Secrets to Successful Blogging

This is my nine-hundredth article for SitePoint. I never expected to reach that milestone and I’ve learned a great deal during the past five years. I hope I’ve posted something of interest to you at some point.
If you’re considering starting a blog or writing as a profession, here are my tips…

1. Write for yourself

I write about topics which interest me; the web development business and technologies. Unless you understand and enjoy your topic of choice, you won’t be able to discuss it.
This will horrify SEO “experts” but don’t write to gain web traffic. Writing may increase your traffic. You may also earn money, attract clients and receive respect from your peers. Perhaps you’ll be sent a crate of Guinness, an XBox One or a Lotus Evora (those are big hints by the way). But that should be a bonus — not your main reason for writing.

2. Write about your experiences

Writing for writing’s sake is incredibly difficult. It’s far easier to discuss a subject or experience you’ve encountered while doing your day-to-day job. The majority of my posts have been inspired by code I’ve developed or freelance business situations. The topics may be positive or negative but it makes the story more personable and easier to write.
From a selfish perspective, you’re also documenting what you’ve done. I regularly look back at old tutorials to discover how I solved a similar problem or remind myself of an obscure HTML5 API.

3. Consume more than you produce

If you’re interested in the topic, you should be reading related articles, listening to podcasts and using the techniques. That’s easy in the tech world; it’s fast-moving and ever-changing — you can find inspiration everywhere.
I’m yet to run out of topics and have rejected more articles than I’ve written. If you’re struggling to find ideas, perhaps your chosen subject is too limiting?

4. Perfection is futile

Original engaging content is great. But don’t be afraid to make mistakes, cover “easy” subjects or regurgitate often-discussed debates. Some of my more successful tutorials have explained basic subjects such as a little-used CSS property. I may have questioned my own knowledge at the time, but someone somewhere will find the topic useful.
That said, always be honest with your audience. There’s no harm in referencing another article or stating that technique may be in common usage despite being new to you. Every industry has it’s share of pedants, but developers can sniff out BS wafting over from the other side of the web.

5. Set deadlines

Even if you’re not writing professionally, always set a realistic deadline such as one article per week. The majority of blogs fail because they start with enthusiasm and end with apathy. You can probably think of several corporate sites which published a flurry of news in 2010 followed by years of silence.
Never underestimate the effort involved or presume writing will become someone else’s responsibility. Everyone thinks it’s easy until they try it.

6. Be prepared for surprises

I’ve agonized over articles only to find three people read it. Similarly, I’ve written throw-away posts which receive many thousands of views month after month.
You can influence popularity to some extent — “lists” and “secrets” are popular so I have high-hopes for this article! However, forget what the web marketers tell you: there is no magic formula. Most of it boils down to dumb luck. Sometimes, you write something which strikes a chord and becomes a viral sensation — but you won’t know it beforehand and it’s difficult to repeat that success.
Finally, remember web posts never die. You may receive comments many years after publication so make time to interact with your audience. You will undoubtedly receive negative feedback but you’ll soon develop a thick skin. Many will say you shouldn’t feed the trolls but I like to throw them a moldy bun…
Anyway, what are you waiting for? Get writing!

Read More

8 Practices to Secure Your Web App

When it comes to application security, in addition to securing your hardware and platform, you also need to write your code securely. This article will explain how to keep your application secure and less vulnerable to hacking. The following are the best habits that a programmer can develop in order to protect his or her application from attack:

• Input data validation
• Guarding against XSS attacks
• Guarding against CSRF attacks
• Preventing SQL Injection attacks
• Protecting the file system
• Protecting session data
• Proper error handling
• Guarding included files

Input Data Validation

While designing your application, you should be striving to guard your app against bad input. The rule of thumb to follow is this: don’t trust user input. Although your app is intended for good people, there is always a chance that some bad user will try to attack your app by entering bad input. If you always validate and filter the incoming data, you can build a secure application.
Always validate data in your PHP code. If you are using JavaScript to validate user input, there is always a chance that the user might have turned off JavaScript in her browser. In this case your app will not be able to validate the input. Validating in JavaScript is okay, but to guard against these types of problems then you should re-validate the data in PHP as well too.

