Most companies now realize that it is essential to have a website if they are to grow and maintain their business. That website should also be mobile friendly so that the increasingly large audience who do everything on their smartphone phones can see what you are offering. You might very well decide to use WordPress since this is a very popular website software. Continue reading “Should I use a Drag and Drop theme with WordPress”
This article is contributed by Lucy Barret.
WordPress is the most prominent software platform and is used by millions of people to create and develop a professional looking website. Indeed most businesses and organizations are building their websites on WordPress. It is one of the easiest platforms that allow even a non-technical person to make changes in their site or blog without any complications. Continue reading “Misconceptions That Many People Have About WordPress”
This article is contributed by Steven Boggs.
The WordPress content management system (CMS) gives its users access to an unprecedented array of site construction, expansion and maintenance tools. With these, attached to a hosting account and private domain, almost anyone can create an awesome, high quality website of varying complexity in no time flat and with little or no programming knowledge. Continue reading “WordPress Plug-ins for More Effective SEO”
The best way to ensure a web page ranks well in Google keyword searches is to make sure it is the only one on the web that includes the content on the page. In this way you avoid several web pages all having a somewhat equal possibility of being judged relevant for the particular keyword search. This increases the chance that this unique page will outrank other quite independent web pages that cover the same topic. That’s the theory and it seems to work out well in practice.
WordPress is a great software for producing blogs but out-of-the-box the WordPress content management system produces a series of pages that all contain the same content. Just see the concerns expressed in this WebmasterWorld thread about WordPress And Google: Avoiding Duplicate Content Issues where several coding suggestions were offered to avoid the problems. More recently, David Bradley has suggested that something called the canonical link element can be the solution to Avoiding Duplicate Content Penalties.
We should quickly add that this is not an inherent weakness of WordPress alone since many other CMSs will suffer from similar problems. It is a well known problem and you can find an excellent article on how to Avoid Duplicate Content on WordPress Websites, which gives the appropriate steps to take. The most important step of all is to have the right robots.txt file.
I wondered how well people were grappling with this duplicate content problem and decided to check out some of the Technorati’s Blogger Central / top 100 blogs. In particular I thought a check of their robots.txt files would give an indication on whether they had tried to solve the problem. Here is what I found for the robots.txt files for the most popular 8 blogs.
- The Huffington Post
- Boing Boing
- Ars Technica
- Stuff White People Like
As you may notice, the most popular blogs seem to have a singular disregard for this issue with minimal robots.txt files. As you come down the list, it would seem that even these top blogs realize the importance of limiting what the search engine robots crawl and index.
This could have resulted in many extra web pages that humans would likely not see but search engine spiders would certainly crawl. Changes were made in the site architecture to avoid this. To avoid other potential duplicate content problems, the current robots.txt file for this blog appears as follows:
Getting the robots.txt file correct is one of the easiest ways of increasing the visibility of your blog pages in search engine keyword searches. Leaving two essentially similar web pages means that the two divide up the ‘relevance’ that a single web page would have. That means approaching a 50% reduction in potential keyword ranking. Perhaps the top blogs can ignore such improvements but most of us should not. Check out what the spiders may crawl by doing an evaluation of your website with Xenu Link Sleuth. We should carefully consider our robots.txt files and make sure they are doing an effective job. Is yours?
Andy Beard added a comment that he has concerns about using the robots.txt file as a solution to the WordPress Duplicate Content problem. He explained these in a post some time ago called SEO Linking Gotchas Even The Pros Make. There is much food for thought there and we will follow up in a subsequent post.
The WordPress blogging software is quite rightly immensely popular. The Open-Source community that supports it has developed a whole raft of supporting code and applications that make it a pleasure to use.
This blog and the other SMM blogs now have a slightly different look. This is because we are now using a feature of WordPress, Multiple Loops. The beauty of WordPress is that the concepts are all very easy to understand. This particular feature will hopefully give much more reader satisfaction.
There are two elements to the change. The first is that you will now only see one blog post when you visit. Although Google tries to be helpful, it can occasionally provide more from a blog that you wish to see. Now you will see precisely the blog post that is relevant to your keyword query.
The other element is that at the bottom of this single blog post you will now see a list of the most popular blog posts as determined by our visitors. If you like what you see in the initial post then perhaps some of the other blog posts may tweak your interest.
The changes to the theme required for this new look are very straightforward. Hopefully this simple explanation will help you apply this same approach to your blog if you so wish.
