WordPress STD’s

WordPress STD’s (Security Transgression Defilements) are a common occurrence. WordPress-powered websites are far from being immune to hackers, although the latest release/s address many earlier security issues. WordPress, like other content management systems and forums such as phpBB, vBulletin, is a major target for hackers and spammers. Basic prophylactic measures, or condoms for WordPress STDs, need not be complicated or expensive.

Those involved in hacking WordPress usually want to use the sites as concealed (cloaked) link farms. Its rare that actual damage is done to your site, and often the site owner remains blissfully unaware that there’s been any interference. Some of the link injection systems are extremely sophisticated! Testing for enemy action can be as simple as opening your site and choosing View / Source and reading through the content of the section down to, and including, the tag. The link injections I’ve seen are usually immediately after . Is there a long string of HTML code containing links to dozens of sites you know nothing about? If there is, you’ve been violated, and have a WordPress STD (Security Terminated Deficiency)!

This article is not about fixing security violations. Its about simple prophylactic measures most “non-technician” site owners take. This is not slick and professional security strategy, and there are some who will scoff at using “security by obscurity” as a primary tactic. However, even on a tight budget, the following 12 zero-dollar steps can and should be taken to minimise the possibility of attack.

1 – Always Use the Current Version
Why anyone would persist with an older version is beyond me. Upgrading has always been easy enough, and recent versions reduce the pain to a button click! The community of authors work extremely hard and surprisingly quickly to address known security problems.

2 – Remove Primary Target Identifier
Remove the Powered by WordPress credit details in the footer of your website’s theme – e.g.; /wp-content/themes/the-current-theme/footer.php. This is the fastest way to reduce the chances of the ill-intentioned finding your site in the first place! Try it – do a search on Google for “Powered by WordPress” and you’ll get the picture… At time of writing, there are 106 million competing page opportunities out there for hackers!

By all means give WordPress the credit they deserve – but you could do it on your links page, or make it a graphic / image link instead of text…

3 – Remove Secondary Target Identifier
A lot of WordPress themes come with an giveaway WP version HTML tag in the section. In View / Source it displays as follows;

Obviously, this immediately reveals the WordPress version used on the site. Since some versions are vulnerable to known security flaws, you’ve just told the hackers where they are best to start their evil work…

Removing this giveaway is straightforward enough. Simply open up /wp-content/themes/the-current-theme/header.php and delete the code that’s outputting the Meta Generator tag.

4 – Remove Tertiary Target Identifier
There is another version identifier tag in the RSS Feed output, e.g.: http://wordpress.org/? v=2.8.4 Removing the RSS version identifier can be done by opening /wp-includes/general-template.php and searching for “function the_generator”

The line immediately below that statement commences with: echo apply_filters(‘the_generator’…… Place a # character in front of the word echo, as per: #echo apply_filters(‘the_generator’ etc

5 – Remove Lesser Target Identifiers
Doing the above pretty much gets you out of the spotlight and into the shadows. You could also remove links to “Log In” from the current theme’s footer. There are 3.8 million competing page opportunities for a Google search for “wp-login.php” and its probably a good thing to not be in that list either.

WordPress also adds two easily accessible files in the directory into which it is installed; licence.txt and readme.html. Renaming or removing those is important because they also contain WP version information!

6 – Don’t Use Easy Passwords
Don’t make it easy for the hackers! Use super-difficult passwords that are impossible to guess, and not easy to crack. That applies to the hosting account control panel, FTP access AND the WordPress administration access. Ideally, high-exposure sites should use different password for each of those areas.

Recent versions of WordPress seem to have addressed the issue of directory browsing, by keeping people out of areas they should not be looking. Securing the wp-admin area via SSL is a lot more complicated than it should be. There are no well-written, easy to use plugins available for this – those that do exist appear well past their WP version use-by date. Its also far too easy to end up locked out of your site while trying to make them work!

7 – Don’t Use Default Admin ID
If you recklessly use “admin” as the default user ID, you’ve given the hacker half the pieces of the puzzle and they only have one item left to crack – the password.

