How to convert website visitors into leads and sales

Space rocket boostingCorrect me if I’m wrong but the point of a website is to increase the visibility of a business and ultimately generate quality leads that are likely to convert.

By implementing an effective lead generation and conversion strategy you stand to dramatically increase your profits, or engagement, or whatever objectives you are pursuing.

Whilst on the surface this might seem like quite a daunting task, the reality is that it’s actually relatively straightforward. In fact you have done the tricky bit already by building a beautiful website – now you just need to add the polish. So, lets role up our sleeves and and start the process of boosting your business into the stratosphere.

And joy of joys, look what comes up first…

1) Search Engine Optimisation

First things first – you have to begin by attracting quality traffic to your site. This fundamentally means you need to have a good SEO strategy in place. Google prides itself on matching people’s queries with the most relevant web pages and so it’s in your interest to help Google understand the content on your website as clearly as possible.

Bringing low quality visitors to your site is as useful as a chocolate teapot.

chocolate teapot

Granted your might get lucky and convert them further down the line, but this will be more by luck than judgement. By writing regular quality content and optimising site structure, Google will naturally drive quality traffic to your site.

So, now that you are reaching out to your target audience you need to ensure that your site’s functionality is at the optimum in terms of speed and ease of navigation. As we’ve mentioned in other blog posts involving SEO, negative bias is especially strong in relation to online activity and so the user experience needs to be top draw.

Employing SEO for lead generation is generally, but not exclusively, implemented for non-eCommerce products/services/goals in that you’re trying to entice the visitor into making an enquiry, thus moving them a closer to conversion and a little further down the much talked about sales funnel. SEO for eCommerce is a slightly different kettle of fish which we’ll get into later.

One important thing to remember is that search traffic is among the highest quality traffic online in that the user has already expressed an interest in what they are looking for, otherwise they wouldn’t be there. So, make the most of it!

What is the point in encouraging unqualified or low quality visitors to hand over their email addresses? The juice simply isn’t worth the squeeze and you’ll end up waisting valuable time trying to convert somebody that simply doesn’t want to convert. A far more effective way of operating is to only attract those who are interested in your service or product from the outset. Whilst this might mean less traffic, this doesn’t equate to less conversion.


2) Move them down the funnel

Sales funnelIn most instances in life people like to choose the easiest route possible and so the job of the website host is to not only to encourage the visitor to stay on the site, but also urge them to take the next step, whatever that might be,  by guiding and engaging with them every step of the way. This needs to be done subtly so as not to annoy the visitor but it also must be proactive – never simply ‘expect’ people to do what you want them to. Encourage them, entice them, dangle a delicious looking carrot in front of their nose and lead them to the next step.

3) Overlays

It is well known that people’s attention spans are getting shorter and shorter. There are many tools available today that allow you to maintain the focus of your visitor.

I bet that anyone who spends even a short time browsing online each day will encounter what is known as an ‘overlay’.

marketing overlay exampleAccording to Justin Rondeau of Econsultancy: “A site with an overlay garners up to 400% more email opt-ins than a site that relies on an in-line form will”.

Read Justin’s insightful article on how to increase email opt-in rates.

Who are we to argue with Justin?!

The trick with these is to ensure that you don’t annoy the visitor – quite often you come across a website that abuses these tools and ultimately this will have a negative effect. Whilst they are invasive and a quite aggressive way of approaching potential customers, the reason why you see the all of the time is that they work.

Overlays are aimed at first time visitors and the objective is to quickly obtain their information before they leave the site. In most cases they will appear as soon as a visitor arrives.



These are not as in your face as overlays as they can be triggered as a response to the manner in which your visitor is moving around your website and, generally speaking, they offer an immediate benefit for the visitor, like ‘20% Off’ or ‘Free Shipping’.

Overlays are enticing little pop-ups – for want of a better expression – that appear after you have spent a certain amount of time on a webpage and they’re designed to encourage the visitor to convert, whether it be by proposing a one off offer should they go to the checkout or a free consultation if they get in touch.

