Blog Archives

Learn to Create a WordPress Dev Business That Makes the Competition Irrelevant

There is no denying that competition is fierce in the WordPress space – regardless of whether you’re a developer, designer or are providing monthly maintenance services.

Even stepping outside of the immediate WordPress space and looking at services like hosting, logo design or photography, the situation is the same – we live in a time where competition and pricing are often affected by both local and global pressures.

How can you deal with competition and the inevitable pricing pressure that accompanies it? And what specifically can you do to make your competition irrelevant so you are able to grow your business on it own merits?

In this article, I’m hoping to cover some basic concepts that you can use in your business to help relieve some pressure related to competition – maybe even make the competition irrelevant.

Your Competition Isn’t Going to Disappear

Nathan approached this topic a few weeks ago when he referred to the race to the bottom as part myth, part problem. He proposed that the issue of pricing pressure was sometimes caused by under qualified individuals who were over-reaching or misrepresenting their services.

While in some cases this is certainly true, we also have to take into consideration the fact that pricing pressure is often a result of global economic factors. There are many highly skilled WordPress developers and talented artists who live in countries where the cost of living is significantly lower.

But it’s not all doom and gloom. Not by a long shot. Price is only one part of the equation. Differences in business practices allow you to exploit a competitive edge, especially when you are targeting your local market. Responding to client emails, answering phone calls and communicating expectations are often areas where lower price contractors struggle and clients grow weary.

Yes, it’s true that you will still be under some pricing pressure locally – there will always be competition in any market where you can generate a profit. But, without economies of scale, it becomes very challenging for a developer or designer to stay in business for any length of time if their prices are rock bottom. There are too many variables and too little margin for error.

Have you heard of the “unattainable triangle” before? Basically, the idea is that each point of the triangle represents one competitive aspect (I’ve swapped out fast, good and cheap for something more applicable):

  • Price
  • Quality
  • Service

In theory – and certainly true from a personal experience standpoint – you can only provide two of those points to your customers at any one time. There will always be one that suffers. If you’re a coffee drinker, you’ll understand this comparison:

Tim Hortons offers low price coffee with quick service; their quality leaves something to desire. Starbucks, on the other hand, offers higher quality coffee and great customer service; but you pay a premium price. It would be virtually impossible for Starbucks to turn a profit if their coffee was high quality, their service was great and the price was cheap. It’s just too difficult to turn a profit.

The same concept applies in the WordPress space. A developer might be able to provide a well-coded, compliant website at a cheap price. But I can almost guarantee that the service will be lacking. Alternatively, they could provide the same website with great customer service but there is a cost involved. In situations where quality and service are high, the client should expect to pay a premium.

As a general rule of thumb, any time a client approaches you looking for quality and service at a cheap price, you should seriously consider sending them elsewhere.

Maybe you’ve tried ordering a cheap logo at some point in time. You know, the ones that cost $5-10. They often look great (even if they’re not original), and the price is awesome. If you ask for a revision, however, be prepared to wait. Sometimes you’ll wait four days just to get an email reply. Then another four days will go by before you see the revision. From a customer service perspective, that would rarely be considered appropriate by North American Standards. Wouldn’t you rather pay more and receive better service?

The unattainable triangle provides you, the developer or designer with an opportunity to create an edge: A competitive advantage not easily outdone.

In fact if you know your target market well enough, you stand to make most of your competition irrelevant.

Brand Preference versus Brand Relevance

David Aaker wrote a book called Brand Relevance which Strategy+Business named one of the top three marketing books of 2011. In the book he discusses the idea of positioning your business in one of two ways:

Brand Preference

Brand preference involves creating a desire for your brand over others within the same industry. Apple comes to mind – one of the most well-known brands of all time. How many people do you know own an Apple computer but couldn’t tell you what kind of graphics chip was inside if their life depended upon it? They don’t care! They just want an Apple computer. There are a lot of consumers out there who prefer Apple as a result of very effective marketing.

A major downside to brand preference is that it can be very expensive. You are essentially trying to convince your prospects that you are the most popular choice. With little to offer in the way of uniqueness, you’re relying on your ability to be persuasive. An expensive proposition for any WordPress business especially considering the chances are high that a competitor will have deeper pockets than you do.

Brand Relevance

The second option and arguably the more challenging of the two involves creating brand relevance. This is undoubtedly the area where you want to focus the bulk of your time and effort. By becoming a highly relevant brand, you’ll be making your competition irrelevant at the same time. But what does that mean?

Brand relevance basically involves creating a brand that is entirely unique – meaning your goal is to place your WordPress business in a category of it’s own. You can do this through a variety of methods which we’ll get to shortly.

