Tuesday, October 18, 2016

Confused About Caching my Wordpress Site

I am trying to make my wordpress site faster.


Why ?

Because ... I want to work on optimization, this is purely premature optimization on my part, but this is a side I wanted to investigate for a long time now, so I read about it, and will attempt to write down my findings, which might go out as a series of questions as there are lots of aspects which are still not clear to me.

Actually, my site isn't even built now which might affect my conclusions, as I won't be able to test the differences between the caching systems, and my motivation is lower as I don't have a real advantage in caching ... yet.

The reason I am delving into this subject is just to understand the concepts and as times come where my site will be popular and a way to optimize it will really be needed, I will have some caching infrastructure already in place for the future caching optimizations.

For example, if I understand that NginX is a faster web server than apache, then I might as well begin the site with NginX, so I won't need to change my infra structure later on.


So without further ado

From the web server perspective, it seems that Nginx is faster than the apache web server, this is a fundamental change, which I think to adopt.

PHP7 instead of previous versions is also a real time saver as it works twice as fast as previous versions, this seems like a good thing to implement from the beginning as if I will change it later on when the site is already web established, I might encounter plugins which don't work with php7, and I prefer to look at these things early on, so compatibility issues won't even start, and even if they will appear they won't affect many users.

I won't change php7 for HHVM as the performance gain isn't significant enough, and the compatibility issues are much harder to solve than with php7.

Changing the wordpress DB with a MariyaDB also seems like something I should adopt early on as the MariyaDB should be fully compatible with any plugin with need of the mysql db, and the performance gain should be nice, speaking of the DB, I should change the db table engine to xtraDB.

I should consider changing the comment system with disqus, this will gain in performance as the caching system won't need to render the php for every new comment as they will come from a 3rd party place - this one should be further investigated.


Ok, I can't avoid the caching systems anymore, so here I come

There is server caching, and there is wordpress caching.
The actual caching is split between several different types of caching: object caching, db caching, static page caching, php rendering caching and others.

I will begin with the easier side - the wordpress side - in order to enable caching in wordpress I will use a caching plugin, as there are many wordpress caching plugins, I will narrow it down to two main options which seem the best caching options for wordpress when searching the web:
  • Super cache - Created by a guy from "Automatic" - this cache plugin is super simple, install and forget and it will do the rest for you, it seems that it only caches the static data and doesn't do any other work from the other caching perspectives (should be installed with autooptimize?).
  • W3 Total Cache - Sophisticated cache which includes many caching types.
Both of the above seem to have close results (which makes me wonder, as the w3 total cache has many caching options so why isn't it much faster than the super cache).
Both are free and highly maintained.

The above should be better inspected to see if super cache + another plugin for minification (autooptimize?) + another plugin for DB caching gains much better results or if it is the same as the w3 total cache in which case I should probably cast my vote for the one plugin which does it all, unless I go for server side caching for some of the above cachings which move me to the next point.

I just don't get it, if I have the means to do server side caching, and have means to do the same functionality using wordpress plugins, what does it mean ?
Are they the same ?
Is one better than the other ?

From my simple side of view it seems that wordpress plugins are simple to manage - all from the same dashboard, and do not include a full additional component which adds lots of complexity.
On the other side, server side caching sounds as if it is much more powerful (is it?), and gets you to install a component which applies to all of your sites, which means that if you have several sites on the same server and you add a server side caching, then all sites gain the caching advantage and you don't need to install the same caching plugin on all of the sites.

And there is CDN, which is offloading the content of the site to the external content delivery system, but what does it mean regarding caching ?
If I now serve my site from a different location from servers which are not mine, is there any use to cache my site at all ? - the only one accessing it will be the CDN, so why should it be cached ?


So I will boil down my question to this:
  • Caching is good
  • Caching can come in many forms, php cache, db cache, page cache, object cache etc
  • Caching can be done in the client as a wordpress plugin
  • Caching can be done on the server side by installing caching components
  • Caching can be done on the CDN
  • So what should be cached, and where is best to cache it !? 

Monday, October 10, 2016

How to Best Optimize Your Site

You have a site, or want to create one.

You want your site to uphold all best practices and standards so all search engines will love it, thus grant it a high location in their results.

You want your site to be speedy (for your user's sake and for the search engines').

Before putting down my 2 cents, let me point you to a prior article of mine in which I have recommendations for your site upgrade

Here are a list of suggestions accumulated over time.

Please note that many will view these suggestions as premature optimizations thus should be implemented only after you have many users etc or else it isn't worth it - they may be right...


Hosting Web Environment

  • Don't use Shared hosting! (Not even a reseller account) - they suck and from time to time there are shameless downtimes !!!, You should at least go for a VPS if not something better, and nowdays they aren't that expensive, several educated recommendations
    • Vultr
    • KnownHost
    • DigitalOcean
  • OS, well, admittedly, I don't know enough here, but from whispers on the web I would choose them in this order
    • Centos
    • Ubuntu
    • Debian
  • Internet Protocol - Http is a very old protocol, a much faster alternative was created by google called SPDY, which is now replaced with a better alternative which is HTTP2
  • Web Hosting, although the apache web server has been around for a very long time and most people choose it as the default web server, it seems that Nginx enjoys better performance, there are several aspects worth noting though
    • No htaccess file in Nginx (use nginx conf file instead which is mych more optimized)
    • Tweak Nginx to work nicely for your site as the OOTB configurations aren't always best for all sites.
  • Hosting Admin Panel, Now that you chose not to work with a shared hosting, then you should install an admin panel (like CPanel) on order to control your nginx web server
    • Webmin / Virtualmin with Authentic or BW theme
    • ISPConfig ?
    • Ajenti ?
  • PHP alternative, barring compatibility issues (some sites won't work well with php alternatives, like some wordpress plugins etc), it is highly recommended to change from php 5.6 to a better php renderer, my recommendations are as follows
    • PHP7 - Much faster, and even if compatibility isn't fully supported, it will be, so if you are running a CMS and a plugin isn't compatible, I suggest finding an alternative to the plugin rather than for php7 (and a supported plugin will upgrade itself to support php7)
    • HHVM - This is a PHP renderer by Facebook which is faster even than php7, but I recommend php7 over this one as compatibility issues might spring (with no future plans to fix the site to support hhvm) and the speed increase over php7 isn't significant.


