Course Details

In this session I will show you how to migrate your WordPress site between hosting companies.

If you are fed up with poor service, frequent outages or high cost hosting, this course is for you.

(more…)

In my opinion, Paypal is fast becoming the payment processor of choice for bloggers selling goods and services from their WordPress site.  There are a number of ways to integrate Paypal with your blog, I look at a few scenarios here:

Just In case .. What is Paypal?

Paypal is a credit card payment processor.  It acts as a middleman between your clients and you, processing transactions on your behalf.  They do the hard work of securing and protecting people’s credit card details, you simple accept money and pay a small fee in return.  You don’t have to have a merchant account for Paypal which makes it ideal for small companies or bloggers.

Paypal charges a fee per transaction of dependant upon your transaction value per month.  I pay 3.4% + 20 pence per transaction, your fees will vary by location.  There are no setup or monthly fees as there are with other payment processors.  Full details on transaction fees can be seen at the transaction charge page

If you don’t have an account, you can sign up at Paypal.com.

It goes the other way too, you can send money to people securely, but this post will concentrate on income rather than expenditure.  This is a gross simplification of Paypals services, but in a nutshell it allows you to send or receive money securely online.  Your credit card details are never sent over the net.  People trust paypal and will look for it over other payment processors such as WorldPay.

Now lets integrate paypal with our blog.

So You Want Payment

There are numerous scenarios where you may want to charge visitors to your site, I list them below with an integration idea:

Consulting Services/Service Contracts

You may sell a consulting service or sell your time at a fixed rate per hour.  If you do, using a paypal button is probably the solution for you.  Using this method, you set a small piece of html pointing to paypal which states your account details, the amount you want to charge.

There is a technical manual on configuring your buttons manually, or you can go to the button factory inside of your Paypal account and step through the process  from =my account->profile -> my saved buttons.   Below is a sample button for $0.01 so you can see the process in action, no refunds will be given 🙂

Donations / Tips

A popular way of monetising content is to offer your readers the chance to make a donation or leave you a tip. Paypal allows you to create a donation button in the same way you would create a fixed price button.  Simply  suggest that your readers may like to give you a tip with a big button and see what happens.

A neater way to do this is with the plugin Buy me a beer it integrates with your paypal account and places a call to action at the bottom of each post suggesting a reader should leave a tip if they enjoyed the content.

Membership sites

If you want to have premium content on your site, you may consider a membership site.  Paypal has a subscription facility which allow you to take recurring payments from your customers.

You can create a subscription payment button as mentioned above, and then manually add you members to your site.  The subscription service will take regular payments until your customer cancels the payment.

There are a number of membership site plugins which take this to a higher level, the hard work of coding paypal will already be done for you.  Simply specify your account details and the rest will be done for you, most importantly the process of cancelling memberships when a subscriptions is cancelled is done automatically and your content is hidden from the non-member.

The membership site plugins I have used are Your Members and  Wishlist Member.  Both of these are premium plugins.

Physical Product Shopping Carts

You may want to sell physical products using a shopping cart system such as Amazon uses.

Paypal has a shopping cart and checkout process, where you would add a button to a page or posts which would add an item to a shopping cart, you also place a checkout button on your site so payment can be collected.  This is a little cumbersome as html code needs to be added to each page, do I hear a problem which needs to be solved by a plugin …

I have used one e-commerce plugin which takes the hard work of creating product pages and integrating them with Paypal and it is called WP E-Commerce (the WordPress community is very boring with it’s naming standards I would have called it blog-u-shopper or WordPricer).

I am yet to be convinced that a blog is the best platform to sell stuff, a service such as Shoppify or an e-bay store is probaly better, but hey what do I know, if you are selling physical products successfully from a blog let me know in the comments section.

Pay to Post

Y0u may want to charge people to add a post to your system.  For example a jobs board where there is a fee to add something to your blog.  One of the simplest and best solutions I have found for this is a plugin called EasyPayPal. This also allows the simple creation of members only content so you really should check this one out.

Selling Ad Space

If you are in a position to sell Ad space on your blog, paypal may well be the processor you use.

You can setup an advertising page and setup paypal, buttons to sell ad space.  The other option is to check out an ad plugin such as OIO Publisher which allows you to sell ad space and integrate it with your Paypal account to accept payment.

Info Products

If you have an e-book or webinar to sell, how do you integrate paypal with your site to take payment before your content is made available for download?  The problem here is that you want to collect payment and protect your link until payment has been made.

wp-member the membership site solution I mention above does this as does EasyPayPal, but I would recommend you may want to look at e-junkie, this is an offsite payment processor and download fulfillment service.  This takes the headache of delivering your info. product to your customers, my mantra is always if someone will take on a headache for me and the cost is okay go with them.  The service starts at $5 per month.

Check Out The Many Paypal Plugins

There are a number of paypal plugins over and above what I mention, check out the plugin repository http://wordpress.org/extend/plugins/tags/paypal

Paypal Get’s My Thumbs Up

I hope this have given you some ideas for integrating paypal with your site.  I have only touched on the solutions here to give you a feel for what paypal can do for you.