8 – Ensure WP File Permissions Are Adequate
File system security is important, to prevent easy unauthorised access. There may be times when you have needed to alter permissions to edit a file, or copy files into a directory. Did you reset permissions to the correct default afterward? If not, you’ve left a door ajar… Pull it shut and lock it again!

9 – Plugin Integrity
As a general rule, only install plugins from the official WordPress Extend / Plugins repository. There at least, they are in the spotlight, and subject to some scrutiny. Installing plugins from anywhere else leaves you wide open to malware exploitation!

10 – Theme Integrity
Ok, you can go anywhere and get free themes and make them work… but can you trust the source? Can you be sure that no malware is included? Can you be sure that no security breaches are opened by insecure coding? Personally, if I want a theme, I’d rather go to a reputable source and buy one that is coded for the latest version of WP, and where some assurance is implied as to suitability for the intended purpose.

11 – Automate Your Backups
There are backup plugins that automate the process of backing up your WordPress database and emailing the file to you daily or weekly. Install and use one of them! They can be a lifesaver, for a variety of other reasons.

12 – Server, Network and PC Vulnerabilities
Be aware of the configuration of your hosting company’s web server. Is it running old versions PHP, MySQL, cpanel in a shared hosting environment? If so, that places you at greater risk than being on a hardened server with up to date tools and services running.

Never access your WP installation from a non-secure networks such as internet cafes, coffee shop or hotel WiFi systems.

Another commonsense measure is to ensure your PC you post from uses current and reputable anti-virus software that also detects malware, spyware and key-loggers.

10 Search Engine Optimisation Tips For WordPress Blogs

Search engine optimisation for WordPress is essential if you are to gain maximum traction from your efforts. Many corporate or business blogs are started with the intention of using them to;

• broaden the companies information distribution
• provide an easy way to grow the site
• provide an easy way to create fresh content
• increase the “stickiness” of the site
• generate additional qualified traffic
• increase incoming link count

However, what many people fail to understand is that the default installation of WordPress simply does not include even the most basic SEO functionality. The default WordPress installation generates unintelligible URLs, generic Page Titles and neither Description nor Keyword meta-tags. Thus, the chances of achieving the desired goals is severely compromised! That search engines hate duplicate content is a given – and 3 of the key indicators are page URL, Title and Description!

Fortunately, SEO for WordPress is facilitated by the concept of “plugins” or easily installed mini-applications which provide specific functionality. They do so dynamically – in other words, once installed the applications automate the process of generating accurate outputs, with no manual efforts required by you. Here are ten essential enhancements to WordPress that will make a huge difference in the qualified traffic your blog delivers to you!

1. Page Names or URLs

This is controlled by the Permalinks setting – the default produces garbage URL’s which give no indication of the actual page or post content. However, its not particularly difficult to have every page URL show as a keyword-rich plain-English file name with an HTML extension! This can be based on the post title or Slug, so you have precise control over the page name / URL. Achieving this simply requires the use of the Custom Permalink option.

2. Titles

The Optimal Title plugin provides a quick solution – once installed it dynamically inserts the post title into the pages Title tag, in front of the Weblog title you have set. This facilitates keyword-rich titles specific/unique to the page / post. Accurate titles are the single most important on-site SEO element.

3. Description Meta-tag

There are several plugins that dynamically provides good Description meta-tags. The one I like is Head-Meta-Desc as its a no-brainer to install, and by default uses either the optional excerpt if present, or the first 20 words from the first paragraph of the posting. The only thing I change is to edit the number of words it takes – from 20 to 30, which usually produces a Description tag containing 180 – 200 characters.

4. Keyword Meta-Tag

To produce an accurate page-specific keyword meta-tag, I use Ultimate Tag Warrior – a keyword meta-tag is an on/off option within this plugin, and it dynamically produces keywords based on post category + tags used in the post. That’s not all it does!