Wordpress Tweaks

  • For best performance, static pages are the fastest serverd web assets (much faster than server rendered php etc), If you need a CMS (Content Management System) then prefer a flat file CMS like GRAV
  • Wordpress is the goto for CMS sites as it already has a huge plugin base, I will give my recommendations assuming you are using Wordpress
  • For any site using MySql, change it to the faster MariyaDB, it should be a seamless change as MariaDB has the same API as MySql, but you will gain a faster DB
  • For wordpress sites, the best table engine should be innoDB, or even better in MariaDB use the xtraDB
  • Disqus comments instead of wordpress comments


Security

  • Security handling is a must as a site with low security will be hacked and viruses will be uploaded to it / users will be directed to bad sites, bandwidth will be exceeded and your site will go offline, or simple DDOS attacks will just crash your site
  • First layer of security should be handled by the server thus saving time and bandwidth of requests arriving to the actual site and a plugin defeating them
  • Fail2ban should be considered as well as others (more research should be done here)
  • HttpBL (Project HoneyPot) - can it be integrated to NginX ?
  • Bad Behaviour which has a wordpress plugin (Here you can integrate the above httpBL)
  • 6G Firewall which has a wordpress plugin
  • Akismet for wordpress comments
  • Blackhole wordpress plugin (ingenius spam bot eliminator)
  • Another good Wodpress security plugin can be Wordfence


Site Architecture guidelines
  • SSL is the right way to go - for the whole site
  • Site should be Schema.org compatible
  • For best site performance (and google tagging) use AMP for site frontend
  • All site assets should be thrown into an optimizer which will minify/compress (lossless) etc all assets, for this just dump the whole site folder into FileOptimizer
  • GZIP compression should be enabled on the server
  • Try to use only the best built plugins from the wordpress repository, for that purpose, use the Jetpack by Automatic which is a pack of plugins which you know are optimised in the best way as Automatic created them, which means that they are probably coded better than the alternative.


Caching

  • Use a caching system to serve static pages instead of dynamic pages
  • Compare server caching vs or with wordpress plugins caching
  • Wordpress caching
    • Super Cache
    • W3 Total Cache
  • Server caching
    • OpCache for PHP caching (embedded in php, no config needed in WP)
    • FastCGI (better than varnish (which also doesn't support https)?) for page caching
    • Memcached or Redis for DB caching

    • Nginx + FastCGI Cache + TMPFS disk cache or Memcached
    • Others ?


Conclusion

For the conclusion I will setup two imaginative sites

Fastest Site:
Infrastructure: VPS (Vultr), Centos, NginX, Webmin (as a panel), PHP7, Server Cache
Site: GRAV CMS, Disqus comments, Bad behaviour + blackhole + 6g firewall for security, All assets optimized, SSL, Schema.org, AMP (frontend)

Fast ans simple to maintain site:
Infrastructure: VPS (Vultr), Centos, NginX, Webmin (as a panel), PHP7, Server Cache
Site: Wordpress (MariaDB using Xtradb engine), Automatic plugins (AMP, Forms, Photo gallery, Akismet etc), Security plugins, BB + 6g + Blackhole + Wordfence, SSL, Schema.org

How to Best Optimize Your Site

You have a site, or want to create one.

You want your site to uphold all best practices and standards so all search engines will love it, thus grant it a high location in their results.

You want your site to be speedy (for your user's sake and for the search engines').

Before putting down my 2 cents, let me point you to a prior article of mine in which I have recommendations for your site upgrade

Here are a list of suggestions accumulated over time.

Please note that many will view these suggestions as premature optimizations thus should be implemented only after you have many users etc or else it isn't worth it - they may be right...


Hosting Web Environment

  • Don't use Shared hosting! (Not even a reseller account) - they suck and from time to time there are shameless downtimes !!!, You should at least go for a VPS if not something better, and nowdays they aren't that expensive, several educated recommendations
    • Vultr
    • KnownHost
    • DigitalOcean
  • OS, well, admittedly, I don't know enough here, but from whispers on the web I would choose them in this order
    • Centos
    • Ubuntu
    • Debian
  • Internet Protocol - Http is a very old protocol, a much faster alternative was created by google called SPDY, which is now replaced with a better alternative which is HTTP2
  • Web Hosting, although the apache web server has been around for a very long time and most people choose it as the default web server, it seems that Nginx enjoys better performance, there are several aspects worth noting though
    • No htaccess file in Nginx (use nginx conf file instead which is mych more optimized)
    • Tweak Nginx to work nicely for your site as the OOTB configurations aren't always best for all sites.
  • Hosting Admin Panel, Now that you chose not to work with a shared hosting, then you should install an admin panel (like CPanel) on order to control your nginx web server
    • Webmin / Virtualmin with Authentic or BW theme
    • ISPConfig ?
    • Ajenti ?
  • PHP alternative, barring compatibility issues (some sites won't work well with php alternatives, like some wordpress plugins etc), it is highly recommended to change from php 5.6 to a better php renderer, my recommendations are as follows
    • PHP7 - Much faster, and even if compatibility isn't fully supported, it will be, so if you are running a CMS and a plugin isn't compatible, I suggest finding an alternative to the plugin rather than for php7 (and a supported plugin will upgrade itself to support php7)
    • HHVM - This is a PHP renderer by Facebook which is faster even than php7, but I recommend php7 over this one as compatibility issues might spring (with no future plans to fix the site to support hhvm) and the speed increase over php7 isn't significant.


