Good afternoon and welcome to day three of disaster week here on AI themes training, sponsored by theme security Pro, we got a great week of WordPress security education with some real WordPress security experts. The first day we heard from Kathy Zant, who gave us an excellent overview of the big picture of WordPress security and the things we really need to watch out for. And then yesterday, we heard from both Michael Moore and Timothy Jacobs, from the themes team about how to specifically use I think security to protect your site. So we've had a lot of great education. If you've missed any of the content so far this week, right down there below the chat room, and I themes.com forward slash chat, you will see the green button that says watch replay videos. And that's where you'll be able to see all the replays. So we'll have the replays from today up a couple of hours after we wrap up today. The slide downloads are there as well. And the live caption link is there as well, you can download the captions or listen to the captions. As the video is going all at that link for watch the replay videos. If you want the live caption link today, the blue button view live transcript is working, I'm also going to drop that link in the chat room. And for those of you who missed it earlier, here is the download for the first session. This is the document that you're looking at on your screen now. So you'll be able to follow along with everything I'm talking about today, which is specifically aimed at providing security services to your clients in WordPress care plans. This is really important. It's a passion of mine. And we'll be talking all about that in the first hour how to package and sell your care plans. And in the second hour, how to leverage AI themes products to provide all the things you need for your care plans. Now a few bits of housekeeping before we get started today. We do have some great deals running this week alongside WordPress disaster week alongside the chat room actually over in the sidebar, you will see a couple of deals first. There are individual deals on the i themes plugins. So I think security pro Backup Buddy, I think sync and Backup Buddy stash off site storage 35% off of all those licenses through tomorrow, using that coupon code disaster 35. If you click those links in the sidebar, it takes you right to the cart to purchase with that coupon code applied. Or if you just like to get all the plugins, you can get the plugin suite 40% off it's gosh, I think that's that's the best deal I've seen this year 40% off the plugin suite, again through tomorrow with that code disaster 40 Or just click the big blue button that says Save. And that will add that to your cart with the coupon code applied. So those are special disaster week deals. And they are ready to go. A couple of additional things, we would love to hear from you about your thoughts about disaster weeks, I'm
gonna drop a link in the chat now. There's a survey there take about three minutes, we'll send you some cool swag if you participate. And also, if you are an i theme security user, we would love to have a testimonial from you. And you just send us an email at updates. And I themes.com with your testimonial, we'll send you some swag for that testimonial as well. And Kristen even told us yesterday, and am I right? Right on this, Kristen, that will give you a backlink to your website, in the testimonial. So that's huge SEO benefit, because I think has excellent Google placement. So backlinks are good. All right. One other thing I will request this is slightly different than the other two days of disaster week in that I'm the host and presenter today, which means there's not really anybody collecting questions throughout. So what I'll ask you to do, it will be very, very helpful to me if you contain your questions to just what we're talking about right now. So like other types of questions, we'll have a wrap up q&a At the end, you'll have an opportunity to ask them, but like I'm not going to be able to remember all the questions that come through, I'll try to catch questions in context about what we're actually talking about at that moment. But if there are other questions that pertain to something that I'm not talking about, right at this moment, please just hold those until the end, and I will. I'll get to those when we wrap up each hour. Okay, so again, our overview today. First, we're going to talk about packaging and selling website care plans for clients. Then next hour, we will be dealing with using items products to actually put the mechanics of a care plan together. Now, there's a lot of new names in this disaster we got in the attendee list and I love that it's I hope you've enjoyed this week. And I do want to invite you to come back to other I themes, training webinars, we do a lot of free training, and most of what we do is not about AI themes products. If you take a look at our schedule over@training.ai themes.com There's a bunch of free webinar Coming up, for example, on Tuesday of next week, I do a monthly WordPress news roundup, where we get that look across the ecosystem of WordPress and pull in some interesting news. We've got a great webinar coming up next Wednesday, using a service to capture, basically cart abandonment for membership, plugin software.