Guarding Against XSS Attacks

Cross-site scripting attack (XSS attack) is an attack based on code injection into vulnerable web pages. The danger is a result of accepting unchecked input data and showing it in the browser.
Suppose you have a comment form in your application that allows users to enter data, and on successful submission it shows all the comments. The user could possibly enter a comment that contains malicious JavaScript code in it. When the form is submitted, the data is sent to the server and stored into the database. Afterward, the comment is fetched from database and shown in the HTML page and the JavaScript code will run. The malicious JavaScript might redirect the user to a bad web page or a phishing website.
To protect your application from these kinds of attacks, run the input data through strip_tags() to remove any tags present in it. When showing data in the browser, apply htmlentities()function on the data.

Guarding Against CSRF Attacks

In a Cross Site Request Forgery (CSRF) attack, the attacker tricks the victim into loading sensitive information or making a transaction without their knowledge. This mainly occurs in web applications that are badly coded to trigger business logic using GET requests.
Ideally, GET requests are Idempotent in nature. Idempotency means the same page can be accessed multiple times without causing any side effects. Therefore, GET requests should be used only for accessing information and not for performing transactions.
The following example shows a how a poorly coded application unknowingly supports CSRF attacks:

1 2 3 4 5

<?php if (isset($_REQUEST["name"], $_REQUEST["amount"])) {     // process the request and transfer the amount from     // from the logged in user to the passed name. }

Let’s assume Bob wants to perform a CSRF attack on Alice, and constructs a URL like the following and sends it to Alice in an email:

1	<a href="http://example.com/process.php?name=Bob&amount=1000">Visit My WebSite</a>

If Alice clicks on this link, and is logged into the website already, this request will deduct $1000 from her account and transfer it to Bob’s! Alternatively, Bob can create an image link whose src attribute points to the URL.

1	<img src="http://example.com/process.php?name=Bob&amount=1000" width="1" height="1"/>

The browser can’t display any image as expected, but it will still make the request using the URL which will make a transaction without notifying Alice.
The solution is to process any function that changes the database state in POST request, and avoid using $_REQUEST. Use $_GET to retrieve GET parameters, and use $_POST to retrieve POST parameters.
In addition, there should be a random token called a CSRF token associated with each POST request. When the user logins into his/her account, the application should generate a random token and store it in the session. Whenever any form is displayed to the user, the token should be present in the page as a hidden input field. Application logic must check for the token and ensure that it matches the token present in the session.

Preventing SQL Injection Attacks

To perform your database queries, you should be using PDO. With parameterized queries and prepared statements, you can prevent SQL injection.
Take a look at the following example:

1 2 3 4

<?php $sql = "SELECT * FROM users WHERE name=:name and age=:age"; $stmt = $db->prepare($sql); $stmt->execute(array(":name" => $name, ":age" => $age));

In the above code we provide the named parameters :name and :age to prepare(), which informs the database engine to pre-compile the query and attach the values to the named parameters later. When the call to execute() is made, the query is executed with the actual values of the named parameters. If you code this way, the attacker can’t inject malicious SQL as the query is already compiled and your database will be secure.

Protecting the File System

As a developer you should always write your code in such a way that none of your operations put your file system at risk. Consider the following PHP that downloads a file according to a user supplied parameter:

1 2 3 4 5 6 7 8

<?php if (isset($_GET['filename']) {     $filename = $_GET['filename'];     header('Content-Type: application/x-octet-stream');     header('Content-Transfer-Encoding: binary');     header('Content-Disposition: attachment; filename="' . $filename . '";');     echo file_get_contents($filename); }

The script is very dangerous since it can serve files from any directory that is accessible to it, such as the session directory and system directories. The solution is to ensure the script does not try to access files from arbitrary directories.

