There’s a lot of talk about how to use blogs to increase your traffic, attract prospects, and generate buzz. But there’s too little talk about blog security.

Like it or not, blogs are easy prey for hackers and other online ne’er-do-wells. And when they strike, and they will eventually, you need to be prepared.

Recently, this blog and Pro Copy Tips, were the victim of a series of sophisticated hack attacks. I contacted James from Men With Pens, who recommended John Hoff, co-founder of WP Blog Host, WordPress blog security guru, and author of the best-selling WordPress Defender.

I was so impressed with John, I asked him to do an interview with me on blog security.

***

Dean: When my blogs were attacked, I panicked a little. Is that a common reaction?

John: I’m sure it is. I know it was for me and my wife when her jewelry website got hacked a few years back. One day we went to her website and instead of seeing what we normally see, we saw a Google Warning stating that her site had been flagged by Google and may be downloading viruses to people’s computers. Yeah, our heart skipped a beat when we saw that.

Dean: Why do people hack blogs? Just for fun? Or is it more sinister?

John: Both reasons, actually. Every malicious WordPress hacker has their own agenda. Some reasons might include:
- Showing off to friends
- To learn something new
- They don’t like what you stand for
- They think it’s funny to ruin what others have worked so hard at creating
- Downloading viruses to people’s computers which could be configured to do just about anything
- Use your blog to create backlinks to their websites (SEO reasons, monetary reasons, etc.)

Dean: Fortunately, you were able to help me tighten my blog security. But what can happen if you just ignore the issue or rely on luck to avoid problems?

John: To me, there are 3 really bad things that can happen if you decide to ignore the problem of your website being hacked:

1. Google and other search engines would have caught up to what’s going on with your website and remove you from their search engines.

2. You could lose one of your most important assets online … trust! Tell me, would you trust Amazon.com if you knew their site had been hacked and they just ignored the problem?

3. You would be (morally) responsible for potentially allowing harmful viruses to download to your site’s visitor’s computers.

Dean: That’s scary stuff. It’s good that we have someone like you around to help us avoid those problems. Without revealing anything specific, what exactly did you do to make my blogs more secure?

John: I set you up to be prepared in case it does happen so that you can recover quickly and hopefully inexpensively; hooked you up with a system of monitoring and warning notifications in case something unexpected does happen; and then finally I customized key aspects of your blog to be only accessed by a small few.

Dean: The recovery element is really important. I know you can’t secure any blog 100%, but now that I’m set up to recover easily, I’m feeling a lot less stressed. But I’m wondering, is security a big problem? Most of the blogs about blogs don’t talk much about security.

John: It is a big problem and unfortunately most bloggers really are clueless as to how big of a problem WordPress “cracking” is. Nearly 2.6 million results are returned for the Google Search, “My Blog Was Hacked,” and I bet you most of those people didn’t realize this was a problem until it was too late.

I suppose the reason why you don’t see many people talking about blog security is because either the subject is kind of boring and at times can be a little technical, or like I mentioned before, the blogger is clueless as to how big of a problem this is … and that’s exactly what hackers want.

They want you to stay clueless.

Listen, real hackers don’t gloat and blog all about how they hack websites, they just do it and then leave an opening for the next hacker to come in and do their dirty work. It’s almost like they watch out for each other.

I’m sure there are hundreds of thousands (if not more) blogs out there which are hacked and the blog owners don’t even know about it.

Dean: What’s the most common security mistake people make?

John: If we’re talking technically, then the most common security mistake I’ve seen out there is failure to keep up with WordPress and plugin upgrades. However, I believe security always first starts with focusing in on you, the individual. In this case, I’d say procrastination is probably one of the biggest security mistakes bloggers make.

Dean: Good point. I’ve always done backups, but I didn’t do it very often until I had a problem. Lesson learned. If you were to list just 5 quick things people could do to prevent their WordPress blog from getting hacked, what would they be?

John: Well, I’d say …

1. Acknowledge there’s a problem and that you are not immune to it.
2. Don’t use the username “admin” and be sure to use a strong password, like t$#lLiS54@ew9.
3. Stay current with WordPress and plugin upgrades.
4. Run your FTP connection over FTPS or SFTP so your password is hidden.
5. Install the WordPress Firewall Plugin.

Dean: I’m curious, does it matter where you host your blog?

John: Generally, no it doesn’t as long as the host maintains the minimum requirements to run a WordPress blog. Just make sure your host has a good firewall installed, like Mod Security, and it would be best if the PHP version they run is at least PHP 5 and the MySQL database version is 5 or above as well.