We have a plugin roundup each month, where I look at plugins in the WordPress directory and give you a list of 12 to 15 of those each month. Lots of fun in those are all free for anyone to participate in. Okay, so let's get started, shall we? So for those of you that are relatively new to I think straining, let me just if you're not familiar with me, again, my name is Nathan Ingram. I'm the host here dye themes training, that is one hat that I wear. But I've been working with clients building websites since 1995. I've been at this a long time, I've been all WordPress, since 2010. I started working with WordPress in late 2008. And the majority of my time is spent running our little agency down here in Birmingham, Alabama, where I live. So we build and manage WordPress websites. That's what we do, we try to do it really well. And we offer care plans to our clients. And that is really the foundation and the the foundation of the revenue for our agency comes from care plans. And so this is something I've been doing for a long time. And my goal here in the next couple of days is essentially just to show you what I do. I'm going to explain the why and the how behind using I think products for your care plan. And hopefully, it'll be helpful to you, you'll pick up a thing or two along the way. Now today, again, we're talking about selling care plans to our clients. But I want to take a step back and get a running start at that subject, which is this and if you've been around any of my training, this is a phrase that is not unfamiliar to you. And that is my absolute belief that recurring income recurring revenue is the foundation of a successful business. Whether you're a freelancer solopreneur, whether you have a small agency, large agency doesn't matter. If you're going to do web stuff with clients, you must have recurring revenue, it is virtually impossible to survive without it. So about eight years ago, I started coaching people who do WordPress stuff with clients, people who own agencies or freelancers, I began doing some business coaching with them. And one of the first focuses of a coaching engagement is always what does the recurring revenue look like? And how can we make more of it, because that is where success lies. If you want to be in this business. If you don't have a growing stream of recurring income, then you are completely dependent upon consistent sales for survival. Now, that's important because most people and you may be the exception, but most people who get into the website business or technical people, and you know, we're not sales people really like sales is the thing that we like the least in most cases. Now, again, you may sales may be your strength, but that is not typical for people who are doing WordPress stuff with clients. So if you if you're not building recurring revenue, you have to sell, sell, sell, and you end up living project the project. And then you only get paid when the client supplies the website assets to finish the job. How many of you right now today, have a project with a client and you are waiting on content waiting on assets of some sort? Pictures, words, video? Yeah, it's a common problem. And it might take you days, weeks, months, maybe years to get all that content from the client. And it's tough because I can't get paid until I launched the site. And I need to get paid. That's where recurring revenue comes in. It helps to take some of the pressure off from selling and billing. So if you're not building recurring revenue, you're basically you are walking a tightrope, you're running a business without a safety net. So here's the thing, you need recurring revenue, and your clients need a care plan. It's a match made in heaven. So that's what we're going to talk about today. And just a quick little note here, I may use in this in this talk, the terms website care plan, Wordpress, management, WordPress security, interchangeably and as part of one another. I'm all really talking about the same thing. Keeping a WordPress site well managed, secure up to date backed up, keeping the WordPress site healthy. That's what we're talking about in a care plan or WordPress management or security packages. The idea in this whole first hour is helping the client understand why keeping their website healthy is important and how you're going to help them do that. So One of the and again, little disclaimer here, these are my own recommendations comes from me, just trying to be helpful here, not necessarily endorsed by themes. This is my take on working with clients doing WordPress. So if you want to build recurring revenue, and you are building WordPress sites for clients, selling a WordPress care plan is the starting point. Because you've built the client relationship, the client, essentially, if you if you haven't realized this yet, hopefully you'll realize it now that the client is not buying the features of WordPress, what they're buying is a trust in you, they hire you because they trust you. You've done something said something, you've got some, you've been referred to them, for some reason they feel comfortable with you, and they trust you. And you have this great capital of a client relationship. So maximize that value for the long term in a care plan, not just a sell a one off project of building a website. Every WordPress website needs ongoing care. You should be offering these services to the client along with the initial build. Now the challenge is explaining the clients why? Why do I need a care plan? And that can be a challenge. Let me hear from you in the chat room. Give me a one to 10 on how difficult it is to explain to clients why they need a care plan. One is it's easy. I have no problem 10 Is I have trouble convincing clients that they need a care plan. Give me a one to 10 there in the chat.
