How to Sell WordPress Security Monitoring in Your Freelance Biz

With major security breaches and hacker strikes, there’s a lot to worry about on the web today. Your freelance clients are concerned, rightly so, and that’s an opportunity for you to step in and help. Selling WordPress security monitoring can make you the hero. By branching out and adding this to your freelance services, you’re creating a new and steady income stream for yourself while also easing the fears of your clients.

Kevin D. Hendricks
With major security breaches and hacker strikes, there’s a lot to worry about on the web today. Your freelance clients are concerned, rightly so, and that’s an opportunity for you to step in and help. Selling WordPress security monitoring can make you the hero. By branching out and adding this to your freelance services, you’re creating a new and steady income stream for yourself while also easing the fears of your clients. Selling WordPress security monitoring is a win, win.

Selling Ongoing Services

Last month we talked about selling WordPress maintenance and we covered many of the basics that also apply to selling WordPress security monitoring. It’s a great way to break out of the feast and famine cycle of freelancing, it builds deeper relationships with your clients and allows you to work more efficiently. You might decide security monitoring will be just one of several WordPress maintenance services you offer. Check out that post for a wider view on offering WordPress maintenance services, but in this post we’ll dive deeper on selling WordPress security specifically.

What Does Selling WordPress Security Mean?

So what are you actually going to sell your clients? That’s a good question and it’s really up to you, but we can offer some suggestions:

1. Protection

First and foremost, you need to protect your clients’ sites. You need to roll out some security measures to stop the hackers, prevent the breaches and keep them safe. This will involve standard upfront work to put all your security measures in place. You might want to charge for this separately or require a long-term contract to cover your initial expenses.

2. Detection

Next you need to keep an eye on the perimeter and monitor what kind of shenanigans are going down on your clients’ sites. You need to know when attacks are happening, know when things are getting bad and if there might be potential vulnerabilities you can plug up. This should be an ongoing service that allows you to charge a monthly or annual fee.

3. Recovery

You need to be prepared to help your clients get back on their feet. No matter how good your security is, things happen. You need to be upfront with your client about this—no security is 100%. But you can help clean up. You can offer recovery and restoration services, from fixing hacks to completely restoring sites from a backup. Some of this work will be part of your initial setup—creating backup systems for example—but you also might need to line up the big guns to call in if things get really ugly.

4. Education

For all the security measures you put in place for your client, you’re not the only one in charge of their security. A lot of security comes down to what they do. If they have a horrible password or give admin level access to their entire company, your security efforts will be compromised. You might want to create a PDF to cover some basic advice about passwords and best security practices. This is a good way to educate and protect your clients, while also reducing your liability.

Package It Up

You’ll want to figure out what selling WordPress security looks like for you. Create a list of services you can offer and put together some packages.

Be Clear What You Offer

However you package your WordPress security monitoring, you need to make it clear what you’re offering and what you’re not. Your clients need to understand that there’s always a risk—selling WordPress security is about minimizing risk and allowing for quick recovery. You can’t promise perfect protection. You should also make it clear what happens if your security measures fail and your clients’ site is hacked. You might need to bring in a security contractor to clean things up. Who pays for that? Is it part of your package or is it an additional charge? Make sure it’s clear upfront. You should either be charging more to cover the dreaded ‘what if?’ or your client should know the potential for additional costs.

