If you updated your website in the past few weeks you should have seen WordPress 4.9.6 and with that update came brand new privacy features to correspond with the GDPR updates that became law recently. I thought I would take this time to point out some of these new features.
Logged in commenters will be given a choice whether their name, email, address, or website information is saved in a cookie on their browser.
Site owners can now export a .ZIP file containing a user’s personal data, using data gathered by WordPress & plugins.
Site owners can erase a user’s personal data, including data collected by participating plugins. Site owners also have a new email-based method that they can use to confirm personal data requests.
95 updates were made in this latest WordPress update. Here are some of the highlights:
- The word “mine” has been added as a filter in the media library.
- When viewing a plugin in the admin dashboard, it will now tell you the minimum PHP version.
- TinyMCE has been updated to the latest version 4.7.11
At one point, every business owner will find herself in a troubling situation. Revenue is down. New clients are scarce. Profits are falling, and a peek at the financials is enough to bring on a full-fledged anxiety attack.
Unless you’re Mark Zuckerberg or Bill Gates, chances are you’ve experienced that sinking feeling of a business that’s trending downward, too. But how you handle it can mean the difference between continued success and business-killing burnout.
Here’s where a lot of coaches get it wrong. They start to worry about money, and that worry leads to poor decisions that ultimately have a negative impact not just on finances, but—maybe more importantly—on morale, too. Maybe you know what I’m talking about.
You Take On The Wrong Client
When business is down, it can be tough to keep your ideal client avatar in mind. Instead, you jump at the chance to work with anyone who comes along. The trouble with this scenario is you can find yourself with a roster full of clients who:
- Aren’t willing or able to do the work required
- Spend all their time telling you why your ideas and advice won’t work
- Drain your energy and make you dread your office
You Stop Creating
And who can blame you? With profits down, you have to pull back. You can’t afford to spend time and money creating new programs, so you recycle the ones you’ve already produced.
Now, this would be ideal if you were repurposing with a positive intent. Turning your ebook into a group coaching course? Perfect! But that’s not what your fearful brain is telling you.
Your fearful self is saying, “Just re-release this same product again, so I don’t have to have new sales copy written or record new videos.”
And while this might help bring in a bit of cash short-term, it won’t do anything for your reputation or your self-esteem.
That’s no way to operate a business, but that’s just what a fear-based mindset can do to you. Better (much better) to hold out for that perfect client. And while you’re waiting, take what you’ve learned from your drop in sales and create the killer program or product your audience is clamoring for!
What do super-successful coaches and small business owners all have in common?
It’s not experience.
It’s not extraordinary skills.
It’s not even a powerful drive.
Although all of these things can definitely help your business grow, they’re not a prerequisite for success. After all, no one is born with experience or skills, and plenty of successful people lack drive.
The one thing that does make a difference, though, is your “why.”
Why did you decide to become a coach?
Why do you spend too many hours in front of your computer every week?
Why do you stay up too late and get up too early, just so you can work on growing your business?
The “why” is what ultimately drives us to success, but here’s the thing: it’s different for everyone. Your why is not my why, and my why is not her why. It’s a deeply personal choice that can have great meaning…or not.
For example, a survivor of domestic abuse might happily spend 60 or 70 hours each and every week mentoring other victims of abuse, or counseling couples on how to break the cycle. Her big why is a strong desire to prevent other women from suffering in the same way she did.
A mother of small children may be saddened at the thought of sending her kids to daycare just so she can go to work to (barely) pay for it. Her big why is a drive to spend as much time with her kids as she can, while still supporting her family.
A young, fresh out of school entrepreneur might resist taking the same path her parents took, working for a corporation for 40 years, only to retire and find themselves with barely enough to live on. Instead, she dreams of having the income (and the time) to see the world while she’s still young enough to enjoy it.
So what’s your big “why”? It might be the freedom to travel, the option to spend time with your family, the ability to take weeks off at a time to care for a sick family member, or even to earn enough money to support a charity that’s close to your heart.
Whatever it is, your “why” is the driving force behind every action you take. When you’re deciding whether or not to take on a new client, ask yourself if it’s aligned with your “why.” When you’re setting goals for the year, ask yourself if those goals are moving you closer or further from your big why. Thinking of branching out into a new business venture? Make sure it’s in alignment with your big why, and success is suddenly much more attainable.
Many people dream of working for themselves, being their own boss, and having the freedom to only take on clients and projects they love.
