Skip to content

Blog moved to

Tony Novak’s blog was moved to a new location at . All posts after 11/25/2015 will be located there.

Wix vs. WordPress vs. Joomla! for small business web sites

I spent some time tonight reading about Wix web site building options as a content manager platform for my small business clients. I spent 20+ years building html based web sites and I understand that that platform has outlived its usefulness for me (and most other small businesses). I use WordPress now and a consultant suggested that I consider switching to Wix for ease-of-use. Another adviser preferes Joomla! There are several reviews available by Googling “Wix vs. WordPress“. Likewise, I looked at reviews that compared WordPress to Joomla! Basically they conclude that the options are more or less equally strong.

The primary advantage of Wix is simplicity and the ability to produce nice looking template sites quickly and easily. I can see that it is an attractive option for a person who has only one site t manage and wants great results with minimal input.

The disadvantages of Wix is that you have to pay for each web site separately. In contract, with a private hosting service I can put many web sites under one hosting account.

It seems to me that the reviewers are missing the most significant difference: total cost of operation for a person who runs multiple web sites. What that means for me is that now I pay about $200 per year for two hosting accounts (about $100 each) that host about 25 web sites using the built-in WordPress feature or html. If I hosted all 25 at Wix at the middle-of-the road $8 per month fee (some would actually be higher, some lower) then the cost would be 25x8x12=2,400   $2,400 per year. That’s a big difference in annual overhead cost for a person that runs multiple small business web sites.

So I’m not convinced that Wix offers enough advantages to justify the increase in cost. An additional investment in learning to use the more sophisticated features of WordPress may pay bigger returns.


On a related note, I needed a reminder on the issues of vs. This concise review was helpful. The article ends with “if you’re a professional currently hosting with, don’t worry — you can migrate to a self-hosted platform at any time.” I still have two blogs, including this one, on that should be migrated. This article gives step-by-step instructions.


After the end of this research I contacted an adviser who has a much better handle on this than I do. He convinced me to try Joomla! over WordPress. While the two appear to a novice to be very similar, my adviser prefers Joomla! and so I will migrate to this content manager soon. Already I’ve noticed the tendency of WordPress and Joomla! developers to nickel and dime me for various upgrades and I wonder if that will become annoying over time.


Online security of seniors

Are older people at increased risk of becoming victims of online data mining and scams?

This is a simple question that deserves a straight answer. I conclude that even if our hunch is “yes”, there is no available published data that can allow us to answer the question directly. I conclude that most coverage of the topic is speculative.

Yesterday I published a blog post about online data mining of information for older Americans looking for Medicare information online. My belief – based mostly on anecdotal observations – was that older internet users are more susceptible to online scams and data mining campaigns but I have no in-depth understanding of the issue. A publisher then queried me about the possibility of expanding on the topic. I spent a little time researching the topic of online security for seniors and was surprised by the lack of published source data. This blog post is a roughly formatted summary of what I did find.

National Association of Insurance Commissioners (NAIC)

In my blog post yesterday I referred to a continuing education course on ethics in the insurance industry that compiled many examples of violations investigated by the various state insurance departments. The NAIC compiled data on insurance market conduct violations. Yet even if we look only at reports for online scams, there is no way, to my knowledge, to separate the data based on age of the victim.

Department of Homeland Security (DHS)

One of the few resources is “Cyber Tips for Older Americans

DHS does not say that older Americans are at increased risk of online security problems.

I sent an email: “I have been asked by xxxxxxxxxxx to write an article on cyber threats to older Americans.
It seems difficult to find sources of original research on this topic.
Can DHS help by pointing to any available data?”

Federal Bureau of Investigation (FBI)

“Internet Fraud

As web use among senior citizens increases, so does their chances to fall victim to Internet fraud. Internet Fraud includes non-delivery of items ordered online and credit and debit card scams. Please visit the FBI’s Internet Fraud webpage for details about these crimes and tips for protecting yourself from them.

From <>

The FBI does not indicate an increased risk to seniors.

