Monetizing WordPress: Going Beyond Ads

Lots of people make money with WordPress.  In fact, a large number of people make their primary income using WordPress as a framework.  Some use WordPress to offer information as a service, while others use the WordPress framework itself to offer a software service (SaaS).  Those folks deserve their own dedicated article, but for today we are focusing on the weekend WordPress warrior.  The people that have day jobs and other primary incomes, supplementing it with their WordPress ventures.

This article is all about how they do it.

Besides ads, there are other ways to monetize your WordPress site.  The following are different strategies, plugins or themes that will help you squeeze a few (or a lot!) dollars from your site.  Keep in mind, the best websites are not overly monetized.  Choose a few strategies that fit with your mission and vision.  Make sure they also fit with the “feel” of  your website and target the right kind of visitors.

1. Affiliate Sales

affiliate

This is perhaps the close runner up to advertisements.  Maybe it’s even #1.  Ads rely on volume and quality of visitors while affiliate income can grow with smaller numbers.  You still need the right kind of visitors though.  For example, if your site focuses on WordPress themes, people who visit probably aren’t looking to buy premium plugins (and therefore sales generated from your website will be infrequent).

The best affiliate accounts have tiered plans that pay you a small percentage when other people become affiliates.  But these plans are becoming less common.  Another good plan to look for has recurring payments.  Elegant Themes is an example of a program that pays affiliates every time someone you sent them renews their membership.

2. Premium Content

pay wall

If you are a content producer like a blogger, offering extra special content for a select group of visitors can generate some income.  In order to do this, you should have a pay wall installed.  This works best when you already have a large group of dedicated visitors.  It also requires a clear line between what constitutes free content and premium content.  This isn’t absolutely required but helps define your model.  An example could be providing simple tutorials for free, while reserving the complex or detailed tutorials for premium users.

3. Develop a product

wp product

If you’ve got a WordPress related website going, you can create a WordPress related product to sell.  This can be tricky if you’re not ready for success.  We’ve thought about developing a theme here at Pingable but decided not to because we couldn’t provide the level of support customers might need.  Developing a free and premium version of a product is another strategy that pulls in users.  This too requires a level of continues availability that you have to be prepared for.

A product can be something tangible or more virtual.  A good “starter product” might be an ebook or comprehensive guide to something.  This doesn’t require the follow up support of a theme or plugin, but may still generate income if the product is good enough.

BONUS TIP: I am a fan of the bait and switch model.  This isn’t as bad as it sounds.  I believe you should offer a quality product/service/content first, then monetize.  Ever seen a blog with five posts and twenty advertisements?  Looks pathetic, right?  The highest quality sites (read: SmashingMagazing.com) have fewer ads but charge more for them.  They started with a simple design and really high quality content.  The ads came later.

4. Donations

donate

You wouldn’t think so, but donations can go a long way.  I recently stumbled upon this website, that ONLY uses donations to support their work.  It makes sense that people who use your website frequently and find it valuable will throw you a few dollars as a thank you.  If you are truly providing something useful, and have lots of visitors, the money can really add up.  This plugin will do the trick.

How have you monetized your WordPress site?  I’d like to hear about it.

 

Useful Security Modifications for WordPress

WordPress is pretty secure, especially when compared to our content management systems.  We’ve put together this handy infographic on WordPress security issues.  This post is an update with some tweaks and plugins that can help tighten security on your WordPress site, and (hopefully) prevent hacking.

1. Keep WordPress Updated!

This is not a hack or a plugin, just common sense.  The WordPress team is constantly working on updates that address security vulnerabilities first.  Everything else comes second.  So updating WordPress with every stable release is critical.

2. Deny Access to wp-content directories

Most of the critical files are kept in these directories, and mean people can execute harmful code by getting into these directories.  Lock them down by adding an .htaccess file within the wp-content directory.  In the file, include:

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>

3. Remove the WordPress version from your meta description

This will make it slightly harder for people to identify in which ways your site may be vulnerable based on the version of WordPress you are using.  Of course, since you followed tip #1, you have the latest version.

4. Change your database prefix

The default prefix is wp_ but you can choose anything during install.  This is a trickier process after install.  Change your database prefix to something only you know.  If you’ve already installed WordPress, and you most likely already have, check out this comprehensive tutorial on changing the wp_ database prefix over at WPBeginner.