I have been using Paypal to collect payments for my services since I started this site, the trust people have in Paypal increases your likelihood of a conversion.  I love the ease I can take payments, pay others and of course give refunds (I have a no fix no fee guarantee).  The charges sometimes feel a little high, but removing the hassle of credit card security probably makes up for that.

Need Help Integrating WordPress With Paypal?

If you need help integrating your blog with Paypal, I would be happy to give you a quote, please visit my service page and let me know your requirements.

Image by 59937401@N07

WordPress comes with a number of inbuilt user roles to control what registered users can do when they login to your blog.  I want to explain the various roles available and what capabilities each type of user will have.

There’s Just Me, Why Do I Need Roles?

If you are a lone blogger who does all the writing and administration themself then you only need two types of user;  readers who do not login and therefore don’t need a role and an administrator.  This post is probably not for you, but if this is your scenario, there are a couple of things I recommend:

1. Disabled new user registration to keep your blog watertight, this can be done from the WordPress dashboard -> settings -> general and uncheck anyone can register
2. Change the default displayed name of the admin account from admin to your own name.  This is done from  dashboard-> users ->edit the admin account -> complete first name and last name, then from “Display name publicly as” set your full name.  This just makes the blog more personal instead of a sterile person called admin writing all of the posts.

I Want a Publishing Empire Tell me About Roles.

When you create additional user accounts on your blog, you can then assign a user to a role, there are five roles subscriber, contributor,  editor and administrator.  Each has an increasing level of permission to perform actions (know as capabilities) on your site.

This post will take you through each role and it’s capabilities.  I will start with the least privileged and build up a profile of the additional things each level can achieve.

Update

Feel free to read the whole posts, but I’ve created a video tutorial to show you users and roles in depth.

[leadplayer_vid id=”506431D229224″]

How Are Roles Assigned

By default all new users created on your blog will be subscribers, an administrator level user then need to edit the user and assign it a new role.  This is done from the dashboard -> users -> authors and users -> edit the required user -> from the role drop down, set the user level.

Subscriber

Subscribers have the ability to read your blog posts.  This is the same level as unregistered readers and visitors to your blog so why do you need a role for this?  The answer is you may not need this level, but some blogs have featured available only to logged in and registers users.  Some of those may be:

• To leave comments, this is a spam control procedure
• To see certain posts
• For a private blog where only registered users are granted access, and creation of the users is left up to the administrator

There are various plugins which require a subscriber role so out of the box the subscriber role may not seem necessary, but each installation is individual.

Contributor

Moving up the scale contributors are at a level where they can create content on your blog.

The contributor can read posts, create and edit posts from the dashboard.  They can also delete their own posts which have not been published.

The point to note about contributors is that they can create draft posts but cannot publish them.  A more trusted user level is required to edit and make the post publicly available.

Author

An author is a more trusted level of contributor, they have all of the permissions of a contributor, but they can also publish their own posts, delete their own published posts and also upload files to add to posts e.g. images to include in posts or videos to play within a post.

Authors only have control over their own content, other authors and contributors posts can be read but not edited or amended.

Editor

When we reach an editor level we move into site wide permission territory.  As the name suggests editors have control over other users content to publish delete and create new posts, but an editor can also created amend and delete pages, have access to, and control over posts marked as private.  Check out the visibility of a post it can be public, password protected or private, only editors and above can see private posts and pages.

Editors can create categories, and blog roll link entries, moderate comments and even create and amend new users.

Editors are trusted members of your organisation, they can affect your blog at a fundamental level.  What they cannot do is change the look and feel of the site, for that we need an ….

Administrator

The admin level user is the super user for the site, along with all of the other capabilities discussed above, they can change the theme, upload and install plugins edit users and modify the look and feel of the dashboard.

Control of who is an administrator of your site is crucial for a secure site, harden the password and consider changing the login ID to something other than admin.

A last Word on Roles and Capabilities

If you have multiple people contributing to your site, make use of roles, assign them the minimum permission required to get their job done, you may have scrupulous procedures to safeguard your passwords, but do your contributors?  You may trust them but making them an admin level users when all they need to do is upload their post for editing is just creating a security loophole on your site.

Further Reading

http://codex.wordpress.org/Roles_and_Capabilities#Roles

Image by maikelnai

I’ve been working with a client on a performance tuning project, and it looks like this was in fact a hack that is slowing down the site, this is the first time I have seen this hack technique so I thought I would document it for the wider WordPress community.

The hack is in two parts, the first is a php directive in .htaccess the second is a base64 encoded file which holds the payload.

.htaccess

The hacker has added hundreds of white spaces at the bottom of the .htaccess and then buried a directive in there so a casual look at .htaccess won’t show the code up.  At the bottom of the file I found:

php_value auto_append_file /var/www/html/{SITEDETALSREMOVED}/wp/Thumbs.db

This directive tells the webserver to append the file Thumbs.db to all php pages it loads up.  This means that a little piece of code is added to each web page served up.