I will call the National Press Office at (202) 324-3000

National Council on Aging (NCOA)

Says the #1 fraud for seniors is Medicare/health insurance fraud:
“Their unfamiliarity with the less visible aspects of browsing the web (firewalls and built-in virus protection, for example) make seniors especially susceptible to such traps. ”


“Financial scams targeting seniors have become so prevalent that they’re now considered “the crime of the 21st century.” Why? Because seniors are thought to have a significant amount of money sitting in their accounts.
Financial scams also often go unreported or can be difficult to prosecute, so they’re considered a “low-risk” crime. However, they’re devastating to many older adults and can leave them in a very vulnerable position with little time to recoup their losses.”

From <>

NCOA provides no citations for their report or links to additional information so I presume that the comments are opinions or are speculative.

Frontier Secure (2013)

A private web site commenting on the topic in 2013 said
“Seniors are typically more trusting and respectful of official looking material than younger generations, and more worried about notices that claim there is a problem with their information that might somehow tarnish their good name.”
“These concerns increase your risk of falling for ‘official notice’ types of scams. These may claim to be from your bank, from a utility company, the IRS, or a local, state, or national government body.  Whether you get a notice by phone, mail, email, or online, the ONLY way to avoid being scammed is to double check with the relevant company or government body to see if the notice/alert/etc. is legitimate. Do not provide any information or money before you have independently checked out the information.”

“Many seniors who feel an economic pinch are also at greater risk for discount drug scams, tax refund scams, disability scams, welfare or social security payment scams, as well as ‘free money’ scams like ‘you won the lottery.'”

From <>

Again, no sources or references are provided so I presume the comments are speculative.


Ten CyberSecurity Tips for Small Businesses from FTC

Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats. Here are ten key cybersecurity tips for businesses to protect themselves:

1. Train employees in security principles
Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers and networks from cyber attacks
Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

3. Provide firewall security for your Internet connection
A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.

4. Create a mobile device action plan
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.

6. Control physical access to your computers and create user accounts for each employee
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

7. Secure your Wi-Fi networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

8. Employ best practices on payment cards
Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication
Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.

The FCC’s CyberSecurity Hub at has more information, including links to free and low-cost security tools.

“We should try to keep them out”

In his 2002 book The Myth of Rescue author W.D. Rubinstein wrote: “In July 1938 (several months before Kristallnacht) Fortune Magazine, as part of its quarterly survey of American public opinion, asked ‘What is your attitude toward allowing German, Austrian and other political refugees to come to the U.S.?’ The results were as follows:

We should encourage them to come even if we have to raise our immigration quotas    4.9%

We should allow them to come but not raise our immigration quotas     18.2%

With conditions as they are we should try to keep them out     67.4%

Don’t know     9.5%”

On November 19, 2015 the U.S. House of Representatives made the politically easy but morally indefensible position to side with those who said “we should try to keep them out” by passing bill HR 4038. I responded to my Congressman (who I normally support for his leadership):

@RepLoBiondo Ethics are not a servant of convenience. I am disappointed by the lack of leadership shown by the House yesterday re HR 4038.”

Medicare information: Are online sites safe?

I noticed that a major national publication(1) that is widely read by affluent seniors published a sponsored links section under the heading “2015 Medicare Premium Cost” that raised my curiosity and made me a little suspicious(2). I decided to check it out. The simple benchmark I used was to ask myself “Would I be comfortable referring my father to this site?“. This is what I learned:

The sponsored links page contained 14 listings. I clicked through to each of them to see what information was available and whether the sites seemed safe, straightforward and reputable.

  • Only one of the 14 was actually an information resource that did not sell any product on its page. It did link to product sales but gave an on-screen warning that “You are now leaving the Medicare information section”.
  • One of the 14 was actually just the search engine drawing traffic to its site under the search term “Medicare Information”. An interesting approach; I had forgotten that sometimes the search engines actually purchase web traffic for resale.
  • The other 12 of the 14 were actually data mining pages where you had to give personal information first (name, location, email and phone number in each case) in order to enter the site of access any meaningful information. It would be naive to not realize that these collected leads are heavy marketed in various formats, sold and resold. Personal information on seniors looking for Medicare information are likely to be among the most valuable types of sales leads for a range of other product sellers. These sites do not limit the use of consumer data once they collect it.
  • Two of the sites were obviously misleading in that they advertised “Medicare Plans” or “Medicare Insurance” in the title when they were actually selling Medicare supplement insurance. In my opinion, these violate insurance market conduct rules.