5. Tag Management

When you see the word “tag” in the blog context, simply think “keyword.” Tags are the blogger’s version of keywords, which are “pinned” to blog post to help categorise them, and find them, or similar / related posts again. The Ultimate Tag Warrior plugin previously mentioned will manage your tags for you… the ultimate convenience being the drop-down list of tags available on new posts! This speeds up the tagging process, and assists in tag name consistency. UTW provides various options for displaying tags on each post – as a list, as a tag cloud…

6. Google Sitemap Generator for WordPress

A sitemap is a key SEO tool to ensure pages have the best possible chance of being found and indexed by search engine spiders. This plugin creates a Google-compliant XML-Sitemap of your WordPress blog, including homepage, posts, static pages, categories and archives. This plugin also notifies Google whenever the sitemap gets regenerated – which happens automatically every time a new post is made!

7. Categories

Use them wisely! take care to use keyword-rich, accurate Category names, these will be used in URLs, and in keyword meta-tags.

8. Post Titles

Use them wisely also! Keyword-rich, accurate post titles can make the world of difference to your SE rankings. Coupled with Optimal Title, the post title is going to be the first section of the Page Title. Each post title should include a relevant keyword / keyword phrase…

9. Maximise Blog & Ping Potential

There are services that scan blogs regularly for updates, and publish the recent updates. To derive the benefit of that, you need to add an expanded ping list to the Options / Writing / Update List. By default, WordPress only pings the Pingomatic service with new posts. There are a growing number of other distribution services that you need to be notifying, to get the best results.

10 Blog Search Engines & Directories

You must manually submit your blog to 100+ top blog search engines and directories to gain maximum traction. Registration on those offering ping services ensures that your blog’s update pings will be accepted and processed by them.

If you implement these 10 simple WordPress search engine optimisation modifications to your blog, I can guarantee you will achieve a huge boost in traffic flows! If you need help, its part of what we do…

Blog Search Engine Optimisation

As mentioned in previous posts, using blogs to generate additional traffic for your primary site can pay huge dividends. Just “doing it” can mean significant increases in traffic, but what you really want to do here is – as in your main site – generate qualified traffic.

Content Creation Discipline

By that, I mean you want to draw in people who want exactly what you offer. That requires a disciplined approach to content creation;

• Research and consider carefully what your post is about, and know why you are writing it – the objective!
• Identify the keyword phrase/s that people are using to find information relevant to the topic you will write on
• Ensure you place keywords in the post title, and early in the first paragraph, with some additional emphasis on the words, such as bold / italics
• Include “exact match” keyword phrases throughout the body of the article.
• Add tags/slug i.e. a short list of specific relevant keywords – this may be used in the post page Keyword meta-tag.
• Write a concise Excerpt, loaded with keyword phrases – this may be used in the post page Description meta-tag.
• Use the Spell Checker!!! This article may be the first introduction a potential client has with your business.

Remember that “You NEVER get a second chance to create a first impression!”

Business Blogs Should Inform & Educate

In a business blog, which is there to inform & educate potential clients about aspects of your business, try to provide useful information, without a blatant sales pitch. By all means, encourage readers to “Inquire about Free Personal Advice” or “Contact us for More Information” but don’t overdo the sales pitch. Your goal is to convey your depth of knowledge and experience, and build credibility.

Blog Search Engine Optimisation

To maximise the penetration of your Blog posts, it is not sufficient to just write it and forget it. You need to ensure that your Business Blog is properly “optimised” to produce unique, accurately categorised, and clearly labelled content. This requires a SEO package implementation on your blog to ensure that your Posts, static Pages and Category pages are UNIQUE! We think WordPress is the fastest and easiest blog platform to customize. It also has a comprehensive array of free SEO options, and following comments are specific to WordPress.

This is best done dynamically, with installation of plugins that provide automation of;

• HTML Page URLs – using mod_rewrite to generate verbose, keyword-rich page file names.
• Page Title Tags – if you write good post titles, these can be used verbatim in the Title Tag.
• Page Description Meta-Tag – uses the post Excerpt, or the first 20 words of 1st paragraph.
• Page Keyword Meta-Tag – used the post Tag or Slug to generate keywords.