Before we do, it’s important to point out that as a WordPress developer or designer, focusing on relevance is a much easier path to navigate. Not only is it less expensive from a marketing perspective but I think it allows for a much larger margin of error as well. Even if you don’t nail the relevance perfectly the first time around, you’ll be able to refine what you’re doing over time and optimize your results accordingly.

We’re not just focusing on the relevance of services though. Yes unique services can set you apart but so can many other factors. There are other steps you can take which will help to define your edge:

4 Specific Steps to Make Your Competition Irrelevant

Seth Godin does a wonderful job explaining exactly what a brand is. You can head over to his website to read the full definition but here’s the gist of it:

If a client chooses your company over another or is willing to pay more for your services, that means they have placed a premium value on your brand. And your brand is represented not just by the services you provide but how you provide them.

Everything you do as it relates to your clients, has the potential to increase or decrease your brand value. Your brand value is your edge.

So what are the key areas worth focusing on?

1. Select a Niche

We don’t need to spend too much time here since niche selection was covered not to long ago right here on Elegant Themes. However, it bears repeating that by selecting a niche market you’ll be able to:

  • Create a more targeted message that speaks to a specific type of client.
  • Charge more due to your expertise and knowledge of a specific market.

Once you’re done here, make sure you head over to read the full article. For now though, we can move on to step two.

2. Create a Unique Service

Services are the lifeblood of your business. Although it’s possible to provide a service that is completely unique, it’s not always an easy task to accomplish. As well, your ability to provide a unique service can be quickly overrun by competition. That’s the problem with edges. Their lifespan is finite and the more profit potential that exists, the faster the edge will dissipate. It’s also too easy to get caught up searching for a unique service where none exists.

Think back a few years when mobile responsive design was just becoming popular. If you were one of the first developers who included responsiveness as part of your website development service, you had an edge. If as a designer you included .psd files for responsive layouts as part of your design process, you had a leg up on the competition. Both of those edges were short lived. Eventually mobile responsive design was readily available and clients came to expect it. There was no longer an ability to charge a premium.

You can also be unique by bundling together different services. Whether you do the work yourself is irrelevant. Simply providing a one stop shop for your clients can present an edge over your competitors. Just make sure that everything you do, you do well.

Your whole objective here is to create as much brand relevance as possible. When your target market looks at the services you offer, you want to come across as the obvious choice. You want them think “That’s exactly what I’ve been looking for”.

3. Create a Bold Personality That’s Client Centric

Referring to our previous definition of a brand, we know that although your brand is represented by what you do, it’s more about how those actions make your clients feel. Obviously, you can’t control how someone else feels but you can control how you and your business interact with the clients. Here are some things you might consider when developing your brand personality:

  • Who are you speaking to? Make sure you understand your market before you craft your message.
  • Be Consistent across all fronts. The reality of business today is that there are many forward facing fronts that need to managed concurrently. Website, social, newsletters and face to face. You should strive to deliver the same message wherever your clients are.
  • Be Bold. If you’re the same as everyone else how can you hope to stand out? Bold doesn’t mean flamboyant or obnoxious; it doesn’t mean a flashy logo or bright colors and it doesn’t mean you need to get in peoples face. Being bold means means be who you are and be damn good at it.

4. Build Long Term Relationships

Let’s assume at this point that you’ve done the following:

  • Targeted a niche market
  • Created a unique service that targets your specific niche
  • Developed a brand that appropriately dictates how you will communicate and deal with clients.

Low and behold you’ve landed your ideal client. Great news!

Of course, it’s only natural that you want to keep them around as long as possible and your best chance of accomplishing this is achieved through the delivery of great customer service.

It’s sounds easy, and it is. But in reality, there are many companies that screw it up. This is good news for you because it means when customer service is done right, it presents a sizable competitive advantage.

One of the first things you should consider is making sure your message is consistent through the entire life-cycle of your client. Don’t promote your services or portray yourself through social channels using one voice and then switch to another once a client comes on-board.

Do you remember as a child when you watched TV commercials about toys and everything was dramatized? Cars jumping across treacherous crevasses; dolls that looked and acted like a real babies and superheroes who were invincible and flew through the air on their own.

Yet, when you finally received one of those toys, for your birthday or another special occasion, there was always a sense of disappointment. What you were sold was never quite the same as what you received. It’s that sense of disappointment that you NEVER want to impart on your clients.

Beyond that, there are an infinite number of things you can do to keep clients happy and loyal. It just takes planning, time and effort. It’s doesn’t have to be complicated or expensive. Treat your clients the way you would want to be treated and 9 times out of 10, you’ll be on the right track.

Here’s the most important thing to remember when it comes to building long term relationships: The more solidified your relationship with a specific client becomes, the less your competition will matter. Any time you are in a relationship where your needs are being met and you are treated fairly, there is little need to look for a better deal.


