Keith Goodrum

The Ultimate Sales Letter

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Popularity: 16% [?]

Here is a demo of how to set up a redirect from plugin, wp-content & wp-includes folder…

Popularity: 50% [?]

Today I’m going to show you some tips to secure your WordPress blog. One day I while I was looking for information about computer security, I stumbled across Matt Cutt’s blog post about WordPress Security. That sent me off to learn about blog security.

Hacking blogs is becoming more popular. There seems to less attention given to protecting blogs, and that makes it more attractive. The most common goal is to use the authority of the hacked blog to build back links to a spam blog. They will hide the back links, and the blog owner is none the wiser.

These tips should make it less desirable to hack your blog. The idea is to try to make it not worth the effort, and go somewhere else.

So, here are 7 tips I’ve implemented:

1. Keep your WordPress updated - I would hope this goes without saying. One of the best ways to keep your blog secure is to have the latest version of Wordpress. Subscribe to the WordPress Development blog at http://www.wordpress.org/development/feed/. They announce any new versions or patches on their blog.

2. Keep your plugins updated - This is an area that can exploited if your plugins are not kept up to date. The newer versions of WordPress automatically alert you when a plugin releases a new version. But you still have to update them when the announcement is made.

3. Back up, Back up, Back up, Back up - OK you get the point. Are you willing to risk losing your blog if something happens? You don’t have to do it manually, there is a plugin that will back up your database. It called WP dbmanager. You can get the plugin here: http://wordpress.org/extend/plugins/wp-dbmanager/#post-340

4. Protect your plugin, wp-content and wp-includes folders - These folders hold sensitive files that can be exploited. Matt Cutts in his blog post Three Tips To Protect Your Wordpress Installation says to put up a blank index page in each folder. This prevents anyone from viewing a index of the contents in that folder. I took this one step further, and added a redirect back to the front page of the blog. So now when someone trys to look at one of these directories, they get sent to the home page of the blog.

5. Protect your wp-admin folder - This folder has some php files that are vulnerable. Just like the folders above you don’t want anyone gaining access to this folder. There is a plugin called AskApache Password Protect. It adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder. You can get the plugin here: http://wordpress.org/extend/plugins/askapache-password-protect/#post-2892

6. Consider changing your login username - By default the username for the administrator is admin. If you are worried that someone might be able to crack your password, then changing the administrator username could stop them.

7. Create a 2nd username for posting - Set this 2nd user up as a contributor, or author only. That helps protect your admin from unsavory types, and protects you from yourself. You don’t want to accidently change a setting while posting content. Hey, stranger things have happened.

This is just a start to make your WordPress blog more secure. There are other ways to further tighten it up. I hope you find these helpful, and as I learn more I’ll keep adding to this series.

The team over at BlogSecurity have done a great job of teaching people how to make their blogs safer. You can tell that David Kierznowski, Sarah Turner, Philipp Heinze, Mario Heiderich, Gareth Hayes, Marco Ramilli have worked hard on this project. I would like to thank them for their efforts.

You can go there and learn more: http://blogsecurity.net. They also have a cool blog WordPress scanner. It will scan your blog, and give you a report detailing the security of your blog. You can check it out here: http://blogsecurity.net/wordpress/tools/wp-scanner/

Please comment, and give any tips you have found to help further secure your blog.

Popularity: 49% [?]

Right off… I’m not a security expert. I’m just a guy who got attacked, and learned some hard lessons.

Let ask you a question…

What price do you place on security?

Getting your computer hacked, or email cracked is a crime of opportunity. These criminals scour the internet hunting for computers that are not protected, or have holes in their security. When they find a computer that is vulnerable, they will install spyware. Spyware, like keyloggers, will collect your personal information, passwords, bank account, credit card numbers & other stuff. They will then try to rob you! See what the FTC has to say about this: Botnets and Hackers and Spam(Oh, My!)

These people are often called hackers… but let’s get the facts straight. They are not hackers, they are thieves. They hide behind the anonymity of the internet & steal. They may not be using a gun, but the intentions are the same.

Here are the measures I took to better protect my computer:

1. Update your operating system - Operating system software companies will often release updates to plug security leaks. Most of the time these update are in response to security breech that has already occurred. It’s important that you keep updated, or risk intrusion.

2. Update all Anti-virus & Anti-Spyware software - You would think this is an obvious tip, right? Well, this is where I made a huge mistake. It turns out I thought I was automatically updating, but the updater got corrupted. I never bothered to check, and left a huge gap in my system. Make sure you have the current updates, even if you have it check manually. Don’t always rely on auto-updates. You’ve been warned!

3. Don’t stay logged into any accounts if you walk away from your computer. - Guilty again… I did this almost daily. This leaves your computer open to all kinds of bad things happening to it. Look at it this way… you don’t leave your car running with the doors open when you run into the store. And those of you that do don’t be surprised if one day you come out and your car has driven away.