So all over the board so far. Yeah. All right. So the challenge is a lot of clients aren't tech savvy. That's why they hire you. Right. So they don't understand the challenges, or the benefits of keeping a site healthy. So we have to explain why it's important in a language that even a non technical client can understand. Okay, now, let me give you what I think are the two most common mistakes by the way, I've made both of these. And so I'm very familiar with each and in hundreds and hundreds of coaching conversations over the last eight years. These are the two most common mistakes that come up, as I'm working with others who are trying to do what we do. And the first is what I'll call presenting security as an option. WordPress security is not an option. It's a necessity. If the client wants their website to stay healthy. A lot of times we go into it, you know, we go into a care plan conversation with the mentality of Would you like fries with that. And that's not how we need to present a care plan. It's a necessity. Like if you're going to have a WordPress site, you need someone who knows what they're doing, watching over that website. So a care plan is not an optional extended warranty like retail places or car dealerships like to sell a care plan, if we're going to use a car analogy is more like regularly scheduled maintenance, oil changes, fluid checks, rotating and balancing the tires. If you skip those regular maintenance things, your car is going to have problems sooner or later. And WordPress management is the same thing. WordPress needs to be cared for. So sometimes if I come into a conversation with a client that I'll call them budget challenged, I will tell that client I would rather see you spend less on the website project so that you have enough money this year to purchase a care plan. Like let's scale back the scope of the project. So that there's enough room in your budget to fit the monthly care plan cost. It's that important. So when you are presenting security, WordPress care plans, WordPress management to the client, in your proposal, it's all bundled into the same, the same conversation, like there's the cost to the build. And there is the cost for the management, right. So we present those as not as an option but as part of our pricing structure. Now, here's the second mistake. My goodness, I've made this in the early days of selling care plans. And that is waiting until launch to mention the care plan. Anybody else besides me ever done that before? Like you get the build and you know, you sign the client to the contract at this price and oh, by the way, I'm gonna need to charge you a certain amount of dollars every month to keep this thing hosted and managed and secure. And this is a problem right? Because if you wait until website launch to introduce The client to the concept of the care plan, in my experience, you will rarely sell the care plan. In fact, it's likely the client is going to feel taken advantage of. And I don't blame them. Like they thought this you know, the price to build the the website was the price all in. And instead now they learned there's a monthly cost involved and I don't blame them for feeling taken advantage of or hoodwinked. I certainly wouldn't like that. So the key to selling WordPress care plans is education. And that discussion has to begin from your first meeting with the client, it has to start at the first conversation, like when I sit down with a client for the first time, and we're talking about, you know, what it is this website they're trying to build and why and what their goals are. When I give them an idea of pricing at the end of that conversation, it includes not only the cost of the build, but also the cost of managing the website on a monthly basis, it should be in your proposal. That is the cost of the care plan is just as important as the cost of the initial build. All right, so education is the key. Gotta start in that first conversation. Let me pause for a minute and look back in the chat. Any questions up to this point? This all makes sense so far.
All right. So Andy has a question. I have a client that says Why should I pay for a service you should provide anyway? And what do you do if I don't want the service? And that is a fantastic question. Alright, so why should I pay for a service you should provide? Okay, so I would challenge the legitimacy of that first statement, what do you mean, I should provide security for your website, like there's a cost, that's that's like saying, a car dealer should provide, you know, tires and brakes for a car, for as long as you have it. And maybe some, I don't think any car dealers do that some do oil changes, that just depends. But that's it's a different thing, like buying a car is different than putting gas in the car. Like you can't, it's it's a different thing. So the best thing I can do is to take it out of the technical in the technical sphere and get this conversation into something the client can relate to. So it's even better if you can, if you can relate it to the client's actual business. So analogies are your friend, and trying to get rid of technical jargon to help the client understand? And the second part of Andy's question is a good one. What do you do if they don't want the care plan? And this is a great question. I have started not taking builds, if the client doesn't want a care plan, because a lot of the plugins that we use, for example, we're building sites with premium themes and plugins, and the licensing for those themes and plugins are part of the care plan. So if we don't have a care plan, then we have all these licensing issues with the tools that we're using. And it's just it's too far out of my normal system of doing things. I have told the client know, when they don't want a care plan. Now, that's a decision you'll need to make. But for me, it's a deal breaker. It's a deal breaker. Alright, does that help? Andy? Sound says a local bakery owner does not know anything and doesn't seem to value it much. How do you demonstrate the value? We're gonna talk about that as we go. So hold that question. Okay, so here's how I present a care plan to the client. And you are welcome to completely steal this if you would prefer. So I call it the four walls of protection. And I will oftentimes take out my tablet and draw a box or you know, if we're in a coffee shop out, there's a napkin, I'll draw it on the napkin, whatever, I do this visually with the client. So I explain what each of these four walls are and why they're important. Okay, and you can remember the four walls from the acronym hubs, H UB s hosting, updates, backups and security. Right, H UB s hubs. Those are the four walls of protection that keep a WordPress site safe and well managed. These are the four big picture things that we provide in the care plan. Alright, so let's talk about each of those. So let's start off with WordPress hosting. Now, at this point, the client may or may not be familiar with el cheapo low quality $5 A month $10 A month shared hosting. Maybe they do maybe they don't if they don't, it's not something I'm probably going to bring up. But if they do it or do we have hosts we have Have