Do’s and Don’ts of WordPress Security

Do's and Don'ts of WordPress Security

With a great WordPress site comes great responsibility. WordPress offers journalists a distinguished platform to publish and distribute their content, but keeping your site safe and secure can seem like an overwhelming and daunting task. Luckily, keeping your WordPress site in tip-top shape isn’t as difficult as it seems. We’ve put together a list of a few basic do’s and don’ts to follow in order to keep your site running smoothly and securely, along with the basics of WordPress vulnerabilities and how to understand why some WordPress websites end up getting exploited.

Common WordPress Vulnerabilities

Before we discuss what you should and should not do with your WordPress site, it will be helpful for you to understand the two main ways that WordPress sites can end up becoming vulnerable to attackers. 

  1. Outdated Plugins
    The most common way for attackers to exploit WordPress sites is through outdated plugins, which account for nearly 60% of all WordPress breaches. Outdated plugins can leave unintended doors open for unwelcome visitors with insecure code practices, improperly sanitized text fields, or a myriad of other bad practices. Keep your plugins updated.
  2. User Accounts
    Another common way WordPress sites are exploited is through user accounts. Keeping track of who has access to user accounts on your website, and what permission levels each account has, is a great way to prevent unwanted users from coming in and making unwelcome changes to your site. 

Basic Do’s and Don’ts of WordPress Security

Now that we’ve gone over what some of the most commonly exploited WordPress vulnerabilities look like, we can explore a basic list of some do’s and don’ts when it comes to keeping up with your WordPress site. 

Do:

You can find available plugin and WordPress updates by logging into your WordPress admin panel and navigating to plugins -> installed plugins -> updates available.
  • Keep WordPress, plugins and themes up to date
    • Keeping your plugins and themes up to date will not only allow you to use the newest features and tools added, but it will also ensure that any bugs and vulnerabilities in the previous versions won’t be running on your WordPress site.
  • Remove unused users and plugins
    • Removing unused user accounts and plugins from your site will not only help keep your website running smoothly, but it will also limit the number of things that need to be maintained on your WordPress site and prevent more ways for unauthorized users and vulnerabilities to gain access to your site.
  • Set up a backup solution
    • If the unthinkable happens and your site is the unfortunate target of a successful attack, having a backup solution in place will save you a lot of time and headaches. Having a backup solution in place can usually enable you to have your site back up and functioning with the click of a couple of buttons and in a matter of minutes. Taking a few hours to get a solid backup solution in place is a lot better than losing your entire site and having to rebuild it from the ground up if it is compromised.
  • Install an SSL certificate
    • Installing an SSL certificate on your website is a pretty painless process, and it can usually be done for free. Adding an SSL certificate adds an extra layer of security between your WordPress site and its visitors by securing the connection between the two. Adding an SSL certificate to your website is also a great way to instill trust in readers and let them know that you run a legitimate and safe website. Along with the added trust factor, your site will also see a boost in search engine ranking since Google’s algorithms prefer HTTPS-enabled websites.
  • Find a stable host who specializes in WordPress
    • Finding a stable and trustworthy web host that specializes in hosting WordPress sites, such as Flywheel or WPEngine, is one of the most important steps you can take to ensuring the security of your WordPress site. A good web host will work with you to help maintain your WordPress site and even help improve your site speed and performance. 

Don’t:

Changing the default WordPress admin username to something more complex is an easy and simple way to deter some would-be attackers.
  • Don't reuse the same password for multiple accounts
    • This is more of a basic internet security rule as opposed to being WordPress specific, but never use the same password for multiple internet accounts. Instead, find an easy to use password organizer to keep your passwords safe and secure. You should make sure that your WordPress password is a secure mix of capital letters, symbols, and numbers, as a secure password is a simple preventative step to stop an account from becoming compromised.
  • Don't use the default `admin` username
    • Unwanted visitors who try and gain access to WordPress accounts almost always try using the default admin username on the first try. Consider changing the admin username to something different as a simple preventative step.
  • Don't install questionable themes or plugins
    • The beauty of WordPress is that it gives you the freedom to install thousands of free themes and plugins, with mostly all of them being legitimate. However, it’s easy to get caught up in the endless amount of free plugins and themes that you can install. Unfortunately, there are some themes and plugins out there that are made with malevolent intent. Make sure to always read reviews and download plugins and themes from reliable sources, like the WordPress plugin and theme directories.
  • Don't give away admin access
    • Only give out admin access to users you fully trust. Admin accounts come with lots of responsibility. Instead of granting full admin privileges to users, try giving them specific privileges to only certain tools and areas they need access to. When the user no longer needs that access, revoke their permissions.