Wordpress Tweaks

  • For best performance, static pages are the fastest serverd web assets (much faster than server rendered php etc), If you need a CMS (Content Management System) then prefer a flat file CMS like GRAV
  • Wordpress is the goto for CMS sites as it already has a huge plugin base, I will give my recommendations assuming you are using Wordpress
  • For any site using MySql, change it to the faster MariyaDB, it should be a seamless change as MariaDB has the same API as MySql, but you will gain a faster DB
  • For wordpress sites, the best table engine should be innoDB, or even better in MariaDB use the xtraDB
  • Disqus comments instead of wordpress comments


Security

  • Security handling is a must as a site with low security will be hacked and viruses will be uploaded to it / users will be directed to bad sites, bandwidth will be exceeded and your site will go offline, or simple DDOS attacks will just crash your site
  • First layer of security should be handled by the server thus saving time and bandwidth of requests arriving to the actual site and a plugin defeating them
  • Fail2ban should be considered as well as others (more research should be done here)
  • HttpBL (Project HoneyPot) - can it be integrated to NginX ?
  • Bad Behaviour which has a wordpress plugin (Here you can integrate the above httpBL)
  • 6G Firewall which has a wordpress plugin
  • Akismet for wordpress comments
  • Blackhole wordpress plugin (ingenius spam bot eliminator)
  • Another good Wodpress security plugin can be Wordfence


Site Architecture guidelines
  • SSL is the right way to go - for the whole site
  • Site should be Schema.org compatible
  • For best site performance (and google tagging) use AMP for site frontend
  • All site assets should be thrown into an optimizer which will minify/compress (lossless) etc all assets, for this just dump the whole site folder into FileOptimizer
  • GZIP compression should be enabled on the server
  • Try to use only the best built plugins from the wordpress repository, for that purpose, use the Jetpack by Automatic which is a pack of plugins which you know are optimised in the best way as Automatic created them, which means that they are probably coded better than the alternative.


Caching

  • Use a caching system to serve static pages instead of dynamic pages
  • Compare server caching vs or with wordpress plugins caching
  • Wordpress caching
    • Super Cache
    • W3 Total Cache
  • Server caching
    • OpCache for PHP caching (embedded in php, no config needed in WP)
    • FastCGI (better than varnish (which also doesn't support https)?) for page caching
    • Memcached or Redis for DB caching

    • Nginx + FastCGI Cache + TMPFS disk cache or Memcached
    • Others ?


Conclusion

For the conclusion I will setup two imaginative sites

Fastest Site:
Infrastructure: VPS (Vultr), Centos, NginX, Webmin (as a panel), PHP7, Server Cache
Site: GRAV CMS, Disqus comments, Bad behaviour + blackhole + 6g firewall for security, All assets optimized, SSL, Schema.org, AMP (frontend)

Fast ans simple to maintain site:
Infrastructure: VPS (Vultr), Centos, NginX, Webmin (as a panel), PHP7, Server Cache
Site: Wordpress (MariaDB using Xtradb engine), Automatic plugins (AMP, Forms, Photo gallery, Akismet etc), Security plugins, BB + 6g + Blackhole + Wordfence, SSL, Schema.org

Wednesday, June 15, 2016

Earn Extra Money Home

How to Earn extra money from home

Work from Home
In the following thorough article I will explain the way I use to earn extra money online.
I will pour out all of the details, explaining exactly what I do - take it or leave it.

The "method" I use can be a way to earn extra money or a way to change your day job completely and live off this method by earning more than enough to live from.

I am no "guru" and am not selling anything, I am just a programmer which searched for the best way to earn moeny online for about 7 years now!!, and only the last year I finally found the one good way to do it and earn thousands of dollars each month, please note that about 6 years I managed to scratch just about 100$ per month till I found this way which I use to earn about 3000$ per month and counting.

This is the "Index" of my article with the main points I will write about:
  • Earning money as an affiliate
  • Doing it the wrong way
  • My Personal Story
  • Who earns online ?
  • Earning money the right way
  • Detailing the way I earn money exactly step by step
  • Summary and Final Thoughts

So let us begin:

Earning money as an affiliate

Become an Affiliate and Earn the big bucks

I won't say there is only one way to earn money online, but for me the simplest one I found was to work online as an affilate.
Affiliate marketing is a term of a person selling a product he doesn't own, and earning a percentage of the sale.

One of the most famous affiliate programs is Amazon's affiliate program, they offer about 7% of any sale you will direct to their site, so lets say you have a big mailing list of about 10,000 people and you refer them to an Amazon product you recommend which costs 100$ (using a special link you get from Amazon so they can know you referred the customers thus are entitled for your 7% of the sale), from your 10,000 faithful readers, 1000 readers go to that link to check that product, and from those 1000 only 40 people buy that product, still 40 people buying the 100$ product is 100 * 40 = 4000$ earned by Amazon because of you.
As you are entitled to 7% of these sales you will earn 7% * 4000$ = 280$

The good thing about being an affiliate marketer is that if several people aren't satisfied with the product, then they can refund it or whatever they want and it doesn't bother you at all.
You don't need to hold stocks of that product in a warehouse, you don't need to refund and lose money over shipment, you don't need to take care of shipment at all nor think about taxes or payment gateways etc - the good life of an affiliate marketer!