our website and it's hosted with fill in the blank website hosts that you're not ever going to work with like you don't want really low quality hosting, can I just use my fill in the blank, hosting provider. So the way I have that conversation with clients is, I'll say, look, there are cars for $500 out there on Facebook marketplace, you can buy a car for $500, you can buy hosting for $5 a month. But I am not going to put my family in a $500 Facebook marketplace car, it is not going to be good. For the long term, shared hosting that five $10 A month hosting is so cheap, because there are 1000s of other websites on the same server as you and those other sites can make your site run slower, they can affect your website's security, if they get hacked, they can cause your site to be blacklisted. Because you're all sharing the same IP address. I wouldn't use that term, but I'll explain it. So the wait, but the word picture that I use here is it's like living in an apartment building, when you have no control over your neighbors, there might be a meth lab next door to the apartment you're moving into. And there's no way you'll know until it's too late. That is shared hosting.
So we have a private server. And we provide much better security for your website, it's also going to be significantly faster than that cheap, shared hosting. And speed is an important factor, not only in your placement with Google, but also your ability to convert customers and get your customer to do what you want them to do. Now, a lot of times the client isn't going to care about any of this. And you'll have to just use your gut feeling to make a decision whether you need to get into this at all. So when I'm dealing with a business owner, who I can sense has no issue spending money on value, here's what I do, I simply say, we have our own private server that we control that only has our clients websites. And oftentimes, the client is just grateful that you can provide the service, like give me one person and sometimes I'll even use the term when it comes to your website, when you're under our care plan. We are your host, we are your developer, we are your ongoing support. We are one neck to strangle whenever it comes to a problem with your website, there's not three different people to call, we're going to take responsibility for everything. And that by the way, it's why we insist that our customers host with us, because I don't want to be blaming another host for some problem like we're going to take ownership and responsibility for the care of your website long term period. And when that's what you're buying with our care plan. So does that make sense? Questions about that so far? Again, they're making a trust based choice to invest with you. So sell the benefits, not the features. And if gigabytes of storage space enters this conversation with the client, you're probably doing it wrong. The client doesn't care about that. Usually, you know, usually, they're the most good client simply want to know that you are going to be there to care for their website after it's launched. And you've got a great hosting solution. Awesome. All right, questions or comments up to this point.
Okay, so that is WordPress hosting. And this is typically the the the elements of a WordPress care plan that I get the most. I get a hesitant response from because people may want you may not want to provide hosting for your clients. And I understand that, at least I would strongly suggest that you only work with one or two hosts that you're going to allow clients to host with. And here's why you want a host like you don't want to go in and figure out some other hosts environment, every time you build a website, the beauty of recurring revenue, if you put a system together using the same stack of tools to build the website, the same stack of tools to manage the website, the consistency there is going to make you more efficient with your time. Like I don't want to have to go in and figure out a new hosting situation. Every time I launch a website. I want to know what the how they work. If it's my server, I know exactly how it works. And so have one, maybe two hosts that you work with. And that's it. And yeah, so somebody mentioned earlier about the price of the care plan going way up for certain hosts. I mean, I don't I and I require that a client hosts with us. There's one single client that I have that doesn't host with us. And that's because they literally have their own dedicated server and a host that we trust, and we can work with them. All the other clients that we manage are on our server and it just makes things a lot easier. Okay, let's move into the second wall of protection. And that is WordPress backups. So most clients have backups that backups are kind of a thing that is not that difficult to explain for most folks, they tend to understand why you'd want a backup of the site. So depending again, the four walls of protection here, I'll only go as deep as this particular client I'm having the conversation with. However deep, I feel like they need to go out, it's kind of a gut feeling. But here's some of the ways I'll explain that. So two reasons we provide backup services number one, to deal with damage, if you get hacked, like if you get hacked, we can restore the site, we're keeping a daily backup and we can restore the site, no problem. But also, and probably the reason you'll need a backup restored more than the other is human error. So just in case one of your employees or you go in there and accidentally damage the website, you know, you goof up a page or whatever, we can restore a backup that's no more than 24 hours old. So that's a good thing. And those are the two main reasons that we provide our backup service. And I explained that we are relentless about backups. And in my agency, we have a two tiered backup strategy. First backups happen at the server level, everything is back to our web hosts data center each night, it's in storage that is not on the physical box, where our servers that where the websites are located, it's in a different part of the data center. But it's backed up every night at the web host. That's the first line of defense. But also, we run a separate backup of every website individually on a daily basis. Now we use Backup Buddy for that. And I'm going to talk about that in the next hour. So we have a six month archive of those backups. Again, I'm gonna talk about how we do that in the next hour. So just in case something happens to your web, to your website, we always were going to have a copy of your website, that's, you know, going back as far as six months, so this is a good thing. The important thing about this discussion is that the client understands that you have a working strategy to keep the website backed up and safe. Sometimes again, too many details can muddy the water for a client, other clients might want a lot of detail. You just have to use your best judgment to the kind of client that you are working with. Alright, so that makes sense. Any questions about that? I see a comment in the chat room about the live transcript and it is working, I just refreshed my transcript page and it works correctly.