Security and Speed Go Hand-In-Hand

An additional benefit of following these steps is that most of them will help you speed up your WordPress site speed. For example, reducing the number of plugins you have will help control what we call “plugin bloat”. Having too many plugins may result in slow page load times due to all of their assets and functions having to load on the page at once.

Another area to keep an eye on if you’re looking to increase your site speed is your theme. Lots of themes are built with a lot of unnecessary tools and functions which may be useful sometimes, but most of the time just end up increasing page load times. Verify that the theme you’re installing has been thoroughly tested to see the effects it’ll have on your page speed.

What to Do if Your Site is Compromised

If your site is the unfortunate victim of a successful attack, knowing what to do will save you from a lot of headaches. First off, don’t panic! Panicking will only make the situation worse, and you will need a level head to successfully recover your website. The first step you’ll want to take is finding out what exactly happened and locating the vulnerability that was exploited. Ask yourself these questions:

  • Are you able to log in to your admin panel? 
  • Is your website being redirected to another website? 
  • Is your website not responding at all?

Once you figure out what exactly happened, you can continue to recover your website. At this point, you should contact your hosting provider. Your host has dealt with this before and will know how to help with these next steps:

Having an automated backup solution in place can come really come in handy in the unfortunate event of a successful attack. This image shows Flywheel's backups panel and several nightly backups.
  1. Restore a backup of your site
    • Hopefully, you backed up your site before this attack happened – you should be backing up your site every day! If you have, you will restore your website from the latest one. Unfortunately, you will lose any content updates you’ve made between the time of that backup and now, but that is a small price to pay to get your site back up and running. 
  2.  Fix the vulnerability to prevent future attacks
    • After you and/or your host has restored your site to a previous backup, it’s important to remember that it’s still vulnerable to attack. Now is the time to fix whatever vulnerability in your site, whether it be an outdated plugin or user account so that this can’t happen again. 
  3. Change your passwords
    • Once you have your site restored from a previous backup, make sure to change all of the passwords relating to your WordPress site, including your WordPress admin account, MySQL database, SFTP users, and all others that allow access to your website. WordPress.org has also put together a useful FAQ guide on what to do if your site has been hacked and how to get it back up and running.

In Conclusion

WordPress is a great tool for publishers when used properly and maintained often. However, if you ignore maintaining your WordPress themes and plugins, you could potentially welcome unwanted threats to your site. Keeping your WordPress site secure seems daunting at first, but it’s not that big of a hurdle to overcome. Now that we’ve explored the basics of how the majority of WordPress sites are exploited, you can keep an eye out and know what to look for and what best practices to use on your website.

Questions? Get in touch.

Have a question for our team or need help with WordPress design and/or development? Check out INN Labs' full services here, join us for one of our weekly Office Hours, or get in touch!

NewsMatch Pop Up Best Practices

There have been some changes since our last blog post around Pop Up best practices for NewsMatch and other special campaigns, so we're releasing an updated guide.

Here are some general recommendations and best practices for using popups as part of NewsMatch, year-round campaigns, or special campaigns on your site. 

Installing the plugin

We recommend using Popup Maker plugin for setting up donation and newsletter signup popups on your site. 

Instructions for installing the plugin and creating a popup.

Recommended Pop Up Settings

Your popup should:

  • Be size “Large” or smaller from Popup Maker’s settings
  • Appear at the center of the bottom of the reader’s screen
  • Appear by sliding up from the bottom of the screen, over 350 milliseconds
  • Have an obvious “Close” button
  • Allow readers to interact with the rest of the page (do not use a full-page overlay)
  • Automatically open after 25 seconds (or more) on the page, because immediate popup appearances can be jarring. It can also be set to open after scrolling down a percentage of the page.
  • Be configured to not appear again for 2 weeks or more once dismissed by a reader
  • Be configured to not show on your donation page

You'll need to configure which pages the popup appears on, using the built-in conditionals feature. For disabling the popup on certain pages or in certain cases, read on in this blog post, or check out Popup Maker's paid extensions.

You'll also probably want to review the Popup Maker themes available and modify them to suit your own site's appearances. Once you've modified or created a theme, edit your popup to make it use your theme.

In addition to using Popup Maker themes, you can style popups using your site's WordPress theme's CSS, Jetpack’s Custom CSS Editor, or any other tool that allows you to define custom styles on your site.

What goes in a popup?

NewsMatch will provide calls to action, images, and gifs to be used leading up to and during the campaign. 

