Mark is a graphic/web designer with over 30 years in the industry. He's been running his own design business since 2005. Mark originally got into podcasting as a TV show fan podcaster in 2013. He now produces a weekly design related podcast called Resourceful Designer that aims at helping designers run and grow their own design businesses.
Vote for Resourceful Designer in the Podcast Awards. Visit and select Resourceful Designer in the ARTS and EDUCATION categories. And if you are not sure who to select in the SPORTS category, please consider the Packers Fan Podcast by Wayne Henderson, my voice-over guy. And if you would like to join the Resourceful Designer Community, visit I'll be back in a couple of weeks.
My strategy for securing WordPress websites. The internet is filled with unscrupulous people. Are you doing everything you can to ensure your clients’ portion of it is safe by securing their WordPress websites? I recently published a podcast episode and article on earning extra income by offering website maintenance plans. Part of that strategy is making sure the websites you manage are secure. I received many questions afterwards asking how I secure my clients’ WordPress websites. There are many ways and many tools available for securing a WordPress website. Here is the method that works for me. WordPress Security. Those two words, “WordPress Security” may sound intimidating to the uninitiated. Let me assure you they’re not. If I can learn how to do this, so can you. I’m not a programmer. I’m not even a developer. I’m just a WordPress user who figured out a security strategy that works for me. What is WordPress Security? WordPress security involves putting measures in place to decrease the chance of someone compromising a website. If you sell WordPress Security as part of your website maintenance plan, be sure to tell your clients there are no guarantees. If a skilled hacker is determined to gain access to a website, they will, and there’s not much you can do to prevent it. The purpose of Website security is to make it as difficult as possible for them, so they leave your site alone and go in search of an easier target. Most hacking attempts are easily preventable with a few simple measures. Here’s what I do. Securing Account Login. By default, every WordPress installation provides easy access for administrators to gain entry to a site through the URL This default makes the WordPress login page the most attacked part of any website. So how do you secure the account login? Hide the backend I use iThemes Security Pro to hide the backend of every website and replace the login page with something else. If anyone tries entering the site via the /wp-login.php page, they’ll be taken to a 404 page not found page instead. This is more of security by obscurity, and is not a very strong strategy, but if it helps prevent automated bots and such, then why not do it? iThemes Security Pro > Security > Settings > Advanced > Hide Backend Force the use of a strong password. The stronger the password, the harder it is to crack. Forcing a strong password makes it more difficult to gain access to a site. iThemes Security Pro allows me to force the use of strong passwords. New site users must enter a strong password to create their account, and existing site users are forced to update their weak password when they next log in. iThemes Security Pro > Security > Settings > Password Requirements Prevent the use of compromised passwords. One of the main vulnerabilities of passwords is their reuse. Many people think up a good password, but then they use it everywhere. All it takes is for one database breach containing their user name and password, and a hacker can gain access to wherever the two are used in combination. iThemes Security Pro connects to the haveibeenpwned API and refuses any compromised passwords. As part of this prevention method, I recommend all my clients use a Password Manager such as 1Password to create strong, unique passwords for every site they visit. iThemes Security Pro > Security > Settings > Password Requirements Limit Login Attempts. Even a strong password may be guessed if given enough time. So as an extra measure, I turn on Brute Force Protection in iThemes Security Pro to prevent the number of failed login attempts. I have it set so that three failed login attempts will lock a user out of the site for 15 minutes. After their third lockout, it bans the IP address from even viewing the website. iThemes Security Pro > Security > Settings > Local Brute Force Protection Two-Factor Authentication. Two-Factor Authentication, sometimes called 2FA, adds an extra step to the login process. The way it works is after entering a username and password; users must enter a temporary six-digit code to gain access to the site. This code can be obtained from a predetermined list, one that’s emailed to the user, or, my preferred method, using an App on a smartphone such as Google Authenticator. Google Authenticator generates a new unique code every 30 seconds. When logging into a website with Two-Factor Authentication, you must enter the code from the app and press the login button before the code expires. The only way to gain access to a website protected by 2FA is to have the user name and password, plus have access to the smartphone tied to the account. iThemes Security Pro > Security > Settings > Two-Factor Authentication (This is a PRO feature) Passwordless Login I want to mention Passwordless Login as a security option, but note that I don’t use this method myself. I explain why, later. Passwordless login is a way to gain access to a website without entering a password or a 2FA code. To use Passwordless Login, you enter your email address on the login page then check your email for a “magic link” that grants you access to the website. No password or Two-Factor Authentication code required. Passwordless login is secure because it requires access to the email account associated with the site. Although Passwordless Login is very secure and works great for clients, I don’t use this method. I sometimes need to access to a client’s website through their account instead of my admin account. I wouldn’t be able to access a site with Passwordless Login since I don’t have access to my client’s email account. iThemes Security Pro > Security > Settings > Passwordless Login (This is a PRO feature) WordPress Site Monitoring Now that the account login is secure, the next thing I turn to is site monitoring. I want to know when something happens to one of my client’s website. Security Logs WordPress security logs are an excellent resource for seeing what is happening with a site. If a website gets hacked, the security logs will have the best information to help you recover. To be honest, I don’t understand most of what the security logs contain. But I know where they are, and how to download and share them if I need to get an expert involved in fixing a compromised site. iThemes Security Pro > Security > Logs Monitor File changes iThemes Security Pro allows me to monitor when files on a website change. This is a great way to know when someone had gained access to a site. Be warned; this feature will also notify you of every change and update you make to the site. iThemes Security Pro > Security > Settings > File Change Detection Scanning for Malware iThemes Security Pro regularity scans and notifies me if it detects malware on a website. This has saved me in the past when a client’s site became compromised. I was able to fix the issue before it escalated. iThemes Security Pro > Security > Settings > Site Scan Scheduling (This is a PRO feature) Themes and Plugin Management Delete unrequired and inactive themes and plugins. It’s much easier to hack into a website if it has outdated themes and plugins installed. The first step in theme and plugin management is to deactivate and delete any unrequited or unused plugins. You can always reinstall a plugin should it be needed. Also, make sure you acquire your plugins from reputable sources. I’ve seen some questionable WordPress Plugin bundles recently offering thousands of dollars worth of premium plugins for next to nothing. These plugins may work, but they may also be compromised. It’s not worth risking your business or reputation over. Keep active plugins and themes updated. As far as security is concerned, when it comes to the WordPress Core, Themes and Plugins, the best rule of thumb is to keep everything updated. Many updates are to patch security vulnerabilities. iThemes Security Pro has a nice feature called Version Management that allows a site to automatically update itself as new versions of the WordPress core, themes and plugins are released. Although handy, I leave almost all of this feature off. I prefer updating plugins myself. Should something on the site break during an update, I want to know right away. The only option I turn on is the “Auto Update if Fixes Vulnerability” option. This allows updates only if it fixes a security issue. iThemes Security Pro > Security > Settings > Version Management (This is a PRO feature) Manually updating the WordPress Core, Themes and Plugins. For updating my client website, I use iThemes Sync, a WordPress manager. iThemes Sync allows me to monitor and update all my clients’ websites from one dashboard. iThemes Sync sends me daily emails telling me what plugins and themes have updates available. I can log into iThems Sync and perform all the updates from the one dashboard without having to log into each website individually, saving me time. The basic version of iThemes Sync is free for up to 10 websites. Domain security. Whenever registering a domain, I highly suggest you include domain privacy. Some hosts include domain privacy while others charge an extra fee. Domain Privacy hides the domain owner’s contact information from the public. Without domain privacy, a domain owner’s email address, mailing address and phone number are available for anyone to see. Since it’s common to use the same email address to register a domain and access the associated website, without domain privacy, you’re handing hackers half of the login information they need. That’s my WordPress Security plan. That’s it. That’s what I do to secure my clients’ WordPress websites. This is not meant to be an add for iThemes. There are many tools you can use to do the same things I do. Some of them possibly better and maybe less expensive than what I use. But I’ve been using the iThemes programs for several years, and I know, and I trust them. And so far, knock on wood, they’ve worked for me. What's your strategy for securing WordPress websites? Let me know by leaving a comment for this episode.
