“I have been looking to find an easier way to check for broken links. Thank you for making this tool so accessible.” Dena, WPMU DEV Member

Broken links are a negative indicator of site health and can have a major impact on your PageRank and your reputation. Staying on top of your site links is an essential and crucial aspect of good WordPress site management.

But… manually checking your content for broken links is time-consuming and tedious excruciating, especially if you manage multiple WordPress sites.

“This is potentially going to save a ton of time! Before now I’ve always done a manual check on all sites I create.” TNT Systems, WPMU DEV Member

This article shows you how to use our powerful link checking tool on unlimited WordPress sites – completely re-engineered with a top user-requested feature and a new API that works 20x faster, to deliver better and more accurate results, prevent negative SEO performance issues, and improve user experience.

We also include a comprehensive guide covering all you need to know about why link management is important and how to effectively manage broken links on all of your sites.

We’ll cover the following topics:

• Broken Link Checker for WordPress – BLC Plugin
  • Set Up
  • Edit/Unlink Broken Links
  • Run Manual Scans
  • Schedule Scans and Send Email Reports
  • Search
  • Export Lists
• Cloud Link Checker – Perfect For Agencies
• How Broken Links Affect SEO
• Broken Links Can Also Harm Your Business
• What is Broken Links Hijacking?
• What Causes Broken Links?
  • Best Practices to Fix Broken Links
  • Steps to Avoid and Fix 404 Pages
• Fixing Broken Links: Manual vs Automated Methods
  • Benefits of Using Manual Methods to Fix Broken Links
  • Benefits of Using Automated Methods to Fix Broken Links
• Take Link Maintenance to the Next Level with WPMU DEV’s BLC

Let’s jump right in and take a look at the only tool you’ll ever need to check and repair broken links on unlimited WordPress sites.

WordPress Broken Link Checker (BLC) Plugin

WPMU DEV acquired Broken Link Checker many years back from ManageWP, and since then have implemented many tweaks and fixes to improve its capabilities, growing its popularity to 700K downloads and its user satisfaction to 4/5 stars.

[NB: Special shoutouts to Patrick Walker, Team Lead at WP Engine’s Customer Experience Operations Team for his hard work in collaboration with our engineers to get our plugin removed from WP Engine’s and Flywheel’s block list and to Kinsta for recommending our cloud-based service.]

While we plan to continue maintaining and improving the old plugin version for the thousands of users who are still currently using it, starting from versions 2.0 and onward, we’ve also introduced a new cloud-based link checking plugin for WordPress.

Note: We’ll focus the rest of this article on our Cloud Link Checker. For more information on using the old (Local) BLC plugin, visit the plugin download page on WordPress.org.

Why Two Different Link Checking Engines?

The old Broken Link Checker plugin (we now call this version Local Link Checker) is a great tool currently used and loved by thousands of WordPress users to keep their URLs healthy.

If you love it, feel free to keep using it. Keep in mind, however, that it depends on your site’s resources to run scans, which can be affected by your hosting plan’s available resources, and, depending on what plugins are installed on your site, could cause conflicts or WP/PHP errors.

Our latest innovation — a cloud-based plugin — takes things to a whole new level and opens the door to an entirely new scope of possibilities that we couldn’t achieve before by integrating the best of the Local BLC plugin with cloud capabilities directly into The Hub (our all-in-one WordPress platform), all at no additional cost to users.

For example, some of the benefits of the new cloud-based BLC include:

• Scalability: Cloud Link Checker runs on WPMU DEV’s engines not the individual site where the plugin is installed, so you can run broken link scans on sites of any size and server type.
• Blazing Fast Scans: Being cloud-based means any dependencies on the performance of your server are eliminated, giving your scans a massive speed increase.
• No Risk of Blocklisting: Pinging external sites repeatedly from your website raises suspicious flags with internet service providers and puts your site at risk of being blocklisted. Cloud BLC doesn’t use your site’s IP address, so there’s no risk of your site(s) being blocklisted.
• Faster Updates and Instant Improvements: No more waiting for plugin version releases or worrying whether you site’s resources can handle the changes. We test, fix, and improve everything on the cloud and your site benefits instantly as soon as we deploy the changes and improvements to our engine..
• Eliminate WordPress and PHP Errors: Our cloud-based link checker doesn’t run on your site’s resources, so you won’t experience site resource errors using the plugin.
• Crawl Everything: Cloud Link Checker follows the same logic as search engine crawlers, so no URLs are missed on all standard pages and posts, menus, category pages, etc. Even better, use scheduled reports to discover broken links before the search engines see them.

Cloud BLC scans your site from top to bottom, monitoring external and internal links in your posts, pages, comments, blogroll – even custom fields.

It detects links that don’t work, as well as missing images and redirects. It will then notify you via the Broken Link Checker section of the Hub, or you can view a summary of the results in the plugin dashboard of your WordPress site.

“Love this new tool, especially since it runs off-site and doesn’t hog server resources.” Levi, WPMU DEV Member

Set Up

Whether you’re an existing Broken Link Checker plugin user or new to the tool, setup is a breeze.

You can set up the plugin from the WordPress dashboard plugin and from WPMU DEV’s Hub.

Let’s look at both methods.

From the WordPress Dashboard

1. Install and activate the plugin.
2. Go to the Link Checker menu and select Cloud.
3. If you’re logged into WPMU DEV, click ‘Enable Cloud Engine’ (otherwise, the button will say ‘Connect to WPMU DEV’), and you’ll be taken through The Free Hub onboarding process, as well as the broken links checking tool component. This will lead you directly to the BLC service tab in The Free Hub.
4. From here, run a new scan. You’ll get a notification once the scan completes, so feel free to look around The Free Hub while you wait.
5. Once you receive notification that the scan is complete, you can view the results in the Broken Link Checker section of The Free Hub.

From The Hub

1. After logging into The Hub, you’ll see Broken Link Checker listed as a new service in the menu (top & sidebar).
2. Activate this to install the plugin on the site.
3. Run a scan to see your results.

However you choose to install the Cloud Link Checker, the WordPress dashboard will display the Summary Report, while The Hub will have the Full Report – including the list of broken and dead links.

Click View Full Report to see the full scan report in The Hub.

Aside from locating your broken links, missing images, and redirects, the plugin has additional functions that let you schedule scans, send reports by email, search (with built-in filters), and export your lists for download.

Edit/Unlink Broken Links

Our members spoke…and we listened!

One of the most requested features for this tool was the ability to edit and unlink broken links.

We’re thrilled to announce that in addition to ignoring and reporting links as not broken, you can now also easily edit and unlink broken links from The Hub.

Simply click on the vertical ellipsis (3 dots) to the right of any link listed in the Hub’s scan report and select one of the available options.

Select Edit Link to point the link to a new URL, Unlink to remove the link and change it to plain text, or select one of the other options to ignore the link or to report false positives (note: we use Not Broken reports to improve BLC’s engine).

Note: New scans are temporarily disabled while the system is performing editing or unlinking operations. You can run a new scan after these processes have completed.

Also, to keep reports manageable, if the scan detects multiple instances of the same broken link URL, the report only displays the first 10 instances and notifies you how many other instances there are.

You can choose to edit or unlink only the first 10 visible links, or perform the operation on all instances of that same link.

Note that the tool does not scan hardcoded links written in php files (eg template files, shortcodes, etc.).

Run Manual Scans

You can run a manual scan any time, in both the WordPress dashboard and The Hub. Just hit the blue Run Scan button. This can be helpful if you’ve done some clean up, and want to refresh your view of the list.

Schedule Scans & Send Reports by Email

Scheduling scans is done from the Broken Link Checker plugin section in the WordPress dashboard.

At least one recipient must be added to schedule reports, so that it can be sent to a party via email.

1. From the Schedule Scan section, click Configure.
   Check that you are on the Schedule Date tab from the top menu.
2. Choose the Frequency, from Daily, Weekly, Monthly.
3. Select desired time, day, or date from the dropdown options; then click Save.

Now we will add recipients (at least one), so the report has a destination to be sent to:

1. Click on the Add Recipients tab.
2. You can either Add Users, from the list of those you’ve already added to the site, or Add By Email, for anyone at all. Remember to Save Changes.

You can deactivate the scheduled scan or change the sending schedule, as well as who it goes to, at any time.

Search

To easily locate your URLs, search results can be filtered from within The Hub.

From the summary screen, you can use the dropdowns to filter by Status or Domain.

Export Lists

You can export your broken URL lists anytime in CSV format.

To do this, simply click the Export as CSV button from the summary screen in The Hub.

And … that’s it! You’re now a BLC pro.

“I love this! Offsetting the resources to the cloud will help so many sites!” PTaubman, WPMU DEV Member

“But I’m happy with Local BLC and I don’t run multiple sites…”

If you want to keep using the older plugin, you don’t have to switch to Cloud Link Checker. Local BLC will keep working just fine and you can easily switch to the cloud version at any time inside your WordPress admin.

Just keep in mind that you can only activate one engine at a time, so if the Cloud engine is running, Local Link Checker will be inactive and vice-versa.

Note: if you run a multisite installation, BLC cloud version will only be available on the main site when network-activated. Due to the complexity of scanning multisite, subsites will continue to use the BLC Local version.

Cloud Link Checker – Perfect For Agencies

Being able to manage all of your sites from one place (The Hub) and send clients white labeled reports makes Cloud Link Checker the perfect solution for agencies, freelancers, and anyone running multiple WordPress sites.

You can also use the tool with a customized report as a way to generate new clients for your agency and upsell WordPress maintenance services to existing clients.

Compare our plugin with other broken link checking tools and you will quickly see why WPMU DEV’s cloud-based link checker is a no-brainer.

For example, here’s one of our competitors’ offering:

• Free version limitations:
  • Only one website allowed.
  • Only 200 links checked per month.
  • Only internal links are checked.
• Links are checked once every 3 days.
• Cost: $30/month (credit card required to sign up).

Whereas, with WPMU DEV’s Cloud Link Checker…

• No limitations:
  • Unlimited number of websites.
  • Unlimited number of links.
  • Internal and External links are checked (Local and Cloud versions).
• Set your own schedule (Local and Cloud versions).
• Manually check all your sites anytime.
• Cost: Free (priority support included for members only).
• No credit card required to sign up.

To get the full picture of what our broken links checker can do, see the plugin documentation.

Now that we’ve shared the good news with you about a powerful WordPress troubleshooting tool every web developer (and user) should have in their site management toolbox, let’s take a closer look at the harm broken links can cause if left unchecked and why you need a tool like Broken Link Checker.

How Broken Links Affect SEO

High-quality, relevant, and authoritative links are crucial to a website’s SEO and reputation. Broken links can have several negative impacts on search engine optimization, including:

1. Crawling and Indexing Issues: Search engine crawlers follow links to discover and index web pages. In fact, Google cites good working links as a best practice. When a crawler encounters a broken link, it cannot access the linked page and may struggle to navigate through your website effectively. This can prevent certain pages from being indexed, making them invisible to search engines and reducing their chances of appearing in search results.

2. Increased Bounce Rates: Bounce rate measure how long users spend time on a particular web page before “bouncing” to another one. Visitors who stumble upon broken links may abandon a site altogether. When visitors repeatedly choose to leave a web page almost immediately after landing on it, this leads to a high bounce rate, which sends a “low-quality” signal to search engines about the site.

3. Decreased Search Engine Rankings: Search engines aim to deliver the best user experience by providing relevant and high-quality search results. Websites with broken links may be considered less reliable and valuable by search engines, leading to lower rankings in search results. This can result in reduced organic traffic and visibility for your website.

4. Impact on Internal Link Structure: Broken links disrupt the internal link structure of your website. Internal linking helps search engines understand the relationships between different pages and establishes a hierarchy of importance. When broken links exist within this structure, it can confuse search engines and weaken the overall SEO structure of your website.

5. Lost Backlink Opportunities: Backlinks are an important factor in SEO, as they indicate the authority and relevance of your website. If other websites link to broken pages on your site, it can negatively impact your backlink profile. Broken links may deter other webmasters from linking to your site, reducing your chances of acquiring valuable backlinks.

To mitigate the negative impact of broken links on SEO, it is crucial to regularly monitor and fix them. Conducting regular website audits, using tools to identify broken links like BLC, and implementing redirects or updating links can help improve user experience, maintain search engine rankings, and enhance the overall SEO performance of your website.

Broken Links Can Also Harm Your Business

In addition to impacting your site’s SEO, broken links can also cause serious damage to your business and its reputation. This includes:

1. Poor User Experience: Studies show that 89% of consumers will shop with a competitor after having a poor user experience on a site. Broken links create a negative user experience by leading visitors to dead-end pages or error messages. Users expect links to provide relevant information or resources, and encountering broken links can be frustrating. This can decrease user engagement, increase bounce rates, and ultimately harm your website’s reputation.

2. Negative Impact on Revenue: Broken links can sometimes cause roadblocks in your sales conversion process. Investing money and time into marketing efforts to get potential customers to your site then losing sales because they cannot reach conversion pages means wasted time and lost revenue.

3. Security Vulnerabilities: Broken links can also lead to malicious attacks on your site, phishing scams, and broken links hijacking (see below)

What is Broken Links Hijacking (BLH)?

Broken Links Hijacking (BLH) refers to the practice of exploiting expired, unlinked, or inactive external links found within a webpage.

It involves malicious actors taking advantage of resources or third-party services that are no longer available or valid, such as due to expired domains. These attackers can seize control of these links to carry out various harmful activities, including defacement through acquiring expired domains, impersonation, or even cross-site scripting.

Attack Scenario and Security Risks

Let’s imagine a scenario where a business shuts down or forgets to create a social media page but still has the link to that page on its website. In this case, an attacker can simply create an account using the same name and then proceed to post offensive content or launch phishing attacks while pretending to be the business.

Illustrative Scenario

To illustrate this further, let’s consider a website called thewebsite.com that mentions a LinkedIn page URL but hasn’t actually created the page yet. As a result, when users try to visit the LinkedIn page using the URL (e.g., https://www.linkedin.com/company/the-website/), they encounter a “404 page not found” error.

Exploiting this situation, an attacker creates a fake LinkedIn page and customizes the URL to resemble “the-website.” Consequently, when a regular user accesses the company’s LinkedIn page through the URL, they unknowingly get redirected to the attacker’s controlled LinkedIn page.

What Causes Broken Links?

There are several factors that can lead to broken links. Some of the most common causes include:

1. Typo: Mistakes made when writing the link can result in broken links. This could be a simple error in typing or copy-pasting the URL incorrectly.

2. Deleted Pages: When a page is deleted from a website, any links pointing to that page will become broken. This can happen when content is removed or when a website undergoes restructuring.

3. Renamed Pages: If URLs are changed or pages are renamed without implementing proper redirects, the old links pointing to those pages will no longer work and lead to broken links.

4. Domain Name Change: When a website changes its domain name, any links pointing to the old domain will become broken unless appropriate redirects are in place.

Best Practices to Fix Broken Links

To fix broken links, it is important to follow these best practices:

1. Check Links with a Broken Link Checker (BLC): Use a reliable tool to identify broken links on your website. This will provide you with a list of broken links that need to be addressed.

2. Prioritize High Authority Pages: Start by addressing broken links on pages with high authority or those that receive significant traffic. Fixing these links will have a greater impact on your website’s overall performance.

3. Redirect to Relevant URLs: If a page has been deleted or its URL has changed, set up proper redirects (such as 301 redirects) to automatically send visitors to the relevant new URL. This ensures a seamless user experience and avoids 404 error pages.

Steps to Avoid and Fix 404 Pages

To prevent and resolve 404 pages (page not found errors), consider the following steps:

1. Preserve and Update Content: Instead of deleting pages outright, consider updating or refreshing the content. This helps avoid unnecessary 404 pages caused by removing content that other pages have linked to.

2. Implement 301 or 302 Redirects: If a page’s content still exists but its location or URL structure has changed, use 301 or 302 redirects to redirect visitors to the new page. This ensures they can still access the desired content without encountering a 404 error.

3. Reach Out to Webmasters for Updated Links: If a 404 error occurs due to an external website incorrectly linking to your content, you can try contacting the website’s author or web administrator. Requesting an update to the erroneous link can help resolve the issue, or alternatively, suggest changing the link altogether.

Fixing Broken Links: Manual vs Automated Methods

Fixing broken links has long been considered an essential practice among SEO practitioners. Broken links should be fixed quickly.

Google understands that broken links are a natural happening. However, SEOs know that taking time to correct these issues can significantly impact the site’s performance in search engines.

For these reasons and more, it’s clearly important to keep tabs on all of your site links. A small site with minimal content can easily handle checking for broken links manually. However, the more content your site has, the more difficult it becomes to conduct manual scans of your links.

Fixing broken links manually on a website and using automated methods each have their own benefits:

Benefits of Using Manual Methods to Fix Broken Links

1. Accuracy: When fixing broken links manually, you have full control and can ensure that each link is checked and corrected accurately. This allows for a more precise and tailored approach to resolving broken links.

2. Customization: Manual fixing allows you to review each broken link individually and determine the best course of action. You can update the URL, remove the link, or find alternative resources as needed.

3. Quality control: By manually fixing broken links, you can ensure that the replacement URLs are relevant, trustworthy, and provide value to your users. It allows for a more thorough evaluation of the content being linked to.

4. User experience: Manually fixing broken links allows you to consider the user experience in the process. You can choose appropriate anchor text, update navigation menus, and ensure a seamless browsing experience for your visitors.

5. Content review: While fixing broken links manually, you can review the content surrounding the broken links. This presents an opportunity to update outdated information, improve the overall quality of the content, and enhance the SEO performance of the page.

Benefits of Using Automated Methods to Fix Broken Links

1. Time-saving: Automated tools can scan your website and identify broken links quickly, saving you time and effort compared to manually checking each link individually.

2. Efficiency: With automated methods, you can fix broken links in bulk rather than addressing them one by one. This can be especially useful for large websites with a high volume of broken links.

3. Scalability: Automated tools can handle the detection and fixing of broken links on websites of any size. They can efficiently process a large number of links, ensuring comprehensive coverage.

4. Regular monitoring: Automated methods allow for regular and scheduled scans of your website, ensuring that new broken links are promptly identified and addressed.

5. Consistency: Using automated tools ensures a consistent approach to fixing broken links across your entire website. This helps maintain a unified user experience and prevents oversight of any broken links.

The choice between using manual and automated methods depends on your specific needs, resources, and preferences. The good news is, all of the risks associated with bad links are easily avoided if you make sure they are kept in proper working order.

Even better, is using a quality, automated dead link checker tool like Broken Link Checker removes the tedious and time consuming task of manually tracking and manging your broken links.

Take Link Maintenance to the Next Level with WPMU DEV’s BLC

Over 700,000 WordPress users depend on Broken Link Checker to keep their sites free of errors and performance issues caused by outdated and non-working URLs.

Our new cloud-based plugin version offers even more incredible value — enhanced speeds, no PHP/DB errors, ability to schedule scans and send email reports (including white labeled), plus the ease of managing unlimited sites from one central Hub – all while still (and always) remaining free.

Don’t let your site’s SEO and user experience take an unnecessary hit. Especially when a practical solution is directly within your reach.

Connect, scan, schedule, and fix broken links quickly and easily and keep your sites running optimally with the new Cloud-based Link Checker. Get it for free or as a WPMU DEV member.

Note: A WPMU DEV membership includes full access to all Hub features, hosting, pro plugins, and unmatched 24/7 expert support.

Knowing the number of times the downloadable file content on your WordPress site has been clicked helps you make further improvements to your marketing strategy and is a great way to predict your audience’s interest and determine the type of content you should offer to your readers.

As you might have known, recently Google Analytics has switched from the age-old Universal Analytics to the all-new Google Analytics 4. If you are wondering whether you would be able to track file downloads in the latest GA4, of course, you can!

And in this article, we’ll tell you more about how you can do exactly that.

How to track using GA4

With Universal Analytics all you can track is just the page views. But, now with the improved GA4, you can track different events using the ‘Enhanced measurement’ feature without installing any plugins, or setting up complicated codes.

To set up tracking the file downloads on your site, click the admin settings option from the dashboard

Ensure the account and property are chosen correctly. Under the property column, click the ‘Data streams’ property.

Clicking on this property will display a list of all the available data streams associated with the chosen account and property. From the available data streams, select the one for which you want to set up a file download tracking event.

In the web stream details page, scroll down to the Events. Out of all the available event options, enable the ‘Enhanced measurement’ option if it is not already enabled.

After enabling it, Click on the ‘more‘ link to view all the enabled measures. Usually, file downloads measure is enabled.

However, if not, then click on the ‘Setting (gear)’ icon.

And from the side pane that opens up, enable the ‘File downloads’ option.

And click ‘Save’.

After enabling the file downloads tracking, wait for about 24 – 48 hours for the data to propagate in the reports dashboard.

Supported file extensions

If you are wondering what file types GA4 can track – pretty much everything. Here is a list of all the supported extensions:

.pdf, .xls, .xlsx, .doc, .docx, .txt, .rtf, .csv, .exe, .key, .pps, .ppt, .pptx, .7z, .pkg, .rar, .gz, .zip, .avi, .mov, .mp4, .mpe, .mpeg, .wmv, .mid, .midi, .mp3, .wav, .wma

Where to find the insights?

Now that we have successfully enabled the file download tracking event, let’s see how you can view the tracking report and insights.

The file download event tracks the following parameters:

• file_extension – The extension of the file
• file_name – The name of the file
• link_text – The anchor text of the link that initiates a file download
• link_url – URL of the link that initiates a file download
• link_classes – The value of the HTML class attribute of the outbound link
• link_id – The value of the HTML ID attribute of the outbound link
• link_domain – The destination domain of the link

But by default, the standard report view displays only the ‘Event Count’ and the ‘Total Users’. If you want to know how to view other parameters in the report, jump to the create custom reports section.

To view the tracking data, select the ‘Reports’ menu in the analytics dashboard.

In the reports menu, select the ‘Events’ option under the ‘Engagement’ category as highlighted below

The events dashboard displays a detailed list of all the currently tracked events. Note that the event details include only the standard events and not custom events.

Click on the file_download event to view a detailed insight on this.

Limitations of GA4 file download tracking event

There are several limitations to the standard file tracking functionality of GA4. Some of these include:

i. The link URL displays only a maximum of 100 characters – The link URL dimension of the file_download event displays only a maximum of 100 URL characters and the rest are trimmed.

ii. The file extensions list cannot be customized – The file extensions that you want to exclude from download tracking can’t be customized. This can be a limitation if you have a variety of downloadable files on your site. However, you can filter the report to view the download analytics only for the file you want.

iii. The file names aren’t displayed in the standard report – In the standard report view, you will not be able to view the names of the files that have been downloaded, and only the number of downloads and other demographical information is displayed.

However, with a few additional steps, you can easily create your own custom reports to display additional information including the file names, extensions, link text, and link URL. Let’s look at how to create these custom reports in GA4.

Create Custom Reports

In this section, let’s see how you can create custom reports in GA4.

In the analytics dashboard, click on the ‘Explore’ tab and click ‘Blank’ to create a new blank exploration.

Under the ‘Variables’ section, click on the ‘+’ icon in the ‘Dimension’ section to import the dimensions you want to track.

This will open up the ‘Select dimension’ modal with a list of all the dimensions available for import. In our case, we’re going to import the file extension, link URL, and link text.

So, let’s import these dimensions. You can use the search bar to search for these dimensions.

Similarly, in the ‘Metrics’ section click on the ‘+’ to import the metrics that you want to
track for the chosen dimension(s).

Now that we have added all the required dimensions, drag the dimensions that should be displayed in the rows of the table under the ‘Rows’ section.

Similarly, drag the metrics that provide the numeric data for the chosen dimension under the ‘Values’ section as highlighted below.

This data is for all the events that are currently tracked in your report and not just for the file_download event. To view the data of just the file_download event, apply the following filter:
‘Event name’ exactly matches ‘file_download’

Make sure to import the ‘Event Name’ dimension to apply this filter.

Tracking File Downloads With a Plugin

If all of the above sounds a little too much like hard work for your liking, you’ll be happy to hear there are also a number of plugin solutions available for taking care of tracking and managing file downloads in WordPress. Here are three of the more common options to check out:

• 1. Google Analytics Dashboard for WP

  

  The Google Analytics Dashboard for WP plugin brings your key site data directly into WordPress and also enables you to view information about downloads stored as events. With over 600,000 active installs and a solid near five-star rating, this plugin is a handy way of bringing some of the power of Analytics directly to your dashboard.

• 2. Download Monitor

  

  Download Monitor takes a slightly different approach to the matter of file downloads and puts them on a par with items such as posts and pages in your back end.

  The plugin enables you to categorize, tag, and add custom meta information to your downloads, as well as tracking downloads and offer advanced features such as member-only downloads. A set of powerful extensions are also available if you need to take even more control of downloads on your site.

• 3. WordPress Download Manager

  

  In addition to download counters and reporting, the WordPress Download Manager also enables you to integrate smoothly with Google Drive, Dropbox, and Box.com. A full suite of more advanced e-commerce options relating to downloads is also available with the premium version of the plugin.

Start Tracking Your Metrics

We hope this article helped you set up file tracking on GA4 to gain insights into how your users engage with your website and content using GA4-enhanced features like events and enhanced measurement.

With these metrics in hand, you can have a better understanding of which content and file types perform great. Go ahead and start tracking these valuable metrics!

Today we welcome Phil, the owner of Capital Web Design, a Canadian web services agency based in Ottawa.

WPMU DEV: Congrats on your professional success, Phil. Please tell us straight away, how did you grow your business so fast?

Phil: I wouldn’t say the business itself grew that fast. I’ve been building websites in some way or another since the early 2000s. Either static sites coded by hand (HTML + CSS + Javascript), using frameworks (VueJS), or with WordPress.

I started my freelance web design company in 2014, after being approached to do a replacement build for what was a costly, difficult to maintain website – and that became my first client. From there I found small and medium businesses in my hometown that had old, unsupported and unmaintained websites, or who had no website at all.

As I continued my efforts, my business ethos emerged: help companies, nonprofits and individuals in my city build a web presence they can be proud of. I focused on creating bespoke WordPress web design based on well-supported multipurpose themes, WPMU DEV and other dependable plugins, and fully managed white-glove web hosting.

Since then, I’ve had the pleasure of working with 20+ clients, and have built 60 websites targeting a multitude of industries and commercial sectors.

WPMU DEV: That’s awesome. Did you know about WPMU DEV at that time?

Phil: I had known about WPMU DEV since around 2016-18, back when you offered dozens of plugins for all sorts of functionality. I couldn’t justify the cost of a membership then, but I popped in every so often to check and see what progress was being made.

In 2019, Hosting was added as a WPMU DEV service – and this really caught my attention. During the Black Friday promotion that November (lifetime reduced membership cost!), I joined as a member, and I can’t see myself ever leaving.

It was a perfect storm: high-quality plugins + managed hosting + 24/7 support + highly reduced cost.

WPMU DEV: So as you were building your clientele, you were putting together your professional tool box. Can you give us a peek inside?

Phil: The tools and services from WPMU DEV have been invaluable to me.

Plugins have provided me with consistency and reliability for all of the most important aspects of WordPress websites.

Knowing that I can count on Hummingbird and Smush for performance optimization allowed me to stop using other freemium plugins such as W3 Total Cache, Autoptimize, WP Super Cache and EWWW Image Optimization. I found these plugins were all good at some things, but had a lot of paywalled features that Hummingbird and Smush offered out of the box, for free.

Defender has been a great peace-of-mind addition to my repertoire, as the one-click recommended fixes are super straightforward and quite effective.

Forminator forms may be difficult at times to style with CSS, but that’s more than made up for in functionality. The drag-and-drop UI makes it much easier to build forms compared to Contact Form 7, and the amount of extras that are baked in (calculation, email routing, etc) blow other (often paid) form builders out of the water.

WPMU DEV: Aside from plugins, you mentioned our services have made a huge impact as well. Can you expand on that?

Phil: When it comes to services, it’s hard to put into words just how much The Hub and the associated Hosting have helped me throughout the last few years.

I have worked with hosting providers like 1and1, DreamHost, Media Temple, Digital Ocean VPS, and Bluehost. Each had their advantages, but in the end it always became a chore to use their services. It was clear that the quality of their offerings reflected the low cost they positioned themselves at. They were in a perpetual fight to undercut their competitors on price, at the cost of quality of service and support.

WPMU DEV Hosting came in late in the game, but out of the gate addressed two of the major concerns I experienced at other hosts: lack of support, and lack of trust in the infrastructure.

By having dedicated resources (versus shared), the web servers were consistently fast, reliable, and offered premium features such as staging, backups and WAF.

WPMU DEV: Walk us through a typical work day; what you reach for the most, and your usual workflow.

Phil: I keep The Hub open in a tab at all times, refreshing it every once in a while to keep track of ongoing community discussions, website maintenance statuses, and plugin updates.

I subscribe to key email notifications to receive alerts of technical issues on my managed sites, as well as member discussions in the WPMU DEV member forums, blogs and newsletter.

When a technical issue occurs, I’m able to troubleshoot it quickly. If I’m unable to resolve it on my own, the LiveChat support is always there to help me right away.

WPMU DEV has allowed me to optimize my workflows across the board, in areas like:

• Faster site creation with one-click managed WordPress server provisioning from The Hub.
• Easier client invoicing using Client Billing.
• More efficient website monitoring and maintenance through The Hub.
• Lower maintenance effort required with WPMU DEV plugins.
• Faster technical troubleshooting with the LiveChat support.

WPMU DEV: Outside of your own talent and determination, what would you say has contributed most significantly to your growth?

Phil: WPMU DEV has reduced my server build-out time from 30 minutes to 3 minutes (90% reduction). Over the past few years I’ve stood up well over 75 servers, so this has saved me many hours of effort.

At the time of joining, The Hub allowed me to manage about a dozen sites from a central location as opposed to manually logging in to each separate site. This was a reduction of biweekly maintenance effort from approximately 60 minutes to 2 minutes.

Client billing and streamlined invoice creation allowed me to save approximately 20-30 minutes per invoice creation, which throughout the past few years I estimate has saved me over 30 hours of work.

All of these time and effort savings have allowed me to comfortably take on more projects and clients.

Since joining WPMU DEV, my completed projects count has grown approximately 416% – with each project being more efficient to produce than the last.

WPMU DEV: As a self-proclaimed diehard fan, you know we’re constantly upping our game and adding new features and services to our offerings. What’s a newer release that you’re really getting into?

Phil: Reseller focus. I look forward to adding WPMU DEV automated site provisioning via the reseller offerings, as well as domains and email reselling.

WPMU DEV: One last question; let’s close it out with a fun one. If you could talk to yourself at the start of your career, what would you say?

Phil: At the start of my career, I often looked up to senior staff who seemed wise beyond their years. I was afraid of making mistakes or breaking something, for fear that those-who-never-broke-anything would look down on me.

I would try to explain to a younger me that wisdom comes with experience, and experience comes from doing things, failing, and working through the failure.

The more things you work on, the more you get exposed to what works and what doesn’t. Failing or breaking something isn’t strictly negative, because every failure is a learning opportunity: troubleshoot what went wrong, understand how to fix it, and implement a solution.

Do this cycle enough times and you start to pre-emptively detect patterns, plan for success, and you get faster at fixing problems. Don’t be afraid of failure because the more you fail, the more you learn and the wiser you will become.

That wraps up this premiere episode of our Member Success Stories. Thanks to Phil for his candid, insightful answers in our interview.

Phil is one of WPMU DEV’s Agency Partners, and uses his 20 years of web design experience to achieve one goal: give back to his hometown by building modern websites for businesses and nonprofits in the Canadian capital.

You can reach Phil via his agency partner listing or visit Capital Web Design.

Legal fees can be expensive, and add up quickly. Also, law is complicated, and can vary based on where you live and do business from. How does one accomplish compliance without getting their own law degree? (Or having a best friend who passed the bar exam?)

There is a way you can dot your I’s and cross your T’s, get all your ducks in a row, check all the boxes, cover your bases (this IS a post about full compliance, so one expression didn’t seem like enough ) – without draining your bank account, or losing your sanity.

Because WordPress is far and above the leading CMS, there are a good number of options when it comes to compliance regulation companion products.

We looked into the pool of offerings, picked the ones we thought were smart, solid, and sound, and are presenting them to you here.

Keep reading, or jump ahead to any section:

• Why Compliance is of Utmost Importance
  • A Timeline of Enacted Privacy Protections
• Which Components Do You Need?
  • Compliance Requirements
  • Additional Legal Protections
• Our Top 5 Picks for Compliance Companions
  • GDPR Cookie Consent and Cookie Yes (by WebToffee)
  • iubenda
  • TermsFeed
  • Complianz
  • Termly
• Better Compliance and Reliance with WPMU DEV

First up, let’s examine…

Why Compliance is of Utmost Importance

Privacy is a major factor in today’s world, and personal information is protected by a fast-growing assortment of legal rights.

Throughout the first three-quarters of the 20th century, collected data was relatively minimal, there were few ways to store it, and demand for its collective use wasn’t really a thing.

However, from the ’70s through today, as the inherent value of data grew – along with improved methods to collect, store, use, and profit from it – so has the need for legislation to protect it.

Living in the era of Big Data, where the sheer volume of data has increased to previously unimaginable amounts, a true premium has been put on an individual’s rights to protect it.

Non-compliance with the legal safeguards comes with steep fines and other serious penalties.

A Timeline of Enacted Privacy Protections

While data protections may have started slowly, they will continue to pick up speed as the by-product of ethical examination and pivotal litigations surrounding privacy.

Let’s take a peek at the landmark protections in the history of privacy legislation.

The Privacy Act of 1974 established the Code of Fair Information Practice on the collection, maintenance, use, and dissemination of personally identifiable information from US federal agencies.

The Data Protection Directive was adopted by The European Union in 1995. The principles set forth were aimed at the protection of fundamental rights and freedoms in the processing of personal data. This was superseded by the GDPR in 2018.

The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 to protect Personally Identifiable Information maintained by the healthcare and health insurance industries from theft and fraud, safeguarding people’s medical information from being used without their consent.

The Children’s Online Privacy Protection Act (COPPA) was enacted by Congress in 1998 and requires the Federal Trade Commission to issue and enforce regulations concerning children’s online privacy. The amended Rule became effective on July 1, 2013.

The General Data Protection Regulation (GDPR) for data protection and privacy became law in 2018 in the European Union (EU).

The GDPR applies to the transfer of personal data outside of the EU and EEA (the European Economic Area is the countries of Iceland, Norway, and Liechtenstein), and replaced the Data Protection Directive from 1995.

Shortly thereafter, State Privacy Legislations in the US started…

• California Consumer Privacy Act (CCPA) – signed into law 2018; effective 2020
• California Privacy Rights Act (CPRA) – also known as CCPA 2.0, enacted in 2020
• Virginia Consumer Data Protection Act (VCDPA) – legislated in 2021; effective January 1, 2023
• Colorado’s Privacy Act – will be effective July 1, 2023
• Connecticut’s Personal Data Privacy and Online Monitoring Act – will be effective July 1, 2023
• Utah’s Consumer Privacy Act – will be effective December 31, 2023

While the US does not have a single, comprehensive, internet privacy law, one is currently being proposed by federal privacy legislation: the American Data Privacy and Protection Act (ADPPA). If passed into law, it will supersede all state privacy laws. Until then, it’s up to individual states to pass legislation that protects customer data.

Which Components Do You Need?

At this point you may be wondering, with so many already existing and soon-to-be-effective legal stipulations on data, which ones are you required to adhere to as a website or app owner?

That’s what we’ll lay out now in…

Compliance Requirements

To best meet overall compliance, websites should minimally have:

• Privacy Policy
• Cookie Policy

… and …

• Consent (Record of Consent)

Let’s put a pin in Consent for a bit, and come back to it after we look at the policies.

A Privacy Policy addresses all the different ways your website or app might collect, process, and store data from users, both online and off.

A Cookie Policy specifically addresses how you use cookies and third-party services.

Because of the overlap, websites sometimes include a cookie policy in their privacy policy, as part of the overall data collection.

However, cookie policies need to be regularly updated (as cookies are dynamic and often change upon successive visits), whereas policy policies tend to be static.

More importantly, if you fall under the scope of the GDPR, your Cookie Policy must be separate from your Privacy Policy.

You can still incorporate a short Cookie Clause in your Privacy Policy, or cross-reference the agreements (for example, link your Cookie Policy to your Privacy Policy), but you shouldn’t combine the agreements into one.

Even if you don’t fall under the scope of GDPR, it’s safer and smarter to create a separate Privacy Policy and Cookie Policy, instead of merging them into one.

Let’s dive a little deeper into both of these important policies.

Privacy Policies

Most laws around the world require a privacy policy.

Privacy policies are legally required agreements when collecting any personal data from users (e.g. payment details, address and phone number, cookie data), regardless of the platform used (e.g. website, mobile app, desktop app, etc).

You may need a privacy policy to use third-party APIs and services (e.g. Instagram, Google Analytics, or Google Adsense), or to list your app in a commercial marketplace such as the Apple App or Google Play stores.

Without a privacy policy, you risk your business getting hit with hefty fines and/or having your website taken down, especially if you’re found to be in breach of privacy laws.

Key privacy policies or agencies, by country of origin are:

1. Europe/European Union – GDPR (businesses in or operating with EU/EEA)
2. United States – by state (CCPA, CPRA, CalOPPA, VCDPA)
3. Canada – PIPEDA
4. Australia – The Privacy Act 1988
5. Germany – BDSG, and DSGVO (German name for the GDPR)
6. France – CNIL (the commission overseeing privacy policies)
7. South Africa – The POPI Act (POPIA)
8. Brazil – LGPD (broadly aligns with the GDPR)

Lesser-known privacy laws exist around the world as well; the above is not to be considered an exhaustive list.

While privacy policies are generally referred to by location of origin, they can extend to any region that does business with them. Meaning, don’t assume that if you reside outside of Europe that the GDPR doesn’t apply to you.

The EU’s GDPR and US state laws (#1 and #2) are the most broadly reaching and widely followed privacy policies. But that’s not to say that the others don’t matter; it’s important to research any that might apply to your business.

Cookie Policies

Cookie policies are legally binding documents that inform website or app users how a company engages in data tracking and online privacy.

Cookie identifiers are considered to be personal data by the GDPR, so its rules apply to cookie usage as well. Also, any personal data collected by cookies falls under the GDPR’s jurisdiction.

The ePrivacy Directive (ePD) of the EU – nicknamed the “Cookie Law” – requires security measures be put in place to protect personal data. This regulates cookie usage, email marketing, data minimization, and other aspects of data privacy, and is largely responsible for the cookie consent forms that you encounter on most websites today. (Sidebar: This doesn’t replace the Cookie Law I grew up with; “Don’t ever serve chocolate chippers without milk.”)

The ePrivacy Regulation (ePR), the details of which are currently being hammered out by legislators, will replace the ePD once it’s passed into law.

Consent / Record of Consent

Taking out that pin that we placed earlier, it’s time to look at Consent.

The important distinction between Policy and Consent is this: Policy discloses details regarding the use of cookies, while Consent informs and records the allowances from users regarding usage.

Make sure you incorporate consent into your Privacy/Cookie policies. Full GDPR compliance means storing proof of Consent, and being able to demonstrate or retrieve details should they be requested.

I can’t stress this enough: having Privacy/Cookie policies without consent could cause major problems for you.

Additional Legal Protections

While protecting user data is of paramount importance, privacy isn’t the only concern for someone managing websites.

There are other important, legal considerations when it comes to engaging the public online.

We’ll take a look at them now.