Protecting Session Data

By default, session information is written to a temp directory. In the case of a shared hosting server, someone other than you can write a script and read session data easily. Therefore, you should not keep sensitive information like passwords or credit card numbers in a session.
A good way to guard your session data is to encrypt the information stored in the session. This does not solve the problem completely since the encrypted data is not completely safe, but at least the information is not readable. You should also consider keeping your session data stored somewhere else, such as a database. PHP provides a method called session_set_save_handler() which can be used to persist data in session in your own way.
As of PHP 5.4 you can pass an object of type SessionHandlerInterface to session_set_save_handler(). Check out the PHP documentation to learn about implementing custom session persistence by implementing SessionHandlerInterface.

Proper Error Handling

It’s good to know about all the errors that occur while we’re developing an application, but when we make the application accessible to end users we should take care to hide the errors. If errors are shown to users, it may make our application vulnerable. So, the best approach is configuring your server differently for development and production environments.
In production mode we need to turn off display_errors and display_start_up_errors settings. error_reporting and log_errors should be on so that we can log errors while hiding those from end users.
You can use set_error_handler to define custom error handlers. However, it has limitations. The custom error handler bypasses the standard error handling mechanism of PHP. It cannot catch errors like E_CORE_ERROR, E_STRICT or E_COMPILER_ERROR in the same file the error handler is defined in. Furthermore, it will fail to handle errors that might occur within the handler itself.
To handle errors elegantly you should perform exception handling through try/catch blocks. Exceptions are represented by the Exception class and its subclasses. If any error occurs inside the try block you can throw an exception and process it in the catch block.

Guarding Included Files

PHP scripts often include other PHP files that contain code for things like connecting to a database, etc. Some developers give the included files an extension like .inc. Files with this extension are not parsed by PHP by default if called directly and will be served as plain text to the users. If an attacker directly accesses the include file that contains database credentials, he now has access to all of your application’s data. Always use the .php extension for included code files and keep them outside of directories directly accessible to users.

Summary

By keeping the above 8 points in mind it’s possible to secure a PHP application to a great extent. The best piece of advice by far is don’t trust user input, but also be sure to guard your file system and database as well.

Read More

Massive cyber-attack. Is the same thing happening across Europe?

Finland's diplomatic communications systems has been the target of a massively serious and prolonged cyber-attack, according to a report by Keir Giles, Chatham House's leading expert on cyber-security in Eastern Europe. And, as Giles made clear on the Chatham House website on Friday, Finland is not alone (my emphasis in bold):

Finland's Ministry for Foreign Affairs (MFA) has been subjected to a sophisticated and successful cyber attack aimed at extracting political intelligence over several years, which is likely also to have affected other EU states. The breach of the MFA's data network was already under investigation following its discovery earlier this year, but a leak to Finnish media forced the government to go public on the extent of the security violations earlier than intended. The nature of the attack suggests that, while Finland is the first to make such a public announcement, government agencies and corporations across the EU and beyond may follow suit.

The technological advances of the last 20 years have opened up a whole new battlefront for governments. The attack – maintained over a period of several years – is yet more proof that a state-of-the-art electronic defence system is vital to any nation's good health.
Details are, of course, scarce — as with anti-terrorism measures in the physical world, the authorities will always keep their cards close to their chest in the interest of fending off future attacks. Nevertheless, it seems Finland has been dealing with an Advanced Persistent Threat (APT), a type of security exploit that relies on social engineering to get in (typically an email attachment or phoney link) and then hides from detection while sneaking files and data out of the back door.
It's similar in style and scope to the Red October attack exposed by Kaspersky Labs at the start of the year: here again the focus was on sensitive geopolitical information harvested from computer databases, mobile phones and other sources. The campaign had been running for at least five years before it was spotted. To quote Giles:

Red October had a wide distribution, affecting a large number of different corporate, scientific and government targets in Europe, North America and Central Asia over several years. It was designed to harvest political intelligence including sensitive documents, credentials to access classified computer systems, and data from personal mobile devices and network equipment. In the fast-moving and unpredictable world of cyber conflict, new tools and weapons are commonly given a name by the cyber security laboratory that first deconstructs and describes them after they are discovered.

To give Britain's Ministry of Defence credit, it's making most of the right noises. In September the Government said it was adding to its group of "cyber reservists" and would develop the potential to strike back across the Web as well as defend its own networks. Scotland Yard, meanwhile, is adding numbers to its own e-crime unit.
Even the teenage script kiddies bashing away on bedroom keyboards can cause some serious damage if they know their way around a network — perhaps not to the extent of toppling a nation but certainly as far as nabbing a credit card database or two. Professional teams made up of dozens of experienced hackers can go much further, intercepting communications, crippling essential systems and making off with a treasure trove of data without anyone noticing something is amiss.
This is why major Web companies offer such large bounties for hackers who can beat their systems: HackerOne, set up this month by Microsoft and Facebook, pays out up to $5,000 to coders who can uncover serious vulnerabilities. As more of our lives and crucial systems are moved online (everything from banking to transportation), we have more to lose if anyone should find a chink in the digital armour of those we've entrusted with our data.
Writing in December last year, Cabinet Office minister Francis Maude revealed that almost all of our large corporations — 93 per cent of them — had reported a cyber security breach during 2012. With statistics as stark as that one, there's no need for hyperbole.
Defending against these forms of attacks is becoming ever more complex: it's a battle fought in darkness, against forces who can't be quickly identified, using weaponry that changes from one day to the next. As the Finnish authorities have discovered, the enemy doesn't hide in plain sight and carries no battle standard: even when you know you're under attack, it's often impossible to say from whom. Which, when you think about it, is possibly the scariest detail of all.

Read More

Evergage: Real-Time Web Personalization

Evergage allows marketers to add behavioral analytics tracking to your website and then create and launch a personalized user experience based on the results. Their platform allows you to increase conversions through guiding customers, upselling customers, promoting word-of-mouth through the personalization of content to your site.

This is accomplished without programming since Evergage has a Visual Editor, allowing easy setup and changes on the fly. Evergage offers 5 different ways to personalize content and increase engagement with your visitors including both native, inline content and dynamic, triggered messages:

• Inline – Switch out any
  on your website with targeted content.
• Info Bar – Direct visitors to targeted content with a header or bottom bar.
• Popup – Capture attention with a well-timed, relevant popup offer.
• Call Out – Guide visitors to a successful experience with a dynamic tool tip.
• Task List – Drive engagement with a dynamic check list of actions for visitors.

Evergage has seamless integrations with Salesforce, SugarCRM, WordPress, force.com, Drupal, Wistia, and Unbounce. A Zapier integration is coming soon as well!

Read More

Microsoft moves to unify Windows, Windows Phone, Windows RT

Microsoft’s head of devices, Julie Larson-Green, has foretold of a future where there are no longer three different versions of Windows. ”We have the Windows Phone OS. We have Windows RT and we have full Windows,” Larson-Green said at the UBS Global Technology Conference. “We’re not going to have three,” she mysteriously added. Most journalists are taking this to mean that Windows RT is at the end of its short and pitiful life. I think this is bigger than that, though: This is confirmation that all three of Microsoft’s operating systems are going to be killed off, replaced with a new, consolidated and unified OS that spans phones, tablets, laptops, and desktops.

This prophetic little tidbit from Larson-Green is the second time that Microsoft has telegraphed its intent to consolidate its various operating systems. Earlier in the year, Microsoft’s new Windows chief Terry Myerson said that the company would finally move to unify its Windows and Windows Phone stores. We speculated that having a single app work across form factors was just the first step, and that Microsoft’s real goal is a single OS that runs across every device. We called it Windows 9, but who knows what Microsoft will eventually call it. (Perhaps Microsoft will follow in the Xbox’s footsteps and call it Windows One.)

Of course, given the cryptic nature of what Larson-Green said, it’s entirely possible that we’re reading too much into it. It might be as simple as Windows RT being retired. I think, though, that Microsoft is well aware that the time for small changes is over — removing Windows RT from the equation is nice, but it doesn’t change the fact that Microsoft is still in distant third place in the smartphone and tablet markets. Microsoft needs to make a really, really big change if it wants to remain competitive. Killing off Windows RT, which has essentially been a massively loss-making non-entity since its arrival, would be like killing Zune or Kin — retiring a crappy product doesn’t magically make Microsoft competitive.