Tools That Can Help

Here are a few iThemes products you’ll need for selling WordPress security:
  • Selling WordPress security with iThemes Security ProiThemes Security: Formerly known as Better WP Security, we’ve improved and updated this classic security plugin. It’s available as a free plugin in the WordPress Plugin Directory and a paid version—iThemes Security Pro—with additional features and support. Watch our webinar with developer Chris Wiegman for an inside look at the 30+ ways iThemes Security helps to lock down your WordPress site. It’s the ultimate tool for selling WordPress security.
  • BackupBuddy: Backup and recovery is crucial for your security services. Hopefully your clients never need it, but they’re not paying you to hope. The BackupBuddy plugin and off-site storage with Stash are a solid foundation for selling WordPress security.
  • iThemes Sync: Keeping track of all your client sites can be overwhelming, but iThemes Sync can help you manage all your updates and more in one spot. Integration with iThemes Security is coming soon, which will make everything even easier.
  • Education: When it comes to education we have a few resources that might help. Check out our WordPress security guide for some big picture thoughts and ideas. Then you’ll want to check out our detailed post on WordPress password security—that’s a big component that’s out of your hands.

Count the Cost

Be sure you’re considering all the costs of selling WordPress security monitoring. You’re going to have some initial fixed costs—plugins, time, set up—and some ongoing expenses as well. You’ll also have some potential costs that may or may not come into play. You never know what’s going to happen with selling WordPress security monitoring. There could be a major attack and you’ll be busy making sure everything is safe and reassuring your clients. You could have a breach and need to bring in a security contractor. Or maybe nothing will happen and you don’t have any extra expenses. But you don’t know how it’s going to work out and that’s what your clients are paying for. They’re paying not to worry about it, which means you have to. When you set your prices you’ll need to take all these things into account.

How to Sell WordPress Security Services

In some ways selling WordPress security services is easy. It sells itself. Just wait for another Internet security breach and watch your clients squirm with worry. Then you can resolve those fears by protecting their sites. This can feel a bit predatory and you really don’t want to be the vulture freelancer who swoops in on distressed victims. But it is a reality that people are more open to their own security needs in the middle of a breach. It makes the threat real for everyone and they’re motivated to act. Instead of preying on them, offer helpful advice and solutions. If you’re working with previous clients you already have established trust to build on, so you’re not an opportunist. Instead you’re providing a valuable and wanted follow-up service. Here are a few tips for how you can market your services:
  • Make it part of a larger WordPress maintenance package and take care of all their ongoing tech needs. You’ll be solving a major need and allowing them to focus on what they do best.
  • Point out the increase in attacks on WordPress and how much hacker activity is really out there. Show them the actual number of attacks and attempts on their site. Those numbers can be scary. But remember that your goal isn’t to scare people, your goal is to take care of it for them. Show them a problem exists and help them solve it.
  • Help them calculate how much their site is worth and what they’d lose if their site went down to hackers.
  • Compare online security to real world security as a simple cost of doing business. Clients put locks on their doors and install security systems to protect their income—they should do the same online.
  • Selling WordPress security services can be a part of every web development project you do. When you bid on a site, also include a pitch for the ongoing security monitoring to protect what they just paid you to build.

Get Started Selling WordPress Security

It’s time to roll up your sleeves and get to work. What do you need to do to start selling WordPress security? Here’s a checklist to get you started:
  • Figure out exactly what you’re going to offer and what kind of pricing structure you’re going to have. You could even offer multiple levels of service (three levels with one highlighted as the best option is usually a good way to go).
  • Get the tools you need. You’ll need to buy some plugins and familiarize yourself with how they work.
  • Line up the extra services you’ll need, whether it’s off-site storage for backup or a security contractor to have on call (such as WP Security Lock or UnHack.Us).
  • Put together an educational piece to share basic security practices with your client—especially stuff you don’t have control over. This might be a PDF handout or you could create a series of short videos to walk clients through the basics of WordPress security.
  • Create a page on your site for selling WordPress security monitoring.
  • Add a pitch for security monitoring to your bid process.
  • Develop a campaign to reach out to your previous clients to offer them security monitoring.
  • Start beta testing. Find a couple clients and offer them a free trial or a reduced price beta test. Get everything set up and work out any kinks in your system.
Win, Win: Selling WordPress security is big win for both you and your clients. You get consistent, recurring income and your clients get the peace of mind that comes with solid security.

Did you like this article? Spread the word: