Tag Archive for: WordPress

The Truth About WordPress Hosting

If you’ve found this post, congratulations on your unlikely visit.

Why unlikely?

Because if you are seeking information–unbiased information–on WordPress hosting, you’ll be inundated with PPC ads, crappy/biased affiliate “review” sites, remarketing ads, and fluff pages from mega-hosting companies like MediaTemple and WPEngine. And this flood of marketing material is part of the problem: WP hosting is big business and the big hosting companies want that business. So, in any Google search, the top few pages are all paid marketing.

So, I am going to lay it all out for you.

Why listen to me? Well, because I don’t want to sell you hosting; that is my principal qualification and an important one. What I do want, however, is that if you come to TastyPlacement as a client that you will come to us with good hosting. I have installed and optimized WordPress over 1000 times with dozens of different hosting providers, from $1000 a month dedicated servers to $2 a month shared hosting. I have used everything from basic cPanel interfaces, to Plesk, to dedicated control panels like the type that RackSpace and MediaTemple offer. I have witnessed WordPress sites that take 20 seconds to load, and I have optimized them down to 1 second load times. I have seen enough and know enough to cut through the B.S. The marketing illusion and the basic reality are very different.

Let’s begin with a look at that $2/$1000 price difference…

The $2 Hosting Was Faster than the $1000 a Month Hosting

Yep, I got a $2 a month hosting account through a coupon on WebHostingTalk.com that was perfectly acceptable and actually delivered pages very speedily. The $1000 a month hosting is a managed, dedicated hosting account with a national provider that offered a lot of extra services like regular backups, but very little in actual performance. Remember, Google will reward you with higher search rankings if your site delivers pages more quickly to users–Google laid down this page-speed dictate back in 2010.

Site speed only correlates to the cost of hosting if you know what you are doing. The site you are on right now, TastyPlacement.com, is on a very vanilla Apache VPS that costs just a bit more than shared hosting–yet this site’s load speed and reliability far exceed anything I have ever tested on any of the big WP hosting servers. The irony is that the hosting we have is as far away from niche hosting as you can get! Ok, so how to improve your hosting situation? We’ll cover some tips as we move through this post.

There Is No Such Thing As “WordPress Hosting”

Think about the notion of “WordPress Hosting”. WordPress is a universal platform built to run on PHP–that’s the prerequisite. The whole point of WordPress is that it is universal, there is very little that can be done to an Apache/PHP server to make it run WordPress better that you can’t do with any Apache/PHP hosting account. There’s no secret black box that some hosting company can add over another. In fact, nearly every WordPress-specific hosting company actually makes matters worse for the WordPress user.

WordPress-Specific Hosting, and the Common Theme of Paternalism

I already have a dad, I don’t need or want my hosting company making decisions for me. There may be features I want, but ultimately, I care deeply about site speed. Curiously, WordPress hosting companies speak of security and restrictions as “features”. In fact, WordPress “features” may actually slow your site down, and MediaTemple, we are looking at you.

Just do a search for “MediaTemple disallowed WP plugins” (I won’t link to this atrocity), and you’ll find dozens of plugins they simply won’t let you run. On this list you will find nearly every worthwhile caching plugin on God’s Green Earth:

  • w3-total-cache
  • wp-cache
  • wp-file-cache
  • wp-super-cache
  • wp-fast-cache
  • wp-fastest-cache
  • wp-cachecom
  • quick-cache

Of course, MediaTemple touts their own caching feature, but I have personally never seen it perform very well. No one single solution is ever going to work for every website.

WPEngine also disallows several dozen plugins, including several caching plugins. And again, WPEngine has simply never appeared to me to deliver pages that quickly.

Aside from the obvious speed advantages that well-tuned caching can deliver, you might want to run Statpress, or WP Power Stats for statistics on your WordPress installation. But stop right there–these plugins are on MediaTemple’s forbidden list.

Now, you may want to have all this done for you–and that’s certainly a selling point. But for customization and truly otherworldly site speed, you will get greater control, greater flexibility, better customization and faster site loading speeds with generic hosting.

So What Kind of Hosting Is Best?

I am bullish on VPS hosting right now. Most sites do not need the power of a full dedicated server, and for those medium-to-small sites, VPS fits the bill at a better price point. Either of those choices will do, but the feature you want with both is solid state drives (SSDs). SSD hosting is faster because the drives are faster. You can get SSD hosting in either a VPS or full dedicated configuration.

Shared hosting is just too much hassle these days. Hostgator and Bluehost routinely have support response times in excess of 48 hours on their shared hosting accounts.

Forget Windows hosting–it’s just too troublesome to get working with WordPress and once you do, it’ll be slow. You want Apache/Linux hosting with WHM software (Website Hosting Manager, part of the full cPanel package). WHM will give you a handy interface to manage features.

Where Can I Get Unbiased Reviews of WordPress Hosting?

So, with so much paid biased marketing going on, where to turn for the truth?

Anywhere but from hosting companies themselves.

I mentioned one source already: WebHostingTalk. This forum is where webmasters go to talk about hosting, review providers and there are several great companies on there that routinely offer coupons. I also like HostBenchmarker.com which offers secret tests of website hosting performance.

From the Wordpress SEO book

Book Excerpt: What Are Authority Links?

The following is an excerpt (with some recent modifications and editorial comments) from our book, WordPress Search Engine Optimization (now in second edition!). You can buy the book at Amazon.

Authority Links: What They Are and Why You Want Them

There is a measure of power that some links possess that is independent of PageRank and it is the principle of authority links. Authority links are links from websites that have established a substantial degree of trust and authority with search engines as a result of their age, quality, and size. Authority is a somewhat subjective concept. Unlike PageRank, neither Google nor the other search engines offer any public reference or guidelines as to what constitutes an authority site or authority link. Authority sites are going to be the market leading sites, sites representing established government and educational institutions, large corporations, or leading websites. Authority links can bring tremendous ranking power to a website if one is lucky enough to obtain one or more.

Authority links are the golden eggs of link building. They tend to be extremely difficult links to get, and for that reason most webmasters rarely get them. The best approach to authority links is to be vigilant for opportunities to obtain them, but it is most likely fruitless to waste time seeking them out.

Our discussion of PageRank and authority links leads naturally to the notion of the relative power of inbound links. No two links are the same in terms of power. The degree of authority of a site, the PageRank of the page upon which the link appears, and the number of outbound links on the page where your link appears will all effect the relative value of the links you obtain. That said, almost all links are worthwhile, even lower value links. With what we’ve learned in the previous few pages, you will have a strong sense of how to evaluate link opportunities and to evaluate the relative strength of links.

Sometimes, you’ll be forced to settle for lower value links but in higher volumes, as is the case with link directories. But never fall into the trap of thinking that the only links worth getting are high-authority, high-PageRank links. All links are good for your rankings (except links from link farms and content farms, from which you should never seek out links).

Link Anchor Text

A vital concept in link building is link anchor text. Link anchor text is the word or words that constitute the visible text of the link itself, the “blue underlined text” as it is often called. The anchor text of a link is a powerful ranking factor; anchor text serves as a signpost to Google as to the content and subject of the destination page.

How Anchor Text Appears in HTML Code

The anchor text of a link is coded by placing the desired text between the open and closing markup of the hyperlink:

<a href="https://tastyplacement.com/">This Is Anchor Text</a>

Controlling the link anchor text of inbound links is vital whenever possible. The problem is that you can’t always control the anchor text of inbound links. And unfortunately, the higher quality the link, the more restricted you’ll be in choosing anchor text. A perfect example is the Yahoo Directory. A link in the Yahoo Directory is a great link to get, but Yahoo dictates that the anchor text you select be the name of your website or the name of your business. Yahoo does not allow you to stuff keywords into the anchor text. Here lies another good reason to choose a keyword-rich domain name for your website and business. When your business name is carefully crafted to comprise keywords, like “Austin Air Conditioning,” then you can employ those high-volume keywords more easily in your link building efforts.