What they don’t realize, though, is that there is a huge difference between building a business and being self-employed.
Business owners scale their income. Self-employed people trade dollars for hours
Business owners leverage the skills and talents of others. Self-employed people rely only on their own skills.
Discouraged yet? Don’t be. Every business owner started out self-employed. Just don’t stay there. These tips will help you build a sustainable business instead of just another job.
Don’t Try to Do It All Yourself
Building a sustainable business requires that you leverage the talents and time of others. While it might seem cost-effective to simply do everything yourself—especially in the start-up phase when you likely have more time than money—it’s a path to burnout and stress.
Instead, separate your tasks into those that you love and are especially suited for (such as marketing) and those you dislike and aren’t good at. Then make a solid plan to get those that you aren’t good at off your list of things to do. If you feel like you can’t afford to outsource it all right now, start with what you tend to procrastinate the most on, even if it’s just a few hours each month.
Don’t Allow Yourself to Work All the Time
The trouble with working at home is that you live at work. And that means that there’s no clear line in the sand between your work day and your home life.
Since there’s always work to do, it’s easy to find yourself working every available moment—often to the detriment of your family relationships.
You can help avoid this by:
- Setting—and maintaining—clear work hours
- Having an office with a door you can close when you’re done
- Scheduling time for family and other activities
- Taking time for yourself
Vacations and Downtime Are Important
Don’t create a business that requires you to be “in the office” every day. At the start, you may need to be available more, but you should definitely be planning for the day when you can be “off the grid” for extended periods of time.
- Have trusted contractors who can handle things when you’re not available
- Leverage automation tools such as autoresponders and auto-webinar systems
- Create repeatable systems so you’re not always re-inventing the wheel
While you might not be able to hit the road with no internet access for weeks at a time, at the very least you should be able to reduce your workload to a daily check-in.
Sound impossible? It’s not. With some forethought and planning, you can create a team—and the systems they need—to successfully run your business without becoming overwhelmed and overworked.
Are security concerns keeping you from enjoying the flexibility and power of WordPress? If you’ve bought into the hype that WordPress is inherently insecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.
The fact is, while WordPress sites do get hacked, they are no more dangerous than other PHP-based websites. The problem is that WordPress is open source, which means that anyone can read the code—even the bad guys who spend all their time looking for vulnerabilities they can exploit. Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.
But that doesn’t mean WordPress is unsafe. By implementing just a few security best practices, you can greatly reduce your risk of being hacked. Here’s another great website security resource my friend over at CloudLiving.com created a terrific guide called: WordPress Security: The Ultimate Guide To Secure Your Website In 2018.
Keep Your Site Up to Date
This is by far the biggest risk when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, and if your site is out of date, it is at risk. Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.
Updates are one of those things that most people know are important…but most people also quickly forget about.
Don’t be like most people.
WordPress has put in so many features to make updates easy. In fact, nowadays all you need to do is click a button and WordPress does everything for you.
If you’re not sure how it works, you just look for the red icons
Then, you can go to Dashboard → Updates and run all your updates at once:
A Few Notes On Updates:
- If you hold off on updates because you’re worried they might break your site…stop doing that. Instead, pick a host with a staging site feature so that you can quickly test on your staging site and then push the update live once you know it won’t break anything.
- If you can’t check your WordPress dashboard that often, you can use the WP Updates Notifier plugin to get email notifications when there’s a new plugin or theme update.
Follow Good Plugin And Theme Best PracticesThe great thing about using WordPress is how easy it is to extend your site with themes and plugins.
The bad thing about WordPress security is how easy it is to extend your site with themes and plugins.
That is, because it’s become so easy to install new themes and plugins, most people do it without thinking.
But as I showed you above, plugin and theme vulnerabilities are a huge attack vector.
I’m not trying to stop you from installing new extensions, you just need to be discerning about which extensions you actually install:
- Use trusted sources. While this won’t solve all problems, if you stick to extensions at WordPress.org or trusted third-party developers/marketplaces, you’re going to eliminate most issues.
- Don’t use nulled plugins. Yeah, I know you’re on a budget…but it’s not worth it to install the nulled plugin that might have malicious code added. Just find a free alternative if you can’t afford it.
- Check for known vulnerabilities. WPVulnDB does a good job of collecting these. Note that most of these vulnerabilities get fixed – so check whether or not the developer has addressed it before you write the plugin off.
- Read the reviews. Reviews are a great spot to see if any existing users have experienced any security issues.
- Read the support forums, too. Support forums can also help you spot issues. Better yet, they also let you see how responsive the developer is to issues, which is another helpful piece of information.
- Delete unused plugins/themes. Even if you disable a plugin or theme, its code is still sitting on your server, which means it can be exploited.
Be Smart About Your HostingUnlimited domains! Unlimited space! Unlimited bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.
Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites. Just as close proximity in crowded classrooms allows human viruses to quickly spread, the close proximity of websites on a shared server means one infected site is a risk to all the others.
Rather than looking for the least expensive (and riskiest) hosting option, choose a host that allows you to isolate each site on its own cPanel. Doing so will greatly improve the security of your website.
In the end, the safety and security of your site and its data is entirely up to you. Keep your software up to date, use good passwords, and choose a secure hosting environment, and you’ll be well ahead of the curve on this.
The right WordPress host can go a long way towards ensuring the security of your site.
There are two parts to this:
First, if you’re on shared hosting, you want a host that isolates your sites from other sites on that server. This ensures that your site doesn’t get cross-contaminated just because someone else’s site on your shared server got hacked.
You can get isolation even on cheap hosting, so this isn’t something that’s unique to premium hosts.
To figure out if your host offers isolation, you can:
- Ask the pre-sales support staff
- Look at the feature list (many hosts that offer isolation are proud to say it)
The other way that hosting can protect you is via proactive measures.
A quality managed WordPress host will:
- Properly configure your server to prevent many types of exploits
- Set up WordPress-specific firewalls at the server level
- Run malware scans and ensure file integrity
Kinsta’s Security page has a good explanation of the various ways in which a host can protect you from issues.
While you can get some of these same features via WordPress plugins, having your host implement them at the server level is a better approach for both performance and security.
Use Strong Passwords
Did you know that the most popular password is “123456”? If that’s you…well, hopefully, you change your ways after reading this post.
Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack. Simply put, a hacker sets a computer program to repeatedly attempt to log into your site using thousands of the most commonly used passwords and what are known as “dictionary” words.
This type of vulnerability can be easily avoided simply by choosing good passwords. Ideally, your passwords should:
- Should be longer than 12 characters
- Contain upper and lower case letters, numbers and symbols
- Never be used for more than one site
- Never be stored in plain text on your computer
- Never be sent by email
In that Wordfence survey of hacked website owners, 20% of the sites got hacked simply because the hacker somehow got ahold of a valid username and password combo.
That’s dangerous because getting access to a WordPress Administrator account basically gives someone complete control over your site.
To stop that from happening, you have a bunch of tools and tricks at your disposal:
Simple passwords are easy to guess via a brute force attack, which accounted for ~15% of the hacked sites in Wordfence’s survey.
The solution is pretty simple – always use a strong password.
To do that, you can just use WordPress’ password generator:
Then, because that password is impossible to actually remember (that’s kind of the point!), you can use a tool like LastPass to securely store all the passwords for your different sites (LastPass also includes a great password generator, itself).
If you have other users at your site, you can use the free Force Strong Passwords plugin to make sure they have strong passwords, too.
Don’t Use Admin As Your Username (Required)
Since WordPress has stopped forcing admin as the default username, this one is less of an issue.
But plenty of users still choose to use admin as their username, despite the fact that it makes them vulnerable to brute force attacks (if you use “admin” and “123456” at the same time, you should probably run a malware scan on your site right away!).
This one is easy to fix – just pick a unique username when you create a site.
If you’re already using admin as your username on an existing site, you can:
- Use the Username Changer plugin to change your username
- Manually create a new Administrator account and then delete the admin username
Use HTTPS On Your Site (Required)
Moving WordPress to HTTPS has all kinds of other benefits – but one great thing that it does is secure your login page.
Without HTTPS, your login credentials aren’t encrypted (which means that a malicious hacker can steal them if you’re, say, working over public WIFI). With HTTPS, though, those credentials are always encrypted.
Limit Login Attempts (Should Do)
Brute force attacks work by repeatedly guessing different combinations of usernames and passwords.
Using a strong username/password combo makes that much harder. But to make things even more difficult, you can limit the number of login attempts at your site with the Loginizer plugin.
With the plugin, anyone who enters incorrect login details too many times will be locked out for a period of time (that you can customize).