I also would look for a host which allows secured FTP connections, like FTPS, FTPES, or SFTP. One way people hack blogs is by intercepting your FTP information when you log in. By using the secured FTP connections, this would be nearly impossible.

Dean: Working with you was fantastic, John. You spoke to me in plain English, answered all my questions, charged a fair price, and … well, you were just cool. Where did you learn that? Most tech guys are not that easy to work with.

John: Thank you, Dean. I’ve actually been told that many times. I suppose it comes from being very patient and when explaining how to do things I always try to remember all the issues I had when learning it and making sure those are all addressed in what I’m doing.

I’m also a laid back kind of guy. If it were up to me I’d be spending my days on a beach in Hawaii surfing everyday. Do they make computers for surfboards?

Dean: I don’t know, but it’s not a bad idea. You could embed an iPad right into the board. But I’m guessing you’d wipe out more often.

John: I could just float and work. What a cool way to spend my days.

Dean: How long have you been doing Wordpress security?

John: About two and a half years.

Dean: What gave you the idea to start WPBlogHost.com?

John: I and a few others got together and noticed how big WordPress was becoming and the fact that no other web host really catered to people looking to start a blog, so we filled that void. We’ve created a ton of videos on our web television channel, wpbloghost.tv for beginners / intermediates, and we really want to help bloggers jump ahead a little on the learning curve when they’re just starting out.

Dean: Your book, WordPress Defender, is amazing. It’s actually interesting and easy-to-read. And I learned a lot about blog security. How long did you work on that? Do you update it frequently?

John: Thank you. It took me a couple years to learn what I know today, but to write the ebook and create the 14 videos took me somewhere between 2 and 3 months. Since the subject can be boring at times, I really wanted to make sure my personality shined through in the book and the information I dished out was explained in as simple terms as possible.

I’ve updated the ebook once since its launch on March 1st, 2010. eBook owners can also choose to opt into my WordPress Defender Newsletter which will be used to send notifications of updates and/or new security features I come across in the future.

Dean: Well, I loved the book. And the videos are fantastic. I could actually understand them and you take your time explaining things. Your laid-back surfer dude approach works. But I’m sure someone is reading this thinking, “Oh come on, my blog won’t get hacked. I don’t have to worry about security.” What would you say to them?

John: You’re exactly the kind of target they are looking for.

Dean: Nicely said. Thanks, John. It’s nice knowing there’s someone to call who can helps us make our blogs more secure.

***

I hired John to secure my blogs, but if you want to do it yourself, I highly recommend WordPress Defender. It’s probably the only blog security book you’ll ever need. John makes it a pretty good read.

If you’re in over your head, like I was, and want to contact John, go to his WordPress Lockdown page and send him a message. He’s quick to respond. Just keep in mind, he’s on the “left” coast, so take the time zone into consideration.

No related posts.

Twitter has become a big topic in the marketing world. But is it driving traffic or generating sales?

I must admit that my experience with Twitter is limited. I’ve been testing it with a nonprofit political organization I help run in Ohio. The number of “followers” we have is fairly small at this point, but growing steadily.

Most of our “tweets” are actually generated by an automated tool to post our RSS feed, resulting in about 10 tweets a week. I and one other officer have been occasionally adding original tweets about important topics, events, or guests on our radio show. So there are maybe 15 to 20 tweets total every week.

We’ve been on Twitter for about 2 months, and it is starting to show up in our our site statistics as one of the top 20 drivers of link traffic. But it’s difficult to judge the true effectiveness of this new social medium on our donations, sales, newsletter signups, or support.

I realize that we’re not using Twitter to its fullest capability, but it seems to be worthwhile for the minimal effort we’re putting in. It’s easy to set up (maybe 10 minutes total). And publishing the feed takes no effort at all.

Many people say it’s effective, often claiming a 10% to 100% boost in traffic. Most just say it’s great or has great potential without sharing stats. Some say it’s a total waste of time.

So my question is, what is your experience with Twitter? Is it driving Web traffic? Are you seeing more sales? How are you using it? What works and what doesn’t? Has anyone else tried it with a nonprofit or political organization?

No related posts.

Should your links include the words “click here” or is this a tacky and redundant waste of Web page space, since everyone knows what to do with a link?

The click here debate has waged for years. But I think it’s less a debate than a misunderstanding, and it’s easy to clear up.

Let’s assume that I’m writing an article online and I want to link to my newsletter subscription page. There are three ways I can craft this link.

1. I can create a link that links to my free newsletter subscription like this. Here I’ve created a simple “descriptive” link. The content of the link is clear. It uses the common metaphor of the underline to indicate a link, so if you want to know more about my newsletter, you can click on it.

