ButlerBlog

chad butler's weblog

How I Saved Thousands Per Year on MailChimp Email Marketing

By Leave a Comment

How I Saved Thousands Per Year on MailChimp Email Marketing

MailChimp pretty much owns the email marketing space. They’re like the NetFlix of email lists. They were early to the game while providing a good product that was easy for non-technical users to use.

In fact, I personally used them for multiple companies I ran and controlled.

But over time, if your list grows, it can get mighty expensive to keep up with MailChimp’s costs (or any other list builder/manager for that matter).

MailChimp offers many great features for marketing automation and data management; but I found I was handling most of that work with other tools (like Mautic, which I’ll write about another time). MailChimp was primarily used for one thing – to send email to the marketing list.

If you’re not making use the tools, it’s ridiculously expensive to use MailChimp. So I began looking for alternatives that would save me money.

It’s important not to shoot your business in the foot trying to save money. Sometimes there are worthwhile investments and costs. But when an opportunity presents itself, it’s foolish to not consider it just because it’s cheap(er).

The problem is, almost every option out there has the same model – they have a free (or cheap) initial tier, but once your list is of even a small size, it starts escalating in cost quickly.

Enter Sendy

Sendy allows you to run your own email list system. While other tools are available to do this, most are complicated to use. Sendy is simple for even non-technical users to set up and configure.

Once you buy it, you own it. I like that feature – no ongoing costs for the software.

It’s relatively simple to install, configure, and maintain, thus the costs of ownership are minimal. As far as maintenance is concerned, you’re already managing your list with your current platform, and that’s 99% of the work with Sendy as well.

Some of the features Sendy offers are:

  • Reporting
  • Autoresponders
  • List segmentation
  • Subscriber management
  • Custom fields
  • Bounce, complaint, and unsubscribe handling
  • 3rd party integration

Couple it with Amazon AWS SES (Simple Email Service)

Amazon’s AWS SES email service is a cost effective tool for sending bulk email. The cost of sending email through MailChimp can easily run into thousands of dollars per year even for a relatively moderate email list.

AWS pricing is very cheap – $0.10 per 1,000 messages.

Wait, you say? That’s not cheap?

How about adding onto this the fact that if you use an Amazon EC2 instance to send (i.e. hosting your Sendy application), you can send 62,000 messages per month for free?

In full disclosure, you do pay a little for data in the email as well. When calculated out, it’s far, far cheaper than using a hosted service like MailChimp. I mean like “not even close” kind of cheaper.

Getting Started

Send newsletters 100x cheaper with Sendy!
Get Sendy today and start saving money on your email marketing!

Here’s a link for you to buy Sendy and get up and running quickly and easily:

Get Sendy today and start saving money on your email marketing

That’s an affiliate link. I make a little money on it when you buy it, but you pay the same regardless. So why not help this site out since it’s helping you save a bundle on your email efforts. (BTW, if you couldn’t figure it out from this article, I’m a satisfied user of Sendy myself. I don’t promote affiliate links for products that I don’t own and use myself.)

To sweeten the deal, if you’re a WordPress plugin developer, here’s an API wrapper I wrote that you can use in your own WP plugins to integrate with Sendy.

5 Common Issues with WordPress Security & How to Fix Them

By Leave a Comment

5 Common Issues with WordPress Security & How to Fix Them

With a market share of over 60% and 500+ new websites being hosted each day on the WordPress platform, there is no debate on the dominance of WordPress as a content management system. However, despite being easy to use and having unparalleled functionality, WordPress comes with its own set of security risks. 

Did you know that WordPress accounted for a whopping 90% of hacked websites in the year 2018? Harmful backdoor files were found in over 65%  of all hacked websites, and SEO spam messages in more than 50% of the them.

These security issues can severely impact your business. Here’s how:

  • Customers or visitors would be unable to access your site and you could lose valuable traffic
  • Company sales and revenue could be affected
  • SEO rankings might drop, and your website could be blacklisted by Google and other search engines
  • And finally, your site could lose its reputation and hard-earned brand value.

As a WordPress website owner, it’s critical to implement security measures and take the appropriate steps to fix common vulnerabilities.

