In the spring of 2013, a massive brute force attack targeted WordPress installations worldwide. Mark breaks down what happened, how to protect your sites, and then pivots to updates on his Forever Affiliate experiment and a deep dive into keyword research fundamentals — including how to match searcher intent to your content strategy.
What You'll Learn in This Episode
- Three simple steps to protect your WordPress site from brute force attacks
- Why you should never use “admin” as your WordPress username
- How to evaluate whether internet marketing is worth your time and effort
- Why keyword research is the highest-return activity in search marketing
- How searcher intent determines which keywords you should target
Episode Summary
WordPress Security: Three Steps to Protect Your Site
Mark opens with an urgent warning about a WordPress brute force attack documented by CERT. Attackers were using automated software to guess passwords on WordPress installations, targeting the default “admin” username. The goal was to build a massive botnet capable of launching denial-of-service attacks against major targets.
Mark recommends three immediate actions. First, update all themes, plugins, and WordPress itself. Remove any themes or plugins you are not actively using — deactivated plugins still present a security risk. Second, stop using “admin” as your administrative username. Create a new admin user, demote the old “admin” account to subscriber level, and set a strong password on it. Mark prefers demoting over deleting because poorly coded plugins sometimes depend on that user ID. Third, install a plugin like Limit Login Attempts to throttle brute force attempts by locking out repeated failed logins.
Forever Affiliate Experiment Update
Mark reports on his ambitious plan to build 20 niche affiliate sites using the Forever Affiliate methodology during 2013, with a goal of driving 10 to profitability. At the time of recording, he had identified 14 niches, built 4 sites, posted content on 3, and begun initial promotion on 1. He also launched a parallel experiment with 10 automated sites using Article Builder software, inspired by results from Jon Leger and Josh Spaulding.
Is Internet Marketing Worth the Effort?
Listener Michael Stephens raises a fundamental question: is internet marketing worth the time investment compared to a traditional career path like medicine or engineering? Mark responds with nuance. A medical degree has a more predictable return, but the barriers to entry are much higher. Internet marketing has low barriers to entry but no guaranteed outcome. The key insight is that most people who fail at internet marketing either were never serious about it or quit too soon. Mark argues that if you invested the same years of effort and resources into internet marketing as you would into medical school, the probability of success would be quite high.
Keyword Research and Searcher Intent
Mark closes with a discussion of keyword research triggered by listener Patrick's question about a test preparation site. Patrick wants to know whether to target keywords about the test itself or the individual question content. Mark explains this is fundamentally a question of searcher intent. Someone searching “how to format a hard drive” is almost never preparing for a computer technician exam — they need to format a hard drive. To reach test-prep customers, Patrick should target phrases like “computer technician exam” or “certified technician practice test.” The lesson applies universally: keyword research reveals what people are actually thinking, and matching your content to their intent is the foundation of effective search marketing.
Key Takeaways
- WordPress security starts with basics: update everything, eliminate the default admin username, and throttle login attempts
- Internet marketing success requires the same sustained effort as any professional career — most failures come from quitting too early
- Keyword research is about understanding intent, not just volume — target phrases that match what your ideal visitor is actually trying to accomplish
- Market-to-message match means aligning your content with the real reason someone typed that search query
- Building multiple niche sites is a portfolio strategy — expect some to succeed and others to underperform
What's Changed Since This Episode
Mark recorded this in 2013, and WordPress security has evolved dramatically since then. The brute force attack he described was a watershed moment that accelerated the adoption of security best practices across the WordPress ecosystem.
WordPress security in 2026 is far more robust. Two-factor authentication is now standard, and managed WordPress hosts like WP Engine, Kinsta, and Cloudways include built-in firewalls, malware scanning, and automatic updates. The Limit Login Attempts plugin Mark recommended has been largely superseded by comprehensive security suites like Wordfence and Sucuri. WordPress itself now auto-updates for minor security releases by default, and the platform strongly encourages unique usernames during installation.
The Google Keyword Tool that Mark references throughout this episode was replaced by Google Keyword Planner in 2013, shortly after this recording. Keyword Planner now requires an active Google Ads account for full data access. Modern keyword research tools like Ahrefs, Semrush, and Ubersuggest have largely replaced the old workflow Mark describes, offering more accurate search volume data and significantly better competition analysis.
Searcher intent analysis has become the centerpiece of modern SEO strategy. Google's algorithms now understand intent far better than they did in 2013, and the search results page itself reflects intent categories: informational, navigational, transactional, and commercial investigation. Mark's advice about matching content to searcher intent was ahead of its time and remains the foundation of effective SEO.
The Forever Affiliate course and similar micro-niche site strategies have largely fallen out of favor. Google's algorithm updates, particularly the Helpful Content Update of 2022 and subsequent core updates, penalize thin affiliate sites that exist solely to funnel clicks. The emphasis has shifted toward building genuine authority sites with original, experience-based content.
Resources Mentioned
- Limit Login Attempts Reloaded — updated version of the security plugin Mark recommended
- Smart Passive Income — Pat Flynn's resource for online entrepreneurs
- Moz Beginner's Guide to SEO: Keyword Research — the SEOmoz resource Mark quoted (now at Moz)
- Late Night Internet Marketing Podcast
Related Episodes
If you found this episode helpful, you might also enjoy:
Listen and Subscribe
Listen to Late Night Internet Marketing on Apple Podcasts or subscribe at latenightim.com/internet-marketing-podcast/. Have a question for Mark? Call the digital recorder at 214-444-8655 or drop a comment below.