Terms & Conditions

Unlike Privacy Policies, there are no laws that require you to have a Terms & Conditions agreement, though it is highly suggested to have one.

Without a T&C, it’s much more difficult to enforce your rules and community guidelines, copyright protection, or other issues that could arise from the misuse of your website/app content.

The majority of the public will act courteously, but that’s not who you’re protecting yourself from. It’s the small percentage of outliers who can sometimes do the most damage. Having explicitly stated Terms & Conditions can offer basic protections for you and your business, limiting your liability and declaring your rights over the content you create, in case anyone engages in abuse, intellectual property theft, or unlawful behavior.

The most common reasons for Terms & Conditions are to:

1. Prevent abuses
2. Protect your creative content
3. Terminate accounts
4. Limit your legal liability
5. Set your governing law

If you’ve ever seen a clause in a T&C stating where (geographic region) any dispute resolution must take place, that falls under governing law, and is quite useful if you don’t want to litigate legal matters in a country outside of your own.

Disclaimers

Disclaimers can be used to offset liability from a business to a client in ambiguous or gray legal areas, or where they are required by law.

Without them, you are opening yourself up to legal liability or the possible endangerment of others, especially on sites that share advice, DIYs, or promote/sell products (most of which come with claims).

Websites and eCommerce stores benefit from disclaimers in that they:

• Let users/customers know that the content is not legally binding advice, nor should it be solely relied on
• Limit the liability of the website/store in the event someone has an unsatisfactory result from its advice or products

Some of the most common disclaimer types are:

• Copyright
• Fair Use
• No Responsibility
• Views Expressed
• Offensive Content
• Past Performance
• Errors and Omissions
• Affiliates / Affiliate Links

While we’re on the subject, here’s an example in actual use:

Disclaimer: WPMU DEV is not a legal entity, nor does it claim to be an authority on the laws of any region, country, or the internet. While this post contains well-researched content from respected sources, it is for informational purposes only and not intended as a substitute for professional legal advice. As such, we cannot be held liable for any omissions or errors contained within.

That said, let’s get to the tools and services of the compliance trade, with…

Our Top 5 Picks for Compliance Companions

Some of these are actual WordPress plugins, while others are content generated directly in the company’s website.

Regardless of how you access them, all offer plenty of bang for the buck, and value for the venue (I’m coining this phrase to mean free products and their providers ).

GDPR Cookie Consent and Cookie Yes (by WebToffee)

WebToffee has a sisterhood of plugins, with versions available on two separate websites: CookieYes and WebToffee, plus the free version on the WordPress repository.

CookieYes is one of the most used WordPress GDPR cookie compliance plugins, with 1 million+ active installations and 5 out of 5 stars.

Starting with the free WP.org plugin version, you get a goodly amount of features, including:

• a cookie consent banner with Accept/Reject options
• single click automatic scanning and categorization of cookies
• display list of cookies on your cookie policy page by using a shortcode
• adds a cookie banner to your WordPress website to show compliance with GDPR
• fully customize the cookie notice so it blends with your existing website (change colors, fonts, styles, position on page; even how it behaves when you click “Accept All”)
• has a Cookie List module so you can easily show what cookies your site uses and display them neatly in a table on your Privacy & Cookies Policy page
• can be configured to have a CCPA/CPRA ‘Do Not Sell or Share My Personal Information’ control to the cookie notice

The free version also includes a connection (also free) with the CookieYes web app to access advanced features (cookie scan, consent log, etc) and manage all settings from the web app account. Note: You can still use most of the features from within the WP dashboard, without connecting to the web app.

One of the advantages here is the dashboard, which includes a Consent section. You can view or access details on user consent should you ever be audited and need to show this information. It even allows you to download this consent data in CSV format.

From the WP plugin dashboard, there’s a lot you can do:

• Check banner status (active, inactive), regulation type (GDPR), last cookie scan, language
• Customize banner
• Maintain cookie list, add new cookies
• Change/edit default banner language
• Generate a Privacy or Cookie policy for your site

Add the user guide provided for setup, along with a video walkthrough, and you can see why this plugin is so well loved.

If you want to go for a CookieYes paid plan, you have three tier options, payable per domain, monthly or annually. Each tier adds more pages per scan (600, 4K, 8K) and pageviews (100K, 300K, unlimited), plus a couple of additional features – like custom branding, and geo-targeted cookie banners.

As a third option here, we have the paid, premium version of GDPR Cookie Consent Plugin (CCPA Ready) – available from WebToffee’s website.

The final offering in the WebToffee family of compliance options, GDPR Cookie Consent remains in the territory of fastest-growing WP consent plugins, verifiable by a mass of happy users.

As far as features, most are available and common to both the GDPR Cookie Consent and the CookieYes paid plans. However, the GDPR Cookie Consent plans do not have:

• Auto-translation
• Global privacy control
• Do not track
• Monthly scheduled scan
• Privacy policy generator

GDPR Cookie Consent pricing has three tiers, based on the number of sites (1, 5, 25) you want to use it on. Each includes one year of updates and support, and a 30-day, money-back guarantee.

The primary difference between The GDPR Cookie Consent and CookieYes paid plans is the technology they rely on. The CookieYes web app is a SaaS that requires huge cloud computing, storage, and security facilities. (This is also why the CookieYes paid plans are based on scans and pageviews.)

Bonus points for their support: I reached out as a free user to clarify a few points in this section and got a detailed response in less than half a day. (High five to Mark!)

iubenda

Iubenda has been quickly rising in the ranks of compliance with their all-in-one solution, currently sitting at 100K+ active installs and a 5/5 star rating on WP.

If you’re looking for that extra layer of comfort, iubenda has it, with attorney-level compliance solutions, all of which are fully WCAG Level AAA Compliant.

The free version of iubenda compliance solutions support the GDPR, LGPD, and US State Laws (CCPA/CPRA and VCDPA).

Content is auto-updated when laws change, so it’s always up-to-date. (Their built-in site scanner runs periodic scans on your site and alerts you if it detects something that should be added to your compliance documents.)

The free version comes with the following features:

• Privacy and Cookie Policy Generator
  • a single policy, on one site, in one language
  • up to 4 (non-Pro) service clauses
  • does not include Cookie Policy
• Privacy Controls and Cookie Solution
  • up to 25K page views/month (for compliance with GDPR, LGPD & ePrivacy and US state laws)

You can get the free version of iubenda from the WordPress plugin repository.

The majority of iubenda’s standout features are found in their paid/pro versions, trusted by over 90,000 clients in more than 100 countries. These allow for multiple policies, sites, and languages, as well as Privacy Control & Cookie Solutions, a Terms & Conditions generator, a Consent Database, and more.

Privacy Control & Cookie Solutions helps you meet complex legal requirements at the click of a button, as well as create a fully customizable cookie banner.

Terms & Conditions offers powerful features like plug-and-go integrations for popular platforms and legislation monitoring. It’s customizable from hundreds of combinations, available in 10 languages, and capable of handling even the most complex, individual scenarios. Optimized for eCommerce, marketplace, SaaS, apps and more.

The Consent Database activates with one click to track, store, and manage consent and privacy preferences for each of your users all in one place, allowing you to easily upload proofs of consent and legal notices in PDF format.

They also offer an Internal Privacy Management, which documents all the data processing activity within your organization. To comply with privacy laws (particularly the GDPR), companies must record how they store and use the data they collect from their users.

Additional features in the paid plans are:

• More Compliance Laws, like DSGVO, RGPD, UK-GDPR, CalOPPA, PECR
• Cookie consent analytics provided for high-traffic sites
• Detects bots/spiders and serves them a clean page so that your SEO efforts are never compromised
• Built-in compatibility with WordPress comment form, Contact Form 7, and WP Forms; can also be manually integrated with any type of web-form

Pricing is offered as bundles with 3 tiers, based on number of license slots, with paid add-ons – Terms & Conditions, and Consent Database – available as extras.

Or, you can go with their Custom plans, with 3 tiers, broken out by options for Privacy & Cookie Policy, Privacy Controls & Cookie Solution, and Terms & Conditions.

Head over to iubenda’s website for a more in-depth read about their compliance offerings, or to purchase one of their plans.

TermsFeed

TermsFeed doesn’t have a plugin; everything is generated directly from their website. But in no way does that detract from their fantastic functions.

The TermsFeed website has an abundance of compliance offerings, most of which they charge nothing for.

Since 2012, TermsFeed’s all-in-one compliance software has helped businesses get (and stay) compliant with the law, and the multitude of glowing, five-star reviews corroborates that.

Popular free features include:

• Privacy Policy Generator
• Terms & Conditions Generator
• Privacy Consent
• Cookie Consent
• EULA Generator – gives users the right to use a copy of your product after they acquire it, through a granted license (with or without limitations)
• Disclaimer Generator
• Return and Refund Policy Generator
• Shipping Policy Template – no generator for this, but a detailed, helpful template to assist businesses in creating

They also offer these additional, not-as-common free tools:

• CCPA Opt-out – Free tool to manage opt-outs for CCPA
• I Agree Checkbox – Free tool to enforce your legal agreements and policies on web forms
• Embed Consent – Free tool to block embeds (YouTube, Twitter, Google Maps) from loading until you’ve got user consent

All of the generators operate in the same, simple three-step: 1) Create a free account. 2) Choose what you need. 3) Download and integrate.

You answer a few quick questions, and your custom policy is ready in minutes, available to download in multiple file formats – which you can link to, edit, or update.

Or, download their handy privacy policy template (available in a variety of formats: HTML, DOCX, Google Docs), and write your own.

And the output isn’t limited to just websites; you can use it to create for mobile apps, eCommerce stores, third-party tools, SaaS, and even a Facebook page.

The TermsFeed website is well organized and chock full of helpful information, making an easy task out of finding what you need.

The majority of compliance agreements and policies on the TermsFeed website are essentially free. However, they do offer some optional, premium agreements with additional clauses to protect your business interests.

Paid items are available in two ways:

• Privacy Consent Solution, which gives you access to all features, payable month-to-month, or yearly (with a discount).
• Per Policy/Agreement, which allows you to select any number of policies from their huge compliance toolbox, and pay a one-time fee, per item

Both payment structures come with a 7-day refund policy, and 100% money-back guarantee.

As far as videos, walk-through processes, and documentation go, out of all the sites I reviewed in this article, they had the most. On YouTube alone, I counted close to 200 explainer videos (on their content specifically, and policy terminology in general), plus dozens of tutorials for using on a myriad of website types (Wix, Weebly, Squarespace, Webflow, Shopify, etc) in addition to WordPress.

My final thoughts: the TermsFeed website is an embarrassment of riches, with compliance offerings galore, and little to no limitations on their use. Even the premium, paid-for options won’t break the bank.

Visit the TermsFeed website for tools, tips, and custom provisions, or their YouTube channel for a ton of valuable, well-produced info.

Complianz

Complianz is another widely used compliance plugin, available for free on the WP repository: Cookie Consent – aka the Privacy Suite for WP. (They offer an additional one for Terms & Conditions as well.)

Active installations are at 600K (and climbing), and rated 5/5 stars.

Complianz is a GDPR/CCPA Cookie Consent plugin that supports GDPR, ePrivacy, and more, with a conditional Cookie Notice and customized Cookie Policy, based on the results of their built-in Cookie Scan.

Free features include:

• Cookie Notice configuration for your specific region (EU, UK, US, Australia, South Africa, Brazil, and Canada; or use one Cookie Notice worldwide)
• Cookie Consent and Conditional Cookie Notice with custom CSS and customizable templates
• Automatic configuration of your website based on wizard questions, WordPress scans, and dedicated service and plugin integrations
• Proof of Consent for user registration (respects GDPR data minimization guideline)
• Automatically detects if you need a Cookie Notice (aka Cookie Banner or popup)
• Cookie policy generation through an easy wizard
• Offers “Do Not Sell My Personal Information” (for CCPA/CPRA)

Complianz is one of the few WordPress native solutions, integrated with a wide variety of plugins and services. Once configured through the wizard, Complianz will work with most of your plugins and embedded content – right out of the box. Including our very own Forminator, Beehive, and the WPMU DEV Dashboard plugin (where you can integrate Complianz to allow site visitors to reject dashboard analytics statistics cookies).

Like iubenda, their policies are drafted by an IT Law Firm, and are WCAG Level AA and ADA Compliant. They closely follow the latest developments in ePrivacy regulation, the proposed Cookie Law for the EU, and other legislation worldwide, so you can be sure the content is spot-on, legally speaking.

Complianz also has premium, paid offerings for compliance, available from their own website.

Their website has documentation, and as a premium user, you get dedicated support from privacy professionals and developers who (and I quote) “don’t quit until a solution is reached”.

Easily install the free Complianz Privacy Suite plugin from your WordPress dashboard. For the premium version, you’ll need to download from your account on Complianz.io, or use the link in your purchase confirmation, along with your license key.

In addition to the free version, paid plans are offered as 3 tiers, priced per number of sites (25, 5, 1). All include the full shebang of required legal documents, compliant in multiple regions, along with records of consent, data request processing, A/B testing and statistics, and detailed cookie descriptions.

Termly

While Termly does have a plugin on the WP.org repository, it’s outdated, and I don’t recommend using it. But that doesn’t make their compliance options any less capable or appealing.

Instead of the WP repo, head over to Termly’s website, where everything you need is easily accessible and kept fully up to date.

The Termly website comes with a host of features, ranging from a single policy to a full suite of compliance solutions.