Generally speaking ‘lead hooks’ are triggered when the visitor reaches a certain point of your page. Essentially they have committed enough time on page to demonstrate that they are interested in the subject. This being the case they are more likely to engage in whatever you’re offering, whether it be a call-to-action, an offer or redirecting them to another page of your site. Like contact forms they can also be a method of capturing email addresses.Marketing Lead Hook Example

In both of these examples it is important to give your visitor an incentive. Especially nowadays with countless stories of data breeches, people are not willing to give up their valuable information for free so offering them something like a free handbook or access to an upcoming webinar is essential if you are going to convince them to part with their contact information.

This is also a chance to be creative – don’t just write a run of the mill, boring CTA like ‘Join our Newsletter’. This provides no incentive to your visitor. Get creative and make it worth there while!

As ever it isn’t as simple as offering them a juicy bone. Different dogs like different bones (I’m not sure if this is entirely true but regardless you understand what I mean!) and this is especially relevant now because there are three different types of leads; early-stage, mid-stage and  late-stage. You have to approach all three with a different strategy.

Read what Dummies have to say about the three different types of early, mid and late stage buyers

5) Intelligent Lead Generation

Understanding who your customers are, the tone of voice to use with them and the stage they are at in the sales funnel is an essential part in converting leads into sales.

On average over 70% of site traffic leaves your website never to return. So, if you were able to harness and convert even a fraction of this number, it could dramatically transform your business.Lead Magnet example

There are a number of tools that help you do this, Convert Plus, OptinMonster (as seen in the alongside image) and Sumo to name but a few.

Checkout exactly what the Convert Pro plugin does in this video.

These intelligent systems allow you to target specific users, whether they are new or returning, with specific messages depending on who they are.

These tools are designed to keep visitors on the site, encourage engagement and conversion and even contact visitors who have recently left the site.

Setting up ‘lead alerts’ that tell you when a new qualified visitor is on your site allows you to engage them directly thus giving you a greater chance of converting them.

73% of your leads are not ‘sales ready’ for a variety of reasons. Keeping in touch with recent visitors in order to keep them interested is an effective way of encouraging conversion but speed is a critical part of this. Infusionsoft is one of many tools that can send an automated email to recent visitors with differing messages depending on where they were in the sales cycle / funnel.

As ever balance is important and whilst you want to imprint your brand at the forefront of your customers mind, it’s important not to over do it or do it in an overtly aggressive manner – this might sound obvious but it’s something that many people get wrong.

It is often necessary to build trust with the customer before they convert and in some cases this might mean contacting them as many as 6 times before they edge the ultimate outcome. However, know your limits and disengage with people who show no sign of converting, not only from the point of view of not waisting your time, but also in order to remain within the confines of the new General Data Protection Regulation laws.


6) A / B Testing (Split testing)

Developing the correct tone of voice and working out what works and what doesn’t is an essential part of developing a lead generation strategy.

By implementing split testing at the beginning of your campaign you’ll be able to quickly determine which one of your strategies is converting more traffic.

Have a look at some examples of A / B Testing and how it can significantly effect the way you role out a lead conversion strategy.

Lead generation, conversion and retention is an iterative process that must constantly be massaged in order to know that you’re operating at full capacity. It doesn’t happen over night. Take your time, adapt and don’t be afraid to try knew things.

Be Proactive

The moral of this story is to be proactive. Don’t sit on your laurels and wait for traffic to convert.

But who am I to say that?

Take it from someone who’s done pretty well in their life/career…

Ladies and gentleman, without further ado…

Mr…. Stephen….. Coveyyyyyyy


(Who I hear your cry?  I admit I found this quote on Google – but don’t let that detract from its relevance…)


“The most important thing in this highly competitive world is action, and you just need to take matters in your hand, create your own possibilities, and be proactive. Whether it is your career or personal life, get going; take charge; make it happen; be proactive!”


So, roughly translated; understand who is coming to your website, entice them to stay, encourage them to engage and inspire them to convert.

Have you built a website and are looking to transform leads into sales? Do you need any help doing this?