But still, you probably don't have a 10,000 reader email, right ?
And 7% isn't high enough :-(

So what can you actually do to earn more ?

I suggest not looking too much at Amazon's affiliate program as the percentage you can earn from each sale is low - and understandably so, because we are talking about PHYSICAL products, each one needs to be shipped and packaged, stored and be counted for, and above all else there is huge competition for each product so the seller's earning margin must be low so he can compete the other sellers.

So which affiliate program DO I suggest ?
I suggest staying in the affiliate marketing business, but selling a virtual product and not a real one, thus each additional product sold doesn't cost the seller any moeny (except for creating the initial product), so the seller can offer a much higher percentage of revenue to you as an affiliate of his (yes, I am talking about 30%-70% of earning from each sale).

So if for example you have that 10,000 readers list, and you pitch this product (online course for example) which costs 50$, and your gain from each sale is 50% then from those 40 people buying the product you will earn 40 * 25$ = 1000$ ! (now that is better)

Which affiliate programs do I suggest ?
I like using Clickbank as my affiliate program as they have lots of products under their belt and I have used them for several years now and they paid me a lot of money till now :-)

So let's sum it up:
  • Sign up to an affiliate program
  • The above affilate program should be selling virtual products
  • My recommendation is to use clickbank as your affiliate program

Now you only need to:
  • Build a website selling that virtual product
  • And people to get to your site

I won't delve into the grindy technical details of a domain name, hosting of the site, SEO details and a lot more, not because they aren't important, but just because they don't fit into this specific article (as each one of the above details should be fitted into it's own article), but basically, you can build a site wherever you want with whichever hosting you pick and just stick your product details there (more on that later).

How will you get people to your site - well, this is the million dollar question - which I will explain how to do in this article so keep reading as I am spilling all of the beans here!
In a nutshel - In order to get people to your site you will post articles into your site, which people will read and then they will click on your product in order to buy it.

What about SEO?
SEO - Search Engine Optimization is something I will teach you here to master (I will teach you only the first steps of it but you will read online and master) as your site should be google-friendly.

BUT this is biggest hurdle and people fall for bad SEO all of the time - I will explain what I mean in the next topic

Doing SEO the wrong way

Nooo, don't go to the wrong way ...

As you understand by now, the biggest problem is getting people to your site for free.
You can build the most beautiful site on the web but if nobody visits your site then all is in vain.

This is where people fail, many people try to earn a living online or at least make some extra cash online, most fail because they do it the wrong way  :-(

What is the wrong way ?
The wrong is trying to do "magic" to get people to your site, trying to get visitors without much work.

This is how it happens:
A guy finds his affiliate program
The guy builds a beautiful website
the guy is now tired of the work he did till now and so he searches for ways to get people to his site
The guy writes on google something like "how to get visitors to my site"

The guy finds lots of so-called "gurus" proclaiming they have the best and quickest way to get people to the guy's site and so he is tempted to pay only 47$ in the good scenario, 97$ per month in the worse scenario, and then lots of money goes to the guru, lots of work for the affiliate marketer with partial results which can give him just enough hope to continue paying the guru while earning nothing to some minor amount not justifying the work and money spent.

And then the guy's site gets penalized by google for using a forbidden tactic, and all of his hard work and hard earned moeny goes for nothing.

Usually those guys will try after some time an other guru or an other trick - all for nothing (or in my case for 100$ per month which don't justify the thousands of hours I worked till earning that amount not to mention all the moeny I threw out of the window)

Now you probably ask yourself - aha - what is the difference between my technique and all of the rest of the techniques which I proclaim not to work ?

Well, that is a good question, please read on as I am going to explain exactly how I do it (yes, I really earn about 3000$ per month now), with no bullshit attached.

To sum this chapter up:
The wrong way to get people to your site is to search online :-) as you will find many "trciks" and "gurus" bullshitting you, where you will spend lots of time and money while getting nowhere except being banned by the search engines for doing tricks and shticks.

My Personal Story

My Own Journey

About seven years ago I decided that the internet is a great place and that I could have a small bite of the internet revenues, it was a simple thought:
  • Billions of dollars are spent online monthly
  • I am a talented developer (Java and Web)
  • I am smarter than most of those people earning online
  • So I can earn a small bite (small bite from billions) which can enable me to work from home and stop being a dayjob worker for any other boss
  • Even if I fail to gain huge amounts of money and my bite in the world's revenues is really small - I can still earn some extra cash which can come in handy
Thus I began my search online:
  • How to build a site
  • Where should I build it
  • Different hosting plans at different companies
  • Domain names
  • Affiliate programs
  • SEO
  • How to trick the search engine
  • Rinse and repeat - if I build one site that earns only 5$ per month, I can then replicate it and build 200 sites like that one, earning 1000$ per month

The only thing I gained from the above is a huge amount of information about the whole site/dns/domain/hosting/seo scene. (which is great of course)
But I didn't earn nearly enough (100$/month at my peak).