To continue an example from an earlier chapter, if you have identified the phrases “Jacksonville air conditioning,” “Jacksonville air conditioning contractors,” “Jacksonville air conditioning companies,” and “Jacksonville air conditioning repair,” as the keywords around which a specific page is built, then your anchor text selection is nearly complete. You can use the same keywords as your desired anchor text.

When you can control the anchor text, you should craft the anchor text of links based on the keywords you have designated for each destination page. With this device used in connection with sound on-page optimization, tremendous ranking power comes into focus. Remember that Google and the other search engines have a primary goal of returning quality search results to their visitors. When anchor text accords with the on-page elements of a web page, that gives search engines confidence as to the subject of that page. And, when a search engine is confident about subject matter, it rewards the page with high rankings.

But be careful with anchor text when gaining links in high numbers. It is unwise to secure hundreds of links all with picture-perfect anchor text; this manner of link building does not appear natural to search engines. There is a risk of over-optimization when your link anchor text is too perfect. Generally, you never want more than 70% of your anchor text for a particular page to be solely based upon a small family of perfect keywords. Thus, there is a hidden benefit to garnering links for which you can’t control the anchor text because these links dilute your principal keywords to some extent.

If your anchor text isn’t varied naturally, then you should intentionally vary the anchor text. Clever SEO professionals sometimes go as far as to obtain noise links. A noise link is a link with common generic terms used as the anchor text like “click here,” or “website.”

Not all hyperlinks have anchor text. Images can be hyperlinks, but do not use anchor text. In this case, search engines register the link but have no anchor text upon which to determine the subject matter of the link. Links in image maps and flash files suffer from the same limitation. For this reason, such links are less desirable.

Buy the Book Today at Amazon

Getting Started With WordPress

A Complete Starter Guide to Writing, Editing and Maintaining Your WordPress Site

Updated for 2016!

Congratulations on setting up your first WordPress website. This is a guide to writing and editing web pages on your WordPress site.  As you use, update, and maintain your site, you will begin to understand why WordPress is one of the most powerful and free content management systems (CMS) online and how it will benefit your website or blog for a long time to come.

In this guide, we’re going to show you the basics on how to manage your WordPress site, including logging in, posting new articles and pages, uploading images, creating and editing menus and widgets, and some more advanced features as well.

First, How to Log in to Your WordPress Website

There is more than one web address (URL) that you can use to access your log in screen.

WordPress Log In

  • The first is to point your web browser to: yourdomain.com/wp-login.php.
  • The simplest, however, is to go to: yourdomain.com/wp-admin.

You will be greeted with the log in box shown above. Type in your username and password and click the “Log In” button.This will give you access to your WordPress site dashboard; the dashboard is the WordPress “back-end”, the administration area where you work on editing pages, writing new pages, and other administrative tasks. If you’re already logged in,  you will be directed to the WordPress dashboard immediately. If you’ve logged out or timed out of your session, it will automatically redirect you conveniently to the log in screen. If you’ve lost your password, you can use the “Lost your password?” link to generate a new one–that feature is built into WordPress.

The WordPress Dashboard-Your Control Center

WordPress Dashboard

On the left side of the screen, you will see a navigation menu to include Posts, Media, Pages, and other sections of your dashboard that will help you manage the entire back and front ends of your site. Without making any changes or adding anything, it’s good to browse through these sections to get acquainted with them and understand how everything is organized in your admin area.

What You Can and Cannot Edit from the Dashboard

You can’t edit everything on your website from the dashboard–certain elements (the header, the footer) are part of your template files, and aren’t meant to be tinkered with. Your template files are the files that determine the appearance of your website–these files reside on your web hosting server, but aren’t easily accessible through the admin area. To change template files, you can connect to your web hosting via FTP.

