SAITDigital Marketing

Wordpress as a marketing platform.

Contact - Social Media

• MitchPopilchak– Twitter– Facebook– LinkedIn– Instagram– Google+– About.me

MitchPopilchak@gmail.com

Why?

• Why do you have a site?• What do you want your visitors to do or

experience on your site?• What is your call-to-action?• Are people signing up for your updates?• What would make your site a success?

What affects your ranking? Speed!

• Hosting• Theme• Images• Plugins• Sliders• CDN• DNS• Registrar

Hosting – Premium Wordpress

• WPEngine.com• Websynthesis.com• Getflywheel.com• $30 to $250/month

• GoDaddy – WP only $10/month – 1 site• Media Temple – WP only $30/month – 3 sites

Hosting – Shared

• Hostgator• Bluehost• Netfirm• GoDaddy• MediaTemple• http://en.wikipedia.org/wiki/Endurance_International_Group

• $5 to $10/month

400 to 8000 sites

Theme - Frameworks

• StudioPress/Genesis• Thesis• Headway• Pagelines• Woo

Themes - Premium

• Genesis (best)• ThemeForest (thousands)• MySiteMyWay (bad)• Elegant Themes (bad)• Woo Themes• Thousands more …• Be careful!!

Images

• Size• Naming– dsc_1234_03062014.jpg– glenmore_audi_A8_interior.jpg– Alt and Name ‘tags’

• WP Smush.It• Simple Image Sizes

My Plugin Selects

• Akismet• CommentLuv– Disqus or LiveFyre

• Google Analytics for Wordpress (Yoast)

• Wordpress SEO (Yoast)– Use all the settings!

• Optimize Database after Deleting Revisions

• Swiftype Search• Relevanssi• Gravity Forms• Contact Form 7

My Plugin Selects

• Better WP Security• Wordfence Security• Sucuri Security• Alpine PhotoTile for

Instagram/Pinterest• Easy Recipe Plus

• Redirection• Shareaholic• nRelate • BackWPup• W3 Total Cache• Wp Super Cache• Minify

Install and Remove

• P3 – Plugin Performance Profiler

• Theme-Check – Tests your theme for vulnerabilities and bad code

• Remove all unused themes and plugins!• Update your plugins regularly please!

How many plugins?

• Too many can slow down your site• Avoid the shiny plugin syndrome• Plugins add code – limiting the # of plugins

limits potential security holes• Shared hosting is not a friendly environment

for a site with lots of plugins

Fun for me vs Good for the user?

• Plugins make our lives easier • So before you add another plugin ask yourself– Do I need the functionality or ‘want it’?– Will it help my readers?– Will my business/site grow by adding it?

• Paid or Free????

Sliders – good or bad?• No one uses them• They slow down your site, which is bad for SEO• They create excuses for sparse content and thus, bad SEO• They create excuses to use Flash (what?!)• They force users to scroll to find the point of your website• They look like advertisements so people ignore them• Moving objects are too hard to focus on• They ignore a user’s need for control and self-paced reading• They lessen the importance of what really matters• They give users too many options, which makes it harder to make a choice• They lower conversion rates

(https://managewp.com/slider-alternatives)

Content Delivery Network (CDN)

• www.maxcdn.com• aws.amazon.com/cloudfront/

• Handles images, css, js

DNS security and protection

• www.cloudflare.com (pro plan)– Bot and spam protection– WAF (web application firewall)– Basic CDN

• www.incapsula.com– More secure than CF

• Handles HTML

Registrars vs Premium DNS

• GoDaddy• Namecheap• Register.com• www.cscgobal.com• www.opendns.com• www.dyn.com• www.comodo.com• www.easydns.ca

Email Programs

• Constant Contact• Mailchimp• MadMimi• Campaign Monitor• Email Brain• Send Stream• Benchmark Email

• Get Response• Graphic Mail• Boomerang• iContact• Vertical Response• Campaigner• Mailgen

Tracking

• Bit.ly (repli.ca)• Bufferapp.com

• Sprout Social• Hootsuite• Sysmos• ViralHeat

• Spredfast• UberVu• Google Analytics• Sprinklr• Radian6• SocialOomph• MediaFunnel

Backups – easy peasy right?