If only I knew these things before starting my design business. You know that saying, hindsight is 20/20? It means that it’s always easier to see things when you’re looking back than when you’re looking forward. Before I decided to leave the print shop where I worked as a graphic designer to start my graphic and web design business in 2006, I had a preconceived notion of what to expect. Some of what I imagined turned out to be accurate and some of what I believed was way off. For example, I imagined how much I would love running my own business, spending my days designing beautiful things for great clients. It turns out I love it even more than I anticipated. However, I do spend a lot less time designing than I thought I would. I didn’t know many designers in 2006 who were running their own business. There were a few who used the print shop I worked at for their client’s print work. But they were more of what I call freelance designers. Meaning, they had other sources of income and did design as a side-gig. So there was nobody for me to emulate. I did have one friend, Jason, with a successful design business in Toronto. I talked to him quite a bit before deciding to go it on my own. But even with those conversations, there was still a lot I didn’t know or wasn’t expecting when I did eventually jump ship. So here are ten things I wish someone had told me before I started my design business. 1) You don’t need a lot of clients to run a successful design business. Before starting my design business, I thought I would need 50 to 100 clients for my new business to be sustainable. Boy, was I wrong. I quickly learned that a solo designer could make a good living with only a handful of clients. In fact, during the first two years of my business, I only had 11 or 12 clients. Clients come and go, but on any given basis, a dozen clients is a good number to aim for. More than that and you risk overloading yourself with work. 2) You’ll spend a lot of time on things other than design. Running your own business is a lot of work. And a lot of it is considered non-billable time. Things like invoicing and bookkeeping, keeping track of expenses and taxes, writing pitches, contracts and proposals. And so much more. I thought I would be spending my days in creative bliss, designing beautiful things for grateful clients. But there have been days when I’m too busy running my business to design anything. 3) You need to become a time management expert. When you work for someone else, they tell you when to take breaks, go for lunch, and call it quits at the end of the day. When you’re running your own design business, there’s nobody prodding you along but yourself. Learn to take breaks and find time to eat—set boundaries between your work and non-work life. Otherwise, you’ll burn yourself out by working days, evenings and weekends, and you’ll start to resent what you do. Running your own business means a flexible schedule, but you need to learn how to manage your time effectively. When you make your own schedule, you have the freedom to go to the grocery store on a Wednesday morning or to cut your day off early so you can bring your kids to their karate class or their soccer game. That’s the benefit of working for yourself. But you also need to be able to juggle multiple design projects with overlapping deadlines and clients who are not always on time delivering the content they promised you. Conquering time management is the only way to stay sane in this business. 4) The rejections and criticisms will never stop. Just because your the boss doesn’t mean clients won’t find fault with your work. But don’t worry, that’s a good thing. It doesn’t matter how long you do this work or how good you become. There will always be room for improvement. Clients will reject your proofs or decide not to work with you at all. I’ve been a designer for over 30 years, running my own business for half that time, and I still have clients turn me down or tell me they don’t like certain things I design. Learn to embrace failure, because there’s a lot of it when you’re on your own. The trick is to learn from them and grow as a designer and as a business person. When the rejections stop is when you need to worry, because that means you’re either the best designer in the world and you’re way undercharging for your services. Or you’ve stopped putting yourself out there, and there are no more clients to complain. 5) Fake it until you make it. You can’t succeed in this design business if you’re timid or hesitant or if you come off as self-conscious about the way you handle yourself. You need to present yourself as a solution to the client’s problem. Their best option at success, even if you’re not sure of yourself. Confidence comes with experience, but it also comes in the form of self-motivation. If you tell yourself you can do the job, then nobody else will doubt you. The way to make it in this business is to continually go after more prominent clients. Ask for more money than your previous design jobs, pursue larger projects than you’re used to. If you keep aiming high enough, soon you’ll believe it’s where you ought to be. 6) Find a mentor. If you try to run your design business all by yourself without any help, chances are you’ll fail. Not because you’re a bad designer, nor because you’re a bad business person. But because you don’t have the support you need to succeed. You’re lucky that it’s 2020. You have a cornucopia of resources at your disposal to help you start and run your design business. Take the Resourceful Designer Community, for example. The community is home to a great group of designers who love helping fellow community members. In a way, we’re all mentors to each other. When I started my design business in 2005, there were no Facebook groups or online communities. What got me through the beginning of my solopreneurial journey were the mentors I followed. People like Jason, who I mentioned earlier. Or Shari, a fellow local designer who helped me get my first clients. Without people to model myself upon or to ask questions of when I needed help, I don’t know how my journey would have turned out. Find yourself a group of peers that can help and guide you. It will make your journey so much easier. 