This map shows various areas of a WordPress site.

The map above is general: all WordPress templates are different. Some templates have graphical sliders, others do not. Some templates have custom, editable menus, and others do not. Generally speaking, the newer your template is, the more feature it will have, and the more features you’ll be able to edit from the WordPress dashboard. To get to know your website, you’ll want to get to know your dashboard area.

The key to know is that the main content area–the area where the text and images of your Pages and Posts go is ALWAYS editable from the dashboard by following the instructions in this guide.

Posts vs. Pages: What’s the Difference?

In your dashboard, you’ll notice navigation entries for Pages and Posts–these two elements are key in understanding WordPress. Both Pages and Posts display as text and/or images on your site, with a few key differences:

  • Pages are for static content, not organized by date or category. An example, your “About Us” page or “Contact” page.
  • Posts are news and blog entries that WordPress displays in a blog format, along with categories and tags for organization.
  • Here’s a hint: this document you are reading is a Post. If you browse on the top navigation to our “Contact Us” page, you’ll read a Page.
  • If you have a simple 5-page business card site, you might not want Posts at all (although you should always be blogging and issuing news to engage your customers and tickle the search engines).
Why the dual architecture? Briefly: WordPress began as a blogging platform. Some users wanted more from the platform and as it matured, WordPress incorporated static pages to accommodate these users. Keep the distinction between Posts and Pages in mind as you write content for your site.

A post is useful for:

  • Latest news from your business;
  • Upcoming events news;
  • A blog or journal entry;
  • News feeds;
  • Interviews, guest blogs, or paid posts;
  • Anything that doesn’t fit in with pages.

Pages are useful for:

  • About Us sections;
  • Contact Us form webpages;
  • Location, directions, and maps to find your business;
  • Registration and log in pages for your users and visitors;
  • Privacy policies, copyrights and other disclaimers, Terms of Service, and other legal issues.

Writing a New Page

We recommend that you create a Page as the first step in writing content for your site. An “About Me” or “About Us” section is a good first step and is best as a Page, not a Post.

1. Go to the left navigation of your dashboard and click on “Pages.” This will open the Pages section of your dashboard and the additional navigation underneath the Pages menu.

2. On the left navigation, you should see “Add New” under Pages. Click on it.

How to Add a WordPress Page

3. “Add a New Page” will open with a blank form where you can enter a title for your Page (this will be the title and the name given on the Page navigation on your website) and a large text area where you can enter content.

4. Give your Page a useful title that will explain what it is and inspire a visitor to click on it.

5. Start writing! As you write, WordPress will save your Page. Additionally, you can click on the “Save Draft” button on the right side. This will not publish your Page live on your site, but save it in your dashboard for later. Your Page won’t be live on your site until you click the blue “Publish” button.

6. If you want to see what your Page will look like before you publish it, click on “Preview Changes” on the upper right side under the “Publish” heading.  This is not a live link; it is only a preview of what your page will look like once you publish it.

7. If you’re ready to publish, click “Publish” on the right side. To view the live page on your site, click on the “View Page” button located underneath the title section of your page.

If your Page does not appear live yet on your site, you may need to take a second step–adding the Page to your WordPress Menu–which you can read about below under the heading “Creating and Editing Custom Menus.”

Editing an Existing Page

Editing a WordPress Page is as simple as creating one–and you will make your edits in the same interface you used to create it. Here’s how to get to the Page edit area:

1. Click on “Pages” on the left navigation in the dashboard, a table showing all of your existing Pages will appear.

Page Menu

2. Find the page you want to edit and click on the title or “edit” link below it. The “Edit Page” screen will appear and it looks like the following:

Edit Page Screen

3. From this Edit Page screen you can make any changes you like. Editing and writing in WordPress is meant to emulate a simple word processor to the extent possible. When writing or editing, you’ll work principally in the text editing window (the area with the “Web Design Portfolio” graphic above). At the top of the text editing window, you’ll find icons that let you make bold text, select headings, and justify text left or right, etc. You’ll also notice two tabs at the top of that window titled “Visual” and “HTML”. The visual edit area is shown in the graphic above, but if you are comfortable editing HTML directly, you can choose the HTML tab; and, you can switch back and forth between visual and HTML edit mode.  Once you have all your edits the way you lick them, “Update” on the upper right side under the heading “Publish.”

Working With Images in Pages and Posts

It’s easy to add and work with images in WordPress. We’ve got a full, separate tutorial for adding images to WordPress here.

How to Write and Edit Posts

Writing and editing Posts is very similar to writing and editing Pages. The editing interface is exactly the same, there are just a few little extra features.

Creating a new Post

1. To create a new Post, go to “Posts” and select “Add new.”

2. Follow instructions for writing a new Page, but add the following:

a. Posts allow you to categorize your content. So, create or select an appropriate category for your blog post. By default, your Post will be filed under “Uncategorized,” but you can organize better for visitors if you create a few categories to file posts under. For example, if your blog is about fitness, you may want one category for sports and another category for fitness equipment. If you blog about movies, your categories could be different film genres.

b. Posts also allow you to add “tags” to your content. A tag is very similar to a category–tags serve merely as an independent way of grouping or categorizing your content. Tags are optional! One mistake trashy blogs make is to use too many tags for each post. Keep it simple.

Here’s an example of an appropriate use for tags vs. categories. Say you have a movie blog, and you have 3 categories: horror, science fiction, and silent films. Say you write a review of “Westworld” (with the unforgettable Yul Brynner), you would categorize your review under “science fiction” and you could use tags for the actors “Yul Brynner” and “Richard Benjamin”.

The screenshot below shows the category and tag selection areas highlighted.

3. When you’ve got your Post the way you want it, you can preview, save, or publish your blog post. Remember, you can always return later and re-categorize a Post. Say your blog/site gets big and you want to create a category for “70s science fiction”…you’d simply edit your Post, add the new category in the category selection area, and hit the “publish” button to update your Post.

Editing an Existing Post

Editing your post is exactly like editing a page. If you forgot to file your post under a category or give it tags, you can also select “Quick Edit” instead of “Edit” to quickly add those. The screenshot just above shows what the Post Edit window looks like.

Customizing Sidebars, Footers and Other Areas With Widgets

Widgets are amazing little chunks of content that are easy to edit and move around. Typically located in the sidebar, you can add and edit wonderful little pre-coded snippets such as a list of categories, other sites you want to link to, a great video or image, or social media and RSS feeds.

Most of the widgets you’ll want to use at first are already available and just need to be activated. To do this, go to your left navigation. Go to Appearance -> Widgets. Once on the widgets page, you can select whichever existing widgets you want to use for your sidebars, or you can create your own using the Text or Custom Menu widgets.

To activate your widgets, click and drag them to the sidebar sections on the right of the page. Once there, you can open and edit them and rearrange the order you want them to appear in.

Wordpress Widgets

Create and Edit Custom Menus

WordPress now has built-in menu functionality that is compatible with most themes. To create a menu, go to Appearance -> Menus. From there, click on the ‘+’ tab and you will be prompted to enter a name for your Menu. Now click the ‘Create Menu’ button.

To edit an existing menu, first select the menu you want to edit. To add a page to the menu, look at the Pages area, and find the pages you would like to add. Select the pages, and click the ‘Add to Menu’ button. The pages will now exist in the menu area, and you may drag the entries around to your desired configuration. In order to make one page a submenu item, place it below its parent item, and drag it a little to the right.

Advanced WordPress Settings

Now that you’ve learned the basics and have had time to practice and get to know WordPress, it’s a good time to learn some of the more intermediate/advanced settings in WordPress.

Let’s Zap the Comment Spam

If you’ve had problems with comment spam, you may opt to turn off comments or turn on comment moderation to allow you to read and approve comments before they are published. To do this, click on Settings -> Discussion and follow the directions to disable comments, turn on comment moderation, or limit who can post comments. You can also set up your blog to only accept comments on new posts for a certain number of days before commenting has been turned off.

Make Pretty URLs With Permalinks

WordPress seamlessly and automatically handles the creation of URLs through its permalink feature. A permalink is simply WordPress’ way of describing the URL for a particular page. Because keywords in the URL of a page are a ranking factor, If you want to rank for “WordPress Development,” than this URL: mysite.com/wordpress-development will perform better in search (and it just looks so much nicer) than mysite.com/index.com?page=5. WordPress’ permalink functionality gives you descriptive URL strings for search engines to follow with no effort at all.

First, you’ll need to turn on Permalinks within the WordPress dashboard—permalinks are not activated in a default installation. To turn on permalinks, log in to the dashboard and follow the left site navigation to “Settings” then “Permalinks”. At the Permalink Settings page, in the section titled Common Setting, click the radio button for “Custom Structure” and enter /%postname%/. This permalink structure will automatically generate URLs from your Page and Post titles—but you’ll still be able to manually change them if necessary.

You now know the basics of operating your WordPress site and can now publish your content for the world to see. Refer back to this How-to Guide if you get stuck and need assistance. It is yours to keep and refer to whenever you need help with posting, editing, or reorganizing your WordPress site.

Happy blogging!

Is WordPress Good for SEO?

Updated for 2015

We originally wrote this post back in 2010, and now revisit the question. We get asked a lot about WordPress’ suitability for search engine rankings. WordPress’ reputation and having a sound foundation for SEO has certainly seeped into the public’s mind. For the most part, the reputation is deserved. This site, TastyPlacement.com runs on WordPress, and ranks very well for our intended keywords.

There are a few drawbacks with WordPress, but like most things SEO, it’s really about the cumulative effect of everything. Overall, we’d grade WordPress an A- on it’s suitability and power for SEO purposes. But it’s so good at so many things, that it presents a compelling story overall.

First, a summary and then we’ll dig into the nuts and bolts.

Is WordPress Good for SEO?

  • WordPress generates a very search-friendly URL stucture
  • Speed of publishing is superb
  • Built-in Ping services notifies web properties of your new content
  • Plenty of Plug-in and development support for SEO features from the WP community
  • Built-in sharing and commenting (depending on the theme used

 

Benefit: Search-Friendly URL Structure

WordPress seamlessly and automatically handles the creation of URLs through its permalink feature. A permalink is simply WordPress’ way of describing the URL for a particular page. Because keywords in the URL of a page are a ranking factor, If you want to rank for “WordPress Development,” than this URL: mysite.com/wordpressdevelopment
will perform bet ter in search than mysite.com/index.com?page=5 .

WordPress’ permalink functionality gives you descriptive URL st rings for search engines to follow with no effort at all. First, you’ll need to turn on Permalinks within the WordPress dash board—permalinks are not activated in a default installation. To turn on permalinks, log in to the dashboard and follow the left site navigation to “Settings” then “Permalinks”. At the Permalink Settings page, in the section titled Common Setting, click the radio button for “Custom Structure” and enter /%postname%/ . This permalink structure will automatically generate URLs
from your Page and Post titles—but you’ll still be able to manually change them if necessary. Because the titles of your Posts and Pages are relevant to the topic of your content, the permalinks based on your titles will be relevant as well.

In WordPress version 4 and above, you can also simply select the newly included permalink “Post name” instead of “Custom Structure”–but look closely because WordPress will insert a trailing slash at the end of your page URLs. We prefer our URLs without trailing slashes, which you can accomplish with the following:

permalinks

WordPress SEO Benefit: Speed of Content Creation

WordPress is built to run: it is designed for the speedy and continual publishing of content. Since I have converted nearly all my sites and most of my client’s sites to WordPress, our speed to publishing has increased. On a static html site, the creation of content would generally involve either hard-coding the article, or using a WYSIWYG interface, then adjusting menus–sometimes on multiple pages.

With WP, sites grow big and grow fast. All that content brings breadth to your keyword families quickly, and your large site can quickly become “bait” for inbound links from other websites.

WordPress SEO Benefit: Crawlability

Websites must be crawlable by search engines in order to be indexed properly and appear in search rankings. WordPress’ internal logic and link structure is simple and shared universally among millions of websites–so WP is familiar ground for search engines. This familiarity means that Google’s spiders can find what they are looking for, and index and rank the content with confidence. WordPress won’t generate a lot of duplicate content (although it generates some).

SEO Benefit: Plug-Ins and Support

Because the WordPress community is so large (enormous, really), the variety and number of plug-ins for SEO support has grown tremendously (Plug-ins are small software modules that website owners can optionally install in addition to the default WP installation). The All in One SEO Plug-In, or the Platinum SEO Pack are both quick and easy “one stop” plug-ins that accomplish a basic, but sound set of SEO goals such as manual Title Tags and Meta Descriptions.  These plug-ins extend WordPress’ functionality to rival the control and customization you would achieve under a static site.

SEO Benefit: New Content “Bump”

Another great feature of WordPress, which is also shared by other blogging platforms is the “new content bump”. A new post (generally not a “page” though–WP divides its content into two classes of webpages: “posts” and “pages”) will receive an initial lift in rankings during it’s first few days after publishing. This is logical: blog posts are intended to be topical and current, like a news item–Google treats this fresh content as noteworthy and rewards it with a bump in initial rankings. Ranking position will generally settle down after a few days.

SEO Benefit: Pings, Comments and Trackbacks

Pings, Comments and Trackbacks are interactive features built into WP–these supplemental tools let other blogs and individuals interact with a WordPress site: this brings inbound links and traffic (in the case of pings and trackbacks), and free content and visitors  (in the form of comments to blog posts).

SEO Drawback: Poorly Designed Themes

But it’s not all rosy: I see a lot of poorly designed themes that undercut WordPress’ SEO power. Here’s an example I often see: a theme/template will be designed with the blog’s title bearing a Heading 1 (h1) tag–that’s not the way to go. The h1 tag should speak to the subject/topic of each page or post–to repeat an h1 tag mindlessly throughout hundred of pages on a blog is a waste of a valuable SEO tool.

The fix? Code the Blog Title in a plain old CSS class–and utilize the powerful h1 tag for the on-page title for each post or page.

SEO Drawback: Rigidity in Menu Presentation

The biggest hang-up that WP forces upon us is perhaps the way menus are presented. The Page/Post methodology described above generally means that posts and pages are kept separate in menus. That’s not an insurmountable problem, but excluding individual pages from particular menu locations (like a top bar menu, where space is limited) can require coding the WP template’s core .php files, or inserting page ID’s in Widget boxes ad nauseum. Now, to get advanced: If you want to “nofollow” certain page links, say to a contact page or a privacy policy page (in a static site, this task is a breeze) you can either forget it, or go hunting for a plug-in.

When it comes to menu presentation in WordPress, I have learned “the wisdom to recognize that which I cannot change”. I have adapted, and I got over it. It’s a small price to pay for all this power.

Ultimate WordPress Hacking Recovery Guide

First, a confession: I have had my WordPress sites, and my clients’ WordPress sites, hacked a few times. Most hackers do very little damage, and you can clean and secure your site with a little bit of know-how.

We’ll divide this lengthy guide into several sections:

  • Diagnosing if You Have Been Hacked
  • Cleaning Your WordPress Site
  • Securing Your WordPress site against reinfection or future hacks

What You’ll Need to Clean Your WordPress Site

Diagnosis: How You Know Your WordPress Site Has Been Hacked, the Obvious Clues

In nearly all cases, you’ll know quite clearly that your site has been hacked. The most obvious clue will be when Google throws up a warning page like this one:
maroonscreen

Or your meticulously edited could be replaced by a political message:
hacked-saudi-blog

Or, your site might be hijacked to display a cute ninja turtle (yes, it happened):
hackerturtle

The hacks shown in the screenshots above are not serious. These are honorable (sort of) hackers who hack for sport and street cred–they rarely do any damage, and they rarely intend to re-infect your site (although below we’ll discuss mandatory measures you’ll need to take to secure your site headed forward).