Here’s a breakdown of Termly’s top features:

• Consent Management Platform
  • Manage consent on your website or app while providing a robust and flexible solution to compliment your business needs and regulatory requirements
• Policy Generators
  • Choose from the ever-expanding list of legally vetted policies to protect your business and meet your compliance needs
• Additional Legal Protection Generators
  • Easily create other Agreements and Notices to further protect your website (like: Terms & Conditions, Disclaimers, EULAs, Shipping Policies, Refund and Return Generators)

Termly’s free plan provides you with one legal policy, four edits, and 10K/month banner visitors, as well as their basic compliance tools, which are:

• Privacy Regulation Monitoring
• Cookie Policy & Banner
• Cookie Script Auto Blocker
• HTML Embeddable Policies
• Quarterly cookie scans

In addition to their free/basic plan, Termly offers 3 paid tiers, priced per website. The first two go by number of policies, policy edits, and banner visits, and are payable per month or annually. The third tier is a custom “contact us” option.

With 4.5 out of 5 star rating on Trustpilot, Termly is trusted and revered by thousands.

Better Compliance and Reliance with WPMU DEV

As you can see, responsible data management is not only good business practice, it’s also the law.

In today’s landscape where massive amounts of data, along with infinitely more ways to store and use it are the norm, diligence is required in its care and handling, especially if you operate an online business (your own, or as an Agency for clients).

Regardless of what kind of business it is, where it is located, or where your visitors reside, you are bound by certain legalities.

Ignorance is not a defense, so compliance can be the difference between being successfully safe or professionally sunk.

Beyond research and recommendations for meeting compliance requirements, WPMU DEV works hard to keep your websites and web development business operating at peak efficiency.

That includes our free products and services, and our premium membership offerings – a suite of pro plugins (protection, optimization, form creation, SEO, and more), five-star always-on support, and sleek all-in-one site management tool. Plus our fast, dedicated, best-value-in-the-biz Hosting.

If you’re not a member yet, you can start your 7-day, no obligation free trial today, and instantly catch up on what you’ve been missing.

SmartCrawl has been SEO optimized from the start, but each new version improves site performance to further help boost your PageRank on Google.

With automated SEO scanning, automatic XML sitemaps, real-time keyword and content analysis, and detailed audits/reports – not to mention one-click recommendations – SmartCrawl lets you create targeted content to rank higher in your favorite search engine.

In this post, we take a closer look at the latest features that help make SmartCrawl an even better SEO tool for WordPress.

Continue reading, or jump ahead with these links:

• Multiple Keywords Analysis
• Taxonomy List Status Column
• A Quad of Additional SEO Recommendations
• Disable SEO & Readability Analysis Status
• The SEO Do-all, Be-all, End-all, SmartCrawl

Let’s get cracking.

Multiple Keywords Analysis

SmartCrawl has had keyword analysis for a while now. It also previously allowed multiple key phrases to be added, but analysis was only done on the first one.

Now, you can analyze your post content for up to three different focus keywords (or phrases). The first keyword entered will be considered primary, while the second and third keywords will be analyzed as secondary.

Doing this is easy. First of all, let’s make sure analysis is set up correctly. Navigate to SmartCrawl > Settings > General Settings > In-Post Analysis and make sure to select the correct Engine for how you want SmartCrawl to analyze your content.

SmartCrawl offers the following engines to analyze your content:

• Content – Analyzes only the content output.
• Wide – Analyzes content everywhere on the page, except the header, navigation, footer, and sidebar.
• All – Analyzes everything on the page, including the header, navigation, footer, and sidebar.
• None – Use this for custom setups.

For most websites, we recommend choosing the Content engine.

If you make any changes, remember to click the Save Settings button at the bottom of the screen when done to update your settings.

Now, open any Page or Post, and scroll to the SmartCrawl section at the bottom. In the Add Keywords field, enter up to three keywords or phrases, separating each by a comma, then click on the Add Keyword button. (You can enter them individually or all at once.)

SmartCrawl will instantly analyze all of your keywords, showing results directly below them.

Clicking on any of the keywords will put you on its own tab, with details listed beneath.

For each focus keyword, SmartCrawl will give you a list of recommendations to improve the SEO of your post. Suggestions will be made in yellow and gray, while passed audits will be green.

Click on the dropdown arrow to the right of any recommendation to see details specific to it.

If for any reason you decide a certain recommendation isn’t needed, simply click the Ignore button beneath it, and it will stop appearing every time you run the analysis.

As you go through making content adjustments based on SmartCrawl’s recommendations, follow them up with a click of the Refresh button (at the top of SEO section), so you can reanalyze and see what improvements your changes made.

Taxonomy List Status Column

You’ll also find a handy SEO Status column on Category & Taxonomy pages, providing the SEO status for all of your taxonomies.

It’s just a quick way to indicate whether an SEO description has been set, and remind users to craft good SEO descriptions so they do well in search results.

Green check marks mean the SEO description is set and contains the recommended 120-160 characters. Red means a description is missing. Yellow means the description provided is too long/short in length.

You can also hover over any icon in the SEO Status column for a popup with more detailed information.

A Quad of Additional SEO Recommendations

SmartCrawl suggests In-Post SEO Recommendations for every focus keyword that your post content has been analyzed for.

Each of these will click to expand, providing additional information about how to better improve your post SEO.

The list of important recommendations in SmartCrawl was already significant, but we added four more in this version release.

1. Check if the URL contains underscores

Google recommends the use of hyphens over underscores in URLs, stating that hyphens make crawling and interpreting URLs easier for search engines.

2. Check for recommending a hand-crafted meta description

Using best practices for meta descriptions increases the likelihood of your content ranking higher in SERPS. That includes handcrafting your meta description using relevant information about the page content, instead of using the auto-generated one.

3. Primary focus keyword is already used on another post/page

Optimizing more than one post for the same focus keyword confuses search engines and can affect your SEO ranking. SmartCrawl will check to see if your Primary Focus Keyword is used in other Posts/Pages, and then list the 10 most recent ones.

4. Check if all external links are nofollow links

Relevant outbound site links help search engines determine the relevance and quality of your content, improving credibility, authority, and value to users. While having some nofollow links is okay, best practice is to have at least one external dofollow link in your site, so SmartCrawl will check for this.

Disable SEO & Readability Analysis Status

Posts and Pages in SmartCrawl are analyzed one at a time by default, in order to prevent excessive loads on the server.

In the newest version, you now have the ability to completely disable these checks if you prefer. To do so, navigate to SmartCrawl > Settings > General Settings > In-Post Analysis, and toggle the Disable Page Analysis Check on Pages/Posts Screen on (it will turn blue).

If you change this setting, be sure to click the Save Changes button at the bottom of the page.

The SEO Do-all, Be-all, End-all, SmartCrawl

SmartCrawl is built with ease-of-use in mind. Set up is a cinch, with one-click recommendations that improve your PageRank in minutes, each full of details so you can better understand and improve on them.

Now with the newest features, like analyzing multiple keywords at once, even more recommendations that benefit your post SEO, and improved readability analysis, using SmartCrawl on your WordPress site is a win-win-win.

Sign up for a risk-free WPMU DEV membership. You’ll get SmartCrawl Pro (plus the rest of our Pro plugins), along with our exclusive, feature-packed Hub client portal, blazing-fast CDN, and our 24/7/365 five-star support. SmartCrawl Pro adds features like scanning, reports, automatic linking for specific keywords, 404s and multiple redirects.

You can also host with us, and join the tens of thousands of satisfied WordPressers who see the difference our fully dedicated, fully optimized, and lightning-fast resources make.

However you go, SmartCrawl your way to the top of the search game.

[Editor’s note: This post was originally published in January 2023 and updated in March 2024 for accuracy.]

Now, you can now test optimization in a temporary area that allows for non-permanent changes, so you can work out any kinks, then push them to your live site. For free!

Introducing Safe Mode for Manual Asset Optimization – allowing you to optimize in a private space while your users still enjoy a fully functioning site.

In this article, we’re going to look at how Safe Mode in Hummingbird works, while touching on a few related features and settings in the plugin. Plus, we’ll take a look at an additional (surprise!) feature also included in this release.

Continue reading, or jump ahead using these links:

• Asset Optimization in Hummingbird
• Testing Changes in Safe Mode
• What’s The Other New Feature in Hummingbird 3.4?
• Get Your Site Humming with Optimal Performance

Let’s dive in.

Asset Optimization in Hummingbird

Hummingbird makes your website faster by optimizing site performance with fine-tuned controls. Setting enhancements make things easy and efficient, giving you new ways to boost PageSpeed Insights.

First, it identifies files that can be optimized (HTML, Javascript, and CSS), then offers a variety of means (compress, combine, or move) to make that happen.

The result gives you marked improvement in your website’s performance.

There are two different modes for asset optimization in Hummingbird:

1. Automatic – use our preset options to optimize your assets and improve page load times.
2. Manual – configure each file yourself to achieve the setup best suited to your specific site needs.

Drilling down even further, there are two options within Automatic Optimization mode:

1. Speedy – compresses & auto-combines smaller files together, and optimizes your fonts for faster delivery.
2. Basic – compresses all your files to deliver a faster version of each.

Automatic mode allows for a quick setup, providing positive gains without the time commitment that manual adjustment requires.

Both of the Automatic options can be configured for Files (CSS, JavaScript), and/or Fonts.

Manual mode allows you to tinker with any and every file individually, so you can optimize your site on a very granular level.

It’s a good idea to test files one at a time to measure results; that way if something doesn’t work it’s easy to identify what caused it and revert back without issue.

We’ve mapped out specific steps for what to do in each mode, so that you can easily follow along in Hummingbird and produce optimal results.

You can see these anytime by navigating to Hummingbird > Asset Optimization > Assets, then click on the How Does it Work? text at right.

There is a page for Automatic and one for Manual; just click on the corresponding header button that you’d like to read about.

If you’re just starting out with Hummingbird, we recommend selecting Automatic optimization in Speedy mode to start. As you use and test your site and the plugin further, you can switch to auto basic or manual mode to check for possible improvements.

And of course, you can always view our detailed documentation, or reach out to our customer support gurus, available 24/7/365.

Testing Changes in Safe Mode

We’re going to zero in today on optimization done in Manual, as that’s where the new Safe Mode lives.

Hummingbird’s Safe Mode allows you to test different asset optimization settings in a safe environment, without affecting your website visitors’ experience.

You’ll be able to preview your site from the frontend and check for any errors in your browser’s console, then publish your changes to go live once you’ve got everything just right.

To enable this feature, go to Asset Optimization > Manual Asset Optimization, and click on the toggle button next to Safe Mode.

From here, you can also click on the filter icon, which will open a panel for finding files faster. You can free type or select from the dropdown menu.

When you’re in Safe Mode, clicking on any icon box will change its state.

You will see a solid outline around it, indicating it’s been selected, and a circular info icon will also appear on the far left of the row.

These visuals are to remind you’re in preview mode, and will remain until you click Publish, committing the changes you’ve made.

With Safe Mode enabled, you can start tweaking your files for peak optimization.

Each asset will have a status icon indicating its current state, and these vary based on the asset they’re attached to.

As an example, the Compress option can have the following states:

• Gray icon – files that are already compressed
• White icon – indicates which files can be compressed
• Blue icon – New assets selected for compression
• Can’t be compressed – marks files that can’t be compressed

Hover your mouse over any icon for a popup description of what action this change would make.

To see the effect any change makes, click the Preview button.

Hitting Preview will load the frontend of your site, where you can check on the asset optimization you configured, making sure it doesn’t generate errors or break anything on your site.

As you can see, the preview page has three clickable buttons at the top: Go Back, Copy Test Link, and Publish.

Click on Copy Test Link if you want to gauge asset optimization you’ve made using a third-party performance test. Just paste the copied text into your preferred tool.

Click on the Publish button if you’re content with the change(s) you made, and are ready to save.

Click on the Go Back button if you’ve gotten an error message, a site break, or had no observable performance improvements, so you can continue to tweak your assets further.

Once you’ve completed this exercise, turn Safe Mode OFF, as leaving it on can cause page load delays on your live site.

And there you go! Maximum optimization achieved, which is completely changeable at any time.

What’s The Other New Feature in Hummingbird 3.4?

There’s another new feature in the latest release that I wanted to mention, as it’s sure to make your search experience in Hummingbird better.

In the past, if you were working with a particular encrypted file from your performance test reports, locating it on the Manual Asset optimization tab by filename was a bit messy.

That was because Hummingbird generates special filenames for optimized files, and there was no direct way to find them there. Until now!

With this release, you can copy filenames from the performance reports, then look them up directly in the browser search in the Manual Asset Optimization tab.

This makes finding optimized files easier and faster.

Get Your Site Humming with Optimal Performance

Hummingbird is the ultimate performance suite for all users – whether you’re looking for simple, one-click solutions, or want to fine-tune your site performance down to the last CSS file.

You’ll get faster loading pages and higher search rankings and PageSpeed scores with Hummingbird’s speed optimization.

Now with Safe Mode for asset optimization, you can manually configure and test any files without worrying about a site break or interrupting the visitor experience on your site.

Hummingbird is only one of our highly rated and multi-functional Pro plugins. You can try them all – along with WPMU DEVs membership or hosting – for free! Everything comes with our money-back guarantee, fully supported by our always on-call, 5-star support.

We’ll help you keep your sites humming and your clients happy.