Alright, so we've got our two, we got hosting, we got backups. Now let's talk about updates. This is the one that's a little more difficult to explain to clients. And by the way, notice how I'm using the term software updates. Because what I learned early on in providing the process of providing the service of website care plans was when I use the word update. Clients thought it meant content updates, like add a blog post, change a picture, update the website. And that makes sense. That's language, the client non technical language the client would use. So I refer to it now as software updates. So you know, this is running core theme and plugin updates for WordPress. Now, there's a couple of different kinds of clients that I've found, who pushed back on the importance of WordPress theme core plugin updates. There are non technical clients who just don't understand why you'd have to do this to begin with. And then there are more dangerous semi technical clients who think that all you have to do is push a button, right? And here's the thing, okay, sometimes and we all know this, if you're managing WordPress sites, a lot of times it is as simple as pushing a button. But WordPress updates are simple until they're not. Am I right? WordPress updates are simple until they're not. Because when you run into trouble, then you have to know what to do. William has great quote in the chat. Sometimes you need to know when not to push a button. That's exactly right. So we've all had issues where an update is broken something and we become a lot more careful as a result, like there's, you know, there have a pretty good mental list of plugins that I have resentment against for breaking a website. In the past, I'm a lot more careful about updating a website that contains those plugins now, right. So when trying to explain software updates to clients, the best analogy that I use is relating WordPress updates to software updates on a computer. You know how everybody who uses a computer, they are familiar with a little software next, hey, we have updates to install, or whatever. Why do we have to do that? Well, because probably the developer has found some problems or security vulnerabilities in Windows or Mac OS or something app that you're running, and they've released a patch to fix those issues. And if you don't keep your software up to date, you could become infected with malware, or ransomware, or something really, really bad. Now, WordPress updates are similar. But they're even more important since your website is out there on the internet for people to see. That means that hackers, as we've just learned over the last couple of days, can and will snoop around looking for problems to exploit. So it's more important even to keep your WordPress website updated, than you might even say, your local computer because your websites out there available to everybody. Both are important, but maybe the website is arguably more important. So what do we do we update your WordPress site each week under normal circumstances. So and I'm going to talk about this in the next hour. Again, when I get into the actual process of providing the care plan. We do a weekly, on average, sometimes more frequently, but at least weekly, WordPress software updates on all the sites that we manage. So under normal circumstances, we update your site each week, making sure all the patches to the software on your site had been applied and your site is functioning well. Now on the average a few times a year of vulnerability will be revealed in WordPress software. For example, how many of you are aware of that Freemius vulnerability that affected hundreds of WordPress themes and plugins over the last month? It's a nightmare. And there's plugins that are updating all the time fixing those issues. So what are we doing watching and updating more frequently, we're using I think security now with the the version management system to keep those things automatically patched. I'll talk about that in the next hour. But when the threat level is enhanced, we might update more frequently. So we stay abreast of WordPress security news so that you don't have to Mr. Mrs. Client, and we're aware we stay aware of those issues. So we are watching your website and keeping it safe. Now the goal here during this part of the conversation is that the client understands simply that you've got their back on these things, and they don't have to be a web security expert. So that's the benefit of you providing those software patches. Alright, last of all, is WordPress security.