Here are some examples: https://www.newsmatch.org/info/downloads

Non-NewsMatch popups should have an engaging, short call to action along with an eye-catching button.

Need help?

There is a ton of additional information on the WP Popup Maker support pages: https://wppopupmaker.com/support/

If you have questions, sign up for one of INN Labs’ NewsMatch technical support sessions or email the INN Labs team at support@inn.org.

WordPress 5.0 and your news organization

WordPress 5.0 was released Decmber 6, 2018 and brings a wealth of new features, including a new post editor.

The new post editor included in WordPress 5.0 called "Gutenberg" provides a more-visual interface that is "block-based." Everything now becomes a block, including "Custom HTML" blocks and shortcodes. Your old content will remain unchanged, but newly-written posts have many new options for customization to drive engagement and increase readers' time on your site.

Continue reading "WordPress 5.0 and your news organization"

Chrome to uphold ‘Better Ads Standards:’ What this means for your site

Source: The Coalition for Better Ads

Google recently announced Chrome's plans to participate in The Coalition for Better Ads' Better Ads Experience Program and support the Better Ads Standards. Sites are currently being reviewed for any violations of these standards. Continue reading "Chrome to uphold ‘Better Ads Standards:’ What this means for your site"

How to use News Match Popup Basics

As part of INN's support for the 2017 News Match campaign, we've released two WordPress plugins to help sites convert readers. News Match Popup Basics provides a little guidance and some useful tools for using popups in your campaigns.

Prefer a video walk through? Watch this tutorial on youtube.

News Match Popup Basics does the following:

  • Creates a new popup with our recommended default settings, using the free Popup Maker plugin
  • Provides a way to disable popups on your donation pages
  • Provides a way to disable popups when readers click a link in your Mailchimp-powered newsletter

Let's walk you through installing the plugin and getting it set up.

Installing the plugin

News Match Popup Basics requires the Popup Maker plugin, so first we need to install that.

On your WordPress site, click on "Plugins" in the Dashboard menu. If you see an "Add New" button at the top of the page, click that.

If you don't see the "Add New" button or the "Plugins" menu, your user might not have permission to manage plugins on the site; you should contact your technical support and ask them to install News Match Popup Basics for you. Your site might require downloading the plugin ZIPs and uploading them via FTP instead of using WordPress' built-in plugin installation tools.

After clicking "Add New" you should be on the "Add Plugins" page. In the "Search plugins..." box, enter "popup maker" — you should see an entry named "Popup Maker™ – Best Rated" appear, by "WP Popup Maker." Click "Install Now" to install the plugin, and then click "Activate". You'll be sent to a page asking you to allow sending certain information to a third party. You can press the "Skip" button without any negative effects. Whether you choose to skip or accept, you'll be taken to the list of Popup Maker popups: none yet exist, and that's okay.

Go back to the "Plugins" page, and inn the "Search plugins..." box, enter "news match popup basics innlabs" and choose the presented popup named "News Match Popup Basics" by "innlabs" — that's our plugin. Install and activate it.

In the Dashboard menu, choose the "Popup Maker" item. This will take you back to the "Popups" page you saw earlier, but there should now be a draft popup named "News Match Default Popup." Click on it.

You'll see an editor page that looks rather like the default WordPress post editor, but with a number of exciting new boxes. You can read more about those boxes at the Popup Maker plugin documentation, which is thorough and well-illustrated.

Our default settings for the popup are these:

  • is not published by default, but requires you to publish it before it becomes active on your site
  • is the size “Large” from Popup Maker’s settings
  • appears at the center of the bottom of the reader’s screen
  • appears by sliding up from the bottom of the screen, over 350 milliseconds
  • has a “Close” button
  • does not prevent readers from interacting with the page by means of an overlay
  • does not have a title
  • automatically opens after 25 seconds on the page, because immediate popup appearances can be jarring
  • once dismissed by a reader, does not appear again for a year or until the reader clears their browser’s cookies, whichever comes first
  • appears on the front page of your site
  • uses Popup Maker’s default theme

You'll need to configure which pages the popup appears on, using the built-in conditionals feature. For disabling the popup on certain pages or in certain cases, read on in this blog post, or check out Popup Maker's paid extensions.

You'll also probably want to review the Popup Maker themes available and modify them to suit your own site's appearances. Once you've modified or created a theme, edit your popup to make it use your theme.

In addition to using Popup Maker themes, you can style popups using your site's WordPress theme's CSS, Jetpack’s Custom CSS Editor, or any other tool that allows you to define custom styles on your site.

What goes in a popup?