Accurate Content Cataloguing Pays Dividends

The combined impact of attention to detail in posting generation and publishing, plus Search Engine Optimisation finesse on the page production, will deliver dramatic improvements to blog traffic. At the same time, it will ensure that visitors get exactly what they were seeking, due to the resulting accuracy of your blog content cataloguing efforts.

That will encourage them to bookmark the site, or specific page, and to come back looking for additional details.

Yet Another Insightful SEO Article by; 

Ben Kemp, aka The SEO Guy (Co. Ltd)

Web: http://www.comauth.co.nz/ – www.theSeoGuy.co.uk – www.TheSeoGuy.us

Email: SEO

Contact us for a Free SEO Site Review….

How to Add Your RSS Feed to Your HTML Site

One of the advantages touted by blog proponents is the ability to use your blog (and/or other blogs) to automatically add “fresh” content to your site. Search engines like regularly updated content, and will get in the habit of dropping in to see whats new!

However, as you will have quickly discovered if you’ve had a go at this already, getting the content flowing is somewhat tricky. Everybodys talking about it… but nobody’s saying hey, you can do it this way!

It depends a little on how your site is constructed. For normal people (read non-technical types) who are intent on good search engine rankings, you’ve probably had the good sense to build your site in HTML. That actually makes it a litle bit harder! It just seems that all the web-geeks out there use PHP or similar arcane web construction processes, and of course they make this stuff look easy. However, us normal people can be left sucking air a bit…

RSS to HTML – to use JavaScript or not?

There are quite a few JavaScript RSS to HTML applications available – some free, some at modest cost. My advice? Don’t go near them! The problem with JavaScript here, as in any other area, is that the search engines will simply skip right on by that section of your page. Yep, that’s right – a complete waste of time if you are trying to deliver “fresh” content that a search engine spider will find and index. 

RSS to HTML – use a hybrid PHP solution?

Nothing worth having comes easy… but hey, you know that already! Until someone comes up with a better/easier solution, you are going to have to get your hands dirty with code! What I found, after a day of searching down dead-ends, was a nifty little application called CaRP. Its a PHP-based tool, there is a free version, and it actually works! An example is midway down the page at The SEO Guys site where I’ve extracted and displayed a blog & directory feed from my own site, plus a third feed from an external site.

Achieving this took an hour or so – uploading CaRP, installing a MySQL database for it, running the configuration file, and tweaking settings to display the feed as required. A small block of PHP code must be installed in the HTML page where you wish to display the feed. Execution of PHP scripts within an HTML page has a couple of requirements.

- First, your Hosts server must be configured to allow this.
- Second, you will have to edit (or create) the .htaccess file in your site’s root directory and add a small block of code that allows script processing for your site. This can be configured as site-wide, or for a single page only.

CaRP allows multiple ways of customising the way feeds are displayed. For a start, you can set global formatting to apply to all feeds from within the config file. E.g. you might want to set a default font size on channel titles, and a different size on text within items. You might also want to change the total number of items displayed per listing, and set all links to open in a new window. (Recommended!)  

Then, within the individual HTML page where you specify the feeds to be displayed, you can add different formatting attributes to different feeds. In the example above, all site feeds are displayed as a bulleted lists.
  
For a closer look at the PHP code that achieves the current display, details of .htaccess changes, and for the download location of CaRP etc, go to the following page – RSS to HTML via CaRP

The CaRP application has good documentation, which you will probably have to read… yes, when all else fails, read the instructions!

Good luck!

SEO and Marketing Your Blog

SEO work for your blog is no different to search engine optimisation on your main site – youve got to work at it. Ok, so you’ve created your nice shiny new blog, and you’ve been adding high quality postings containing lots of useful information on a regular basis for a few weeks (or months)… whats next?

Review Your Blog

First, take stock of your blog’s set-up, and make sure its ready for debut;

1. Do your postings have some relevant key word content in the headings? If you’re intending to improve your overall ranking across search engines, remember to “optimise” the pages just as you would any other page of your site. Decide on the keyword phrase you are targeting, make sure its used in the heading. Make sure its highlighted in the body text, particularly in the first and last paragraphs.
2. Do your postings contain a “clickable” link or two back to your site? By this I mean a “proper” link in the format The SEO Guys Blog and not just your plain URL. To build traffic, you want to make it easy for people to get to your site!
3. Does each posting contain your “Author Details Panel” that credits the articles and postings to you, including your (clickable) site URL information? Make your links open in a new window – thats a kind gesture to those who’d like to return and finish reading the original page…
4. Have you made a statement of your copyright constraints, if any? Perhaps you should encourage people to copy and distribute your blog content, providing the Author Panel remains intact? That would be the best way to ensure widest distribution, and the consequent proliferation of valuable 1-way links back to your site!

Blog MarketingYou will probably want other people to read your blog in order that they may appreciate your literary genius, right? But of course, nobody know where its at yet, so you’ve got to give it some publicity. The first step should be to add a prominent link to it on your own web site, or sites – pretty obvious, you’d think? However, in all the excitement, that is sometimes overlooked!

More importantly, if you want it to start generating lots of nice new incoming links, and generating serious traffic increases, you’ve got to actively “market” your blog to the places that blog readers go… and “Where is that, pray tell me do?” I hear you say…

Well, the ping services you’ve added earlier are all well and good, but due to the volume of spam and garbage postings, some discipline had to be installed into the blog process to exert some control. Your site is no doubt “pinging” a variety of servers each time you create an entry. However, before any significant transfer activity takes place, you will have to front up and formally register yourself and your blog with as many of those services as possible.

The process is analogous to submitting to a normal search engine or directory, and pretty much for the same reasons. In some cases you may be asked for a reciprocal link – not too much to ask for the favour about to be rendered to you. In other cases, a “donation” might be requested. Before handing over the cash, have the sense to check the Google Page Rank of the site… its got to be high (6+) to be worth it!

The challenge is finding all these blog directories… so we’ve added a category on our Directory especially for links them, see; Blog Directories By the time you’ve spent a day working through the 150+ directories accessible from the various links, you’ll be in good shape to get that traffic counter ticking along. Your postings, and the consequent “ping” to the various services, should now have your content distribution flowing right along!

Good luck!

Blogs for SEO – How to Get Started

Implementing a Blog (weB log) is an excellent way to steadily increase the the depth of content on your site in an easy and efficient manner. There are numerous benefits, because a Blog, if properly used, enables you to;

• distribute new information to clients and prospective clients
• efficiently increase site content by rapidly adding new material
• provide “advertorial” material to other sites
• increase links to your site as your Blog contents are disseminated across other sites on the ‘net.
• increase “deep link” count to internal pages e.g. www.yoursite.co.nz/your-blog/archives/articles/Your_Tips
• increase traffic as people find extracts from your Blog, and come looking for the source
• increase your credibility as people find lots of useful, up to date information on your site

Utilising a Blog as a business enhancement tool is far superior to a newsletter. There is minimal trouble to get a blog up and running, but make sure you host it on YOUR site. You have the choice of establishing a “hosted’ blog on www.Wordpress.org and other Blog software services, but the greatest benefits will be accrued if you get it up and running at www.yoursite.co.nz/your-blog/

Software

In our case, we’ve used WordPress (www.Wordpress.org) an Open Source application that not only has all the required “bells and whistles” but is easy to install, set up, and manage. It has an excellent “web browser” interface that means you can add new material from your desk, or from home. Hell, you can even configure it to accept and post incoming emails from yourself!

There are some basic system requirements – your (Apache) server must support PHP, and MySQL databases. These days, that’s level of technology is available on most “basic” level hosting packages.