So and again, I'm using language that I would typically use with a client and you can use any of this you'd like if it's helpful to you to explain to the client, again, education on this as key, helping the client understand what I call these four walls of protection, educating them about the importance of it is absolutely key to having them sign on to the care plan. So the last wall here is WordPress security. And if they're curious about this, and how this works, I'll explain low, secure and by the way, I have more and more clients ask about security these days, because people are more and more aware of how websites get hacked. They've heard stories about this company or that company that has hacked, you know, had their website hacked, they might have friends who own businesses, and they've gone through a website hack. It's happening more and more, and it's not as hard to explain anymore, which is for us kind of a good thing. So I'll explain why a website security is a three phase approach first. In architecture, we only are we only work with the best WordPress themes and plugins and code to build your website. We don't you know, we're careful about the plugins and themes that we used to build. Now, that's obviously a whole other set of training to make sure you're using good themes and plugins, but that's where security starts. Don't choose bad plugins and really, you know, low quality code. Second, is the launch of your website. So as part of our launch process, we perform a 43 point WordPress lockdown procedure. This number may need to be updated because it probably is. Because those 43 points are the individual features in the IBM Security pro product that we enabled during launch. So be sure that you count the ones that you use if you want to say something like this, but it sounds good, right? It's a 43 point WordPress lockdown. It's legitimate to say that count the number of features and I think security you use and you can call it that. So also, we do security monitoring. So we monitor your website for hack attempts, and perform regular malware scans to ensure that your website is clean. So those are features provided by theme security Pro as it does the site scanning feature. So I think security pro if you enable the site scan twice a day, it compares your themes and plugins on your site against any known vulnerabilities that have been exposed in the WP scan database. And again, if you check that version management feature, if a fix exists, it will automatically apply the patch once it becomes available. Also mentioned that we give a free ssl certificate as part of our care plan. And by the way, if your web host doesn't give free SSL You should probably find another web host. Alright, so those are the four walls. Let me pause for a minute and see if there any questions. Chris, how often do you do a full site backup? Where do you suggest storing backups? Okay, Chris, if you will hold that question to the next hour. I'm going to cover that when I talk about setting up Backup Buddy to do Site Backups. And yes, it's a full backup everyday stored off site. And I'll, I'll talk more about that next hour. All right, any other questions that I missed? Okie dokie. So how do you explain hackers to clients. And I'm going to go through this pretty quickly. Because Kathy did a great job of this in the first day, and a lot of what she said, can be lifted out and use to explain hackers to clients, a lot of clients just don't explain it, or this is really the pushback, I get, like, you know, I'm just a small business in little town, whatever. You know, we're just a church. We're just a little nonprofit organization where, you know, why would a hacker even care about, you know, compromising our website? So they might take that? So what approach Are you missing? Even if they do hackers, there's nothing of value on my website, they could get so that those are fundamentally misunderstanding the purpose of hackers, right?
So here's the analogy that I use, when I try to explain hackers to clients. So a few years ago, in the neighborhood where I used to live, we had a string of vehicle break ins, now, no cars were damaged, but items were stolen out of cars, that were sitting in driveways. And it turns out, there were several teenagers walking around driveway to driveway checking door handles. And if the car was left unlocked, they'd go through the, you know, the front seat, back seat, glove compartment, whatever, rummaging for anything of value, and just taking whatever they could. That's what hackers do. Hackers are just checking the doors and windows of your website to see if there's anything that will allow them easy access. But the thing is, Kathy did a great job of explaining this in the first day, they're not just checking one door at a time, they have automated software that scans the web, looking at 1000s of websites for doors and windows to open. It's kind of like a hacker pressing a button and automatically checking all the doors and windows in your neighborhood all at the same time. So that's what a hacker is doing. And when you think of a hacker, you know, don't think of one person sitting down in their parents basement with Cheeto dust on their fingers. You know, that's not the way this works. You know, hackers are there, there's not one, one person trying to type on their keyboard and get into your website, they create these little programs that scan the Internet looking for vulnerabilities. When they find an open door, they're automatically programmed to infect the website and report back. And then the hacker has hundreds of websites to exploit at once. So why do they do this? Right? And the nonprofit manager or the small business owner might say, what value is my little site to a hacker? And the answer is, they don't care about you. They're not hacking you specifically like on purpose. You're just one of the million websites they're trying to exploit. It's a numbers game. What do they have to gain and there's a few oops, there are these four things that they can gain. The first reason that they're trying to hack your website is they want your server resources. If hackers can compromise your website, they can use your web server or your hosting account, to run complex calculations and create Bitcoin or do other tasks to perform tasks anonymously. They could also harness the horsepower of your web server to send millions of spam emails anonymously, they might want to do a content injection attack. So they if they get a certain kind of level of access to your website, they can embed images and links for things that you probably don't want to advertise on your website, think