3 x 2 Minute Jobs To Save Your (Substack) Sanity
And a reminder about my workshop
Hey there, Karen here,
I’m breaking my policy of only emailing you once per week (forgive me!) because I want to remind you about my upcoming workshop. It’s 4 sessions. It’s limited to a small group. It’s where we’ll work on your Substack together. It’s where you’ll meet other writers to support and grow together. Want to know more? Reply to this email or send me a DM.
Here are 3 quick jobs you can smash out today that will save your (Substack) sanity later.
We’re seeing more fake accounts and more bot activity on Substack lately, and I expect this will continue to increase as Substack becomes more widely known and attracts more legitimate users.
This means we’re all at greater risk of having our accounts hacked than ever before.
If you think your account wouldn’t be useful to any random hacker on the other side of the world, think again. My food safety website is utterly insignificant by world standards, and yet it experiences more than 10 million hacking attempts per week.
Yup 10 million attempts to break into the admin section of my teeny website. Incredible!
Why? Because if a hacker gets in they can plant some code in the website database that might be useful to them one day. Get that code in ten thousand teeny websites and they have a powerful distributed network for doing bad stuff that’s hard to find and harder to dismantle.
For Substack, hackers probably want to get in for different reasons, but it doesn’t matter. We don’t have to know why an account might be useful to a hacker. We just have to know that it’s extremely cheap and easy for hackers to send millions of bots out to search for vulnerable accounts and grab them.
Don’t let yours be the lowest hanging fruit.
Job 1: 2FA (2 minutes)
Set up two-factor authentication (2FA) on your Substack account.
I resisted this for ages thinking it would be annoying, and that I would be prompted with extra authentication every time I sat down to write. Not so, the 2FA on my accounts rarely activates and I haven’t found it at all inconvenient.
2FA will help keep your account safe, so you don’t get locked out and lose access to all your hard work.
To set up 2FA, go to your personal settings (not your publication settings) by clicking on your profile picture, then choosing Settings from the menu that appears (or go here: https://substack.com/settings). Once in settings, scroll way down the page to ‘Security’.
To enable 2FA you first need to set up your recovery questions, which are used if you lose access to your email or authenticator app. After setting up recovery questions you will be able to turn on 2FA.
Personal profile > Settings > Security > Turn on recovery questions > Turn on [button]
Personal profile > Settings > Security > Turn on two-factor authentication > Turn on [button]
Job 2: Export subscribers (2 minutes)
If something goes wrong with Substack (the platform) or you get locked out of your account and can’t publish there, having a copy of your email list will let you start again on another platform or with another account.
Yes, it would suck having to start over, but at least you’ll have your audience.
Exporting your subscribers is a one-minute job. But don’t forget to spend another minute saving your exported file somewhere safe too.
Export your subscribers from the ‘Subscribers’ tab in your publication dashboard.
Publication dashboard > Subscribers (tab) > Export [button]
After exporting the file, be sure to keep it secure. It contains your subscribers’ personal information, and you are required by law to protect that from being stolen or shared without their permission.
Job 3: Back up your posts (2 minutes)
Finally, back up your posts. These can be reimported to a new Substack publication if you somehow lose access to your current account, or uploaded to a different publishing platform if you need to switch.
Back up your posts from the Import / Export section of your publication’s settings.
Publication dashboard > Settings > Import/Export > Export your data > New export [button]
Again, be sure to save your export file somewhere safe.
🍒🍒🍒
Okay, that’s it for now. Enjoy the rest of your week.
And if you want to join me and a close-knit group of creators to power up your Substack in 2025, let me know and I’ll share details of my upcoming workshop. There are still a few seats left.
Thank you, Karen! I’ve noticed a lot of strange subscribers in the past few days. My count goes up and then goes down. I know Substack is trying to keep them out. I feel safer now because of you!
One tiny extra step: I have all my Substack subscribes and unsubscribes synch to my email marketing platform (I use Kit, formerly ConvertKit). How? I have email notifications turned on for Substack, and then I use Zapier to connect Substack with my Email Management System via Google Mail. Then I don’t need to remember to export subscriber list periodically- it’s all synched all the time. And there are things I can do in Kit I can’t do in Substack…like email journeys…so it’s actually beneficial to have the list in both places. Then, so that I don’t get all those subscribe/unsubscribe notifications from Substack as they happen, I have a filter on gmail that has those email bypass my inbox and go straight to archive. Zap still runs, but I don’t get emails in my inbox.