Looking to expand your services beyond general web development work? Or maybe you’re learning new web design skills and looking for a profitable way to put them to use?

In this article we’re showing you how to offer specialized web design services to your clients, even if you have ZERO design skills or experience.

FYI, we surveyed our 50,000+ members and researched dozens of professional websites to come to the recommendations and suggestions mentioned in this article.

“The money I’ve made from this side business has paid for vacations and new toys I wouldn’t have been able to afford otherwise.” – Phil (WPMU DEV Member)

By the time you’re done reading you’ll have ideas for…

• The best types of web design services to offer to your clients.
• How to implement or outsource the services.
• How much you can charge for design services.

Skip ahead to any section of this article:

• Top Design Services To Offer Your Web Development Clients
  1. Branding
  2. Visual Identity
  3. Landing Pages and Lead Generation
  4. Redesigns
• Displaying Your Design Services Menu
• Get Started Offering Web Design Services To Your Clients

What Are Design Services and Which Services Should You Offer?

As mentioned above, our definition of design services are services that go above and beyond your normal theme, template, or page-builder approach.

Branding, rebranding, logo design, landing page design. These are the kind of things a lot of web developers might pass on doing, and that’s fine.

But if you’re up for earning extra income, providing more value for your clients, and making your overall web development service standout from the rest, we’re showing you how to do it.

Also don’t worry if you’re not a designer, or don’t think you have the necessary skills or experience to offer these services.

We’ll provide you with various outsourcing options that still allow you to apply a markup and make a profit.

As we touch on each service, you’ll also see we give you a number of tools and resources to use if you want to do the job yourself.

The Top 4 Web Design Services You Can Offer (As Voted By Our Members)

Once you’ve decided on offering these additional web design services, the next question is what type of services you’re actually going to offer.

Rather than taking a stab in the dark, or copying what the top Google result said, we thought we’d ask a group of people who know better than anyone, because they actually do this for a living…

Our 50,000+ web developer members!

Here are the design services that came out on top when we asked them in a recent members discussion:

1. Branding
2. Visual Identity
3. Landing Pages and Lead Generation
4. Redesign

Now let’s look at each of these design services in detail. You’ll learn what’s involved with each service, resources, tools, and outsourcing options for each, as well as what you can possibly charge your clients.

Web Design Service 1: Branding

Branding is how a business differentiates itself from other entities, and what customers will identify and associate it with.

You don’t have to go beyond the basics to get a brand up and running, especially if it’s not a massive corporation.

Additional branding components can also be supplemented, if or as they become relevant.

“Start with only what’s required and add more if necessary.”  – Databoy (WPMU DEV Member)

What’s Involved With Branding Services?

The branding we’re focusing on – based on member community input – is simply creating a brand by incorporating a color palette, selecting fonts, and strategically placing a logo or wordmark (we’ll talk about logo creation separately; see Visual Identity below).

Creating a color palette for your clients brand

Adopting a color palette is integral to the synergy of a client website.

There are some great online tools you use if you need help putting shades together for your clients.

Here are just a few we like, all of which are free.

Color palette tools:

Coolors

With Coolors, you can quickly generate palettes randomly, or more precisely using their color inspector (RGB bars), or by uploading an image – for both solids and gradients.

If you prefer ready-made options, they have a huge library.

This tool is available via iOS and Android apps, a Figma plugin, and a Chrome extension.

They also offer a Contrast Checker, and an Artwork Recolor tool (see my test case in the image above).

Adobe Color

Adobe Color provides their professional color wheel tool, with three modes available: RGB, HSB, & LAB.

You can extract a theme from an image to save as a color palette or gradient.

Accessibility tools are another plus; use their Contrast Checker and Color Blind Safe modes to see either, respectively.

Eggradients

Eggradients lets you select from a number of ready-made gradients. These are simple, two-color blends, but can be helpful or spark creativity if you’re looking for basic palette approaches.

Their color palette generator lets you choose from a list of varying shade gradients.

They also have a “50 Shades of Color” section, which will pull random tones in that color family, each with corresponding hex codes.

Choosing Website Fonts

Typography and strong font choice play a crucial role in the success of a new design.

There are several decent tools for comparing and testing fonts, as well as sites that offer access to a robust assortment of the fonts themselves.

Again, these are all free options.

Web Font Tools

Fontpair

Fontpair has a collection of pre-paired fonts on their site gathered from around the web.

They have a suggestions/submissions page, with new pairings added weekly.

Pair & Compare

Pair & Compare makes experimenting with font pairings easy.

You can use Google or local fonts (shared from your device) and have up to three comparatives simultaneously on the screen.

There are lots of editing options: size, weight, color, line height, and more.

You can also change any of the sample text, and bookmark fonts for testing later.

Google Fonts

Google Fonts is an excellent resource for finding and using fonts, with nearly 1500 families – including variable fonts and material symbols.

These are all free to use, even commercially or within a product that is sold commercially (example: a logo or wordmark).

Downloads are available for families, or individual styles, and can be shared with others via links.

Additional sites that offer free fonts:

• FontBase (this is a font management system)
• Font Squirrel
• Dafont.com
• FontSpace
• 1001FreeFonts
• Urbanfonts

And a selection of premium/paid font sites:

• Adobe Fonts
• MyFonts
• EnvatoElements Fonts
• FontBundles

How Much Can You Charge For Branding Services?

To get an idea of how to price your branding services, a useful exercise is to check out what the competition is offering and charging for creation of the same or similar content.

We did this ourselves and here are some relevant examples to draw pricing inspiration from:

TechCrunch had a great article on the cost of startup branding & visual identity, from a designer with a decade of experience (including Fortune 500s).

Here’s a breakdown of what they charged:

Pricing estimates are broken into two categories, based on the stage of the business, which as you can see, greatly affects the approximate costs.

The Branded Agency is a full-service digital agency that offers services and advice encompassing all elements and levels of branding.

They have an informative article in which they provide specs to help with planning & calculating branding costs.

There is variance in these prices too, but they’re still helpful to get an idea of what the typical range is for design services.

Knowing this can help prevent you from massively over or under charging, taking your skill and knowledge level (and the scope of a given project) into account.

Of course, you can and should price higher the more you’re including in your branding packages.

Average price range for branding services: $1,000-$30,000+

Web Design Service 2: Visual Identity

A visual identity could be a graphic only (logo), artistic text only (wordmark), a combination of both, or the full complement of all.

It could be as basic as a circle with an initial in it, or the business name in a specific font, weight, and color.

Case in point >> WPMU DEV!:

What’s Involved With Providing a Visual Identity Service

Deciding on a logo for a client has varying degrees of difficulty.

It boils down to how particular they are, and what their budget is.

The more complicated or specific a client-envisioned design is, the more likely their needs will be met by going with a custom one.

The other distinct advantage to a custom design is it will be unique. The prefab stuff is available to anyone, so multiple companies could purchase and use the same design.

Just as we checked out some sites that can help with the core elements of branding, we next set out to find resources that offer nice choices for visual identities (logos, wordmarks, etc).

Tools and Outsourcing Options For Creating Custom Logos

Logo.com

All of the logos on Logo.com are free.

These are very basic, premade cookie cutter offerings, but there are a lot of them.

They also allow great variation in color (there’s a Hex field) if you need a very specific shade.

Playing with free logo customization on Logo.com.

Considering these are completely free, it’s a decent option if you don’t need anything intricate or unique.

Creative Market

Creative Market has 150,000+ logo templates for use in corporate branding, e-commerce, and entrepreneurship.

The logo template sets include badges, icons, and other elements for creating unique and modern logos.

These are all pre-made designs, so keep in mind that any number of people can purchase/use the artwork in addition to you. If your client wants a unique logo, this option won’t work.

Fiverr

Fiverr is a highly popular seller marketplace, where you hire an individual artist for any number of design elements offered as Gigs.

Because this is fully dependent on what designer you happen to pick, your mileage may vary. But in general, reviewers seem pleased on the whole, and feel they got a good deal for what they paid.

The prices range from $5 to $995, depending on the skill level of the artist and the components included.

Logoglo

Logoglo is a premium logo site. Anything you get here would be a unique, one-off design, professionally made from scratch, based on your brief.

Packages include more content as you go up in tiers – such as number of initial concepts, turnaround time, & revision allowances.

This is a great option if you have a client who has a slightly bigger budget and wants artwork that people won’t come across elsewhere.

99designs

99designs is a subsidiary of VistaPrint, the highly successful online print house.

Offerings include the level of designers, and whether you get a dedicated manager and prioritized support.

The number of presented design concepts starts at 30 and goes up to 90. All designs come with a money-back guarantee, and full copyright ownership.

How Much Can You Charge For Visual Identity Services?

Jacob Cass is a brand designer, strategist, and the founder of JUST Creative, an award-winning branding & design consultancy.

JC.com has an article on design cost, with a helpful chart on logo design pricing. Additionally, they provided a list that breaks out the costs in greater detail.

Full Branding for global identities is priced extremely high, tapping out at over a million dollars.

This of course is the elite upper echelon, well above average.

For the level we are focused on, you can see the variance goes from $0 for DIY/free logo makers, to upwards of $5K for an experienced designer.

Average price range for visual identity services: $500-$5,000

Web Design Service 3: Landing Pages and Lead Generation

The primary goal of most websites (aside from education and entertainment) is to turn incoming traffic into leads.

Offering landing page or similar conversion-based services to your clients is well worth it.

After all, they’re not likely to turn down the potential of gaining more customers and leads.

“Each page has one purpose, to convert. Make sure you have a clear path on how the client wants to convert, what is the goal that the client wants out of every visitor. Keep your design focused on getting that convert click.” – Chris (WPMU DEV Member)

What’s Involved and The Tools to Help You Provide Landing Page and Lead Generation Services

Landing Pages

You may already have a template you use for client landing pages – either self-created, purchased, or acquired for free.

If you are looking for something fresh, or don’t already have a go-to, here are some options for Landing Page websites.

Tools and Outsourcing Options

Nicepage

Nicepage offers 10,000+ pre-designed Landing pages, or you can make your own.

You can edit any of the pre-made templates, using their own website builder – which allows for drag-and-drop, no coding customizations like content editing, layout changing (blocks), modifying colors and fonts, and making adjustments for different responsive modes.

Nicepage is available for Windows or Mac OS as a WordPress Plugin.

Fiverr

Fiverr’s experienced landing page designers can create the right layout and branding identity for your page.

Expect premium quality images, responsive design suitable for mobile devices and desktop, content upload (of content provided by you) and more.

The prices vary greatly, depending on what you want, how fast you want it, and the self-ascribed skills & experience of the artist you choose. For reference, we found prices ranged from $5 to $1500.

Landingfolio

Landingfolio features a beautiful and diverse collection of landing pages, curated from around the web.

Their offerings include:

• Tailwind CSS Site Templates – Figma included on all designs
• Logos – a collection by designer Jord Riekwel, donated to the community (they’re free)
• Mockup Generator – quickly create device mockups for your app or web design; enter your website URL, and they’ll generate the mockups for you

Tailwind is a CSS framework like Bootstrap, that speeds up your development time. It uses classes to style elements, so you don’t have to write any CSS.

Popular Page Builders Like Elementor and Divi

Of course, you can always turn to page builders and themes if needed, most of which will help you create quality custom landing pages for clients.

Divi only offers a paid version of their builder, which provides a nice-looking end-product when it comes to landing pages and conversion elements. Elementor also has the capability to create landing pages in both their free and Pro versions.

Create Lead Generations Modules With Hustle

Every good landing page needs effective lead generation elements.

You can put together some great lead generating modules with our free Hustle plugin.

Opt-ins, pop-ups, slide-ins, social shares, and embeds – Hustle helps you create them all, designed to drive results and convert visitors.

It’s easy to build great looking modules in minutes with Hustle’s professionally designed templates (18 and counting).

All of which are mobile responsive and come with a choice of email opt-in forms and informational designs (i.e., users click a button and are sent to another page).

Hustle comes in both free and pro versions. Both give you all of the same great settings and options.

The only difference is the Pro version comes with unlimited Opt-ins, Custom Content, and Social Sharing.

Want more Hustle? Check out these info-packed articles on the blog:

• How to Get The Most Out of Hustle
• How to Use Visibility Conditions in Hustle
• How to Get The Most Email Subscribers Using Hustle

How Much Can You Charge For Landing Page and Lead Generation Services?

F5 Studio, a successful web development outfit that has been in business since 2013, has a great article breaking down the elements of design, and what goes into its landing page pricing.

They say digital agencies charge from about $600 to $3,000 to create a static landing page, and from $2,000 to $5,000 for a dynamic landing page.

Brimar, an award-winning, full-service marketing agency, shared these insights on landing page cost, claiming an agency can charge anywhere from $300 to $3,000 per landing page, depending on the project’s complexity and the clients business goals.

Overall, the cost of creating a landing page varies depending on the complete scope of the job, and how much work will be involved.

Average price range for landing page and conversion services: $300-$5,000

Web Design Service 4: Redesign/Rebrand projects

There are several reasons why a client might benefit from or want a website redesign. The most common are:

• The overall look and feel is outdated or unappealing.
• The business identity isn’t well-reflected in the design, or soon won’t be due to a planned rebranding.
• The usability is poor, making navigation difficult and limiting conversions.