What were my mistakes?
I was always on the search for quick gains
I tried to trick the system
I didn't focus long enough on any individual site, I replicated my sites too early
I wasted much too much time buying tools to do some bad job or even worse, I built several tools myself which as you know or not takes a lot of time!
I always looked for solutions which can get me a passive income, some magic trick where I could "fire and forget", build a cow and always take it's milk (apparently it doesn't work that way)

Which tools did I build/buy (which you totally shouldn't if you want my advice)?
  • Tools to get links to my site (yeah, shady tools) like comment posters on many different platforms
  • Tools to spin and put garbled text in my site (very bad practice, one which got me finally banned from google)
  • Many others, but most of them were of the two categories above

This sad story has a good ending though, as I stumbled upon a site explaining the right way of doing things (yes, all will be explained on the next chapters on this article, I am not hiding anything) and my head exploded, I understood all of my mistakes on that moment and knew I must scratch out all of my previous sites and failings and start anew with the right model leading the way.

Thus I have looked around to see, who is actually making money online ?

Who earns online ?

Real People Earn Real Money

In order to find the right way to earn online I looked around to see who DOES really earn online ?I was shocked to understand the very simple truth, most of the people earning online are dumb people!, yup, people who know nothing about SEO, know not a trick nor a guru, just plain straight people which started a site and did some hard work on it writing hundreds of posts in their blog or capturing hundreds of hours of youtube videos or many other hard working people.

So I asked myself, how come they earn so much and I with my 200 sites!!! (yup, I built over 200 sites over those 6 years) earned just 100$ per month !?  It just didn't make any sense.

That was when it dawned on me - my question was my answer!
The sophisticated people don't manage to earn much online, the simple people do

The REAL thing actually works, the single natural real site of that dumb person does better that my 200 sites (several times over), I am a very smart guy (especially in the internet ways), and I got trampled by people knowing close to nothing about the internet - WTF?

I felt like the rabbit which got beaten by the turtle.

What did I do wrong?
EVERYTHING!

I created nothing real, I created no real value for my visitors, I didn't look for the best interest of my visitors I looked for the best way I can earn moeny from them.
It sounds like a small distinction but it encapsulates the whole deal for earning online.

And the smart search engines caught me every time and threw my sites down the search engine results grid over and over and over again.

The way to earn money is not to trick google
The way to really earn money is to create something with real value which google will find and will understand the real value of it, thus will put my site with its value on the top of its search results.

To sum up this paragraph:
The plain and simple sites which want to give their users real value earn the most online
The sites which try to trick google will never win (they might earn something small for a short amount of time but nothing will last)
The way to really earn extra cash online or even earn so much so you can change your dayjob is to put real value into your site, value which will benefit your users causing your site to be appreciated by users and search engines alike.

Earning money the right way

Yes, there IS a right way!

I want to finally specify the right way to earn lots of money online

I myself use it for a full year now and it works (3000$/month every month and counting).
As you probably figured if you read this far, I am talking about providing real content on your site, getting real people to read your good and quality content, getting them to trust you and buy your product.

The thing is google (and all of the major search engine follow google's lead) understood its mistake in giving precedence to sites with lots of links (although spammy) and with bad content, so google actually officially scratched out the imfamous google-pagerank and created new algorithms to define a page's quality, generally speaking google's new algorithm searches for the page's authority more than other factors.

So you want to be an internet authority on a specific subject, thus google will point people your way when they search for an authority which can give them good data about the subject you are an authority about.

How do you become an online authority ?
Warning: In order to become an authority HARD WORK is required, you won't be able to get where I am now without putting at least two hours a day.

In the next paragraph I will specify the actual details of the work you should put to get there, but I will write the steps you need to take now - in a nutshel

  1. Focus on only one niche/subject
  2. It should be a passion of yours or you might find yourself not wanting to put the time into the site
  3. Build a site about the niche you chose
  4. Do some keyword research
  5. Write an article every day
That's it (details on the next chapter).
I guarantee the following:
In 2-3 months you will get your first sale
In half a yearyou will get to a sale per day
In a year you will get to the 1000$-3000$ per month salary!

No need for any SEO voodoo
No need for social networks (althogh those might help)
No need for a mailing list (although it is advised)

Just write your post per day and you will get to the 3/6/12 months goals I specified above - I promise

Even without understanding the google internals, you can still understand the logic, you put good quality content online, you become an authority on your niche, google understands that you are an authority/expert in that niche thus google will point visitors to your site.

Simple.

What is the exact recipe to doing the above? - read on!


Detailing the way I earn money exactly step by step

Step by Step Tutorial

  1. Find a niche which you feel comfortable in, you will write hundreds of articles about it so it really should be something you are passionate about.
    • The above "niche" is a subject you want to talk about, it should be broad enough so you will have enough content to write about, but it shouldn't be too broad or else you won't be specific enough for google to understand what sort of expert you are, for example instead of picking the animal niche which is way too broad, you should be more specific and pick something like rabbit training or even rabbit world where you will talk about rabbits, rabbit food, rabbit training or anything you think about.
  2. You must master keyword research - Keyword research means what are the words people put into the search engines and search for information with; You are looking for a search term which lots of people use but which doesn't have a tough competition - In a nutshel
    1. You will do keyword research for everything on your site, every post you want to write will title a good keyword (many searches but meager competition)
    2. The idea is that if for a specific keyword there isn't lots of competition, but there are lots of people searching for it, for example lets say that 15 people per day are searching for "inhouse rabbit training" and noone writes about it, then your post will get all of those people into your site, so now you got 15 visitors per day to your site, so if you have 100 posts like that (you will get to 100 posts in half a year max) then you got yourself 1500 visitors per day which is a lot!
      1. Tools I recommend for keyword research (both free)
  3. Internal SEO - I know I said SEO is bullshit but you should take some aspects of SEO into mind when building your site, like the actual links (permalink), some meta data, h1 tags, internal linking and putting the keywords in the first paragraph of the post you are writing - most aspects of SEO can be handled by wordpress if you choose to implement your site using that CMS, then install all in one SEO plugin and fill all of its fields for each post.
    • Suggested Tools: 
    • Wordpress installed on your own hosting with your own domain
    • All in one SEO plugin for the wordpress site
    • Actually there are many other plugins, but for starters begin with the above
  4. A Post every single day
    • Each post should be titled with a good keyword title
    • Meta data and category/tag names should be used
    • Each post should contain at least 500 words
    • Each post should promote an affiliate link or link to a post/page which promotes an affiliate link
  5. The page on the site promoting your main affiliate offer should contain a big 2000 words article, containing great information, this page should be linked from many other posts, this post should contain high quality content.
  6. You should spend at least two hours per day on your site, looking at what you can optimize, make better, upgrade-the-look-of in your site, in that time you will make the site active so make sure to answer each and every comment or email reachout. You can spend that daily time to read about your niche (making you smarter about the content of your site) or you might surf the web making you smarter about techniques to make your site better (for example look at the next bullet)
  7. Bonus things to do: Add an emailing list, Create your own eBook on your site, Create social accounts and be always active on them etc.