How to make your WordPress website security bulletproof



Tips and guidelines on increasing the security of your WordPress site

This article will cover the following:

  • Stronger logins
  • Two-Factor Authentication
  • Limiting the number of login attempts
  • Hosting & WP security
  • Be careful about who you trust
  • Have a backup plan

After putting all the hard work in to getting your WordPress site built, nothing quite compares to the feeling when you see it live online for the very first time.

WordPress is the most popular Content Management System (CMS) platform out there and the driving force behind millions of websites, many super-popular such as the Microsoft News Centre, TechCrunch, The New Yorker and even Usain Bolt’s personal website!

However, WordPress’s incredible success hasn’t come about without any downsides and the bad news is that WordPress is a prime target for website hackers across the globe. The fact that WordPress is open source means that without the right tools and security measures in place, an experienced hacker can gain control of your website without much difficulty.

The good news however, is that by following some very simple techniques to beef up your website’s security (most of which us folks at Diffusion Digital will take care of for you) the likelihood of your shiny new website falling pretty to an attack will be very unlikely.

So, without further ado, let’s delve right into the topic of increasing the security on your WordPress website:

1. Avoid Using Admin as Username

Perhaps, this is the most basic measure you can take when it comes to securing your WordPress website! It does not cost a thing, and the process is so easy to execute. For the most part, attackers tend to target the wp-login/wp-admin access points by combining admin and a particular password. These kinds of activities are referred to as Brute Force attacks. Removing admin is the first step to hardening your WordPress and if you succeed, you’ll be able to kill these attacks.

Yes, an attacker may still enumerate a User ID to create a new username and there are chances this can occur. However, when it comes to securing WordPress, you need to remember that security is not entirely about eliminating risks, but rather minimizing the chances of risks from occurring.

Therefore, for the types of attacks where a hacker utilizes trial-and-error technique to gain access to your site, getting rid of the default administrator or admin username can be significant as far as securing WordPress is concerned. By so doing, although you’ll not be able to completely prevent a threat, you’ll at least make it challenging for attackers to guess your username. To eliminate any confusion, admin in this case specifically implies your username and not your role as the administrator. To remove default admin:

  1. Create a New user at Users > New User in your WP
  2. Make the New User a user with rights as an administrator
  3. Delete the admin user

The pages and posts created by the admin user should not worry you. WordPress will ask what to do with the content the admin owned, and you can either choose to delete or assign the content to the new user.

2. Two-Factor Authentication

Brute Force attacks can still be problematic, irrespective of what techniques you use to generate your password. A two-Factor Authentication is one way to ensure these kinds of attacks are reduced if not eliminated. Utilizing a Two-Factor authentication technique may seem like a hassle and a waste of time, but this will come in handy when attackers want to gain access to your WordPress. The essence of this technique is just as its name implies – two types of authentication. Having this kind of buffer in your site is standard and crucial for enhancing security at your points of access. Already, you are utilizing this technique in your PayPal and Gmail, so what’s the harm in having it in your WordPress?

If you want what to know more about Two-Factor Authentication, you can read this article by Ipstenu.

3. Limit the Number of Login Attempts

As mentioned earlier, attacks such as the Brute Force attack usually target the form of your login. For WordPress security, there is an All in One WordPress & Firewall with the option of changing the default URL for a login form.

Apart from that, there are other options that you can use to limit login attempts from specific IP addresses. Number of WordPress plugins are available to protect you from a multitude of login attempts in certain IP addresses.

4. Hosting & WP Security

There are no rules for selecting a WordPress host. However, when it comes to WordPress security, the type of hosting company you choose to work with matters.

Every guide or article that is written on hosting companies emphasizes that the cheapest company is not the best partner to work with. In most cases, this is usually true. Cheaper hosting plans usually lack the support to assist you in case your site is hacked. These kinds of plans usually incorporate fewer aspects of security. For instance, shared hosting implies that the server that hosts your site is also utilized by other websites. In such case, if these websites encounter security issues, there are chances the security of your website may end up being affected as well.