Steve Ballmer, the reaper of Windows 7That isn’t to say that it won’t be a phased consolidation, mind you. Microsoft could retire Windows RT tomorrow without a second thought. With the unified Windows/Windows Phone app store scheduled to arrive some time in 2014, Microsoft’s two remaining operating systems would creep ever closer. Then, at some point in the future, Microsoft could release a single OS that works across phones, tablets, desktops, laptops, and the myriad of other PC form factors. With a single platform for developers to target, plus Microsoft’s generally excellent developer tools, Microsoft might finally be able to rustle up the apps that it needs for its smartphones and tablets to have a chance against Apple and Google. One thing’s for certain, though: If Larson-Green and Myerson are still only talking in vague and mysterious terms, then we’re still months or years away from Microsoft enacting a major change — and time is the one thing that Microsoft really doesn’t have.

Read More

7 Best Android Apps that Make Rooting Your Phone worth the Hassle

There are so many cool applications available on the Google Play Store. The Android devices are super fun since you have a lot to discover and play around with. Now ordinarily you will not have the permission or rather you will not be able to access certain features of your Android device. You need to root your device. Then you can customize your device appearance and settings as well. This article brings to you 7 such best Android apps which are great for your rooted device. Check it out!

• SetCPU

This application allows you to control and modify the processor speed of you Android device. It has a neat interface and has a cool look to it. With the help of this tool you can fix the exact rate at which you want the processor to be run. If your phone is in the standby or sleep mode, then you can make sure that the clocking frequency is low. This way it helps you to keep the temperature of your processor low and prevent over heating.

• Adfree

This is a wonderful application for blocking out ads. Yes its only function is to manage pop ups. Pop ups can get very irritating at times while we are visiting any website. Indirectly you will also get a better browsing experience after using this tool. The ads or pop ups which appear tend to overload the server and your phone. This can be avoided. It modifies the phone’s Host files and blocks the ads at the IP address level.

• Wireless Tether

This is a must have application for all Android users. As the name suggests, this application tethers your Android model into a Wi-Fi hotspot. The carrier status is not important and it would boost your Wi-Fi settings irrespective of the carrier mode. In order to use it, you need to root your Android device.

• Tasker

This application if utilized properly can be the ultimate controller of your Android device; as in you can maximize control over your Android phone. You can automate your event schedulers, your profile settings and a lot more. You will gain access to modify your phone settings, music player settings and even customize your phone appearance. Although some of its features do not need rooting, others do. So it is best to get your phone rooted.

• ShootMe

One of the disadvantages of Android devices is that it does not have any default application to allow screen shots. You are handicapped in this area. However, the ShootMe app is the tool you need to get proper screenshots. You can configure the screenshot manually by pressing a button. Here is the best part. You can even configure it so that the screen shot is taken when you clap or yell or then is a light change.

• SSH Tunnel

This is the gateway which ensures that you are secure while browsing. You do not need others prying on your work in an open Wi-Fi zone. When you access social networking sites like Facebook and Twitter, your personal information is always on the hot line. So it is better to stay safe and secure.

• Metamorph

This application allows you to lock down on certain parts of your Android device interface and then create a theme based on it. Isn’t that cool?! Usually creating a theme is time consuming and often complex. This makes it easy. You can even hook apps which you like and the menu as well. Create cool themes and in a jiffy!

Conclusion

There are countless apps that are available in the Android Market. To get all these exciting apps running on your Android device, learn to root your device. Once you flash the ROM, you will be able to do a lot more on your phone than before.

Read More

Adjusting Google Analytics Code to Fix Bounce Rate

The issue of bounce rate is one that has been widely talked about with little explanation of the parameters that control the equation. Google uses bounce rate as a measure of the quality of your web traffic. When a visitor leaves your site from the first page or landing page without going to any other page, such traffic is considered as “Bounce”. As I discussed on “Reduce your site’s bounce rate with SimpleReach Slide”, bounce rate is simply an indication of how much time people spend on your site.