7) The respect given to you is a reflection of how much you charge. Clients will never stop trying to take advantage of you. But the level of pushback you receive is closely associated with how much you charge. The higher your rates, the more you’ll be viewed as an expert. The more clients see you as an expert, the more they’ll appreciate your opinion and the less pushback you’ll hear. When I used to charge $100 or $200 for a logo design, clients would try dictating what they wanted me to do. “Move that there,” “make that bigger,” “use a different colour,” “try another font.” But as I raised my prices, the less “dictation” I received, and the more freedom I had to design the way I saw fit. Trust me, when you’re charging thousands of dollars for a brand identity, clients are much less likely to micromanage you. The more you charge, the more your clients will respect you. 8) Don’t put all your design eggs in one basket. You should never rely on one or two clients to sustain your design business. If there’s anything I learned over the years, it’s that clients can vanish in a heartbeat. Just like investments, you need to diversify where your design work comes from. It’s great to have big clients with big budgets, but make sure you have enough smaller clients to diversify your income. I’ve had several big clients over the years, from huge festivals to big shopping malls, to government agencies that have all gone away. The festival shut down. An investment firm with an internal design team bought the shopping mall. And the government agency amalgamated with another division who did work with another designer. I survived the loss of these clients because I had other smaller clients to sustain me following their departure. 9) You can make a lot more money doing a lot less work. Before leaving the print shop, I was working 40 hours per week at $21 per hour. That works out to $840 gross per week and roughly $550 net once the government took their deductions. When I started my design business, I chose $50 as my hourly design rate. I no longer charge by the hour, but that’s another story. Since there are no deductions for the self-employed, for me to make the same weekly income from my old salary, I needed to work 11 billable hours every week. That was it. I mentioned earlier how one of the things I didn’t expect when starting my business was how much time I would spend not designing. There are plenty of non-billable hours in the workweek, but it’s ok because designers can make an excellent income designing just a few hours each week even while billing by the hour. 10) The riches are in the niches. When I started my design business, I didn’t know what a design niche was. It wasn’t until a few years later, when I met a designer specializing in the dental industry that I leaned about niching. And to be honest, I didn’t give it much thought because she told me how much he hated it. This designer was making good money in her niche, but she had no passion for the dental industry. It was merely a lucrative niche she had stumbled upon. In fact, when I met her, she was planning on getting out of it to do what she called “normal design work” that had nothing to do with dentists. It wasn’t until much later that I started hearing about niching again and started to appreciate this specialized approach to design. I recently branched out my design business to focus on the podcast niche. And let me tell you, it’s pretty good. The trick is finding a niche your passionate about. That was the problem with that designer I mentioned. She had no passion for the dental industry and grew bored with the work she was doing. So there you have it. Ten things I wish someone had told me before I started my design business. I hope you find these things helpful–especially if you’re at the start of your business journey. And if you already have an established design business, maybe I’ve shared something that will inspire you to look at what you do differently. What do you wish you had known before starting your design business? Let me know by leaving a comment for this episode. Tip of the week Strong Passwords Have you ever heard of Password Entropy? It’s the measurement of unpredictability in a password. A password like LMNOPQR is much more predictable and easier to crack than something like L8?X49[. That’s why randomized passwords are considered the strongest. Passwords should be composed of upper case letters, lower case letters, numbers and common ASCII characters. When combined, each digit in a password has 92 possible options. Here are the estimated times it takes to crack a password using a four-core i5 processor computer. You can see that the number of characters in your password matters! 7 characters will take .29 milliseconds to crack. 8 characters will take 5 hours to crack. 9 characters will take 4 months to crack. 10 characters will take one decade to crack 12 characters will take two centuries to crack. How secure are your passwords?