But how do you even know what could put your website at risk?

To make your life easier, we’ve put together this list of the 5 most common issues that generally affect WordPress websites and their security. Let’s take a look:

1. Use of Outdated core WordPress & Plugins/Themes on the Website

Just like any other software tool periodically releases the latest version (or update), WordPress also has its share of releases. In fact, the core WordPress version goes for a major upgrade once in every 152 days, with the latest version 5.2 released on May 2019. 

WordPress has many plugins/themes that can be installed on your website to improve its functionality. Some of the popular WordPress plugins include Yoast SEO, Akismet, and WooCommerce, while some of the popular themes include Oshine, Divi, and Uncode.

Typically, hackers look for security-related vulnerabilities in your WordPress core and the installed plugins/themes through which they can damage your website. This is the reason why both the WordPress team and a majority of third-party plugin/theme developers release timely updates containing security fixes.

However, the real problem is that most WordPress users do not keep these website components updated. An estimated 52% of WordPress-related vulnerabilities are the result of outdated plugins.

How to fix this issue:

  • Download and install the latest WordPress released version.
  • Review all the installed plugins/themes on your website regularly and update them. You can do this from your WordPress dashboard (as shown in the sample screen below).
Keep WordPress plugins up-to-date for better security!
  • If you are managing multiple WordPress websites, updating each of the installed plugins/themes can be a cumbersome and time-consuming task. You can use plugins with wordpress management features to simplify your task. They allow you to update all your components (across all websites).
  • Follow the practice of downloading your plugins/themes from the official WordPress repository or trusted websites.
  • Get rid of all abandoned or unused plugins/themes that have not been updated recently by their developers.

2. Website Hosted on a Vulnerable Web Host

Your web host server can determine the overall safety of your website to a large degree. Let’s look at the two primary types of web hosts and how they impact security:

  • Shared hosting

As the name indicates, shared hosting comprises of multiple websites hosted on the same server. The hosted websites share various server resources, including disk space, server bandwidth, and database tables. Compared to other types of web hosting, shared hosting is more cost-effective and budget-friendly for WordPress owners.

However, the flip side is that shared hosting can compromise your website security. For example, hackers could host their websites on shared hosts to gain easier access to the other hosted websites. If a site on a shared host is hacked, it usually leads to the compromise of all the other sites.

  • Managed hosting

Although more expensive than shared hosting, managed hosting is a safer option because the entire hosting server is dedicated to your website. All the server resources are available for your website. Some of the security features that managed hosting offers include firewall protection, malware scanning tools, and access management.

How to fix this issue:

  • Check with your current web host provider on the security-related services that they provide.
  • If you are currently on a shared web host, switch to the more secure managed hosting platform.
  • You could also migrate your entire website to a different web host provider or web domain. If you want to perform website migration with minimum impact on your live website, use a free migration tool like Migrate Guru.

3. Weak WordPress Login Credentials

Did you know that even in 2019, online users continue to use weak passwords such as “123456” and “password” for logins? Many WordPress users with “administrator” rights are assigned a default username of “admin” and do not change it. This practice is one of the bad habits of site management. It makes it easier for hackers to gain illegal access to your WordPress account and access your critical website files.

Among the primary means for exploiting login page vulnerabilities, brute force attacks top the list and are growing stronger by the day. A brute force attack deploys automated bots to try and gain access to login pages by guessing the user credentials. If they gain access, they can damage your website by:

  • Stealing confidential data, such as user details and financial records.
  • Leaving behind backdoors for re-entry at a later stage even after a complete cleanup.
  • Redirecting the web pages to other unsolicited sites.
  • Adversely impacting the overall website speed and performance. 

How to fix this issue: 

  • Always choose a strong login password with a combination of special and alphanumeric characters.
  • Use a unique username specific to each user instead of generic usernames like “admin” or “user1.”
  • Follow a practice of changing the passwords of all your users regularly.
  • Deploy the effective CAPTCHA tool for your login. It restricts  the number of failed login attempts to thwart brute force attacks. It is also useful in distinguishing between a human user and an automated bot. 
  • Block all login requests from bad or suspicious IP addresses that are generally used by hackers worldwide.