porn and mail, pharmaceuticals and other things like that, that you really don't want on your church website. You know what I'm saying? So, these are, that's what they try to do. They're not after you specifically. But if you leave your doors and windows open, they're going to take advantage of it because your server has value to them. They might even inject code that will exploit the vulnerabilities on your visitors computers. So if your website visitor is running an old out of date browser, and your website has malicious code, that the hacker might actually be able to infect that user's computer with malware. And that is just a bad deal. You do not want to be responsible for your user getting malware or ransomware. So they're not after you. Hackers are not hacking. They're not just trying to spray paint the water tower with their name on it. That's not why they're doing this. They have it's a business model, and they're after your server resources to do nefarious things. So that's if a client is curious, I'll go into that. Now the good news is that, especially non technical clients might be scared to death at this point. And I'm not trying to sell out of fear. But I do want my clients to know that we have a really good security protocol that we use to manage WordPress websites. And you can assure them that WordPress is quite secure when a good security strategy is employed, like the one you're offering to them as part of your care plan. And I'll explain I've never had a website infected when it was managed under the care plan that I offer. So that's, that's the way I wrap that up with, with clients. Okay, questions about this part in the chat that I missed? I don't think I missed any pause just for a second if you have a question. And otherwise, we'll get into this next block. So this next part is actually in my contract or website management agreement. And
it's something that I'll explain to clients as well, sometimes if they if they're curious in the initial conversation, or certainly as part of the follow up throughout the project or at launch. And that is Mr. Mrs. Client, you have responsibility to like we can build a great website. But if you use password one as your password, this is not good. So you as a client, if you are going to log into your website, you have some responsibilities, too. So sometimes a website becomes compromised, because you have allowed your computer to become compromised because of poor security habits. And the hacker has a keylogging program and they it's it's on your computer, and they harvest your password, or are you using an insecure password and they they are able to crack the password or you are using your quote unquote, favorite password on all your sites. And one of those other sites gets compromised, like Kathy explained. And now the hacker is able to log into your website with that same compromised set of credentials. So the client must agree in our contract that they are their employees or contractors that they hire. Anybody that logs into their website has to install and maintain updated security software on their computer, they need to be using the most up to date version of their preferred web browser. And they need to keep the operating system patched with recommended updates. This is so important. And let me I know a lot of you. I think training members are here. We just in office hours last week or the week before we had this great question about a security certificate wasn't showing up correctly. Y'all remember that conversation? That was in our members only office hours. Somebody had a site where their clients said it was showing that the security certificate wasn't working. And it turns out, this was a client that was running this old as dirt Mac computer. And they had this ancient version of Apple's Safari browser that was so old, it couldn't even use the latest SSL certificates. And like that that browser had so many security vulnerabilities. It was unreal. Yes, Stacy, is saying in the chat. He was using a 10 year old Mac and probably the Safari browser was that old too. Yeah. And the chances of that browser being infected with malware Good grief, that's high. So that's what we're talking about here. So we also talked to the client about using a unique password. Very important. It should only be used on this website. Nobody nowhere else, you want to use a password manager. And if you have that one favorite password you use for everything I'll explain that's like a master key to your life. If one website you use gets compromised, that hacker can now log on to every site where you have an account using that favorite password. Always give them the have I been poned? And of course, I think security has that have I been poned integration included. And it's fantastic. So when we get down to the end of the conversation with the client, I'm going to give them some options. The first one is you can do nothing like Do you want a care plan, they can do nothing about caring for their website, it's a bad option, it is an option. Because your website is going to get hacked or your website is eventually going to break if it's not well maintained. And I mean, but it is an option. It's a poor option. And I may choose not to work with you because you choose that option. But that is an option. The second option is to try to do it yourself. So you might It depends on if you want to do this or not. In the early days of my business, I would actually give clients a list of things they needed to do to keep their website updated. I don't do that anymore. You might say we'll teach you maybe we want you know, whatever. But maybe you have somebody on staff like an actual dedicated IT person that can like legitimately do the work to keep the website backed up and secure and they're going to be watching it and so forth. What I'll frequently find when I explain what's involved in security, like you can task your IT person with that, but isn't it just cheaper to pay us 100 And something, you know, $120 a month just to do that for you. And frequently though, yeah, let's just do that, you know, keep it off there it person's plate. So you can do nothing bad option, you can try to do it yourself not a great option. Or we can do it for you, we offer a suite of ongoing services to keep your website safe and working properly. And that's where I can't remember while the last time that we had a client push back on a care plan was last summer. And that was the first time that happened in a couple of few years. I can't even remember the one before that. And we ended up not even working with that client who didn't want the care plan. So it's important.