We recommend donation forms or newsletter signup forms. For a simple donation form that integrates with the News Match campaign, check out News Match Donation Shortcode.

Finding the News Match Popup Basics settings

From the WordPress Dashboard menu, under Popup Maker, choose "News Match Popup Basics." This is where you configure whether the plugin disables certain popups.

Disabling popups on certain pages

Donation pages should help people give you money, and should have as few obstacles to that goal as possible. Likewise, newsletter signup pages. Strip out ads, remove unnecessary headers, maybe even clean up your footer on these pages. Donation and signup pages should do one thing and do that well.

Popup Maker's free version includes a simple yet powerful Boolean conditionals system that determines on what pages popups appear, but that system only works on a per-popup basis. Preventing popups from appearing on a particular page requires checking every single popup on your site, and modifying their conditions. We've endeavored to make the process simpler.

In the News Match Popup Basics settings, check the box to enable donation page popup prevention, and add some URLs to the box. Each URL must be on its own line. You should remove the protocol from the start of the URL, so that https://example.org/ is entered as example.org/.

A screenshot of the WordPress admin showing the News Match Popup Basics settings page, focused on the URL-based popup suppression feature's settings. The URLS given are example.org/donate/, example.org/newsletter-signup/, and /about/
Example settings for the URL-based popup prevention feature of News Match Popup Basics.

When a visitor goes to a page the URL of which matches one of the entered URLs, News Match Popup Basics will prevent Popup Maker from displaying any popups on that page. You can include URL fragments as well, so if you want to prevent popups on pages that have a common URL name, like every page that has donate in its URL.

Be careful with how general your URL fragments are. By "match" we mean that if the entire text on the line in the box can be found in the URL, it will match:

  • example.org/meow/ will only match example.org/meow/ and example.org/meow/woof/
  • /meow/ will only match example.org/meow/, example.org/meow/woof/ and example.org/2014/03/25/meow/
  • meow will match example.org/meow/, example.org/meow/woof/, example.org/2014/03/25/meow/,
    example.org/2017/10/25/adopt-chairman-meow-adorable/ and
    example.org/category/homeownership/

We named this feature "donation page popup prevention," but in reality it can be used to exclude popups on all sorts of pages.

If you'd like the ability to programmatically exclude popups on arbitrary pages, let us know on this feature proposal on GitHub.

Disabling popups from Mailchimp visitors

In the WordPress Dashboard, under the “Popup Maker” menu item, on the “News Match Popup Basics” page, there is a checkbox that enables MailChimp suppression. There is also a text box to set the utm_source parameter. MailChimp automatically appends this URL parameter to outbound links in your emails if you have click tracking set up.

From one of the emails you have sent, find a link that contains a utm_source= parameter and copy the following argument text, up until any & character, into the text box. For example, a Nerd Alert newsletter sent by INN Labs contained a link that looked like this: https://example.org/?utm_source=Nerd+Alert&utm_campaign=4d4ecd9f68-EMAIL_CAMPAIGN_2017_10_06&utm_medium=email&utm_term=0_1476113985-4d4ecd9f68-421742753. From that URL, you would copy Nerd+Alert into the text box.

A screenshot of the WordPress Admin settings page for News Match Popup Basics, focused on the popup prevention for MailChimp visitors. The setting for utm_source is set to "Nerd+Alert"
An example configuration of the utm_source setting.

Once you have provided a utm_source parameter, checked the checkbox, and saved the settings, any popup that contains an HTML element with an id attribute equal to mc_embed_signup, or a CSS selector equal to #mc_embed_signup, will be suppressed. Suppression works client-side using JavaScript that runs in the visitor’s browser.

If you have multiple MailChimp signup forms on your site, suppression based on the HTML ID of the form will not work for you. You should add a class to all MailChimp forms in popups, and use that as the selector. For more details about this process, see the FAQ entry "Why does MailChimp popup suppression use #mc_embed_signup" at the plugin's WordPress.org entry.

If you'd like better tracking of MailChimp form sign-ups, we recommend that you follow MailChimp's guide on editing forms for better analytics to track popup conversions.

Need help?

If you have questions, join us in our webinar today (Wednesday, October 25) at 1 p.m. Eastern, or contact us at support@inn.org.

GA 101: Basic Metrics and Reporting

google analytics mobile

Welcome to Part 2 of our "Intro to Google Analytics" series! This time we'll be talking about basic metrics and reports you can use to better understand your site's overall performance, audience, and engagement levels.

First Things First

If you haven't set up your Google Analytics account yet – or are worried it's not set up correctly – this guide from Part 1 of this series will show you how. It's important to make sure your code is tracking properly and that you’ve set up filters to collect accurate and reliable data.