You can use Word-Based password plugins to create strong passwords 

4. Improper User Management

In addition to deploying brute force attacks, hackers try to gain access to your WordPress account by using your WordPress admin credentials. Why? Because with admin access, they can inflict maximum damage. For example, they can corrupt crucial website backend files that are not accessible to other users.

To avoid this issue, WordPress allows you to create 6 different user roles with their own set of privileges. These include:

  • Super Admin user who has the complete set of admin privileges on multiple websites owned by the business.  
  • Admin user who has complete “admin” privileges but is restricted to one website.
  • Editor who has no “admin” rights and can only publish and manage user posts on the website.
  • Author who has the rights to publish and manage their submitted posts on the website.
  • Contributor who can write their website posts but does not have any “publishing” privileges.
  • Subscriber who has the least level of user rights and can only create or update their user account or profile on the website. 

Assigning “super admin” or “admin” rights on multiple WordPress users can seriously endanger the overall security of your website. The key is to assign user roles and privileges based on careful evaluation of each user’s role and tasks. Through proper user management, even if hackers gain access to user accounts of a “contributor” or “subscriber,” they gain limited permissions and can inflict minimal damage on the website.

How to fix this issue:

  • Assign the “Super Admin” role only to website owners (particularly if they are managing multiple websites).
  • Restrict the total number of users with “admin” rights. Only assign this role to trusted and experienced users who have prior experience as a WordPress administrator.  
  • Assign user roles and privileges based on the scope of their responsibilities and work.

5. Lack of SSL Certification

Secure Socket Layer (or SSL) is a prescribed safety standard used to encrypt website data and safeguard the website. An SSL-certified website (for instance, https://<website_name>.com) can secure the communication between the website server and the user’s device or browser. 

With the growth of online transactions, users often share sensitive information details over the Internet that can be highly risky. These include information like bank account number, credit card number, or bank details. An SSL certificate encrypts this information, ensuring that the data is only shared with the intended user.

How to fix this issue:

  • You can check with your web host provider if they can provide an SSL certificate for your website. Alternately, you can log in to your web host account and check if they have provided you with an “SSL” option. After an SSL security certificate is installed, the website URL will be preceded by “https://” and a padlock symbol will be shown in the browser address bar.
  • Ensure that all your “http” webpages are redirected to “https” domain. You can use automated tools like Really Simple SSL to easily configure your website for the “https” domain.

Despite security measures, things can still go wrong with your website. It is imperative to use reliable backup solution which acts as a safety net in this case. We highly recommend investing in an automated backup plugin like Updraftplus or BlogVault so you have something to fall back on in case of a security attack.

A quick recap:

In this article we looked at 5 of the most common issues with WordPress Security and how to deal. Let’s quickly look at what we have learnt.

  • Keep the WordPress Core, Themes and Plugin updated.
  • Employ a secure managed web hosting provider.
  • Use strong user credentials.
  • Evaluate and assign User roles carefully.
  • Use an SSL certificate to secure your site and keep the website data encrypted.

By resolving these 5 common WordPress issues, you can significantly improve the overall security rating of your WordPress website. While there is never 100% guaranteed security against hackers, we’re all better off safe rather than sorry. 

5 Things You Need To Know About Cybercrime For 2018

By Leave a Comment

5 Things You Need To Know About Cybercrime For 2018

Cybercrime, put simply, is any crime carried out over either a network or a computer (or both).

A criminal may have many different motives, be it to damage or disable a network, to spread malware and false information, to infect a computer or network with a virus, or to steal customer information from a company and then hold that information for ransom.

We also live in a world where cybercrime is a significantly greater threat than most people realize, with an average of one new hacker attack every 39 seconds.

This is just one of several startling statistics and trends that we are seeing today in 2018.  Here are five more trends that we are seeing as well:   [Read more…]

Archives

Site powered by WordPress, running on the Genesis Framework from StudioPress.

Unless otherwise noted, content on this site is © 2006-2020 ButlerBlog and may not be reproduced without express written permission from the author.