A high bounce rate means people easily leave your site almost the same time they landed and Google uses this to interpret the relevance of your keyword to your content as against your competitors and rank you on their search engine. A high bounce rate is simply an indication of less relevance and this will lower your search engine ranking. Adjusting Google Analytics Code to Fix Bounce Rate Adjusting Google Analytics Code to Fix Bounce Rate




But a study of the Google Analytics code shows that Google’s main parameter is the trackPageview function, Google expects your visitor to visit at least more than a page on your site before leaving else they’ll term it a bounce visit. But such is not always applicable, in a case whereby a visitor landed on a product description page or about us page of a company and gets all the information he is looking for on that page before leaving without having to visit any other page, such page has met the expectation of the visitor, should such visit be included as a bounce visit? So according to Google analytics code, even if a visitor spends hours on your blog reading just one post without having to visit any other page of your site, Google will record it as a bounce visit. Adjusting Google analytics code can take care of this, you can tweak the code to execute an event when a user spends a certain amount of time on your site.

So even if a visitor does not visit any other page on your site but triggers the event stipulated on the adjusted analytics code, such a visitor will not be regarded as bounce.



An adjusted Google Analytics code with a new Scroll event means visitors to your site can only generate a bounce if they do not interact with your site in this case at least scroll a page with a 5 seconds delay. I hope you too will switch to the adjusted analytics code and lower your site’s bounce rate so as to improve your search engine ranking. Send your contributions through the comment.

Read More

Hack into a computer without without adminstrator knowledge

Many people set long and unrememorable passwords to protect their computer but they end up being a victim of themselves. For that reason, i decided to come up with this tutorial should you ever need to login into your computer OR you need to gain access rights into a computer without an account. NB:This post is solely intended for educational purpose only. Below are steps to get you started and enable you login into the adminstrator account

Read More

101 Ways to Monetize Your Website or Blog

This post was originally published in 2007, but since then much has changed in the world of internet marketing. As a result, most of the content and options listed in the original post were no longer relevant. We’ve totally revamped this post and started from scratch. If you’re looking for some ideas on how to monetize your website or blog, take a look at the topics and resources listed here and I think you’ll find some great options.

Selling Advertisements

One of the most popular methods of monetizing a site or blog is to sell advertising space, usually banner ads. You could manage this manually, but it is much more efficient to either use a network or a plugin/resource that will automate much of the process 1. BuySellAds – A popular network that manages advertising for publishers and advertisers. 2. BuySellAds Pro – A professional-grade advertising solution from BSA. 3. OIO Publisher – Probably the oldest and most-used WordPress plugin ($47) for managing ad sales. 4. WP AdCenter – A popular and comprehensive ad management plugin for WordPress ($49). 5. AdSanity – Another popular and feature-rich WordPress plugin ($29) for managing ads. 6. AdPress – A premium WordPress plugin ($35) with advanced ad management features. 7. Banner Manager Pro – A WordPress plugin ($18) for selling and managing banner ads on your site. 8. The Deck – An long standing invite-only ad network that targets the web design industry. 9. Carbon – An invite-only ad network, now owned by BSA, that focuses on the design and development industries. 10. Fusion Ads – Also and invite-only network that is owned by BSA targeting the creative community. 11. Yoggrt – Another invite-only network from BSA that targets the creative community. 12. Smaato – Mobile advertising network.

Contextual Advertising

Placing ads within the content of your pages is also an option. 13. AdSense – Google’s contextual advertising solution is one of the easiest ways to monetize a website or blog. 14. Vibrant – In-text, in-image, and display ads. 15. Infolinks – Infolinks is a popular option for in-text ads. 16. Kontera – A contextual advertising solution that has been around for years. 17. Result Links – Focusing on in-text ads. 18. Yahoo Bing Network Contextual Ads – Contextual ads powered by Media.net. 19. Clicksor – They offer inline text ads, banners, popunders, and more.