In specialized WP hosting products, WP security is usually the main USPs being offered. For instance, WPEngine offers redundant firewalls, backups, DDoS protection, malware scanning, and automatic WP updates for affordable pricing. To learn why your site needs updating, click here.

You also need to be mindful of your host account. A common and major challenge for hosts lies in account configuration for owners of websites. As a website owner, you can configure various websites resulting in what is referred to as a soup kitchen environment. This aspect is problematic since it enhances the vulnerability of a website via what is known as the cross-site contamination.

In this case, a neighbouring website is used as a vector for attack. The best way to prevent cross-site contamination is to combine both the Functional Isolation and Account Isolation.

5. Be Careful about Who to Trust

Among the most amazing things about using WordPress is the availability of various third-party plugins you can download to improve the features and functionality of your site. The WordPress Plugin Directory indicates that there are more than 37,700 plugins you can install – that is quite a number!

However, the problems arise when you layer something on top of another platform as this could end up creating security holes and increasing vulnerabilities. For WordPress, most attacks occur as a result of the vulnerabilities present from the use of themes and plugins.

There are premium and free plugins. The choice of either of these options will depend on what you expect to get, but you also need to remember that each of these options works differently. Most people think that they are 100% safe with a paid plugin. While using a premium plugin can help prevent or fight attacks, it does not imply that you are eliminating an attack completely. Even when a known threat has been patched by the premium developer, you remain at risk until you have updated your plugin.

Before you can install a plugin on your site, here are a few pointers to have in mind:

  • You need to ask yourself whether the functionality of the plugin is absolutely significant in offering the best experience. If not, do not install the plugin.
  • Has it been recently updated? The WordPress Directory usually details a changelog for every plugin. A changelog refers to the list of alterations to plugins as well as the dates the changes are to take place. If it’s been a while since the plugin was last updated, then do not install it.
  • If you are considering a premium plugin, is there support from developers? How do other users rate it? Only go for plugins with high ratings and developer involvement.
  • Running fewer plugins is an excellent option if you want to minimize the chances of attacks. For that reason, you need to consider a plugin that can consolidate the features available in multiple plugins.
  • NEVER install a plugin from a source that is unknown…ever!

6. Have a Backup Plan

To make your site effective, it is important to make sure your WordPress is backed up appropriately. The aspects of your WordPress that need backing include website database and files connected to your site. It cannot be stressed enough how important it is to back up your website regularly. Depending on the graveness of the attack and how harmful it could be, a backup is often the only way out if you want to return your site to a semi-working state.

Hosting accounts usually have a way of backing up the files and databases of your sites. Apart from that, there are some plugins which are designed to back up the website files and database of your WordPress. Irrespective of how you choose to do it, you need to make sure your site is backed up on a regular basis.
Your host company may schedule for backups to take place daily, weekly, or even monthly. But the more these backups take place the better and secure your site is. However, you need to remember that websites backups usually take up space. Therefore, you may be limited to a certain number of backups depending on the amount of space you have paid for.

Another essential aspect you need to know is that a backup is not 100 percent guaranteed on your hosting server. If the server at your hosting company misbehaves, your backups can be lost. As a result, to avoid these incidents from happening, you need to ensure you have your databases and files backed up elsewhere on the local drive or via FTP so you are covered from any form of data loss.

Final Thoughts

While it is not possible to completely protect yourself from attacks, there are things you can consider combatting the probability of an attack from occurring on your site. It can be expensive and stressful to deal with an attack, and if you are not careful, you may end up losing your business. The security of WordPress is a serious matter, and with the presence of 82,000 malware threats each day, it is well worth your effort and time to implement these tips.

These pointers are not a full list of the steps you can take to secure your site. There are other aspects you can always consider that could improve the security of your WordPress. However, it is without a doubt that this article offers a practical list of the aspects to consider, as well as the steps you should take, to secure your first layer of defence when it comes to WordPress security. Remember, security is not absolute and it’s the responsibility of every webmaster to make it daunting for hackers to access their sites.

So, did you find this guide helpful? Are you looking to create a beautiful and secure WordPress website for your business? If so, do not hesitate to give Diffusion Digital a try.