Move Your Login Page (Good Idea)
I don’t really think this makes your site any more secure if you’re following the above tips. But it is still a good idea because it can greatly reduce the botnet traffic to your site, which lessens the load on your site’s server.
So…not as big a security necessity as some people make it out to be, but still a good idea for other reasons. It’s also super easy to do with the WPS Hide Login plugin (many security plugins can do this as well).
2-Factor Authentication (Not Necessary For All Sites)
I don’t think this one is a necessity for most sites. But if you’re really concerned about people getting unauthorized access to your site, 2-factor authentication kicks things up a notch by requiring users to enter a one-time code in addition to their password (lots of banks use this technology).
They can get this code via email, SMS, or a smartphone app.
The Google Authenticator plugin makes this pretty easy and uses the free Google Authenticator app. The miniOrange plugin is a more flexible option, though the free version is limited.
Back Up Your Site Regularly
Backups are the ultimate security blanket.
They ensure that, in the event that something does go wrong, you’re never dead in the water.
If your host doesn’t already offer automatic backups, then I recommend:
- UpdraftPlus for a free solution that lets you schedule automatic backups
- VaultPress for a premium solution (that includes malware scans)
Make sure your backup is going to a place that you can easily get to. I have mine going to my Dropbox account, but there are lots of different options.
Keep a working backup of your site and any security issues will be a lot less catastrophic.
Let me be honest – I don’t use a security plugin on my own sites. A big part of the reason is that my hosting covers all of my security issues for me. If you’d like more information on my hosting plan you can go here.
But security plugins definitely exist for a reason – they can perform a good number of the hardening tips that I’ve discussed above. Especially if your host isn’t already doing these things for you.
Security plugins can definitely be helpful. But they’re not an absolute necessity if you follow all the other best practices and choose a proactive host. Nor are they a cure-all – you still need to keep the security philosophy I outlined above in mind if you want to keep your site secure.
If you want to try a security plugin on your site, two good options are:
Follow The Principle Of Least Privilege
If you’re giving other people access to your site, you should understand the principle of least privilege.
It essentially says, “only give someone as much access/power as they need to do their job”.
With WordPress, this means smartly using user roles.
For example, if you hire a new content writer, make sure you only give them the Author user role. They definitely don’t need the ability to install plugins, nor do they need the ability to edit Pages (the latter is something the Editor role allows).
Similarly, you should pretty much never give someone else an account with Administrator privileges unless you 100% trust them and they truly need that much power.
Has all of this caused your eyes to glaze over or has it instilled fear in your heart? Let me help!
Check out my annual maintenance plan. It covers all of this and is very affordable at only $120 per YEAR!!! Have questions or comments? I’d love to hear from you! Just leave a comment below.
We’ve all done the exercise. It’s the first thing you’re taught when you first start your business or blog:
Create an ideal client avatar.
This vision of your ideal client guides everything you do, including pricing (you can’t charge that single mom as much as you can the CEO of a Fortune 500 company), pain points (mom probably isn’t worried about shareholders), and even the color of your branding.
So you spend a few hours considering things such as:
- Age group
- Family status
- Lifestyle goals
Maybe you even write up a nice little story about your ideal client. You give her a name, a couple of kids, a husband who just doesn’t get it, and a load of student loans. You know quite a bit about her, you think.
But you would be wrong, and if you stop there, you may be missing a huge piece of the puzzle—and losing out on the best clients because of it.
Here’s something that’s rarely considered in the “ideal client” equation, and it’s arguably the most important part: personality.
If you’re snarky, sarcastic, fun-loving and loud, then a quiet, middle-aged mom who spends her time volunteering at the church is probably not a good fit for you. Sure, she might need your help, and she might love your products, but for one-on-one service, this match-up is a disaster. Either she will be uncomfortable with your style, or you’ll be miserable trying to reign in your natural exuberance.
Better to pass mom on to someone who is a better fit for her personality wise.
Drive Determines Success
This one can be difficult to calculate from the start, but once you recognize it (or the lack thereof) it’s worth paying attention to. The client without the drive to succeed will—more often than not—only end up frustrating you both.
Better to end your relationship as soon as you see the signs of this than to waste your time going over the same material and exercises again and again with someone who simply won’t do the work.
If you look at your current and past clients, you’ll begin to see patterns. You can easily look back and see what made some clients a joy to work with, while others were a struggle. Think about what those differences are, and add them to your ideal client profile. Then compare any new potential clients to this ideal profile, and you’ll never again sign on with a less-than-perfect client.