If I need to point to the two big things you should do on the site which will make the change then I will point to Keyword Research and an article (almost) each day.

Summary and Final Thoughts

Go for it!

In the above article I wrote about all of the aspects of earning money online: the good, the bad, my personal journey and the way I use to really earn a nice sum of money each and every month.
Just follow all of this article's leads, and especially the final chapter details, and you should do really well, no need for any other guru/utility/magic tool and so on.

That being said, I understand that although I failed in earning money in my first six years, I still did gain lots of knowledge which helped my final step to be worthwhile.

So my suggestion is that if you have all of the previous knowledge to follow my path I depicted in this article then please do, and there is (almost) no need to spend a dime to get to where I am.
But if you have much less knowledge, and many things I talked about are not sitting well in your mind I will suggest one program which can really help you.

Yes, you know I am totally against all of these programs etc, but this one is different, it is really good and it follows the right path and shows the right direction, no tricks included!

I am talking about Wealthy Affiliates - this is a membership site, targeted at novice to moderate internet users, it offers lots and lots of guidance in the form of one on one chats with lots of other users and experts, as well as so much content - they do it the right way and they are the only ones I can truly recommend (and yes, it is an affiliate link, but believe me when I say that my respect for them is unbiased).

The cost for their plan is about 49$/month, but if you need the knowledge, the courses they offer, the place to chat (getting instant answers) with starters and experts alike one on one or in a group, with a very large pool of active users then that is the right place for you.


So please, leave me a comment, write about your experience or ask any question in the comment section below

Monday, April 25, 2016

The good and the bad about Sierra's online Quests

Originally Ken & Roberta Williams began their Sierra Quests while trying to invent a new Genre - Interactive books.

Roberta loved the idea of having kids play a fairy tale book thus King's Quest I was created.

Her inspirations were text games which were games without any graphical trace, so on the screen you would see a description of where you are now and you could try doing things using your imagination and the text parser.

Roberta thought to upgrade these games by adding graphics and having the player move the main character over the screen (yes, without a mouse) in order to move between screens or moving in the same screen getting to various objects, while still sending commands using her text parser (move rock, climb tree [Spoilers?] etc).

Sierra quests were massive success and actually were a beginning of a genre, but as with many genre inventers (except Steve Jobs as he was perfect) she tried her hand in inventing these types of games, and many game design decisions were done using trial and error, I just want to emphasize this point as I want to talk now about the things they did wrong  :-)

What went wrong with those games?
1. In King's Quest, for example, Sierra built an open world where you could go around and see all of it, but while you had your specific mission (for example: Find the Shield, Mirror and the Chest) you could wander around for hours over hours having no clue what to do next.

As a kid I wandered for days in beautiful CGA Daventry, but I can't imagine many kids these days having so much patience for it - Are you kidding me ?, After a minute or two they will ask where should they go and if you don't have an answer ready within one minute tops they will go out of the game and fire up any other shooter / flash game or whatever.

2. Dying frequently - This is not an action genre, but still there were many places where for no apparent reason one could die, a wolf, a witch or many others would appear randomly and kill you unless you fled fast enough from the screen.  Not only that but there were many places where one could fall to his death easily, like stair cases, cliffs, ponds, or even just touching some items could get you killed like poisenous flowers and others. As Sierra had created quests and wanted to make them longer to play they put those death places but IMHO, to make a game longer you should put more puzzles or other goodies, not random places where one could die and will need to load the game IF HE REMEMBERED TO SAVE!

3. Dead Ends - These are one of the most horrible aspects of Sierra games - dead ends!
What do I mean ?  Well, if you didn't do something (which sometimes looks optional) in an early stage of the game you will get stuck on a later stage without any way to retrace your steps and do that thing (unless you have a good save game you didn't delete already).  For example, on King's Quest I you take a carrot which you need in order to lure a goat to follow you (so it will kick the Troll), but there is nothing preventing you from eating the damn carrot, and then how will you move that goat?!
Another example: In Space Quest you need to take a crystal shard at the beginning so later on you will be able to use it in order to finish a puzzle, but if you fail to find it (which is easy) you might still take that one way elevator and get stuck on the other puzzle forever!

4. Treasure Hunting - Some of the items you need to finish your quest aren't given to you by any character in the game but randomly appear on random screens along the game, so as the game goes you just wander around trying to find an object which might appear on a random scren - frustrating as you don't even know what you need you just try to take anything which isn't nailed to the wall..