4. Disconnect from the internet when ever you leave your computer. - Kind of related to the above tip. I don’t go out and run errands & leave the front door open… but I left my computer “open” whenever I left. I know it’s convenient to be able to plop down and instantly fire up the computer… but it’s asking for trouble.

5. Disable your browser password saver - Did you know that it pretty easy to view your passwords saved on your internet browser? I deleted all the saved passwords from both IE & FireFox. Check out what Amit Agarwal over at Digital Inspirations has to say about it… a real eye opener!

6. Change your passwords periodically - Now this one’s a real pain in the butt, however you should change them at least every 90 days. The longer your password stays the same, the more likely it could be figured out.

7. Use different usernames & passwords for each account - The good ol’ universal username and password… easy to remember, and fast to login to all your accounts. Come to think of it… that’s exactly why the criminals love them so much. Fortunately I did not make this mistake, and is probably one of the reasons damage was limited. It’s hard to keep track of all those usernames and passwords, but use the next tip to solve this problem.

8. Use Roboform & lock in down with a master password - Since you are going to be changing your logins often & using a different one for each account you need to have a way to keep track of all this mess. That’s where Roboform comes in. It saves all your passwords, and fills them in automatically. You can download a free copy here.

9. Install Key Scrambler - This is nice little plug-in for your FireFox & IE browser. Here is how QFX Software describes their application:

When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your browser. Keyloggers plant themselves along this path and observe and record your keystrokes. The collected information is then sent to the criminals who will use it to steal from you.

I like it because it adds another layer of security. You can download a free version here.

10. Never Stop Learning - Every new innovation or update is another tool to secure your computer. However you cannot relax or become complacent. These thieves are hard at work trying to crack, or bypass each improvement. It’s a constant battle between these crooks and the companies who create the software. You have to keep up with the changes and updates or the software will fail to protect you.

It’s your responsibility and not the company that created the software. If you don’t take the necessary steps to keep your computer protected, you will suffer the consequences.

For further tips check out these articles:

http://www.fbi.gov/cyberinvest/protect_online.htm
http://onguardonline.gov/spyware.html

Next, I’ll show you the steps I’ve taken to better secure my blog.

Popularity: 16% [?]

About 2 weeks ago I had a very disturbing experience. My computer got a keylogger installed on it, and caused some serious problems.

A keylogger is software used to log keystrokes, and then transmits the logs to a specified location. The original purpose of this software is to keep track of employees activities, or to keep children safe from predators.

Unfortunately, it also used by the dark side to gain access to private information on a computer. What these criminals are trying to do is get login information to emails, banks and other financial accounts.

Luck was on my side…

In my case, luck played a huge factor in limiting the damage. I happened to be logged into the first account these scumbags tried to take over.

I won’t tell you how, but they messed up one of the steps to change the password. I got an email alert, and quickly changed my password.

Later that day the scumbags logged back into that account with the new passwords. These Einstein’s made the same mistake as before, and once again I was alerted. That tipped me off that my computer had a keylogger.

I switched computers, and started changing passwords. I also got on the phone with the company these scumbags were trying to get into, and had the account locked down.

The next few days were hectic as I tried to find the keylogger software on my computer.

Keylogger software is designed to run in a stealth mode. This makes it hard to detect, and it took 2 anti-virus/spyware programs to find the little bugger. Once I deleted the keylogger, it was reloaded almost immediately. That tipped me off that a trojan reloader might also be on the computer.

It took a 3rd anti-virus/spyware program to find the reloader. I was able to delete the reloader, the keylogger, and finally the computer was clean.

The aftermath

Everything seems to be restored back to normal. (Knock on wood) I only lost one email account, and I have kept the one account frozen for the time being (just in case).

As I look back over the events I realize what had happened. I had gotten complacent, and a little sloppy. My biggest mistake was not keeping my anti-virus/spyware software updated. Unfortunately, that was enough to start the ball rolling.

I’ve spent the last two weeks shoring up my computer security, and will show you what I’ve done. This security quest also extended to plugging the holes on my blog.

Over the next 2 days I’ll show you what I’ve done, and how you can also shore up your security.

Stay tuned, because some of this stuff you already know… but some of this will be a real eye opener.

Popularity: 24% [?]

Frank Haywood gave away free his step by step methods he uses to climb the Google rankings. It was password protected, and you had to be on his list to get the information.

You would think that people would jump on this offer, I know I did. I’ve read his blog, and know he gives out great information on his public posts. I figured the stuff he reveals on protected posts would be awesome… It was a no brainer!

In his blog post “What Have You Learned?” he mentions that he saw 205 increase in his list size. He was not surprised to discover that less that 2% took him up on his offer.

Imagine, only 2% took action, and 98% did nothing. That seems to be a common theme.

Think about this… Here is a Guy who is running a successful internet business. He offers to pull back the curtains, and show you how he is climbing the Google rankings in a highly competitive search term. All he asks is for you to give him your name & email. And 98% of the people pass!

Why? Honestly I’m not sure. I know people have speculated, but I find it hard to understand.