Once everything is set up and configured, you should wait a couple weeks for the data to come in. Then, it's time to see how your site is performing! The following metrics and reports will help you start analyzing your site's Google Analytics data.

Basic Metrics

There are more than 400 metric and dimension combinations in Google Analytics that you can use to analyze your data – wow! At a minimum, the following basic metrics are the most important to track:

Sessions: The number of times visitors are actively engaged on your website. Users (see below) can have multiple sessions in a day, week, month, etc. For more detailed information on how a session is calculated, go here.

Users: The number of visitors that have at least one session on your website. This number is good for seeing how many individual people have visited your site.

Pageviews: The number of times people visited a particular page or group of pages on your website.

Pages per Session: The average number of pages viewed during a session on your website. Higher pages per session means users are exploring more of your site and are likely more engaged. On the flip side, make sure to check for people who are hopping around looking for information they can't find!

Average Session Duration:  The average length of visitors’ sessions. Longer sessions typically indicate that users are more engaged.

Bounce Rate: The percent of visits that are single-page only. This is based only on sessions that start with that page. Usually, a high bounce rate is a sign that people are leaving your site (or a certain landing page) because they aren’t finding what they're looking for.

Exit Rate: The percentage of users that were the last in the session. This is the last place a user was before leaving your site and these "drop-off" points are important for understanding where to improve your site.

Percent of New Sessions: An average percentage of new visitors to your website. Keep in mind that this will also include sessions that have since expired and are now seen as "new" or sessions from previous users that are now over private browsers. See more in sessions (above) about how sessions are calculated.

Simple Reporting

Audience Overview 

This overview report will include all of the metrics mentioned above and is easy to update by date range. The best way to track your successes is by comparing your traffic over time.

  1. Log into your Google Analytics account.
  2. Select "All Web Site Data" (the MAIN VIEW).
  3. You’ll land on the "Audience Overview" tab within the Google Analytics reporting section.
  4. Set the data range in the top right corner to your desired time period.
  5. Select the "Compare to" tab.
  6. Select "Previous period."
  7. Hit "Apply."

Referral Traffic

Here's how you can find your main traffic sources from within Google Analytics:

  1. Log into your Google Analytics account.
  2. Select "All Web Site Data" (the MAIN VIEW).
  3. You’ll immediately be taken to the "Audience Overview" tab within the Google Analytics reporting section.
  4. Select the "Acquisition" tab on the left navigation bar.
  5. Select the "Overview" tab.
  6. Adjust the date range in the top right corner based on your preferences.
  7. Hit "Apply."

This report will show you the following information:

Direct traffic: Visitors who arrive to your site by typing your URL into their browser or via a bookmark.

Organic traffic: Visitors who arrive to your site from a search engine (and click on the organic, not paid, search results).

Referral traffic: Visitors who arrive to your site from another website that has linked to you.

Social traffic: Visitors who arrive to your site from a social media network.

Bonus: Monthly Performance Report

The Monthly Performance report summarizes the previous month's data for your site. Google Analytics will send it once a month. Here's what to do to receive the report:

  1. Log into your Google Analytics account.
  2. Click the button with 3 horizontal dots, then click "User settings."
  3. Select "Performance Suggestions and Updates." You can clear the checkbox if you want to stop receiving the report.

We hope you've found Part 2 of GA 101 useful and now understand the basic metrics and reports you should review. In the future, we'll be covering more advanced Google Analytics topics in our blog posts and webinars – so, keep an eye out for them!

If you have any questions about Google Analytics, optimizing campaigns, Google News, Search Console, or anything else related to your site, let us know! The team at INN Labs is always happy to hear from you.

GA 101: Intro to Google Analytics

Google Analytics

If you haven't yet set up Google Analytics for your site, or if you never take the time to look at the data it provides, then you're truly missing out. Google Analytics (GA) is filled to the brim with important information that you can use to boost your website's engagement, improve donation campaigns, increase search rankings, and more.

First, we'll start by making sure you have GA up and running with reliable data. Then be on the lookout for Part Two of this series, where we'll follow up with an overview of the basic metrics and reports that you should be using to your advantage.

Let's get started!