5. Prevent all directory browsing

The WordPress file structure is so well known, it can be predicted and browsed, and the information found there can demonstrate certain vulnerabilities.  Add this to your .htaccess file:

# directory browsing
Options All -Indexes

6. Deny access to the wp-admin directory

You need access to this directory, but nobody else does.  Limit who can access this directory based on their IP.  If you have a dynamic IP, this is not a permanent fix.  Remember to always backup your .htaccess file before making any changes!

order deny,allow
allow from [enter your ip]
deny from all

7. Password protect the wp-admin directory

As an alternative, or complimentary step, you can password protect this directory through your hosting control panel.  If using cPanel, under the “security” category, choose “password protect directories” and follow the instructions from there.

8. Change your admin username

The default is admin.  For obvious reasons, it is more secure to set a new and secure username and password.  Choose something nobody would guess (not like mydomainadmin).  Along the same lines, choose a super-secure password, something randomly generated.

9. Prevent brute force attacks

Install the Login Security Solution WordPress plugin, compatable above version 3.3.  This plugin has a number of features that make it more difficult (but not impossible) to hack WordPress.  Most notably, the plugin will slow down the login response time if it appears someone is maliciously trying to log in.  It also adds a great deal of features related to password quality, including an option to require a new password every xx days.  Nice.

10. Move the wp-admin directory altogether

The easiest way to do this is with the Better WP Security plugin.  This plugin comes with all sorts of other security related features but it allows you to quickly change the login URL.  Why change it?  Two main reasons.  First, people can navigate to yourdomain.com/wp-login and get instant verification that you’re using WordPress.  And, because of #8, they may even have your username.  If you didn’t set up a strong password, you’ve essentially invited someone to break in.  The plugin also changes the wp-admin and other dashboard links so something with basic WordPress knowledge can’t stroll right in.

What have you done to protect your site?  Let us know in the comments or send us a message through our Facebook page.

Super Helpful WordPress Tutorials

One of my favorite perks of being part of the WordPress family is the constantly fresh content.  Because there are so many creative folks working as part of this community, there is a constant feed of really useful tutorials.  I have gathered some of my favorite, recent WordPress tutorials to help the intermediate to advanced WordPress admin.  They range from simple to complex but all are lead to some sort of time or energy savings.

Note: I haven’t tried all of these tutorials so, as always, backup your WordPress site before trying any significant changes.

How to incorporate QR codes into your WordPress site

Quick Reference or QR codes are frequently used in print media to allow people to visit a particular URL using their phone’s camera.  So why would you need them on a website?  A QR code allows a user to take website content on the go without having to re-navigate to the content.  It’s like a “to-go” box.  Check out the tutorial here.

How to modify the dashboard for your clients

Many of us use WordPress for our own personal use.  And many of us use it for our clients.  I find it the best platform for use with my clients because I can easily train them to update their own website.  Over the years, the WordPress admin has gotten a bit more complicated though, and the simplicity is still too much for some low-tech clients.  This tutorial describes how you can simplify the dashboard even further.  This strategy also prevents clients from messing with things they have no business messing with.  Read it here.

The complete guide to custom post types

Custom Post types are all the rage with premium theme designers.  They make a powerful WordPress site into a “superpower” but allowing custom designs based on the type of content or post type being accessed.  This guide from the ever-reputable Smashing Magazine claims to be the complete guide (until the next version of WordPress anyway).  Get it here.

How to allow your visitors to generate content for you

User-generated content is a dangerous game.  A WordPress admin must walk a fine line in order to solicit quality, original content.  Also, specific measures must be taken in order to ensure the security of your site.  Allowing users to create posts without moderation or proper security opens your WordPress site wide open to hackers.  So tread lightly!  Since WPMU was incorporated into the core WordPress, it allows more options to facilitate a user-fed blog.  This tutorial explains all the different options including posting without registration (not recommended for the reasons mentioned above!)

Using A/B split testing in WordPress

Marketing is critical for the success of any blog.  Especially for those relying on user-numbers to be successful.  A/B split testing, simply put, is the testing of multiple strategies to determine the most effective.  Many advertisers try two different ads and measure which is more successful.  They then test a third, fourth, etc. types of ad against the most successful of the previous test.  This method constantly ratchets up the effectiveness of an ad.  If the original ad out performs the new ad, the old one is used instead of the new one.  Quite simple really.

This tutorial at WordPress Beginner (don’t let their name fool you!) integrates Google Analytics into the equation which provides more data than even more enterprise web teams need.  This tutorial specifically focuses on changing website layout, content or other organization in order to capture more visitors or conversions.  This is a great strategy for even basic users who wish to market their website.

Image courtesy of WPBeginner.
Image courtesy of WPBeginner.

If you have a favorite WordPress tutorial, I’d love to check it out.  Please share it in a comment or send me a message via our Facebook page.  If your tutorial rocks, I’ll consider posting it on Pingable!