It’s too late to get this information for free. However for $10 you can get this information and I can tell you that it’s worth every penny. You can get it for the next day or so - you can go to Frank’s blog for details.

Popularity: 9% [?]

Terry Dean’s post titled “E-myth Should Be Required Reading”, should be required reading, as well as the book. He says that this about the book:

“I read a ton of books, and this is one of the ones I read early on. It’s basic foundational material to running your own business, yet I’ve found a large number of people simply haven’t read it yet.”

He went on to say that a person who is good at a certain technical skill, gets hit with an “entrepreneurial seizure” and jumps into business. They are great at what they do, but are horrible at running a business. The lone business owner doesn’t have systems or plans in place to grow it beyond themselves.

Guilty as charged!

The above described me when I started my Window cleaning business. I was good cleaning windows, marketing, and was great at sales. The business grew like gangbusters. It grew so fast, and out grew my ability to keep up by myself. So, I did what you’re supposed to do… I hired people to help with the extra business. Things went great at first because I was on site with my crew. It was easy to teach them exactly how “things” were suppose to be done. I could inspect, teach and make corrections as we went along.

However things fell apart because there were no systems in place. It finally got to a point where I couldn’t be at every job to oversee the results. So, quality fell because no one had a guide to go by, and it drove my employees crazy. It drove me crazy because my employees weren’t producing the quality I wanted. It was a mess.

Putting in systems would have solved these problems.

Like Terry said creating systems is not easy. But, well worth the long term results.

Popularity: 12% [?]

Here’s a link to the book:

Let’s Toon Caricatures

Here’s a link to Keelan Parham’s blog:

http://keelanparham.wordpress.com/

Popularity: 18% [?]

Reading Ryan Healy’s blog post today Do Questions Work As Headlines? got me thinking…

Questions have always been a great sales tool for me over the years. Asking questions allowed me to customize each sales presentation to the customers needs. And of course, if you can show the customer how your product/service meets their needs… The sales is usually a forgone conclusion.

Questions work very well in selling for several reasons. First, Usually the person who asks the questions controls the direction of the conversation. Second, Questions are an important tool to qualify the customer, and gain important information.

Here is what Tom Hopkins says about asking questions:

The most powerful diagnostic tools used by all people in sales are questions. Like a doctor, your use of questions begins with general areas of need. Then, based on the answers you are given, you narrow your questions down to where you can readily determine the right cure or solution for the clients’ needs.

Asking Questions in your copy can usually get the opposite results.

Many of the top copywriting trainers teach that you should avoid asking questions. The idea is that you could get the wrong answer and lose the reader.

Putting a question in your headline is considered risky at best. Ryan Healy confirms this statement in his blog post. However, it’s not always the case. Recently, He tested a question in a headline and he was sure it would lose the split test. However the question headline won. Here is what he said:

Recently, I conducted a headline split-test for an upcoming real estate conference. The headline that won by a long shot was a question: “Would You Like 2008 to Be the Year in Which You Build the Foundations for Long-Term Real Estate Wealth?”

Why do you think this headline won?

I believe this question won for a simple reason. It entered the conversation that was already going on in the prospects mind. Traditionally people have used real estate to build long term wealth. The last year or so, has been rough in the real estate market. So, this is a question that real estate investors are asking themselves a lot lately.

This ultimately proves that there are exceptions to every rule. Don’t be afraid to use questions, but tread lightly.

Popularity: 22% [?]

It sounds funny to say that, but some people have that attitude. I’ve seen people actually say they can pick a winner just by reading the letter.   Nothing like a healthy dose of misguided confidence!

If that were true, then the big direct marketing companies like Boardroom, Phillips and Rodale wouldn’t need to test. All they would have to do is find these people, hire them, lock them in a room and make them read sales letters all day.

Imagine how much money they would save by not testing… they would have these folks pick out the winners and boom they would mail out the winning sales letters and rake in the big bucks.

If It Were Only That Simple…

It reminds me of when the newspaper will have the local stock pros in a competition with a monkey, or a dart board. They will give each contestant say $10,000.00 in play money and let them pick stocks. The contest will usually run for a couple of months. Each week they publish how each contestant is doing.

The paper will show a picture & profile of each contestant. It’s fun to read the stock pros confidently discussing their picks. They talk about past performance, P/E ratios, debt to income… Then the paper shows a picture of the monkey with his thoughts - Oh, oh, oh, oh, oh, oh, oh, oh, oh!

The best part is the monkey often will do as good if not better than the stock pros. This goes to show how unpredictable the stock market can be.

And Can Be Said For Picking Sales Letters.

You can never know how your customers are going to respond until it goes out there. They are anything if unpredictable.

The moral of this post…

Testing & tracking is the only way to find a winning sales letter. One of the easiest ways to test is by doing an A/B split test. Google has an excellent split tester called “Website Optimizer”. It’s free to use, and easy to setup. I’ve created a procedure videos showing you how to set an A/B split test with Google’s Website Optimizer. Here is the link to the A/B Split test set up procedure.

I forgot to mention the procedure videos are also free.

Popularity: 21% [?]