The WordPress Loop
Web pages in a blog are produced by WordPress templates. These are files with names such as index.php or single.php. Within these template files, the heart of the WordPress software is code which is called The Loop. The WordPress Codex gives a more detailed explanation of The Loop In Action.
The content of all blog posts is held in an associated mySQL database. When a blog web page is displayed, the web page will show certain information for every blog post entry that fits the particular database query implied by your selection of web page. For example, if you want the most recent blog post, then the loop picks up only the information on that blog post. This is illustrated by the following image of a WordPress blog page.
When you visit the home page of the blog, you are often seeing a series of blog posts that are created via the file named index.php. The number of blog posts is selected by the blog webmaster. For example if it is arranged that the blog would normally show the 3 most recent blog posts, then this is illustrated by the following image.
When Google sends you to a single blog post to fit your keyword query then you are often seeing what a file named single.php produces by applying the loop. Normally in the index.php and the single.php files, the loop starts with the following code (note that a space has been inserted after < in the following code samples to ensure the code could be printed.):
< !-- start of the loop --> < ?php if (have_posts()) : ?>
The Loop is then all the code before a final < ?php endif; ?> terminates the Loop (again as mentioned a space has been inserted between < and ? to allow this code to display correctly).
As mentioned the new feature is that we are now using Multiple Loops in the WordPress software. The following image shows what is being displayed. The first post is produced by a first Loop. The list of Most Popular Posts is then produced by a second Loop.
In order to have only one post appear in the first loop, we use a Template Tag, query_posts. This query_posts tag can modify what the Loop accesses from the database. In this case we wish to have only one blog post to appear so the first Loop starts off as follows:
< !-- start of first loop --> < ?php query_posts('showposts=1'); if (have_posts()) : ?>
The only complication here is that as entries are taken from database in The Loop, the database software maintains a count of the data that has been used. Normally other applications of the Loop will access only new data since past data has already been accessed. In order to see the posts which are of interest, we use another WordPress Template Tag as the second Loop starts to reset the count. This tag is the rewind_posts tag.
In order for the list of Most Popular Posts to be displayed, a new category, popular, has been created. When visitor traffic confirms that a blog post is popular, then it is assigned to this category in addition to whatever category may have been appropriate.
The code to start the second Loop to achieve the effect shown here is as follows:
< !-- start of second loop --> < ?php rewind_posts(); query_posts('category_name=popular&showposts=-1'); if (have_posts()) : ?>
Other Benefits Of This Type of Display
In addition to displaying popular posts for greater visitor satisfaction, this also ensures that such posts have more links pointing to them. This should ensure greater search engine visibility for these posts. In all, this format would seem to have only benefits. It will be interesting to see what reactions blog visitors have to this new format.
For good SEO, choose the right title.
As we all spend more time in social media, such as Facebook, Digg, StumbleUpon or Sphinn, the ability to write catchy headlines becomes as important as it ever was. If someone skimming through a list of possible topics is intrigued by your headline, then they may dip in to find out what it’s all about. That’s why Brian Clark suggested you should be writing Magnetic Headlines. If you were using WordPress to write your blog, then you would presumably put that catchy headline in that field labelled Title. It all seems so easy, but in fact it’s a little too easy. In what follows to avoid confusion, we’ll call what appears in that WordPress Title field the Headline.
Although your Headline may be written to attract human beings, it may not work well in a search engine keyword ranking. Since the largest proportion of the traffic to your website will come via search engines, it may be worth using something that the search engine robots will find attractive. The problem is that WordPress uses the expression in that Title field in a number of different ways. It is of course used as the headline in the < H1 > heading for your blog. It is also used as the Title element in the head of your blog page. This is the text that appears in the bar across the top of the screen. If you have nominated Pretty Permalinks, then the WordPress will also use the same text to develop the URL for the post.
Creating Optimal Titles
This is where the dilemma arises. The Title in the head of the blog page is very important in search engine rankings. The URL may also have a slight effect on these rankings. Optimizing the text for search engine robots will likely produce something, which is not necessarily one of those Magnetic Headlines that was being suggested.
Luckily help is at hand from a variety of sources. For example, Stephan Spencer and his colleagues have developed SEO Title Tag 2.1.3, which allows you to specify a Title for the blog post, which can be different from the headline. A more complete solution is provided by the All in One SEO Pack PlugIn from Uberdose. This not only allows an independent title but also has a number of other useful features. Even used ‘out of the box’ with default settings the PlugIn will achieve a good part of what is needed to optimize your blog posts for the Search Engines. Katy Castro has a good description of how to use it.
Getting the Meta Description Right
An equally important element in getting search engine traffic to your blog post is the text in the Meta Description for the blog post. The All in One SEO Pack allows you to prepare a separate description for each page. If you don’t, the default is that it will take the first 155 or so characters from the start of the post and use that. That avoids a problem Google has in indexing blog posts that all have the same Meta Description. Checking your website with the Google Webmaster Tools website will tell you whether duplicate descriptions is a problem for your blog.
By writing the most engaging description of your blog post in 155 or less characters, you increase the chance that this is what Google will show in its search engine report pages (SERPs). Most such snippets are a jumble of words that Google selects to try to show that its selection may be relevant to the keyword search. A well-crafted sentence will encourage many more visitors to click through to your blog post.
Although the Keywords MetaTag is of limited value nowadays, the plug-in does allow you to specify what keywords are most appropriate. Again if you do not specify keywords, the plug-in will select keywords by default from either the categories or from any tags that post may have.
The URL Of The Blog Post
A secondary factor in the optimization of the blog post is the URL for the blog post. Selecting the Pretty Permalinks option is one important step here for a WordPress blog. Unfortunately as mentioned above, this is again derived from the Headline of the blog post. You will find the text used in the Post Slug element in the right hand column of the Edit screen. It is derived by taking the Headline of the Post, putting all letters in lower case and adding hyphens between the words. This is not something where the All in One SEO Pack PlugIn helps. However as the WordPress Codex recommends, if you want to create a more memorable URL, then you can create such a one using lower case words and hyphens. Often taking the Title you have derived for the All in One SEO Pack PlugIn and converting it will be a good way to go.
Users of the All in One SEO Pack PlugIn are effusive in their praise of how well it works, even using it ‘out of the box’. If at least for your more worthy blog posts, you go the extra mile by crafting individual entries for the PlugIn, then you will see a significant increase in your visitor traffic. If you want to see how such a post appears, you can check this post. The headline was of course, Headlines Are For Humans, Titles Are For Robots. However in the Title bar at the top of the screen, note the Title of the post, Write SEO Titles For High Rankings. A version of that also appears in the URL. Check the description by viewing the source code. It’s all extra effort but a very good use of your time.
The previous two articles in this series have suggested ways to combat the ever-increasing hack attacks that WordPress blogs are receiving. In this final article, we will discuss some real-life examples and what can be learned from them. As a disclaimer, it should be noted that some hackers are very skilled and are continually improving their methods. These are anecdotes from the past and the future will undoubtedly be very different.
Typical Hacking Exploits
For specific details of typical hacking exploits, the following accounts are particularly good:
- Is your WordPress Installation Compromised? Al Gore’s is – by Stuart McKeown (12. Nov 2007)
- Matt Heaton (Bluehost and Hostmoster CEO) WordPress blog Hacked by Mick Jagger from Moscow – by Noah (3 Dec 2007)
- Blackhat SEO Spammer targeting High PR WordPress Blog – by Noah (14 Feb 2008)
The methods used in these cases are probably all the work of one hacker, by nickname goro, who may well have been one of the commenters on the first of these three posts.
We will not go into the specific details here (since they will undoubtedly evolve), but rather discuss the bigger picture associated with these exploits. In the case of the hacking done on the SMM blogs, there were some clever refinements. The mechanism inserted on the domain generated hundreds of random, unique blog post web pages, which included links to online pharmaceutical web pages. Since the websites were well ranked in Google, many of these hundreds of blog posts were served to the search engine spiders as they made their visits. After a period of hours, the mechanism then stopped. This may have been to avoid a huge spike in traffic, which would have been more easily detected.
How Google May Have Rewarded Their Efforts
During the last two or three months, Google has been giving much more rapid visibility and higher ranking to blog posts in its regular web search. In the latter part of January, blog posts appropriate for particular keyword searches would appear within a small number of hours in the regular web search. The algorithm may well be using the RSS news feeds associated with the blogs. This gave particular prominence to the blog posts generated by the hacking mechanism. They would almost always appear among the top five positions on a search for particular online pharmaceuticals and often in the first position. Presumably this gave a significant economic advantage to the hacker.
Although the hacking mechanism was removed within 36 hours, the false and now non-existent blog posts still persist in the Google index over 3 weeks later. In some cases the cached versions of the false blog posts are still available.
An interesting parallel development during this time is that Google Blogsearch now has a delay of a few days in displaying new blog posts. Until recently such a new blog post might have appeared within an hour or two, since it was triggered by the pinging of the RSS news feed. Whether this is a reaction to a large volume of blog posts generated by hackers one can only surmise.
How To Repair The Damage
Hopefully this series of articles has sensitized you to the dangers of hacking. This should prompt you to maintain a constant vigil so that any hacker intrusions will be spotted rapidly. You should also as Wayne Liew suggests regard WordPress Upgrades as a Must. The continuing improvement in security may not serve to keep out hackers but at least it may encourage them to attack an easier prey.
If your WordPress blog is hacked, it can be quite a challenge to find out what has been changed. Sometimes the hacker may have modified files deep within folders that are not normally touched in upgrading, such as the images folder or the wp-content folder. Checking the size in bytes of particular files compared with versions in the most recent backup will reveal suspicious differences. Sometimes the .htaccess file may have been modified to create additional and inappropriate mechanisms. In such cases, you’ve got to make sure that you eliminate all such additions to the website. If you have backed-up a clean version of the website recently, it might be better to take down the website and replace it with a clean version.
This is the second in a series of articles on how WordPress blogs may be hacked.
Unfortunately it’s becoming a more and more frequent occurrence, even though some seem unaware it has happened. If you have not yet read the first article, WordPress Blog Hacked, you may find it useful to do so before reading this follow-on article. However it is not required reading.
You may naturally feel that calamities such as your house burning or your blog being hacked only happen to other people. It’s not true and it’s always wise to take precautions. Just imagine returning to your home one evening and finding it in flames. You close your eyes and cannot imagine it’s happening to you. You open them again and it’s all still flames.
How can you recover from such a tragic event. That is why most of us take out insurance and have security alarm systems to prevent such happenings. The more valuable your house, the more you are willing to invest in the right level of protection.
Getting your website hacked can be an equally unwelcome experience. Just see how Anita Campbell describes it in a recent article, Hacked: It Could Never Happen to My Site (Famous Last Words).
On Christmas morning, I tried to open this site as I normally do first thing in the morning, just to do a quick check. The home page of the site was completely blank! Nothing. Nada. I could not post anything new, either. I realized that a cracker had hacked the site. As I investigated later that day I discovered quite a bit of damage to the site.
Imagine seeing that blank screen. It’s as devastating in its own way as all those flames consuming your house. However if you think that is what happens when a site is hacked, you haven’t come up against the latest generation of skillful hackers. You won’t be aware that they have come in and taken over the attic of your house. They may create thousands of parasite webpages on your server without changing the physical appearance of your blog. That is what happened to the two SMM blogs that were hacked two weeks ago.
The first part of the security plan for your blog must emphasize vigilance. If you’re Al Gore or Matt Cutts, your blog is valuable real estate. Its traffic represents real economic potential to a hacker. Just as for a palatial home, you should invest in significant security systems. However for reasons we will discuss in the third article in the series, even more modest blogs are attractive to hackers. What you must do is to determine what you believe the risk of hacking to be and then invest an appropriate amount of effort in protecting against that.
If your blog is worth hacking, then likely it will be hacked so as to give the maximum time before you detect the intrusion. As will be explained in the next article in this series, hackers may only need access to your website for a few days to gain full value for their efforts. You will notice that Anita Campbell’s blog was hacked on Christmas Day. The two SMM blogs were hacked one Saturday morning. One important lesson is to never leave the blog unattended for too long.
There are two simple ways of checking whether intruders may be ‘in the house’. The first and easiest step is to check the source code of your blog. Just visit the blog and then use the View choice on your browser menu to examine the Source. With Firefox if you prefer you can use < control > U to see the source code in a different window. It may be this will show some lines of code or hyperlinks that should not be there. If you have followed the steps to be described later, then hopefully the code is as you expect it to be. A very rapid way of checking changes in source code is given in the article, Fast Alarm For Hidden WordPress Hackers.
Another way is to examine the traffic to your website. If there is an unexplained and massive increase in the volume, then this may be a sign of trouble. Similar increases in traffic may be seen in other analytic programs such as Google Analytics or SiteMeter. However depending on what hacking has been done, the increased traffic might be hidden from these tools.
To avoid these intrusions, there are certain recommended steps which are described below. As was mentioned in the previous article in this series, the best you can do is to ensure that your blog is as secure as you can make it. There are a host of other blogs that are insecure, and that may be your biggest protection.
Upgrade to the latest version
The most important recommendation that cannot be emphasized enough is to always upgrade to the most stable recent version of WordPress. The WordPress community is very active and as security holes are spotted, then as quickly as possible they are plugged. This does not guarantee that hackers will be kept out. However they may choose to attack earlier version blogs that have easier access holes.
You should also upgrade to the latest version of any plugins that you are using. A plugin may well be written by a single volunteer author so less attention may have been paid to security considerations. You should do a little research on each plugin you intend to use to make sure that others have not had security concerns about it. It is also recommended that you put an empty index.html in the plugins subfolder. This prevents anyone checking that folder and receiving a full display of all the plugins being used.
Harden Your Administration
In addition to working with the latest version of WordPress, there are a number of steps you can take to make hacker intrusions more difficult. The references below explain in greater detail what is involved. Here we summarize only the more important points.
Having user names and passwords that are not easily cracked for access to the blog administration panel is critical. In addition if you have a highly visible blog then you might wish to use the Login LockDown Plugin. This blocks access to the administration panel for a certain period after a small number of incorrect attempts.
You can also restrict access to the admin folder by having an appropriate .htaccess file there. This would specify the IP addresses for those who have rightful access to the folder. This would take the following form:
deny from all
# whitelist home IP address
allow from 188.8.131.52
# whitelist office IP address
allow from 184.108.40.206
The extent to which you go beyond these steps should be based on your assessment of the risk of being hacked. The references spell out the possibilities.
Hardening WordPress – WordPress Codex
Three tips to protect your WordPress installation – Matt Cutts
5 WordPress Security Essentials – Lee Robertson
How to Protect Your WordPress Site – Anita Campbell
Protecting Your WordPress Blog – Lorelle
The final article in this series is How WordPress Blogs Are Hacked.
It’s hardly news. Hacking into blogs is far more prevalent than you may think. A Google search for ‘My Blog Was Hacked’ gives a count of over 2,770,000 web pages. I regret to say that this blog was hacked into by a real expert some 10 days ago. Since then, I’ve done a great deal of exploration and frankly it’s all very fascinating.
In this post, you will find hints on how to stay vigilant so that you will be aware if your blog is hacked. In a subsequent post, I will give some more advanced tips on how to stay vigilant and make your blog more secure. In a final post, I will describe some of the results of such hacking activities.
An underlying realisation in all that is written is that some hackers are extremely knowledgeable and skillful. The best you can do is to ensure that your blog is as secure as you can make it. It then is like the old joke about outrunning the bear. You don’t need to outrun the bear, but only your buddies who are with you. There are a host of other blogs that are insecure, and that may be your biggest protection.
Whose Blogs Get Hacked?
WordPress is quite rightly enormously popular software for writing blogs. As more and more people use it, it becomes a more interesting target for hackers who try to exploit any weaknesses in the software.
It was not surprising to see items such as WordPress 2.1.1 Dangerous, Upgrade beginning to appear early in 2007. Nor was it difficult to believe that Matt Cutts WordPress Blog had been hacked, when this appeared on April 1, 2007. That was a spoof but since then there have been many real hacking incidents. Al Gore’s blog was, according to Stuart McKeown, as was the WordPress blog of Matt Heaton (Bluehost and Hostmonster CEO). It continues unabated as Stephan Miller and members of the WordPress Support Forums can testify.
How Will You Know If Your Blog Is Hacked?
The real problem is that you may not realize your blog has been hacked. There may be no visible trace of the hacker’s work. The hacker may wish to boost the search engine visibility of online non-prescription medications or pornographic websites. It is done in such a way that it is hidden from prying eyes.
One useful test is to look at the source code for the blog. In Internet Explorer this can be seen by clicking on View > Source. In Mozilla Firefox, this can be seen via View > Page Source or from the keyboard by pressing
Make Your Blog More Secure
Matt Cutts has given some useful tips to protect a WordPress installation. The most important of these is to ensure you always have the latest and most secure upgrade of WordPress. It is perhaps fitting that this blog post appears when WordPress version 2.3.3 has just been issued. This topic will be covered more fully in a subsequent blog post.