All right, last but not least, before we answer any lingering questions and take a break, is this is a question I frequently get asked. So how much should I charge? How much should I charge? Now, I got some flack from this Congress from this very part of this document, I think it was in the last disaster week, or maybe the one before that, because it was taken completely out of context. And these are guidelines, suggestions, starting points. You know, this is just, I'm just trying to be helpful here. I'm not saying this is how much you should charge. This is just trying to be helpful to give you a ballpark idea of pricing. Okay. Generally speaking, the rule of thumb is, the price of your care plan depends on the price of your websites. And the flack that I got on Twitter was, well, your the value of your care plan is set like whatever, you know, like your, your care plan shouldn't go up and down depending on how much your client can pay. And I completely disagree with that, because you're trying to sell to a client, and they're only going to be able to afford so much. So if you are building $2,000 websites, you're not going to be able to charge 100 $250 a month, like it's hard to sell $100 A month care plan, if you're charging $1,500 for a website. So these are some, just some starting points for pricing. If you are in the sub $2,000 price range, number one, you should raise your prices. But you know, you could start somewhere around $50 a month and up. If you're in the 2030 $504,000 range, maybe somewhere around $75 a month, maybe a little more. And then if your 330 500 and up, maybe $100 add up. Those are just some basic starting points for the conversation of where you should start your price points. And hopefully, that's helpful. All right. So with that, I will pause I will catch any questions that we that we have missed. Let's see, William says, What if you don't design websites? So William, are you saying that, like, Oh, what if you only want to provide care plans? Is that what you're after? And Sal, that's, I'm going to answer that question. What if you didn't build the website? So this is the thing, you can have a pretty good business managing sites, like if that's all you want to do, you just want to manage WordPress sites. It can be a good business, but it can also be a nightmare. Because I'm gonna tell you something. I've been in the WordPress world for long enough to know that there are people building WordPress websites who are insane. Like, I don't know what they're like, you had to try to mess the site up this bad when you built it. Like, I don't even know how you do that on accident. It's so bad. I mean, we have brought in rescue sites where the developer vanished. And I mean, I look at these things, I'm thinking how, how did this even happen? It's so bad, right. So if you are going to manage sites that you did not build, then you want a very, very detailed website audit to happen where you go through that site and make sure you know what you're getting into. And we'll do that from time to time. I don't do a lot of care plans for sites we didn't build. But I'll do it from time to time. And you know, we're going to take a hard look at the tech that's powering that site and what we're actually getting into. And frequently there will be an onboarding fee to bring the site up to a point where we can manage it. Like, you know, you may have to spend, you know, several 100, to $1,000, to replace some bad plugins or do something differently so that we can manage this site going forward. And then at that point, yeah, we'll be able to manage the site because what I tell the client is, if I if I'm going to manage your site, I want to be able to look you in the eye and say you can trust us 100% To take care of your site, you will not have to worry about this. And if I didn't build the site, I can't say that. Because I don't know what your previous developer did. Right. Okay. I'm off my soapbox. Now. Does that make sense? any follow up questions on that one? Any other questions? Before we take a break all right, one more time. Let me drop in the doc for anybody that needs that. That's the one we just looked at on the screen. Once again, if you want to take a minute during the break and do our three minute survey about disaster, we could be a good time to do that. And here again, is the email address for testimonials about I think security and you get some swag there as well. Okay, well, let's take a break. It just turned over 154 Central time. Let's take a break until five after so about an 11 minute break. We'll start back up at 2:05pm Central time will be quiet until then.