Installation

If you’ve got cpanel hosting with Fantastico, you can do the WordPress installation in a few minutes because the installation scripts are probably pre-installed already for you! If not, it might take a little longer, but the WordPress guys take pride in the “5 minute install” concept. It is really easy – even if you’ve got to download the application, unzip it, upload it to your site into it’s own directory, add a new MySQL database, add a user, start the configuration file and insert the database / user /password details into the configuration file, it should be up and running inside 30 minutes. Be a good idea to read through the “Read Me ” file before you start… the instructions are clear, concise, and in a logical and coherent order! Pity all documentation was not like that!

Configuration

With WordPress, there are a handful of system settings to consider once you’ve got your blog operational. Of these, I’d say the three most important are as follows;

1.) Options / Writing / Update Services

The setting for the automatic update services, where blog search engines, directories and news feed services are “pinged” each time you add new content. By default, WordPress includes a few services, some of which will in turn update other services. However, you will probably want the widest coverage possible, and to extend that list to include all known services! Takes a little longer to process a new posting, but means you get the best overall result… and that’s what its all about! There is a list of possibilities you can copy at www.comauth.co.nz/ping-page.htm

Copy and paste the ones you want to use into the “Update Services” panel at bottom of this page; www.yoursite.co.nz/yourblog/wp-admin/options-writing.php and choose Update Settings to add them permanently.

2.) Options / Permalinks

As they put it; “By default WordPress uses web URL’s which have question marks and lots of numbers in them, however WordPress offers you the ability to create a custom URL structure for your permalinks and archives. This can improve the aesthetics, usability, and forward-compatibility of your links.”

From an SEO point of view, we’ve chosen the numeric options so that our URL’s not only look sensible, but the Search Engines will be also be able to navigate them. However, getting this arcane bit of trickery to work requires you to implement the supplied “mod_rewrite” in your .htaccess file… if your are developing a glazed look about now, just bear with me a little longer!

The .htaccess file is a dangerous area to be playing in, as a mistake in this file can render your site inaccessible – until the Host Company’s support guy sorts it out for you – usually by renaming it! How do I know so much about this shit? Well, it happened to ME!

You should have installed your blog into its own directory, which minimises the potential problems substantially! WordPress provides the correct “mod_rewrite” code in;

www.yoursite.co.nz/yourblog/wp-admin/options-permalink.php – its nasty looking stuff, as you can see below;

RewriteEngine On
RewriteBase /yourblog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /yourblog/index.php [L]

1. So, choose the Custom Option /%category%/%postname%.html is good…
2. Copy it into a text file – e.g. open Notepad, paste the code in.
3. Save it as htaccess.txt in your local copy of your site
4. Choose Update Settings in WordPress Options / Permalinks
5. Use FTP to upload htaccess.txt into your BLOG directory - Please, NOT your root directory!
6. Using your FTP application, rename the htacces.txt file to .htaccess

Open your Blog, browse around it and (hopefully) not only will everything be working, but the URL’s will now not have any of those dreadful &, ? or = thingy’s embedded in them. If its not working… the WordPress support forums offer rapid response times to such teething problems. However, you should at least be able to access the Blog directory with your FTP client and rename .htaccess back to htaccess.txt and bring it back to life while you await a response from the WordPress forum.
3.) Categories

From an SEO perspective, its important to develop a good Category Structure, because the category names are going to be embedded as “tags” in all your Blog posts, a little like the concept of the “keyword meta-tag” and this will help define and describe your content, especially in and

Content

Now that you’ve got the basics sorted out, start populating your blog with some quality content. I recommend writing it in an HTML editor such as FrontPage) and making sure it’s spell-checked as you go. Once you’ve got it formatted the way you want, go to the WordPress / Write / Write Page and paste it in. Add the Title, select your Category/s from the right menu, and click the “Save and Continue Editing” button. You will then have a preview of your article in the lower section of the page. Double-check the formatting, and when you are happy with it, choose “Publish.”

Blog Search Engine’s and Directories

Once you’ve got some content built up over a couple of months, you will then want to get serious about getting it distributed to blog search engines and directories… So, in the next article we will outline how to go about this process.