Thumbs.db

Thumbs.db is normally a thumbnail file often included on windows servers, I have uploaded this by accident a number of times, so it looks like an un-needed but safe file. in the case of this site, it has a base64 encoded payload of malware.

CODE DELTED BECAUSE MY MALWARE SCANNER KEEPS THINKING I HAVE BEEN HACKED 🙂

So this malware was being loaded onto each page as an additional footer.

Check Your Site Now

If you are seeing a performance hit, please check your .htaccess for this hack.

This week I’m running a live training event to teach people how to secure their WordPress site.

Would you like to learn more about hardening the security of your site and keeping hackers at bay?

WordPress and Security

WordPress is NOT inherently insecure, rather it is a victim of it’s own success. There are millions upon millions of WorPress sites, and the hackers are probing the defences of these sites for weaknesses that can be used upon this very large community for their nefarious reasons.

This training will make your site security more robust and less prone to attack.

When Is The Training?

The session is on Thursday 29th September at the following times

• 11am – 12pm Pacific
• 2pm-3pm Eastern
• 7pm-8pm UK Time

What Will I Learn?

You will learn my WordPress security hardening techniques to make your site much more resilient to hack attacks, including

• Why WordPress is a victim of security attacks
• WordPress security options
• Changing defailt table prefix
• Change default admin name
• Using security keys
• SFTP not FTP
• HTTPS not HTTP
• Using hard password across your installation
• Security Plugins
• Other security services
• Demo of a site being hardened

How Much Does It Cost

The training is normally only available to members of my WordPress training and support community, but this week I’m offering a 14 day free trial of the WP Owners Club, so you can test drive the club, join the live security training webinar and see all of the other member benefits.

If you like the club, leave your membership as is, if it’s not for you cancel your Paypal subscription before the 14 days are up and there will be nothing to pay.

Test Drive  Today

To test drive the WP Owners Club and join the security training at no cost, click on the button below.  You will be taken to a signup page where you can create a login ID, then go to http://wpownersclub.com/live-events to signup for the live training.

Image byellasdad

I’m running a live training event this week on Thursday called “Understanding wp-config.php”.  If you would like to learn more about this small but powerful configuration file read on.

What Is wp-config.php?

wp-config.php is the configuration file central to WordPress which tells your site how it should behave.

Most of us know that is contains database information, but there are a multitude of other uses such as securing your site, changing domain names, setting debug options the list goes on.

This training is to teach you more about this incredibly useful little text file and how it can help your WordPress site.

When & Where Is The Training

The training is on Thursday 15th September at the following times:

11am-12pm Pacific, 2pm-3pm Eastern and 7pm-8pm UK Time

The session is held online using a webinar format, so you can view the training from the comfort of your own computer, no travel or accommodation costs and limited time away from your day job.

What Will I Learn?

You will come away from the session with a deep understanding of what wp-config can do to your site including:

• What is wp-config
• Database settings
• Language settings
• Debugging with wp-config
• Changing domain names
• Security settings
• Memory settings
• Autosave and revisions
• Other advanced settings
• Securing wp-config

Cost

The session costs $29.00, for that you get access to the live event, and a recording of the event and pdf downloads of all the associated materials and links.

So the choice is yours, join live or get the recording to view at a time convenient to you.

Sign up For The Training

To join the training, click on the link below to go to Paypal IMPORTANT, after paypal has confirmed your payment, you will be redirected to another page to register for the event.

Seats are limited by the webinar software I use so join now to reserve your slot.

If a picture tells a thousand words, then I think a video comes in at well over a million.

Adding video content into your WordPress posts and pages adds huge impact.  We are visual creatures, we take clues from body language to help communication something missing from text only posts.  Information can be tightly packaged into video, something that would require a huge amounts of copy to convey.

Would you like to learn more about adding video into your site?

WordPress Video Training Session

I am running a live training event for my training community the WP Owners Club all about using video with your WordPress site. I’m offering a 14 day free trial of the WP Owners Club so people can join this training at no cost and test drive the other club benefits.

When & Where?

The training will be held as an online webinar on Thursday 1st September at the following times

11am-12pm Pacific, 1pm – 2pm Eastern and 7pm-8pm UK (Please note there is an option to select your local time when you register)

What You Will Learn

I will be teaching the following during the live training session:

• The benefits of video
• Type of video you can use
• Video hosting options
• Embedding video in WordPress
• Video analytics
• Video SEO
• A Note on mobile devices
• Demo
• Q & A

Here’s What You Need To Do Next

If you would like to take me up on my offer, here’s what you need to do:

1. Go to wpownersclub.com/sign-up (click on the big orange button at the bottom)
2. Create your free trial account by creating a Paypal subscription
3. Go to http://wpownersclub.com/live-events and signup for the webinar.

The trial is no cost, but seats are limited so join up now to reserve your spot.  I hope to “see” you on the call.