Affiliate Networks

Affiliate programs can be extremely lucrative to top earners, and one of the great perks is that there are affiliate programs available in just about any industry or niche you can imagine. You can sign up to promote specific products by joining the affiliate program of particular companies or websites, but large networks also represent a huge number of companies and products. Affiliate networks make it a little bit easier to manage because you can get all of your links and stats in one place, plus payouts for all programs within the network will be combined. 20. CommissionJunction – A huge network with options to promote products in just about any industry. 21. ClickBank – The leading affiliate network exclusively for digital products. 22. Amazon Associates – While it’s not really a network, Amazon sells so many different products that their affiliate program can be used by just about any website or blog. 23. ShareASale – Another large affiliate network with many products to promote on your site. 24. ClickBooth – Offer CPA and CPC options. 25. LinkShare – A major affiliate network that represents many leading brands. 26. Neverblue – Another popular affiliate network with a lot of options.

E-Commerce

Selling products at your own website is one of the best ways to take your monetization to the next level. Here are some great resources for getting your own shop setup. 27. Shopify – A super-popular and feature-rich hosted e-commerce platform. 28. BigCommerce – Another popular and feature-rich e-commerce option. 29. Highwire – A hosted e-commerce platform that includes features like selling on Ebay and Facebook. 30. Magento – An extremely popular open-source e-commerce platform. 31. osCommerce – Another popular open-source option. 32. DPD – A simple e-commerce system that is great for selling digital products. 33. E-Junkie – A popular option for selling digital products, although you can use it for tangible products as well. 34. WooCommerce – The leading free WordPress plugin for e-commerce. You can purchase option add-ons from their store to add specific functionality. 35. WP e-Commerce – Another popular free WordPress plugin with premium add-ons available. 36. Cart66 – A premium WordPress e-commerce plugin. They also offer Cart66 Cloud which is a combination of a WordPress plugin and hosted e-commerce. 37. Easy Digital Downloads – A free WordPress plugin for selling digital products. 38. Gumroad – Gumroad makes it easy to sell your digital products.

Launch Your Own Affiliate Program

If you sell your own products, adding an affiliate program is an effective way to increase sales exponentially. You’ll allow others to promote your products in exchange for a commission on any sales that they refer. Most affiliate software options offer many of the same features, so I won’t list details, but here are several options.

• 39. iDevAffiliate
• 40. OmniStar
• 41. Ambassador
• 42. Jrox
• 43. Post Affiliate Pro

WordPress Affiliate Plugins

If you use WordPress for your website there are a number of plugins that can help for setting up your affiliate program.

• 44. Affiliates (free)
• 45. Affiliates Pro ($50)
• 46. WPMU DEV Affiliates ($19)
• 47. Affiliate Royale ($85)
• 48. Magic Affiliate ($89)

Membership Websites

Selling memberships is another excellent monetization option. You can generate recurring revenue by offering members access to exclusive content or resources. 49. aMember – The most popular software for managing membership websites ($179.95), aMember integrates with a wide variety of CMSs and platforms. 50. Wishlist Member – Probably the most popular WordPress plugin ($97) for managing a membership website. 51. Restrict Content Pro – A solid membership plugin for WordPress ($42) that doesn’t include extensive features but is very user-friendly. 52. Member Mouse – A robust membership plugin for WordPress (starts at $19.95 per month). 53. MemberWing – Another membership plugin for WordPress ($199.95).

Premium Content

There are also a few resources that help you to make money by selling access to premium content on your site or blog. 54. Pivotshare – Sell premium video content. 55. TinyPass – Build a revenue stream based on payment for access to premium content. 56. Cleeng – Sell premium content including videos, e-books, live events, and newspapers.

Sponsored Content

Sponsored reviews and blog posts used to be more popular a few years ago, but there are still some options for leveraging your blog to make money from publishing sponsored content. 57. PostJoint – Accept paid content for your blog. 58. SponsoredReviews – Get connected with advertisers looking to pay for blog reviews. 59. SocialSpark – A marketplace find advertisers who want you to review their products. 60. Giveaway.ly – Make money by hosting sponsored giveaways.