Setting Up Your Account

  1. First, head over to Google Analytics.
  2. Click “SIGN IN”, choose "Analytics" and enter your Google email account information. If you don't have a Google email address, you'll need to create one. Click the “Create an account” link to get started.
  3. Once you've logged in, click the “Start using Google Analytics” button.
  4. Enter an account name, the name of your website, your website URL, your type of industry (News), and your time zone.
  5. You'll also be asked to check or uncheck four data sharing settings. These help Google improve their service offering and are totally optional.
  6. Click the “Get Tracking ID” button at the bottom of the page and accept the Google Analytics Terms of Service Agreement.
  7. We'll want to make sure this snippet of code (the tag) is on every page of your site for you to start tracking and using Google Analytics. Next, we'll talk about how you can quickly and easily do this.

Wrangling the Tracking Code

There are a few different options for adding the tracking code to your site, with some being more manual and technical than others, and some that are tailored to your Content Management System (CMS). Take a look:

  1. If you're using WordPress as your CMS (including the awesome sites using our Largo platform), we recommend installing and activating INN Labs' No-Nonsense Google Analytics plugin. This plugin supports Universal Analytics (the newest type of Google Analytics tracking code at the time of this writing) as well as multiple tracking codes. Once activated, all you need to do is copy and paste your UA code into the settings.
  2. Use Google Tag Manager to add Google Analytics tags to any type of site. This route makes it easier to incorporate tags (snippets) from other sources like AdWords Conversion Tracking as well.
  3. If your site is on Drupal, you can use the Google Analytics module.
  4. Other CMS have settings for Google Analytics built in (like Squarespace), so you’ll just add your UA code into those specific settings.
  5. For all other sites, contact your webmaster to have them manually add the tracking code to your site.

Configuring Your Data

To ensure that you’re only capturing data from outside users (and not showing when you visit sites for testing, editing, etc.) you'll want to filter out your IP address from Google Analytics:

  1. Find out your IP address by going to whatismyip.com.
  2. Log into your Google Analytics account.
  3. Select "Admin" in the top navigation bar.
  4. Under "Account," select "All Filters."
  5. Select "+ New Filter."
  6. Add a filter name, depending on what IP you’re entering. For instance, if you’re adding your home IP address, I would suggest naming it "Home IP Filter."
  7. Select "Predefined filter," and then exclude traffic from the IP addresses that are equal to your IP address. Then enter your IP address.
  8. Apply the filter to the "All Web Site Data" view only.
  9. Select "Save."

Is It Working?

Once you have successfully installed the Analytics tracking code, it can take up to 24 hours for data such as traffic-referral information, user characteristics, and browsing information to appear in your reports. However, you can check your web-tracking setup immediately with one of the following tools:

Real-Time Reports

The Real-Time reports let you see current activity on your site. If these reports have data, then your tracking code is collecting data and sending it to Analytics as expected.

To see the Real-Time reports:

  1. Sign in to your Analytics account.
  2. Navigate to a view in the property which has your tracking code. If you only recently added the tracking code to this property (website), it is likely that there will only be one view.
  3. Open Reporting.
  4. Select Real-Time > Overview or Real-Time > Behavior.

Google Tag Assistant

Google Tag Assistant is a free Chrome browser extension that shows you whether Google Analytics tracking codes (the tags) are firing correctly. It will also give you details regarding any errors, which is great for troubleshooting if you do have any issues. It's also great for other uses (see below).

Frequently Asked Questions

How do I find my UA code to put into a plugin or my CMS settings?

(Example: UA-000000-01)

  1. Log in to your Google Analytics account and select your site's profile.
  2. Click on the Admin tab in the right menu bar.
  3. You'll see your UA code near the top of the page.
  4. Copy the UA code and paste into your plugin or CMS settings.

How and why should I connect to other accounts?

To get the full features of Google Analytics, I highly recommend connecting your other accounts. The accounts most commonly linked with Google Analytics are Search Console (formerly Webmaster Tools), AdWords, or DoubleClick. You can find more information about this from Google here.

I’m having trouble getting my tracking code working, help?

Try Google's Troubleshooter or use Google Tag Assistant to see what's causing the issue.

How do I share accounts?

If you need to add, modify or delete users from your account, here's a handy guide.

How do I find out if there’s already a tracking tag on my site?

Google Tag Assistant comes to the rescue once again! It will show all the Google Analytics tags found on your site and you’ll be able to see if they are the new Universal Analytics (analytics.js) tracking tags or the classic, legacy (ga.js) tags.

What if I DO have another GA tag on my site?

If you have multiple Google Analytics tags, make sure that you only have ONE ga.js tag.

If you have more than one, it will compromise the data for all the accounts associated with your site. You can, however, have as many Universal Analytics (analytics.js) tags on your site as you'd like. Use the No-Nonsense Google Analytics plugin to easily add multiple Universal Analytics tracking UA codes.