Overall, I was disappointed in the quality of the “resources” in this exercise. I conclude that the best online resource for information about Medicare is still the government’s official 160 page national handbook “2016 Medicare and You“.

Individuals who want personal assistance with Medicare issues seem to have two basic options:

1) Give their personal information and allow the product provider to enter them into a marketing campaign and have a sales representative contact them, or

2) Hire a personal adviser and have their adviser do the legwork for them. This second option is further limited since the number of financial advisers skilled in Medicare insurance issues are few and most of these, I suspect, receive compensation as commissioned sales agents. It is not that the commissioned agent approach is wrong (in fact I believe it is the best option for most people), but it is important to recognize from the start that this creates a conflict of interest situation to the client that should be disclosed by the seller and understood by the client. A relative few individuals will be able to have their fee-only financial adviser recommend options on Medicare and supplemental coverage.

The most common tradition sources may still be the most practical. Friends, magazines, print advertisements, etc. have been common sources of information on Medicare, Medicare replacement plans and supplemental insurance.

The federal government and state insurance departments have long held the position that seniors searching for Medicare-related insurance products are vulnerable to unscrupulous or misleading sales practices and sometimes outright fraud. It appears that there is plenty of evidence to support these concerns so it seems that this topic of online Medicare product marketing deserves more regulatory attention.


(1) The publication was The Wall Street Journal but I omitted the name in the article because I don’t want the post to be a criticism of them; it could likely have been any publication that takes a similar approach to online advertising.

(2) I recently completed an online professional continuing education course on the topic of ethics in the senior insurance market that expanded on these risks. The list of schemes discovered by regulators and the number of prosecuted cases is overwhelming.

Web traffic trends at

This is the mid-month report of all organic web traffic data for the 30 days ending 11/15/2015. is the largest single source of traffic but other sites and blogs contribute including those under the name Freedom Benefits.

Number of visitors

My total web user traffic including the web sites and blogs is 150-200 on weekends and 300-500 on weekdays. (The web site traffic monitor services I use are Sitemeter, Google Analytics and WordPress. Sitemeter and Google Analytics do not integrate with the WordPress blog traffic monitor so I make an arbitrary assumption that 50% of the traffic is overlap hitting both counters and so I my traffic reports are calculated on this adjusted basis).

Web Traffic trend

This level of user traffic has been stable for several years despite my efforts to boost traffic though more relevant and actionable content. It is puzzling that despite investment of time in improved and more relevant content for a broad-based audience traffic has not increased.

The most encouraging trend is that page views on my own websites have increased over the past 30 days indicating that visitors are looking at more content and/or I have fewer “bounces” after viewing a single page. The rolling average (this form of measurement converts the weekend/weekday variance into a smooth  sine wave to indicate the longer term trend) daily page views increased from about 430 per day to over 500 per day. This finding is significant and is consistent with the observation below related to changing source of traffic.

page views


Throughout most of my online history Google organic search was the primary source of traffic but recent indications are that social media “click-through” from my posts on Facebook, NJCPA, Google+ and LinkedIn is a growing source of traffic that now contributes 15% to 20% of overall traffic. None of this traffic is purchased although I do use paid traffic promotions through social media accounts for unrelated web sites that are not included in this report.

Conversion rate

The “conversion rate” of visitors to any type of personal action (call, chat, email, web form inquiry) is about 1 in 100 but revenue-producing conversions are less than 1 in 1000.

About 1 in 15 visitors to an insurance-related web page request quotes but among these less than 1 in 100 actually purchases a policy that is reported as revenue.

My overall conclusion remains that I am better-skilled at drawing web traffic than using it.


Get every new post delivered to your Inbox.

Join 395 other followers