We’ve touched on several key areas in this post and it’s worth summarizing the most important ones:

  1. There will always be competition but it’s possible to create a competitive advantage that will make the majority irrelevant.
  2. Focus on building brand relevance as opposed to brand preference.
  3. Select a niche.
  4. Create services that solve problems specific to your niche.
  5. Create a personality that speaks to your niche.
  6. Once clients are on board, focus on building long term relationships.


Learn To Scan Your WordPress Website For Hidden Malware

wordpress malware scan

As the most popular content management system online, WordPress websites are a common target for hackers, spammers, and other malicious parties. That is why it is vital to take measures to make your website more secure.

The goal of most hackers is to infect your website with malware. Common malware threats include:

  • Pharma Hacks – Injects spam into your website database or files
  • Backdoors – Allows hackers to gain access to your website at any time using FTP or your WordPress admin area
  • Drive by Downloads – When a hacker uses a script to download a file to the users computer, either without their knowledge or by misleading the visitor and saying the software does something useful
  • File and Database Injections – Inserts code into your files or database that lets the hackers do a number of different things
  • Malicious Redirects – Redirects visitors to a page of theirs that misleads people into downloading an infected file
  • Phishing – Used to acquire usernames, passwords, email addresses, and other sensitive information

When most people think about a website being hacked, they think about the hacker defacing the website and placing a message to visitors e.g. Your Website has Been Hacked by ABCXYZ!.

In reality, defacements are not that common. The majority of hackers do not want you to know that they have tampered with your website, as the first thing a website owner will do when they know that their website has been compromised is remove the malicious files in question.

Hackers who infect your website with malware are more discrete. The longer you are unaware of your website being infected, the longer they can use your website to send spam emails and infect your visitors. Even a secure WordPress website can be hacked without the owner knowing. It is therefore important that you scan your website regularly to detect any hidden malware.

In this article, I would like to show you services and plugin solutions that will help you detect malicious malware on your WordPress website.

Sucuri Malware Scanning

Sucuri have a great reputation as an effective security and malware scanning solution. Their Sucuri SiteCheck scanner will scan your website for common issues free of charge.

The scanner will scan your website for malware, defacements, and spam injections. It will also detect whether your website server has been blacklisted (which can happen if a hacker has been using your server to send spam). The main limitation of the scanner is that you need to scan your website manually yourself.

Upgrading to their $89.99 yearly premium plan will give you automatic alerts via email and Twitter about any malware issues. This plan will also remove your malware for you and remove your website from any blacklists.

Sucuri also offer a WordPress plugin entitled Sucuri Security. In addition to scanning your website for malware, the plugin offers a firewall to make your website more secure, hardening options that address common WordPress security holes, and a “last logins” section that highlights exactly who has logged into your website.

The plugin also has some useful features for recovering your website after an attack, such as updating the WordPress salt keys and resetting user passwords.

Sucuri Security can scan your website for malware and make your website more secure.


CodeGuard is a backup service that provides automated backups and restores at the click of a button. The service also monitors your website for changes every day and alerts you if it detects any malware.

Plans start from only $5 per month to backup and monitor one website. One of its main rivals in the backup niche is VaultPress, however VaultPress only offer daily scanning with their $40 per month plan. If you are looking for an all in one monitoring and backup solution, CodeGuard is a great choice.

Theme Authenticity Checker

Theme Authenticity Checker will scan every theme installed on your website for malicious code. It can find things such as footer links and Base64 code injections.

Theme Authenticity Checker will scan your theme files to check that nothing malicious is there.

Footer links will not stop a WordPress theme from passing their test, however the plugin will give you details of any links that are hard coded into the template. These will usually be harmless, but it is worth checking them nevertheless in case a bad link slips through.

WP Antivirus Site Protection

WP Antivirus Site Protection is a security plugin from SiteGuarding that can scan your website for backdoors, rootkits, trojan horses, worms, fraudtools, adware, and spyware. In addition to scanning theme files, the plugin will scan plugin files and media that has been uploaded to your website.

Their free plan will scan your website every week. Upgrading to their $4.95 per month basic plan offers daily monitoring, however their standard plan at $9.95 per month offers website antivirus and malware removal.


AntiVirus is a free WordPress plugin that can scan your website theme files every day for malicious code and spam. It features a virus alert option in the WordPress admin bar. It can also notify you of any malware detections by email.

The main limitation of the plugin is that it will only scan your current WordPress theme. Your other installed themes will not be scanned. This is not a major issue if you remove inactive themes from your website (which is advisable as old themes that have not been updated can create a security risk).

AntiVirus is a useful free malware scanner that can scan your WordPress theme for malicious code.


Anti-Malware will scan your website for malware and automatically remove any known threats. The plugin can also harden your wp-login.php page to stop brute force attacks.