Hosting Affiliate Programs

One easy way to make a little extra money is to join the affiliate program of whatever company is hosting your website. Almost every host offers an affiliate program and you can place an ad or link on your site that says “hosted by ABC Company”. If you’re looking for a new host you may want to consider one that has a great affiliate program. 61. Bluehost – A very popular host with an extremely popular and effective affiliate program. 62. HostGator – Another leading host with a generous affiliate program. 63. WPEngine – They specialize in managed WordPress hosting and they feature a high affiliate commission for referrals. 64. MediaTemple – A leader in the hosting industry with a potentially-lucrative affiliate program. 65. Eleven2 – Our current host also offers an affiliate program.

Add a Job Board to Your Website

Another option is to create an industry-specific job board on your site, and charge companies to post a job listing to be seen by your audience. The following options will all make it easy to setup your own job board.

• 66. webJobs
• 67. WPJobBoard WordPress Plugin
• 68. Jobify WordPress Theme
• 69. 9to5 WordPress Theme

Create and Sell Access to Online Courses

Online training and education is a huge industry. You can leverage the expertise and reputation that you have developed by creating and selling your own courses.

• 70. Udemy
• 71. OpenSesame
• 72. Digital Chalk
• 73. Pathwright
• 74. MindBites
• 75. ProProfs
• 76. Course Merchant

Podcasts

Many bloggers also publish podcasts, and podcasts offer some additional opportunities for ad revenue and sponsorships. 77. Podtrac – Podtrac connects podcasters and advertisers.

Auctions

You can sell products via auction using these WordPress plugins and themes.

• 78. WordPress Auction Plugin
• 79. WP Auctions Plugin
• 80. Responsive Auction Theme

WordPress Plugin for Monetizing a Site

For those of you who are using WordPress, there are a number of plugins that don’t fit perfectly into any of the categories before. Each of these plugins has it’s own unique functionality that helps you to make money in some way. 81. Sabai Directory – This plugin ($25) allows you to add a directory to your site, and it integrates with PayPal to accept payment for directory listings. 82. Page Peel Pro – Use page peel ads on your site with this plugin ($13). 83. WP Adshare Revenue – Use this plugin ($10) to share AdSense revenue with authors and editors. It’s a great way to encourage others to produce content for your site. 84. Advert Flap Pro – Create unobtrusive ads that will get your visitors attention by using this plugin ($13). 85. Interstitial Ads – Use this plugin ($18) to show ads that your users will see between pageviews. 86. Wp-Insert – A free plugin that will insert ads into specific locations within your content. 87. Google AdSense – A free plugin that makes it easy to implement AdSense into your WordPress website or blog. 88. WP Auto Affiliate Links – This free plugin will automatically create affiliate links within your content based on keywords and affiliate programs of your choice. 89. Amazon eStore Affiliates Plugin – Use this plugin ($31) to build a store featuring Amazon products. 90. Paid Downloads Pro – Sell any digital content easily with this plugin ($18). 91. Social Deals Engine – This plugin ($15) allows you to get daily deal site functionality, and it integrates with WooCommerce. 92. FooBar – Add a notification bar with this plugin ($14) to get more attention for an affiliate link or a link to one of your own products. 93. attentionGrabber – Another popular plugin ($12) for adding a notification bar. 94. WP Header Bar – This plugin ($13) allows you to create responsive notification bars with a lot of different features. 95. Nice Notifications – A notification bar plugin ($14) with a drag-and-drop composer. 96. WP Pre Post Advertising – This plugin ($10) shows an ad before the actual post/page. The ad includes a countdown and when it reaches 0 the page/post will be shown. 97. 5sec Link Remover – This plugin ($8) allows you to show links only to registered/paid users. 98. Pretty Link Lite – A free plugin (premium version also available) that is great for shortening your affiliate links. 99. Simple URLs – Another free plugin for creating shortened links. 100. WP125 – This free plugin allows you to manage and rotate banner ads. 101. AdRotate – A free plugin for managing ad spots on your blog. A pro version is also available.

Read More