few hours considering things such as:
- Age group
- Family status
- Lifestyle goals
Maybe you even write up a nice little story about your ideal client. You give her a name, a couple of kids, a husband who just doesn’t get it, and a load of student loans. You know quite a bit about her, you think.
But you would be wrong, and if you stop there, you may be missing a huge piece of the puzzle—and losing out on the best clients because of it.
Here’s something that’s rarely considered in the “ideal client” equation, and it’s arguably the most important part: personality.
If you’re snarky, sarcastic, fun-loving and loud, then a quiet, middle-aged mom who spends her time volunteering at the church is probably not a good fit for you. Sure, she might need your help, and she might love your products, but for one-on-one service, this match-up is a disaster. Either she will be uncomfortable with your style, or you’ll be miserable trying to reign in your natural exuberance.
Better to pass mom on to someone who is a better fit for her personality wise.
Drive Determines Success
This one can be difficult to calculate from the start, but once you recognize it (or the lack thereof) it’s worth paying attention to. The client without the drive to succeed will—more often than not—only end up frustrating you both.
Better to end your relationship as soon as you see the signs of this than to waste your time going over the same material and exercises again and again with someone who simply won’t do the work.
If you look at your current and past clients, you’ll begin to see patterns. You can easily look back and see what made some clients a joy to work with, while others were a struggle. Think about what those differences are, and add them to your ideal client profile. Then compare any new potential clients to this ideal profile, and you’ll never again sign on with a less-than-perfect client.
If there’s one mistake that new—and sometimes even established—business owners make, it’s this: failing to develop a clear vision of her ideal client.
Too often we think our service or product is “for everyone.” And while it might be true that everyone could use your help, it’s simply not possible for you and your brand to appeal to everyone. Your prices might not be in line with what some can afford. Your branding might not resonate with others. Your story may not touch everyone with the same sense of urgency.
And when you try to reach everyone, rather than narrowing your focus to your true ideal client, you dilute your message, making it even less likely that those perfect customers will find you.
But if you’re just starting out, it can seem an impossible task to know who your ideal client is. Start with these three points.
- Gender. Is your audience male or female? While men and women might both read and enjoy your content—and even buy your products—you will most likely find that your market is skewed heavily one way or the other. Men and women are different, and they are affected by stories and branding in very different ways, so what appeals to a man will not always appeal to a woman. Look around at some of the brands you buy, and you’ll quickly see how they form their messages to appeal to one or the other, but very rarely both.
- Goals. What does your client hope to achieve, and how do your products and services help to realize those goals? Whether she’s trying to build a profitable crafting blog so she can stay home with her children, or he’s working to create an online resource for muscle car fans, if you don’t know where they’re going, you can’t help them get there.
- His or her point in the journey. Is she a beginner or well along on the path? How you speak, how you write, what marketing methods you use, and even what prices you charge will all be determined by your ideal client’s level of sophistication. Whether you’re teaching beginning knitters how to cast on or helping couch potatoes train for their first 5k, their level of commitment (and willingness to spend) is far different from a long-time knitter who is discovering intarsia, or a runner working up to a triathlon. And you will not reach your market effectively if you don’t know exactly where they are and what they need at this point.
Of course, if you’re just starting out, you might not yet know who your ideal client is. That’s okay, too. But pay attention, because they will tell you. They’ll tell you through the products and services they buy. They’ll tell you by following you (or not) on social media. They’ll tell you by commenting on your blog and asking questions that are relevant to them.
Watch your interactions, study the businesses of those who contact you for help, and take a look at what your competition is doing, and soon enough you’ll have a clear understanding of who your ideal client really is.
Innovation is essential to success, especially in the tech field. Introducing new, useful products and services allow the best creative agencies to stand out from the crowd, while the competition struggles to follow in their footsteps.
The problem is, it’s not easy to cultivate and maintain a workplace culture where every member of the team feels inspired enough to come up with those new ideas. According to a McKinsey report, 94% of surveyed business leaders weren’t satisfied with the degree to which their organizations innovate.
This is likely due to failures in leadership. The team leader must be the one that encourages the kind of mindset and culture which yields innovation. They’re the one who ensures the company’s focus is forward-looking, instead of stagnant.
Luckily, it’s not impossible to correct a course even if a business has failed to create anything truly unique in a long time. If you’re trying to instill this value in your employees, keep the following tips in mind. They’ll help you form the necessary environment to achieve your goals.
Based on analysis by Gallup, it’s clear that recognizing an employee’s accomplishments motivates them to continue working hard.
Thus, if you want your team to innovate, you need to acknowledge and reward them when they do. This will trigger a chain reaction, in which other employees who also strive to earn company recognition generate new and unique ideas.
Consider Acquisitions & Partnerships
When Disney acquired Pixar, it broke free from the creative rut that had been plaguing the company for years.
Sometimes, the best way to inspire an attitude of innovation within your own company is to partner with others who already embody such values. While not all companies can acquire smaller businesses, it’s still possible to partner with vendors or take on clients whose contagious enthusiasm and creative energy will spread throughout the organization.
Set Aside Time
Employees may want to innovate. The fact that they aren’t already doesn’t necessarily mean they have no desire to; it could simply mean they’ve been trained to feel that it’s more important to focus on basic daily tasks. Team players don’t make their own rules, they live by the company’s.
In other words, you need to make sure your employees know there are certain periods of time when they are not only allowed to focus on creative side projects but are in fact encouraged to do so. Set aside a certain amount of time each week where immediate tasks may be ignored so your team can work on developing unique long-term ideas.
Hierarchy is another reason employees are often reluctant to pursue innovative ideas. They may feel it’s not their place to seek or suggest projects that haven’t been assigned or approved by the team leader.
That’s why it’s important to establish processes that encourage dialogue. Give your workers a chance to discuss their ideas with you, and make sure they understand that there’s no punishment for an idea that may not be as workable as they had hoped. Suspend judgment during these sessions, and eventually, your workers will feel much more comfortable bringing up their own creative ambitions.
Most importantly, don’t blame anyone other than yourself if your organization doesn’t innovate; it’s up to you to create the right culture for it. Accept responsibility, and you’ll soon find that your guidance can shift the workplace culture in the right direction: the direction that leads to true success.