• Install a plugin and you’re good to go!• WRONG!• Backing up your dB isn’t enough• Disaster can strike at any time• Backup your whole site (files) regularly• Store the files in the cloud or on a thumbdrive

Backup Plugins

• WP Security– Has manual and auto dB backup built in

• WP DB Backup– Doesn’t work for me on GoDaddy

• BackWPup• Wordpress Database Backup (database only)• Wordpress Backup Plugin (files, images, plugs)

Backup

• Most plugins only ‘backup’ your dB.• What about restoring?– It can be a nightmare, trust me!

• Premium $$– blogVault– BackupBuddy– VaultPress (real-time)– SyncSage (local company)

Securing WordPress

• Remove the admin account• Install the basic security plugins• Remove unused themes and plugins• Update WP, Plugins, and Themes regularly• Have an admin user account for maintenance• Have an editor account for posting• Never display the “post” author name

Username vs Author /Display name

Securing WordPress

• Connect via FTP? Switch to FTP-SSL or FTPS if your hosting allows for it. Home or coffee shop, it’s a good practice.

• When logging in to wp-admin from anywhere but home/office, use an editor/author/contributor account. Limits the risk of interception of an admin account login.

Securing WordPress

• File Permissions (via ftp)

– CHMOD all files to 644– CHMOD all directories/folders to 755– CHMOD wp-config.php to 750– CHMOD wp-content/ to 644 (777 for updates)

• Change the dB prefix from wp_ (WP Security)• Use strong passwords, and not the same as

your gmail, etc.

Securing Wordpress (only for pros)

• Move your wp-config.php fileFor example:public_html/wordpress/wp-config.phpCan be moved to:public_html/wp-config.php

• Move your wp-content directoryOnce you have moved your directory you will need to make some adjustments to your wp-config.php file. Add the following lines:

define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' );define( 'WP_CONTENT_URL', 'http://example/blog/wp-content');

You may also need to define the new location for your plug-ins here by adding these lines to the file:define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' );define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');

Securing WordPress

• Create an .htaccess file in /wp-admin/

# BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L] # END WordPress

Securing WordPress wp-config.php/**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */define('AUTH_KEY', 'hr+t*O/I&B&J2nwMU44d');define('SECURE_AUTH_KEY', 'j9drDhHcQ 2@ FXGXjj=');define('LOGGED_IN_KEY', 'M)NxB1-IMrMOvzfUg&!m');define('NONCE_KEY', 'DVHBzX!*IEcyJs wb/$I');define('AUTH_SALT', '#3CGx3fk0RWgnk5598xt');define('SECURE_AUTH_SALT', '5jRxpF=yV)@bwgDdWC9_');define('LOGGED_IN_SALT', 'vTqj1RZ=y=-Nf#wg-aBW');define('NONCE_SALT', 'hFW_D-R!$O2y)Xr*xm14');

Securing WordPress

• Use your google webmaster tools• Check for keyword significance, crawl errors,

malware reports.• If your keyword significance reports unusual

pharma, adult or similar spam words your site likely has been hacked (cloaked).

• Fetch your site as a google bot (tools) and see if your site is cloaked to appear different to google bot.

Hacked?

1. Take down your site/blog2. Why? Because most hacks are executed with

scripts that attach to many files in your site.3. Just put up a maintenance page. Don’t

announce you have been hacked.4. Run you security plugins? You installed them

right?!

Hacked?

5. Change your WordPress, MySQL and hosting/ftp username and password.

6. Check all your header and footer files for any suspicious code, JavaScript, links, etc.

7. Happy it all looks ok/clean? Turn it back on.8. If this fails to work, then it’s time for a clean

install. Got those backup files? Backup dB?

Best protection?

• Backup dB• Backup files, images, plugins• Install security plugins• Complex passwords• Avoid ‘admin’ login from unsecured locations• Limit number of plugins• Update plugins and Wordpress• You will be hacked at some point.