5. Pixel hunting - Some of the items you need to take along the game are so small , so they literraly are a single pixel big (in those days when the game resolution was so low), and it is frustrating to death to just miss one of those (the whistle on kq4 ?) because of that factor.

6. Damn hard puzzles - Most of the puzzles are good and reasonable, but there are some puzzles along the game which are totally unacceptable, like spelling Rumplestitskin's name in cypher mode !?

7. Timed scenes - I personally hate this one, when a timer appears on the screen and you must accomplish a task in a timely manner, It happenned alot on King's Quest III, where you needed to accomplish tasks between Memnnon's appearances, walking that cliff fast without falling then searching for ingredients and coming back in time was just frustrating for me, not challenging.

8. Text Parser - The early games had no option for a mouse so I understand that a text parser is a must, but still more work should have gone into it (And I know that it is complicated) In the text-parser quests I had to just try any combination of things I could think about, for example, I see a rock so what should I do with it? "Pick rock", "Push rock", "kick rock", "Shove Rock"  you get the hang of it, I remember myself as a kid trying so many things on so many objects which was sooooo frustrating.

Lucasarts on the other hand took the idea of quests from Sierra, but they have built their engine and had an upgraded philosophy which was meant to fix these flaws, well, not on the spot but they fixed their gaming philosophy quite fast.

Although I said from the beginning that Sierra is not to be blamed for the above (IMHO) flaws as they were the first to invent this genre which means that they couldn't get those games perfect on the first releases, I still think that they could have learned better and changed their game's philosophy much fastre than they have.

How to hack a wordpress site

Just as an example - how would one go to hack a wordpress site.


  • You go to the site you want to hack, use a siffer to find the framework the site was built with, I use a chrome plugin for this task (Wappalyzer).
  • Now that we know we stand before a wordpress site, we need to find the login page, for that we will begin with a google search to find the "default wordpress login url" (http://example.com/wp-admin or http://example.com/wp-login.php)
  • If the site owner was clever (be clever!) and changed the default url for the login, we will use a tool like DirBuster (unix only?) to crawl the site in order to find all urls (from them you will recognize the login url)
  • Now that we have the login page we will want to attempt to brute force our way in, but a bruteforce where we try to guess the username AND the password is hopeless as the number of tries is HUGE, so we will try to find the username. In wordpress there is a "feature" called author enumeration where each author has his numeric ID, so just go to the blog's url and add the following to the url "/?author=1" which will show you all of the posts of the first author (probably the administrator), you can keep going with the nubmers in order to find all authors, so in our case we will run the following url: "http://example.com/?author=1", now we have the author = main user name!
  • As we now have the main username, the bruteforce becomes much simpler, we need to guess only the password! So we need a list of passwords, go online and download a good list of passwords.
  • You can also create your own list by using a tool called Crunch to create a file containing a list of passwords. For example if you know that the password is four characters long, and doesn't contain capital letters then you can just create a file with all possible combinations of lower cased letters and numbers using crunch (apparently 71mb of combinations, I used the following command to check this one out: "crunch 1 4 -f /usr/share/rainbowcrack/charset.txt mixalpha-numeric -o wordlist.txt" (1 to 4 long passwords, containing characater sets from a file, defining mixalpha numeric as all alpha characters and numbers, outputting the result to a file).
  • For the last stage we will use a tool which will use the username and the list of passwords in order to bruteforce its way into the login page, Hydra is a good candidate for that (xHydra for a gui in unix), the way it works is you give it the login url, the username and password html handlers (IDs), then you supply the username (admin?), and the list of paswords, the last component it needs is the response the page sends when the user fails to login, that way it will continue trying untill it doesn't get that response, an exapmle command will look like: 
    • hydra -l admin -p passwords.txt -t 7 (threads) -m /wp-login.php:user_login=^USER^&user_pass=^PASS^:failed login (failure message) www.example.com http-post-form (POST method) -- All of the prenthesis are my "comments"
  • That's it, with an admin username and password the wordpress site is yours for the taking
  • The downside of bruteforce attacking is that it is going over network, so it is slow, which means that you can't try using lists which are too large (if you are cracking local passwords which are not over network then you can use huge lists, but over network it won't work, it will take months...), so if you don't manage to hack a site using the slim password lists then you must revert to an other way of hacking the site
  • Another problem you might encounter is if the site owner was smart (be smart!) he can eliminate all bruteforce attacks by using a simple plugin which identifies bruteforce attacks and locks your IP, in this case you also need to revert to an other method of hacking
  • If you must try other methods, then I would go for exploiting site vulnerabilities
    • Scan the WP site with WPScan

Thursday, January 7, 2016

The many hurdles of cracking a WEP network

Goal: To obtain the password of a wifi network encrypted using WEP.


I thought this to be an easy task as I read around the web, but it became a huge task consuming way too much of my time and money, for this task which was actually totally unneeded for me, just a curiosity, well, I may as well write about it.

While crawling around I naturally searched for a windows based solution, early on I found out that there is a consensus about the best wifi cracking suite of programs called aircrack-ng.

While going to their site I found that they say that cracking under windows is much less stable, robust and will never be as good as cracking from linux as windows adds layers of protection which prevent some of the cracking techniques.

Ok, so I will do it using a linux distribution.


I went back to my research and found out about the kali linux dist, it is a distribution based on Debian linux which already contains lots and lots of hacking/cracking utilities.
Which will save me lots of time, so I downloaded a Kali linux virtual machine so I can run it in parallel to my main OS (windows 8).