In Conclusion

We hope you've found this intro to Google Analytics useful and now understand how easy and important it is to have it on your site. In the near future, we'll be covering more advanced Google Analytics topics in our blog posts and webinars.

If you have any questions about Google Analytics, optimizing campaigns, Search Console, or anything else related to your site, let us know! The team at INN Labs is always happy to hear from you.

Email is a Sacred Space: Designing for Newsletters at SNDCLT 2017

In April I had the chance to attend Unite + Rebel, the Society for News Design’s annual conference in Charlotte, North Carolina. Here’s a take-away from one of the workshops I attended.

Newsletters are an increasingly effective way to distribute your content and build a brand – so what should you keep in mind when designing and writing for newsletters? Quartz’s Priya Ganapati offers some best practices to build your audience and make your newsletter effective.

Don’t resort to clickbait

Newsletters are not about the clicks. Your main goal is to build a relationship with your audience ー and that comes before circulating your content. Ganapati stressed that email is a sacred space. People use email for personal reasons, like communicating with family and friends. It’s important to not litter that space with clickbait.

You should also consider where you want your newsletter to be consumed. The Quartz Daily Brief is an effective newsletter because it can be consumed entirely inside the inbox. Readers have the option to visit articles, but they can also receive all the relevant information from just reading the newsletter itself. It’s quick and easy consumption.

Lenny Letter is another example of a newsletter that lives inside the inbox. The format is simple but effective. Readers can read one article entirely within the newsletter.

Establish a template for your readers and stick with it

Newsletters are habit-forming. Structure your newsletter so that your audience will expect to see the same sections in their inbox.

Ann Friedman’s newsletter is a great example of this – it’s the same format every week. You want subscribers to get used to a pattern. In Friedman’s case, she has sections dedicated to her writing, curated links, GIFs and more. She’s even managed to monetize members-only sections in her newsletter that require a paid subscription.

Prioritize mobile and simplicity in your design

Newsletters should not have too many images because there is always the risk of visuals not loading. This is especially important because newsletters tend to be consumed through mobile devices.

Visuals should be chosen carefully to complement the surrounding content, but they shouldn’t act as the content itself. Text should be legible, and the overall layout should be simple enough to work within the constraints of the email format.

According to these principles, Thrillist’s newsletter is arguably a poorly designed newsletter. There’s no content that lives within the email itself, and readers have to click links that take them outside the inbox. Images take up too much real estate, are slow to load, and make the newsletter feel like clickbait.

With a gross open rate of 70 percent, New York Times newsletters are notoriously effective – and this NYT Cooking letter is a great example of how to use images appropriately. The template consists of only two parts: a short essay, which sometimes includes a recipe that lives inside the inbox, and a handful of curated recipes. Images complement the surrounding content but are not necessary to gain value from the newsletter.

What makes a signup page effective?

The first barrier to building a newsletter audience is collecting emails. Below are some best practices for structuring your signup page.

Less is more

Fewer fields lead to higher subscription rates. If you want more demographic information, consider making that an option for the subscriber but not a necessity.

Quartz asks for the subscriber’s demographic information only after the subscriber has provided their email address. Ganapati said there’s a 50 percent drop off from people who sign up for the newsletter to readers who continue to put in their demographic information. While that loss is substantial, it’s still better than losing potential subscribers by overwhelming them with too many form fields. Getting the email address is the first priority.

Offer content previews

Newsletters are about cultivating a specific audience and building a special relationship. You don’t necessarily want everyone to sign up for it. Offering a sample newsletter on a landing page could be a potential way to entice more subscribers and screen out people that wouldn’t be interested in subscribing.

The New York Times provides a sample for almost every newsletter they have, which gives the subscriber a preview of what they’re getting into. You could also provide a link to an archive.

Keep the readers’ needs in mind

The key to writing and designing for newsletters is to prioritize the needs of the reader. Focusing solely on circulating your branded content will only make your newsletter seem like clickbait. The best newsletters use curated content to create a specific user experience that aligns with the brand.

Designing with these principles will ensure that your newsletter breaks through the noise and engages and builds your audience.

Design Your Stories with Transparency: The Trust Project at SNDCLT 2017

Last week I had the chance to attend Unite + Rebel, the Society for News Design’s annual conference in Charlotte, North Carolina. It was a wonderful opportunity to engage in conversations about design’s role in journalism and innovations in visual storytelling. Here’s a take-away from one of the workshops I attended.

What is design’s role in building the public’s trust in news? That was the primary question raised by Sally Lehrman of The Trust Project, an organization dedicated to deciphering technology’s role in ensuring trustworthy journalism reaches the public.