Quttera Web Malware Scanner

Quttera Web Malware Scanner will scan your website for known threats such as backdoors, code injections, malicious iframes, hidden eval code, and more. The report will show you a list of suspicious files and advise whether your website has been blacklisted by ISPs.


Wemahu is a new WordPress plugin that can detect malicious code on your website. It can perform scans on your website on a regular basis and then email you a report.

Wordfence Security

Wordfence Security is one of the most popular security plugins available for WordPress. The plugin can scan your website core files, theme files, and plugin files, against known threats.

It also provides a log of changes to your website and offers many options for hardening your website and making it more secure.

WP Changes Tracker & WP Security Audit Log

WP Changes Tracker is not a malware checker. What it does is highlight the changes that have been made to the WordPress database, plugin files, and theme files.

If you are hacked, this information may help you see what exactly was changed and how someone compromised your website. The plugin is also useful for tracking changes that have been made by staff.

WP Changes Tracker shows you what has been changed on your website.

A great alternative to WP Changes Tracker is WP Security Audit Log. The plugin will keep a log of every single change on your website. Security alerts can be sent to you for a number of reasons, including failed login attempts, changes to file templates, and plugin installation.

WP Security Audit Log keeps a log of every action on your website.

Other plugins to consider using for malware scanning are:

I encourage you all to scan your website regularly to help detect malicious files and changes. It is in your best interests to detect any successful hack attempts as soon as possible to minimize the damage from an attack.

If you know of any other good malware scanners and malware detection plugins, please share them in the comment area below.

22 Steps to Restore a Hacked WordPress Site

how to restore a hacked wordpress site

Have you ever had your WordPress site hacked and did you have to pay somebody to restore it? It’s a bit of a mare when your website gets hacked. Most security specialists will charge you a premium to restore your site but they won’t tell you what’s involved. Shhhhh – it’s a secret!

We’re different so I’d like to share our 22-step plan on how to restore a hacked WordPress site so that you can see exactly what we do and how much effort it takes.

I love it When a Plan Comes Together:

  1. zip up the entire remote site files and download to local
  2. wipe the remote root folder (everything goes)
  3. Change FTP, cPanel, email account and MySQL passwords
  4. unzip local site and scan for any malware using, say Norton IS or SpyBot
  5. search all the local site file contents for terms such as preg_replace(“/.*/e” and base64_decode
    Note: there are legitimate uses base64 decoding.  What you are looking for are a large number of hex or escape strings
    i.e. “\x65\x76\x61\x6c\x20\x28\x20\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65″
  6. do a windows search across the local folder for timthumb.php – if found – you need to scrap the plugin and find an alternative – read why timthumb.php is evil !!
  7. check that your .htaccess file hasn’t been compromised and check that there are no other .htaccess files in any other folder (windows search)
  8. create a new separate root folder and unzip latest wordpress version there
  9. copy your wp-config.php fom the old site over to the new folder
  10. change your DB_PASS and your secret keys (leave wp_ table prefix for now)
  11. upload new clean bare WP to remote site
  12. login to WordPress and immediately change all user passwords – try to use random password generator like and bump the characters up to 12 or 16
  13. install “WordFence” or “BulletProof Security” firewall plugins
  14. if you don’t want to install a full firewall plugin (whaaat are you nuts? Your site just got hacked!) at the very least install “Limit Login Attempts” plugin and set to 3 attempts
  15. install “WordPress Security Scan” plugin. Remove meta generator tag and rename DB prefix from wp_ to something else
  16. create a new administrator user. Hint: don’t call it Admin, Sys, System, Administrator, Operator, WordPress or anything like that
  17. delete the old administrator users making sure the posts/pages are inherited by the new administrator user created in the previous step
  18. now you have a working and secured core WP installation
  19. reinstall all the plugins from the Admin Dashboard and reactivate them if WP has already had them deactivated. The settings should be already stored in the DB
  20. upload / ftp your theme to the live server and reactivate the theme. Theme settings should be picked up from the DB but I’ve had instances where you have to set up menus again – bad theme!
  21. last to upload / ftp is your wp-content/uploads (and any other non-WP folders in there after checking they are OK and contain only the correct media)
    Note: this is a favoutire place for hackers to store their .php or .cgi scripts sometimes named “cache”
  22. I recommend using xcloner as a backup tool and setting up a cPanel crontab job to perform your backups. Either ftp them to another site or purchase an Amazon S3 storage bin – it’s ultra cheap

Depending on how familiar you are with WordPress and hosting control panels and how many plugins and uploads a site has, this process is very time consuming.  Restoration time depends on how many files make up your website as they all need to get checked.

Has your WordPress site been hacked recently?  Tell us your story.