“It is especially important for a complete overhaul (the UI might require a complete rethink) if trying to appeal to a completely different audience—e.g. if a website changes from b2c to b2b.” – Marianna (WPMU DEV Member)

What’s Involved and The Tools to Help You Provide a Redesign Service

Understanding the user experience is key. If a site’s interaction/conversion rates are a lot less than their site traffic, it would behoove you to look into behavior analytics.

Hotjar and Crazy Egg for UX insights

Tools like Hotjar and Crazy Egg can provide great insight on a site’s UX design/usability.

By observing recorded screen behavior, you can pinpoint any weak areas, and make upgrades based on real-use data.

Hotjar offers their service for free, up to a thousand dollars (per month) based on what features you need, and for how many sessions (“Observe”) or responses (“Ask”).

Crazy Egg pricing includes 5 different packages, from less than thirty dollars a month, to priced by quote. Each tier allows greater quantities of services (like tracked page views, snapshots, & recordings).

Learning where customers move their mouses and where they click, what they focus on vs what they ignore, removes any doubt and guesswork, allowing you to focus on the areas specifically highlighted as ripe for improvement.

How Much Can You Charge For Redesign Services?

Redesigns are very similar to new designs in terms of the overall effort required. They involve many of the same elements, tools, and time requirements.

The only price differential with a redesign would be the additional cost of UX insight tools, as explained above.

As for overall web redesign costs, participants in a recent global redesign survey revealed some key stats:

1. Average cost to design a website (with basic features): $3,200
2. Average time to design a website (with basic features): 2 months
3. The foremost reason people hire a professional web designer (rather than using site building software): the ability to completely customize.

Regardless of the reason behind a redesign, it’s important to establishing what the expectations are for scope and cost in advance.

We’re seeing an average of $3+K and a timeframe of about two months for full web designs/redesigns. Factor that into what your average build time is and what services you will include to help set your prices.

Average price range for website redesigns: $2,000-$4,000

Putting All of Your Web Design Components Together

Having gathered information and given it due consideration, you can now construct a menu uniquely tailored to your web design services, providing easy access (and value proposition) to interested clients.

An Example of a Complete Design Services Menu:

Here’s an example we came up with, which includes variations on elemental prices, depending on the components included and expected work involved.

Get Started Offering Web Design Services To Your Clients

We hope you took away some valuable insights from this detailed look at offering web design services.

If you need any more advice or clarification about anything discussed in the article, feel free to ask us in the comments below.

There are a lot of balls to keep in the air as a Web Developer. At WPMU DEV, our goal is to assist in making that process as easy as possible.

If you’re interested in giving our platform a try, our free plan is the best place to start. It includes unlimited site management, built-in billing, plugins, and more.

It has become increasingly apparent that relying strictly on usernames and passwords for logins no longer offers the highest levels of security.

WPMU DEV’s solution to addressing this is through the use of the WebAuthn standard, which bypasses vulnerabilities by providing a protocol of public key cryptography as a login authentication method.

Both Defender Free and Pro versions allow you to make full use of Web Authentication; providing the ability to verify the authenticity of a user login by way of biometrics (facial or fingerprint recognition), or a USB security key (e.g., YubiKey).

Usage of these web authentication methods is similar to the 2FA methods already present in Defender, alongside the existing TOTP (Time-based One-Time Password), backup codes, and fallback email authentication methods.

In this article, we’re going to look at how to implement Web Authentication methods, as part of our 2FA WordPress plugin features in Defender.

Continue reading, or jump ahead using these links:

• The All-Encompassing Defender
• Full Walkthrough on Web Authentication
  • Enable Biometric or USB Security Key
  • Register Device
  • Authenticate Device
  • Rename or Delete Device
  • GDPR Compliance
  • Enabling Multiple 2FA Methods
• Additional 2FA Features: WooCommerce Integration, Disable Users, Custom Graphic URL
• The Complete Package

Let’s explore all that Defender has to offer in the form of login protection with the cool new 2FA WebAuth features.

The All-Encompassing Defender

Defender gives you the best in WordPress plugin security, stopping SQL injections, cross-site scripting XSS, brute force login attacks—and other vulnerabilities—with a list of one-click hardening techniques that will instantly add layers of protection to your site.

It also makes safety easier on and for you, taking advantage of the latest in WebAuth security measures.

By way of a quick overview, here’s how this works in Defender… the user will input their username & password to log in, and if Platform authentication has been configured for that device, said user can verify their identity through their fingerprint scanner or facial recognition software. Likewise, if the Roaming authentication has been configured for that device, the user can verify their identity through their USB security key.

Because we’re using the WebAuthn protocol, Defender does not at any point receive any biometric or security key data, only a confirmation or rejection from the user’s device.

I want to interject here with a quick point of interest, shared by one of our techs, Marcel Oudejans (and paraphrased by me)…

The convention of naming a dog “Fido” was popularized by Abraham Lincoln, though its use as a canine pet name dates back to the ancient Romans.

“Fido” means “faithful”. FIDO stands for “Fast IDentity Online”. The new Biometric authentication feature uses WebAuthn protocol from FIDO.

So in a lovely, roundabout way, by using the FIDO protocol to implement this feature, one could say we are infusing ‘faithfulness’ into Defender.

For more technical information on FIDO, check out this article.

Ok, now let’s take an in depth look at these awesome new Web Authentication features.

Full Walkthrough on Web Authentication

First, make sure you have the Defender plugin installed and activated, and update it to the latest version.

Two important things to note up front:

1. Configuration of authorized devices is required on a per-user basis, since authentication is linked to individual user accounts.
2. PHP 7.4 or above is required, as it improves performance and security, while also supporting the new biometric feature.

Enable Biometric or USB Security Key

Navigate to the WordPress Dashboard > Defender. On the left sidebar, click on 2FA and click on the Activate button.

Now you’ll see all the section information for Two-Factor Authentication, and all the options we have available here.

From the same Defender 2FA page, under User Roles > Administrator, toggle the button On. Make sure to scroll to the bottom and click on Save Changes.

From the Dashboard’s side menu, go to the Users section, and click on your Admin User profile.

Scroll down to the Security section, and next to Web Authentication, toggle the button ON.

You’ll see a recommendation to choose an additional authentication method from these options: TOTP, Backup Codes, and Fallback Email.

In the example below, you’ll see Fallback Email has also been selected, but you can choose whatever method(s) you prefer. Remember to click the Update Profile button at bottom.

Web Authentication does not replace your traditional WordPress login (i.e., username & password), instead adds an additional secure layer, like the other authentication options above.

While many browsers and operating systems are compatible with the WebAuthn protocol used to manage the authentication process, some are currently not. Check here to see WebAuthn’s browser and OS compatibility list.

Register Device

With WebAuth authentication enabled, the Registered Device table will appear, with options to Register Device or Authenticate Device.

Clicking the Register Device button will start the prompt from your browser to configure the form of Web Authentication you wish to use, depending on what’s available on your device.

Select an Authenticator Type, enter any name in the Authenticator Identifier field, then click the Start Registration button.

Depending on the authenticator type and device you are using, the registration process will differ.

Example 1:

Registering a Windows desktop or laptop will prompt you to enter your Windows Hello PIN, or whatever other authentication method may be enabled on your device.

Example 2:

Registering a mobile device will prompt you to touch the fingerprint sensor, or whatever other authentication method may be enabled on your device.

Example 3:

Registering a USB Security key will prompt you to go through a brief series of steps.

Back on your Users Profile page, if you scroll to the bottom under Security > Registered Device, you’ll see your device listed here, along with a message beneath it confirming it has indeed been registered.

The next step is to authenticate the device you just registered.

Authenticate Device

Once the device has been registered, click the Authenticate Device button.

The same authentication method used to register the device will prompt you to confirm the action.

Once done, you’ll see a success message appear. Now you’ll be able to use the registered WebAuth options as additional, secure ways to login to your site.

Rename or Delete Device

If desired, you can rename or delete any authenticated device.

Navigate to the WordPress Dashboard > Users, and click on your username.

To Rename:

From Profile > Security > Registered device, click on the Rename text in the Action column. Type the new name, and click Save.

To Delete:

Same process as above, but click on the Delete text in the Action column, then click OK from the next popup.

Be advised that the Delete action doesn’t save settings, so if you decide you want to use the Biometric feature from that device again, you will need to go through the full setup process.

Likewise, if you deactivate any WebAuth functionality on your device, the login will no longer work, and you would need to repeat the process on your device to restore the feature’s functionality.

GDPR Compliance

FIDO Alliance standards were created from the outset with a “privacy by design” approach and are a strong fit for GDPR compliance.

Because FIDO delivers authentication with no third-party involvement or tracking between accounts and services, biometric authentication with FIDO2 compatible devices is fully GDPR compliant.

With FIDO, no personally-identifying information ever leaves your device.

For more information, see the following article on the FIDO website: FIDO Authentication and GDPR.

Enabling Multiple 2FA Methods

If you enable more than one additional authentication method in your profile, each will display as alternate options beneath the method you have set as your default.

For example, here’s the screen you’ll see if you select Web Authentication as your preferred method…

And here’s an example showing TOTP Authentication as the preferred method.

You can click on any available option in the list, and it will display the selected alternate authentication method.

A final note… Web Authentication requires that the following PHP extensions be enabled on your server: mbstring, GMP, and Sodium. These extensions are enabled by default on all sites hosted by WPMU DEV.

If you are hosting elsewhere and any of them are not enabled on your server, you’ll see an alert like the one below. Reach out to your hosting provider to have them enable the extensions for you so that you can use this feature.

Click here for WPMU DEV’s full documentation on Defender’s Web Authentication feature.

Additional 2FA Features

A few extra goodies were included in the most recent rollout of Defender. Here’s what else is new:

WooCommerce

Defender allows users to configure 2FA from WooCommerce’s My Account page.

Simply flip the option on in Defender’s 2FA settings, and enable two-factor authentication for the user role Customer (so the 2FA section appears under the My Account page).

Check Active Users

Defender now allows you to see User 2FA status, or reset it for any reason. To do so:

• Navigate to WP Dashboard > Defender > 2FA > Active Users.
• Click on View users; check the Two Factor column to see who has 2FA enabled.
• Hover over any user, and below their avatar, Reset two factor will display. Click on that, then Save Changes.

You can also skip a step, and navigate directly to WP Dashboard > Users to reset the 2FA.

Custom Graphic from a URL

The Defender icon that appears on your login page can be replaced with a custom graphic of your choosing.

You can now select to link a graphic from a URL, as well as the alternate options of uploading, or having no graphic at all.

The Complete Package

As protective measures go in WordPress, it’s hard to beat Defender.

Defender has powerful security protocols, including malware scanning, antivirus scans, IP blocking, firewall, activity log, security log, and two-factor authentication (2FA), including two Web Authentication methods–Biometric, and USB Safety Key.

Defender also comes with an additional, useful enhancement to Defender’s WP-CLI “scan” command. By using this WP-CLI command and option, if any issues are found, Defender will create a table with results.

Previously, you could only see the results of a malware scan from the back-end of the site (at WP Admin > Defender Pro > Malware scanning), but now you’ll be able to see the completed scan results right in the console.

Coming soon for Defender… we’ll expand on our use of WebAuthn, with our devs currently working on the ability to use hardware authentication devices. Plans are also underway to implement ‘password free’ logins in the best way possible, using the WebAuthn protocol.

You can read about upcoming features for any of our tools and services anytime in our product Roadmap.

If 2FA is the question, Defender is the answer. Handling security in your WordPress sites can be as simple—yet complete—as activating Defender.

[Editor’s note: This post was originally published in June 2022 and updated in March 2024 for accuracy.]

Up to this point, the readability test in SmartCrawl could be used solely to calculate a score for posts or pages written in the English language.

Now, depending on what language you have set up in WordPress settings, SmartCrawl will use a different formula to calculate the readability score for a number of languages.

Our SEO analysis engine currently supports the following:

• Czech
• Dutch
• French
• German
• Italian
• Russian
• Spanish

In this article, we’re going to take a look at this helpful new feature, and touch on a few related ones as well.

Continue reading, or jump ahead using these links:

• Multilingual Readability
  • The Flesch-Kincaid Test
  • SmartCrawl’s Language Support
• Additional SmartCrawl Settings
  • SEO Section
  • Readability Section
  • Social Section
  • Advanced Section
• Linguistically Speaking

Along with Multilingual Readability support, Post SEO Analysis will also support the above languages.

The Post SEO Analysis feature reads the page content and how it’s displayed in the frontend, then provides SEO recommendations based on the content added.

Having support for 7 languages will provide more accurate recommendations, as it uses different formulas for each one.

Let’s take a look at these settings in SmartCrawl.

Multilingual Readability

The key to learning is understanding. It’s not just about speaking in a language your audience comprehends; it’s presenting your words in a manner that is easily understood.

Since 1847, scholars have been measuring difficulty level in reading copy. Many indexes exist that measure readability of the English text— SMOG, Gunning fog, Automated, Coleman-Liau, and more.

All of these indexes convert readability to a mathematical formula, indicating how well your readers can comprehend the text. Although the formulas differ, they consistently place heavy emphasis on these two factors: sentence length and word length.

SmartCrawl uses the Flesch-Kincaid Test. What is that exactly? Read on…

The Flesch-Kincaid Test

Lawyer, author, and writing consultant Rudolph Flesch advocated the use of phonics rather than sight reading to enable students to sound-out unfamiliar words, a method often called “look-say”.

Flesch penned many books, the most famous probably being “Why Johnny Can’t Read, and What You Can Do About It”.