Find local design clients to grow your business. If you want to grow your design business, your best chance is to find local design clients to work with. After all, it’s much easier to find a client among the people who know you. Of course, as your design business grows, you’ll want to expand your reach and acquire clients farther and farther away until you have a global range, that’s the dream. But never forget where you started, because, in a pinch, your local client market is where you’ll find the most help and the most work. When I first started my design business, all of my clients were within 20 kilometres from me. As my business grew, so did the radius of my client base. 20 kb became 100 km, then 200 km and soon it was all of Canada. Then I started acquiring clients across the USA. Now, I work with people around the globe. But even with that wide-spanning net of clients, my closest connections and best relationships are with my local design clients in my area. And I’m not alone. Ask any successful designer, and they’ll tell you there’s something special about working with local clients. For one thing, it’s easier. When working with distant clients, there’s so much you need to learn about them and their environment. Where are they located? Where are their target market located? What’s their local environment like? What’s their local competition like? And so forth. But with local design clients, you have the inside scoop. There’s a good chance you’re already familiar with where the client is located. If not, it’s easy for you to become familiar. You know the local environment. You know or can quickly determine their competition. All of this “inside knowledge” of your local area gives you an advantage over designers from outside your local area. Plus, you can sit down and talk face-to-face with local design clients, which can only deepen that oh-so-important designer-client relationship. From a local client’s perspective, I’m sure they would prefer to work with a local designer rather than someone they can only interact with over the phone or the internet. Not to mention, most people feel good when they support local businesses. Focusing locally is more important now than ever. It’s now more important than ever to embrace a Shop Local mentality. COVID-19 has taken its toll on businesses everywhere. I’m sure your local economy took a hit. Nobody knows how long this will go on, but as companies start opening up again, it’s essential to support them however you can. Those business clients think the same way. If they need the help of a graphic or web designer, their first thought will be to focus locally for someone before looking elsewhere. That designer should be you. Make it easier for local design clients to find you. Here are some tips to help you get noticed in your local area. 1) Your marketing should have a local presence. Make sure your website prominently displays your address. Clients searching locally for a designer will look for your address to confirm you’re local. Clients who are not searching locally won’t care what your address is and won’t bother looking at it. Carry business cards with you everywhere you go and leave one or two behind at opportune moments. 2) Join local organizations. Organizations such as your local Chamber of Commerce and other business groups are great ways to spread the word about your design services. You can also get involved with local charities. Join their board of directors to committees. Your child school might have a parent committee you can join as well. Business networking groups are another excellent opportunity to get your name out there. Remember, It’s not who you know, but who knows you. 3) Submit your business to local directories. A great way to be discovered is to be listed in as many local directors as possible. Local municipalities, chamber of commerce, business groups, newspapers, etc. often host directories of local businesses. Find out how your business can be included. Make sure you are listed in Google My Business so you can be found in local online searches. 4) Do local SEO You know the importance of SEO. However, not everyone knows the importance of local SEO. Local SEO requires a different strategy to ensure you’re not only found by local searchers but that you show up as close to the top as possible. 5) Pay for locally targetted ads. Platforms such as Facebook, Instagram, LinkedIn and Google all offer a way to target ads to your local area. Take advantage of this feature and promote your business to those around you who can benefit from your services. Local design clients are there if you look. There are many local design clients and local businesses in your area that can use someone like you. And even though it’s great to work with clients around the globe, you shouldn’t neglect the ones in your own backyard. When it comes down to it, they’re the ones that are more likely to remain loyal when times get tough. They’re more likely to refer you to others. And they’re most likely to support a fellow local business. Make sure you’re doing everything you can to get yourself and your services in front of local design clients and businesses. How much effort do you put into finding local design clients? Let me know by leaving a comment for this episode. Resource of the week LBGT+ Chamber of Commerce LBGT+ entrepreneurs and business owners have a great resource in the LBGT+ Chamber of Commerce. Similar to all Chamber of Commerces, these ones aim to help businesses run by LBGT+ community members. There are many LBGT+ Chamber of Commerces around the world. Check your local area to see if there's one nearby. Here are links to the Canadian and American national branches. Canada's LBGT+ Chamber of Commerce National LGBT Chamber of Commerce
View 1690 more appearances
Get appearance alerts
Subscribe to receive notifications by email whenever this creator appears as a guest on an episode.

Subscribe to receive notifications by email whenever this creator appears as a guest on an episode.

Share Profile
Are you Mark? Verify and edit this page to your liking.


Recommend This Creator

Recommendation sent

Join Podchaser to...

  • Rate podcasts and episodes
  • Follow podcasts and creators
  • Create podcast and episode lists
  • & much more

Creator Details

Episode Count
Podcast Count
Total Airtime
2 weeks, 17 hours
Podchaser Creator ID logo 791932