While working from that virtual machine I found out that my laptop's internal wifi card is no good for hacking other wifis, as a basic prerequisite is to have a wifi card which can go into "Monitoring" mode, which is a mode where it can passively capture wifi packets flying from routers to clients, so most of the wifi cards are no good for that task.

I searched around and ordered a usb-wifi card containing a chipset (ralink 3070) which supports this monitor mode.
After about a month and about 30$, I got my wifi card.

Hooked it up to my laptop and began a painful process of trying to get my virtual machine to control the usb wifi card as if it is physically connected to it, because it seems that my windows machine might recognize it, but doesn't transfer it as it is to the virtual machine.
After many hours I decided to install a kali linux distribution on a usb flash disk, and boot from that disk, that way it should be able to recognize the wifi usb dongle.

Installed Kali OS on a usb flash disk, hooked up the new usb wifi card and ... nothing, it didn't recognize the usb connection, I did everything I could think about, updated drivers, firmware, everything I could find online - to no avail!

I went back to the research and found that most people recommend an other chipset (atheros based, exactly this model: AWUS036NHA) for wifi which also supports this "monitor" mode, so off i went to ebay, 50$ and about a month, and this new usb wifi card got hooked to my computer ran by my Kali linux distribution from my usb drive.

My USB wifi got recognized out of the box! YAY.
Now to the software part.

I am no newbie to computers, and had many thoughts about moving from windows to linux, at least on my special projects laptop (not on the family computer of course), after the following experience, I finally decided against moving to a linux (ubuntu) distribution.


After doing some reading, I found out that in order to crack that WEP thingy, I need to run about 20 linux commands containing complicated arguments sent to the command line, so I thought to look for a shortcut.
I get the whole linux-geek thing, yeah, it is better to know the ins and outs of every utility I run, but I can't master them all, so I prefer to thoroughly understand the applications which I need for my day to day use, and leave the rest to nice gui based applications, which encapsulate the internal logic, and work with me as a user to satisfy my needs, and not to cover every aspect the command line application can handle.

So I found out that there are only several GUI wrappers for aircrack-ng and even those aren't working well, as they expose so much unneeded functionality.

Let me explain, lets say I am a user who wants to crack a WEP password, so I would expect to fire an application, which will show me all the networks around, I will click on the desired network, will see a progress bar, steadily filling up, and BAM will get the password - nothing more, nothing less.
Instead these linux frontends expose so much internal logic, which is really frustrating.

So, I did find one good frontend for the task called "fern" - this one looks amazing, if it worked on my machine.
For some reason, it didn't manage to turn my wifi card to that "monitor" mode.

So I went back to the command line and thought of doing it the good old command line way, but it seems that there is a problem and airmon-ng doesn't succeed in changing my card to monitoring mode.
After some reading I found an other solution:
Shut down the wifi card ifconfig wlan1 down
Change the mode: iwconfig wlan1 mode monitor
Start the wifi card: ifconfig wlan1 up

Now I started FERN, but still it doesn't work - bye bye fern.

Back to the command line.
So the aircrack-ng suite contains many applications, but for my lean needs I used the following:
airmon-ng: for managing the "monitor" mode (at the end I used the above method instead of this one as it didn't work!)
airodump-ng: view networks & view and dump to a file all packets
aireplay-ng: Injects packets of different kinds to the router so it will be faster to capture packets for this network (this one is optional)
aircrack-ng: Parses the packets from the dump file airodump created, and attempts to crack the password.

So the method goes as follows (crudely):
  • Change the network card to "monitor" mode (airmon-ng or ifconfig + iwconfig)
  • Scan the networks around (airodump-ng)
  • Find the network you want to hack and save the channel, bssid and name.
  • Scan the packets coming out of that wifi network (airodump-ng) and dump them to a file
  • If the capturing of the packets is too slow then you can make it faster by injecting packets to that network (aireplay-ng)
  • After capturing at least 5000 packets, crack the passwords using that dump (aircrack-ng)

Needless to say that I wasn't pleased by this complicated procedure, so I kept searching and found an other frontend which is still very complicated for a frontend as in order to work with it, you need to understand way too much about the internals of hacking wep, but still, it is better than the command line, and there aren't any good alternatives, so I used aircrackGUI.
Download: wget https://aircrackgui-m4.googlecode.com/files/AircrackGUI-M4-Ultimate-1.0.0-Beta2-32bits.tgz
Extract: tar -zxvf AircrackGUI-M4-Ultimate-1.0.0-Beta2-32bits.tgz
Run: ./aircrack-GUI
 

Yes, the best tool is already four years old with no updates seen in the horizon.

This frontend works exactly like the command line, it just spares you the need to copy paste the bssid for example and is much more pleasant to the eyes.
It worked only after I got this strange exception that some library is missing:
Download library: wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_i386.deb
Install it: dpkg -i libssl0.9.8_0.9.8o-4squeeze14_i386.deb

At the end of this whole venture I found the WEP password as a HEX number, which apparently should be used as is in the password area of the wifi connection (just without the colons), so in order to use it, I removed the colons, then copy and pasted that string to the wifi password form.

That's it.

My conclusions?
  • I should really stick to windows
  • Linux users are very smart guys but IMHO they should learn to build GUI applications
  • Linux GUI applications should be targeted towards the user needs and encapsulate the advanced functionality, instead of exposing all of the command line options in a GUI manner.
  • I don't really need my neighbor's wifi password


EDIT (2016)
---------------
As of this year (2016) I am actively earning 3000$/month from blogging (not this blog, this is for my fun), I have blogged here a big article about my mistakes and my success in getting to that goal (I intend to leave my working job till the end of 2016, living off my blogging), if my success inspires you then please leave me a comment there:
My Personal Journey