Structuring the News Page with Integrity

We know that journalism is distinct from other kinds of information on the web. Signalling that stories are produced with a commitment to transparency and integrity is crucial to building a relationship of trust.

Above is a live prototype from The Trust Project’s design workshop that demonstrates one way newsrooms could potentially integrate transparency within the article page. The prototype shows how you can integrate information like named/un-named sources, corrections, and citations in an easily accessible manner within the story.

One Size Doesn’t Fit All

News consumers are not a monolith. To rebuild trust in the news, one must also engage different types of users. Lehrman identified four categories of news readers:

  1. The Avid reader actively curates personally relevant news and spreads it on social media, believing that being uninformed is dangerous.
  2. The Engaged reader believes that news should be an equal opportunity offender: If no news offends you, it isn’t doing its job. These readers seek out quality local news.
  3. The Opportunistic reader thinks that most news is trying to sell a viewpoint or agenda. This reader consumes news in a much more passive manner – scrolling through Facebook, listening to the TV during lunch breaks – as opposed to the Avid or Engaged.
  4. The Angry and Disappointed reader feels disconnected and disappointed with news media and has the least trust in the news.

What Do Readers Want?

After researching different types of news consumers, Lehrman summarized what readers seek from the media.

  • Transparency: To build a trustworthy relationship with your readership, you need to share some information about your organization itself. Readers need to understand your positioning and agenda – they want to know why you publish the stories you do.
  • Reliable Reporters: Readers need to have confidence in the person telling the story, and they want to know about a reporter’s history, expertise, and biases.
  • Variety of Perspectives: While the general public frequently gravitate toward stories that reinforce their own worldviews, readers recognize that stories with multiple perspectives are more trustworthy. It’s important for readers to know why the story is relevant to them and to understand how their communities are affected.
  • Credible Sources: Readers check for the source of information to verify if a story is authentic. They want to know where the information is coming from and why those sources were chosen.
  • Participation: Readers want to be included in the process and make their opinions heard.

Trust Indicators

With these needs in mind, what can news organizations provide? Lehrman identified eight actionable trust indicators. These were defined through the Trust Project’s collaborative workshops with over seventy news organizations and around one hundred and fifty people.

  • Best Practices: Provide resources like an ethics policy behind your organization and word choice explanations. An example might be explaining why your organization uses the word “migrant” over “immigrant.”
  • Author Expertise/ID: Provide details about the reporter, share background information about their expertise, and acknowledge any biases they have. Let readers know who the author is and show them information about other projects the author has produced. A simple way to do this is having the byline be linked to an author and story archive.
  • Label Story Type: Clearly identify different types of content to distinguish reports from opinion.
  • Citations and References: Give readers access to the sources and facts. Include the reasoning behind why they were chosen.
  • Methodology: Readers want to know how the story was created and what editorial choices were made. Tell the story behind the story.
  • Location/Local: News can have a greater impact on communities if readers know which stories are local to them.
  • Diverse Voices: Prioritize diverse viewpoints, and pay attention of which voices are included or missing from the story. Include viewpoints from multiple political or ideological perspectives, and make a point to include perspectives from women, people of color, and other underrepresented groups.
  • Actionable Feedback: Foster participation after publication by creating a space for dialogue for the reader to contribute to the story. Let readers reach out to the story’s producers and share their opinion. An example could be a Slack channel letting readers chat directly with editors and authors.

The Trust Mark

Providing these indicators on the story page is a challenge – how can we make this information easily accessible to the reader but not be overwhelming? One possible solution is placing a “Trust Mark” on the story page. The mark would signal that the story was produced with quality and transparency. Readers would be able to click on the mark to see the different trust indicators.

Questions, Questions, and More Questions

The end of the workshop was opened to the audience for suggestions, reactions, and ideas. Some of the topics raised included:

How effective is the trust mark? If people already don’t trust the news, will a trust mark do anything to change their opinion? Fake news sites are implementing increasingly sophisticated designs on their homepages, making the distinction between real news and fake news even harder. What’s to prevent them from creating their own badge of legitimacy?

How do we increase news literacy? Building a relationship with your readers requires that people read more and develop skills for discernment. How can we educate the public on these skills?

And the big question...

How do we spread real news? Publishers frequently focus on producing news rather than circulating it. It can be a challenge to encourage real news to spread across the ideological bubbles perpetuated by social media, but The Trust Project is providing actionable solutions to help newsrooms foster deeper audience engagement and highlight the competency, ethics and dependability of their work.