Why you HAVE to plan

There’s an old saying:

“Those who fail to plan, plan to fail.”

Have you heard this before?

The reason I ask is because many business owners, I talk with, are completely frustrated with the declining sales and profits that is occurring within their businesses, yet they feel like they have no control over helping their situations.

However, when I ask them what their current marketing plan looks like, they give me a blank stare and say, “What marketing plan?”

Can you see the problem?

By creating a sold marketing strategy, and writing it down into a structured planned process for increasing sales, and profits, there is an almost immediate result as far as improving profits for a business.

What is a marketing plan exactly?

Basically it is a written blueprint of what methods and steps will be used to promote and market certain elements of your business to your target market.

The secret to a successful marketing plan, is identifying exactly how you will take a prospect / new customer, and transition them into a paying customer / client.

By mapping out this plan, you will not only see higher ROI for your marketing efforts, but you will also be able to identify where the “profit leaks” in your marketing are, and stop them…

This results in less wasted marketing, and increased profits!

That’s the simple version of creating a marketing plan, but you get the idea. By creating and implementing a written marketing plan, you will be far ahead of your competition who is not!

Such plans should also be created for any marketing campaigns, advertisements, events, etc. to identify (PRIOR to the marketing) what steps you plan to transition any leads generated into paying customers.

How to prioritize categories in search (WordPress)

As a preface, if anyone has a more elegant solution to this, or found this post helpful please comment below.

While working on a site for a client I came across what at the time seemed like a very simple problem: when user performs a search, posts from a certain category (and its subcategories) should come out on top.

No problem – wp_query, order by and we’re set – however there’s nothing to order by.

  • You can’t order by categories for this particular problem.
  • You can’t order by meta_key or meta_value if other posts don’t have that value. (All posts in the category that I wanted on top had a specific meta_key/value combination).
    That includes injecting into the SQL statement. As a sidenote, while working on this I figured out a way to order by multiple meta_values. Doesn’t help here but good to know.
  • Using multiple loops is a solution that many people on the net used for this particular problem. Though once you start using multiple loops for this, you get into pagination issues with The Loop. Too much headache to deal with. I want a simple solution.

I was about to write a plugin to prioritize posts/categories when I came across a little gem of a plugin that does exactly that. It seems to be doing a simple task but it’s actually quite brilliant if you take a look at the code.

Combined with simply ordering posts by title with wp_query, I now have certain categories on top of search results and all posts are ordered by title.

You can grab this plugin here:

http://wordpress.org/extend/plugins/astickypostorderer/

Happy WordPressing.

How safe is the data in your database?

This is a topic that everyone who writes scripts should be familiar with, and yet only within the past month I’ve worked with two custom scripts that were vulnerable to basic SQL injection attacks.

What is an SQL injection attack?

Any information that you gather from your website’s visitors via HTML forms is usually stored in a database. It’s a simple & efficient way to get this information in and out. So a script on your site takes the data from your HTML form (your customer’s name, e-mail, address, etc) and puts it in a database.

HOWEVER – What if we entered database commands instead of our e-mail address into that HTML form? We can then potentially play around with the data that we’re not supposed to see or edit. Sneaky, eh.

If the script doesn’t check for this, anyone who visits your site can have a free reign on your data.

This doesn’t stop there. The same can apply to dynamically built pages as well. For example, things like www.yoursite.com/index.php?customer=57

In the above case ’57’ is the input that’s supposed to be the ID of the customer. Malicious minded people may substitute that ’57’ for an arbitrary database command and have it wreak havoc on all your records.

How can it affect me?

If your scripts are vulnerable, anyone with enough knowledge can

  • View your data, even if they are not supposed to
  • Modify it. This includes deleting the entire database.

How you can protect yourself

If you are coding the script yourself, you may find these resources useful:

http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.askbee.net/articles/php/SQL_Injection/sql_injection.html

General guidelines are:

  • Only accept the input that you expect, nothing else. So if you want to enter customer’s name into the database, make sure your script checks that they only enter letters in the field. if you’re expecting their e-mail, check that what they entered is in a proper e-mail format, and so on. See this page for more examples. Some will argue that sanitizing is more effective, but this point is important for other vulnerabilities as well. They both should be used. Which brings me to the next point.
  • Sanitize the rest of the data to catch characters you might have missed in the above procedure.
  • Use different databases for different scripts. So if one script gets ‘broken into’, your other information is safe
  • Only store as much information online as you can afford to. Besides SQL injections, someone may break in and steal/read your information using other vulnerabilities

If you’re hiring someone to write a script that will communicate with a database, you should ask what steps they’ve taken to protect it against an SQL injection attack.

You shouldn’t panic, however. Most commercial & open source scripts are already protected against well known attacks and keep getting patched as new things are discovered.

Law Offices of Corey D. Silverstein, P.C.

The Law Offices of Corey D. Silverstein, P.C. Integrated WordPress snippets into the main page & skinned WordPress installation to match the look of the site.

Custom contact script which lets them track the leads received through the site.

The website of The Law Offices of Corey D. Silverstein can be found at http://www.silversteinlegal.com

SEO Research

Over the past couple of years we’ve developed a system for pin-pointing exact keywords that a company should be targeting to get the maximum return on their investments.

Some of the custom tools that were developed for this purpose utilize 35+ servers for concurrent traffic, competition and commercial viability analysis.