2. I can create a link where I encourage you to subscribe to my free newsletter like this. In this case, I’ve created a “directive” link. Not only does it describe the link, it uses command language to tell you what to do: “subscribe.”

3. I can create a link where I tell you you to click here to sign up for my free newsletter like this. Now I’ve created a “call to action” link. This describes the content of the link and uses directive language to tell you what to do. However it goes one step further and gives you explicit instructions for how to do it: “click here.”

Which link type is correct? It depends on how important it is that someone click on the link.

If you merely wish to offer additional information, a descriptive link gets the job done. This is the most common type of link on the Web. If people click, great. If not, no big deal.

If you want people to click, though, you need to move up to the directive link. This link tells people what to do and will almost always generate more clicks.

If the link is vital, for a sales letter leading to an order page, for example, then you should step up to the call to action link and use the words “click here.” This leaves no doubt about what to do and how to do it. The fact that people know to click a link is irrelevant. This is the same as telling a direct mail recipient to “mail this reply card now.” The more direct you are, the more response you are likely to get.

So there you have it. There are descriptive links, directive links, and call to action links. Deciding which to use depends on how important it is that you get a click. The debate is ended. Go forth and link away.

Oh, and click here now to subscribe to my free newsletter that gives you lots of tips just like this.

No related posts.

Ted Grigg posted some interesting thoughts recently about the impact of direct mail vs. online advertising.

Due to its escalating cost, more demanding execution and relative rarity, direct mail appeals garner more attention from recipients than the same messages found in their crowded email inboxes. With the explosive growth of email, printed direct mail has now gained more respect among consumers.

In addition, direct mail is more intrusive than the Internet that relies 100% on the consumer to access the advertiser’s web site.

There are two important points I’d like to make about this.

First, I agree that direct mail carries a powerful punch. And I have no doubt that it will become more effective as time goes on, despite any new technologies that may arise, perhaps because of new technologies.

As online opportunities multiply and consumers turn their ire away from “junk mail” and toward “spam,” we’ll see consumer attitudes about mail become more and more favorable. People have short memories and can only hate so many things at one time. As they hate spam more, they’ll love direct mail more.

Second, there’s that word, “intrusive.” I love online advertising and agree with the idea of opt-in as a necessary strategy, but a pernicious misconception is evolving out of the online community that this idea should apply to all forms of advertising, that no one should ever be exposed to sales messages that they don’t ask for.

Bull.

Advertising MUST be intrusive. Marketing demands it. Our industry, indeed our entire economy, relies on it. Advertising cannot be passive. It must push messages as aggressively as possible. How could you introduce new products and services otherwise? There’s a reason companies hire sales people — because they push. Advertising is simply salesmanship in print (or sounds or images).

Can you imagine being forbidden to mail anything unless someone specifically asked for it? How many businesses would survive if they were prevented from running ads, putting up billboards, broadcasting radio or TV spots, distributing literature, or otherwise pushing messages without express permission from potential customers?

No one wants to waste money on unresponsive prospects. But we must be careful about misapplying the opt-in idea. Better targeting is what we need, not the mindless and idealistic idea to eradicate intrusiveness.

No related posts.

There’s an ongoing debate between traditional direct response copywriters and the new breed of online copywriters about the importance of SEO (search engine optimization).

In a DM News article, Bob Bly writes about why he doesn’t believe in SEO copywriting. His point is simply that good copywriting should come first and that thinking about keywords is secondary, if you think about them at all. He says “forget the search engines” and “never change a word of strong selling copy.”

Then you have, well, just about everyone on the Internet, who say that SEO is the only way to go. Aaron Wall, for example, is the author of SEO Book and maintains that choosing the right keywords and using them in the right way can rocket you to the top of the search results and boost your traffic and sales.

Who’s right?

This debate is like the direct marketing versus mass marketing debate. It’s two groups of people, each with a different marketing model, trying to lay claim to the ultimate truth.

The traditional direct response guys generally use direct mail or e-mail marketing to drive people to their sites, so they don’t care as much about search engine results. The SEO guys generally use keyword tactics to pull people into their sites, so they care very much about search engine results.

The two are not incompatible. In fact, they can be complementary. It’s just that each has chosen a different way to create traffic.

My view? Why not use both? Does it matter HOW you get results? Smart marketers use any and every tactic that works. Besides, if you really understand SEO copywriting, it’s really about understanding what people are looking for and using the right words to connect to them. Isn’t that what good direct response copywriting is supposed to do?

Related posts:

1. 5 simple SEO tips to boost your search traffic
2. 5 copywriting cheats to write better and faster