In 1943, Flesch published a readability formula in his dissertation, “Marks of a Readable Style.” That formula, the Flesch Reading Ease index, was the original Flesch test.

Flesch’s work with the Associated Press helped bring the reading level of front-page newspaper stories down by five grade levels. Implementing this formula increased Publishers readership by 40% to 60%.

In 1976, the U.S. Navy commissioned J. Peter Kincaid and his team to recalculate the Flesch Reading Ease to help sailors absorb Navy training manuals faster and understand them better.

The resulting formula was the Flesch-Kincaid Test, which is now a standard for the U.S. Department of Defense, the Internal Revenue Service, and the Social Services Administration. In fact, many states now require insurance policies and other legal documents to weigh in at no higher than a 9th grade reading level on the Flesch Kincaid scale.

SmartCrawl’s Language Support

Now that we understand a bit more about readability and the test we use to evaluate it, let’s look at these features in SmartCrawl.

Once you install & activate (or update) SmartCrawl, you’ll be greeted by the splash screen, heralding the new Language Support features.

Navigate to your Posts or Pages content list, and you’ll see a new SEO Meta [+] link, above the classic WordPress actions menu.

Click on the [+] to see some basic information about the post’s current SEO-optimized Title and Description. This includes colored indicators showing the character count for each.

Green highlights represent counts within the recommended range, while yellow highlights represent counts that fall outside of that.

There are also a few new columns in the Post/Page list, as follows:

• SEO – enable Page Analysis in SmartCrawl > Settings
• Readability – enable Readability Analysis in SmartCrawl > Settings
• Robots Meta – shows the index settings you have enabled for crawler instructions

Hover your mouse over the number indicator in the SEO column to reveal a quick overview of the recommendations SmartCrawl has for that page or post.

If you prefer these columns don’t show on your screen, they can be toggled On/Off by clicking the Screen Options tab at the top of the WordPress dashboard. Simpy tick/untick the coordinating checkboxes. (Don’t forget to hit the Apply button to save your changes.)

Additional SmartCrawl Settings

While we’re here, let’s look at a few more key features in SmartCrawl’s SEO toolbox.

In the editor screen (for any Post or Page), scroll to the bottom to access the SmartCrawl metabox.

There are four tabs available here. What you see depends on what you have enabled in SmartCrawl’s settings.These are:

• SEO – customize the SEO Title and Description (that appear in search engine result pages), and run a full SEO analysis of your post.
• Readability – the level of readability your content is for the average reader (determined by the Flesch-Kincaid test).
• Social – customize a post’s OpenGraph elements for social network sharing.
• Advanced – indexing, sitemap and automatic linking options for the post are found here.

We’ll look at each of these tabs a bit more in depth.

SEO Section

Under the SEO section, you’ll see a preview of how Google sees your post meta, with the Title at the top, followed by the post Permalink, then your post Description.

Click the EDIT META button to customize the title and description. Once again, the green underline means you’re within the desired length, while the yellow underline means you’re outside the ideal range.

Click the plus + icon to the right of either field to add dynamic data using the built-in macros from the dropdown menu. You can add as many as you like to mold the ideal structure and length for your title and description, including adding plain text to either field.

SEO Analysis is at the bottom of the SEO section. (If it’s not showing, go into SmartCrawl settings and enable the option.)

Enter any focus keyword(s) in the text field, then click the REFRESH button to analyze the post for keywords.

You can repeat this process for as many keywords as you like, and adjust your post content accordingly to get the best keyword optimization results.

Click the arrow to the right of any Recommendation to see details for making improvements.

There is even an option to stop getting a popup every time you run an analysis on something you know you’re not going to change. Simply click the IGNORE button on that suggestion.

Readability Section

This section allows you to manually run the Flesch-Kincaid Test.

Click the REFRESH button to see how well your post fairs for the average reader in the supported language. The ideal or target range is 70 and above.

In this case, I’ve been given a 60. I should attempt to improve by clicking the arrow to the right of the Flesch-Kincaid Test, and adjusting according to the recommendations.

Note, you can also mute this by using the IGNORE button.

Social Section

Want your post Title, Description, or Featured Image(s) to be different when shared to social media?

No problem! Enable OpenGraph support for the post in the Social section, and configure the specifics you need for Title, Description, and Featured Images.

There is one for social networks in general (like Facebook), and one specific to Twitter.

Advanced Section

In the Advanced section, you can adjust the indexing options for the post, should they differ from what you have set as the post type’s defaults (in SmartCrawl > Title & Meta).

These are the options:

• Index – instruct search engines whether this post should appear/not appear in results.
• Follow – tell search engines to follow/not follow the links on your page (applies to crawling them as well).
• Archive – instruct search engines to store/not store a cached version of this page.
• Snippet – allow search engines to show a snippet of this page in search results, and prevent them from caching the page.

In this sections, you can also manage Canonical page versions, 301 Redirects, set Sitemap Priority, and enable/disable Automatic Linking in a post (if you don’t see this option, you can enable it in SmartCrawl > Advanced Tools).

Linguistically Speaking

A readability score is not inherently good or bad. Simply put, it is the level you aspire to in any given piece of content based on the audience you are writing it for.

SEO readability checks analyze user posts or pages, and indicate what can be done to make them more readable. The ability to test that within a number of different languages is huge.

Try the SmartCrawl plugin today and get the simple but powerful Multilingual Language Support features, along with a stellar suite of SEO optimizations. You can take our full membership for a spin with a free trial, which includes all 11 of our Pro Plugins, Free Migration Assistance, 24/7 Expert Live Support (for ALL things WordPress), plus a lot more.

Knowing readability level helps users publish content that is more SEO-friendly, engaging, and accessible to a wider audience—therefore potentially performing better and ranking higher.

That’s a win, vítězství, overwinning, victoire, sieg, vittoria, победа, victoria!

Forminator is a free, easy-to-use WordPress form builder plugin that protects your forms from bogus comments and registrations at all times, using a combination of industry-leading anti-spam tools.

Preventing form and comment spam in WordPress starts by zeroing in on how it gets through. With spammers and bots growing by the day, tools that recognize (and stop) them with a high degree of accuracy is vital.

When creating a form in Forminator, like a new user registration, you can enable a combination of the most successful methods for eliminating spam.

In this article, we’re going to look at what the top tools of the trade are when it comes to the prevention of form and comment spam. Then we’ll see how to put each one into action in Forminator’s settings.

It won’t be long until you see that Forminator’s spam protections are fastidious and formidable.

Continue reading, or jump ahead using these links:

• Triple Threat (Protection)
  • Captcha
  • Akismet
  • Honeypot
• Set Up Spam Protections in Forminator
  • Create a Form
  • Enable a Captcha
  • Enable Honeypot and Akismet
  • Additional Settings
• Spam Distress? Try Forms with Finesse

Let’s look at the tools in Forminator that help to keep spam at bay.

Triple Threat (Protection)

As the cunning moves spammers & bots use continue to rise, so do (thankfully) the tools to outsmart them.

Forminator takes full advantage of the most solid contenders available. The top three–while not foolproof—are highly popular and effective in their own right.

Captcha

Forminator has two different Captcha options available for you to implement: reCAPTCHA and hCaptcha.

Google’s reCAPTCHA has been at the forefront of bot mitigation for over a decade. Applying continuous machine learning to overcome the binary logic of traditional challenge-based detection technologies, it actively protects the data of five million sites.

Using an advanced risk analysis engine and adaptive challenges, reCAPTCHA keeps malicious software from engaging in abusive activities on your website. Meanwhile, legitimate users will be able to login, view pages, create accounts, and complete transactions with little to no fuss–especially with reCAPTCHA v3.

reCAPTCHA is free, even for Enterprise accounts–for up to 1 million Assessments per month.

hCaptcha, from Intuition Machines (IM), provides reliable bot detection while being simple for humans to solve. It presents Captcha challenges that are difficult for bots but easy for people, by collecting difficult-to-label data from machine learning problems and using it to distinguish whether a website or app visitor is human.

Both reCAPTCHA and hCaptcha come with visible or invisible options in Forminator. Sign-up is required for both, but is easy and free. You can use either one throughout your site on different forms, but only one per each form.

Akismet

The brainchild of Automattic CEO and WordPress co-founder Matt Mullenweg, Akismet is one of the most popular WordPress plugins on the WP.org repository, and has been leading the crusade against spam since 2005.

Automatically checking site comments and contact form submissions against their global database of spam, Akismet allows you to review the filtered comment spam it catches for any false positives you’d want to let through.

API keys are also needed to activate this tool, and are free for personal use. There are paid subscriptions available for Plus, Enterprise, and Enterprise Plus, with different features and price points for each.

Akismet is integrated into many of the most used plugins, making for a smooth user experience.

Honeypot

Whereas the two options we just discussed are specific products, Honeypot is a method. In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

Honeypot uses a decoy operation to ward off spam, set up purely to attract and detect potential attackers. By monitoring the decoy, the owner of the system can detect if they are being targeted by cyber threats.

The process involves placing a hidden field using JavaScript, CSS (or similar). Spambots automatically search and fill every form, so if this form gets filled in, chances are very good that it was a spam submission.

By employing this simple coding strategy, bots landing on your website will reveal themselves; a simple and effective way to ensure that you only send messages to genuine subscribers/customers, protecting their privacy and your company’s reputation.

Set Up Spam Protections in Forminator

Now that we know the tools at our disposal in the Forminator plugin, let’s look at how we can implement each one.

You’ll need to create a form first, so we’ll have something to attach spam protections to.

This is an easy task that takes only seconds. First, make sure to install & activate Forminator, if you haven’t already.

Create a Form

1. Navigate to the WordPress Dashboard > Forminator > Forms, then click on the blue + Create button.
2. Select Registration (it will turn blue and add a checkmark in the corner), then click the Continue button.
3. Type in a name, then click the + Create button.

Form created! That simple. The default template added a few fields for you, which you can add to, or remove from.

There are a stunning array of options and personalizations in Forminator, so making it your own is a lot of fun. For now, we’ll turn our focus back to the anti spam tools.

Enable a Captcha

1. From the Edit Form page, click the Edit button next to your form.
2. Click the purple + Insert Fields button.
3. Select Captcha (it will turn blue and add a checkmark in the corner), then click the Insert Fields button.
4. Next, you’ll select which Captcha type/version n you want to use, a threshold tolerance, and more. Of importance here, we need to input the API keys for it.

Note: Each different Captcha type will require its own keys in your global settings. If you haven’t yet created APIs for your site, head over to your Google reCAPTCHA or hCaptcha and set them up (takes less than a minute), then return to Forminator to finish the configurations.

1. Enter both of your API keys, then click the blue Save Settings button.

Setup complete. You can now check out a preview of what your form reCAPTCHA looks like.

Enable Honeypot and Akismet

In order to use Akismet’s features in Forminator, you will need to install & activate the plugin, so make sure to do that first.

1. Navigate to Forminator’s Dashboard, then open the form you created.
2. From the Edit Form page, click Behavior from the left sidebar menu, then scroll down to Security.

   

3. Toggle the Enable Honeypot protection button ON (it will go from gray to blue).
4. Toggle the Enable Akismet spam protection button ON (it will go from gray to blue).
5. In the Akismet section, you will see two options for how Forminator should handle spam submissions:
   1. Fail Submission – This is the message visitors will see if they fail the spam check. You can customize this to say whatever you like; just type your desired text in the corresponding field.
   2. Mark as Spam – Entries marked as spam will be captured in the database, but not shown in Submissions. Additionally, Payments, Notification emails, and other automatic processes will be blocked.
6. Enable logged in submission only – Toggle this feature ON, if you want to allow only registered users to submit forms.

Additional Settings

There is an abundance of options available for your form.

So many, in fact, it would require another tutorial completely—and we already have several great ones—so I won’t go into further detail here.

I will however, quickly list some of the many other features, so you can get an idea just how robust forms in Forminator can be.

• Lifespan – choose your form’s expiry (never, by date, or by number of submissions)
• After Submission Behaviors – use AJAX, or reload the page
• Email Notifications – send customized emails to post form submission (includes advanced features)
• Third-party Integrations – connect to apps via their APIs (Zapier, MailChimp, Google Sheets, Slack, & more)
• Database Storage – set auto-deletion time; multiple option values
• Submissions Privacy – choose retention length; handling of erasure requests
• Fields – 25 (and growing!); plus e-signatures* (*Pro version only)
• Appearance – design style, colors, fonts, container padding, custom CSS, & more

Forminator is more than just a great form builder with powerful spam tools baked in.

It also comes loaded with capabilities to create interactive polls, fun quizzes, feedback widgets, and some popular payment options. Truly, something for everyone.

Spam Distress? Try Forms with Finesse

While there’s no way to completely eradicate spam from the web, at least not that we know of presently, there are some incredibly effective tools that you can use.

One great option is to use a robust security plugin—Defender, for example, which uses IP Banning.

Another is to use a Web Application Firewall, which most good hosts nowadays will provide. WAFs often have country lock-out capabilities, so known locations of spammers and bots can be completely cut off.

And of course, as showcased in this post, you can use a plugin that enables a Captcha, Akismet, or Honeypot. With Forminator, you get all three of these top-of-their-game tools, along with easy options to implement them.

Forminator will make a big difference in shoring up your defenses against the nuisance of comment & registration spam, providing a strong—and free—resource, right at your fingertips.