Diagnosis: When the Hacking Is Less Obvious and More Malicious

If your site has been taken over by a black hat SEO, the clues may be less obvious, and the danger to your website more serious. If you’re lucky, they’ll fill your site up with keyword gibberish in Turkish:
hacked-front-page-screenshot
If you’re not lucky, you may go for weeks or even months before finding the hidden Cialis and Viagra links in your source code.

Another favorite goal of more sophisticated hackers will be to employ your website as a mail server; hackers can then send spam emails. The danger to you here is that your IP address can be blacklisted and you’ll have trouble sending legitimate mail in the future.

From time to time you should open your homepage and press Ctr-A, which may help you spot those sorts of freeloading links. Even though those links might not harm the user experience, they can significantly impact your rankings and might even get you removed from the index.

Diagnosis: Tools for Determining if You’ve Been Hacked

  • Google’s safe browsing diagnostic page can tell you if your website contains malicious software. The tool will even detect which form of malicious software or virus your site might be carrying. To use Google’s safe browsing diagnostic page, you’ll need to enter this long, ugly URL in your browser window and replace “YourSiteName.com” with your own domain: http://www.google.com/safebrowsing/diagnostic?site=YourSiteName.com
  • Check your Google Webmasters account to see if there are any malware warning messages in there. If you’ve got the maroon screen described above, there will almost always be a message in your Webmasters admin area.
  • Try the Sicuri SiteCheck scanner, it’s free and will identify major malware infections.

Procedure for Removing Hack

Find the Extent of the Incursion

Before you start repairing anything, do some sleuthing to find the hacker’s footprints. Login to FTP and search for any files which were altered recently. Filezilla has a feature which allows you to search the entire site by last modification with a touch of a button. Frequently you can narrow down to the hour when your site was compromised.

Things you will be looking for through FTP:

  • Index.php files which were recently modified. An index file in your web root will effectively hijack an entire WordPress installation
  • Any new PHP file
  • Recently modified files in your WP-themes folder. Sometimes hackers will insert hardcoded links into Header.php files and other template files
  • Uploaded media files, particularly of strange file types. Some WordPress features may allow a hacker to upload a script to your server that executes read and write commands
  • PHP files with obscured code. WordPress is an open-source software project. It will never have obscured code, or even poorly commented code.
    obscured-code
  • Large, mysterious, suspiciously named files of any type. WordPress rarely uses file names with random-seeming names.
    hackedFTPscreenshot

Examine any logs you may have available through either your cpanel or your FTP. Access logs and error logs will give you clues as to what’s going on.

Check your database for unusual activity. Log in to phpMyAdmin and search for telltale keywords like “Viagra” or “Cialis.”
phpsearch

Check your database for users with seemingly random email addresses or usernames. Hackers will happily insert their own contact information into your site so they can use the recover password function to regain access to your site.
hacked-user-phpmyadmin-screenshot

See What Google Has Found

Do a site search of your WordPress installation by typing “site:EXAMPLEDOMAIN.COM” in the Google search bar. This will give you a list of all the pages Google currently has in the index. Look for pages which the hackers generated out of whole cloth. These can persist in the index long after you’ve actually cleaned up the hack, and will have to be removed using Google Webmaster Tool’s remove URL function.

Don’t Forget to Check Your Own Computer!

Sometimes the source of a security breach is as close as your own fingertips. Whether you’re accessing your WordPress site from the home or office, there are many ways for a hacker to steal your passwords. Have you recently accessed your site through a wifi network, or from your smartphone? Never save your passwords on your FTP client. It is a simple matter for malware to read those passwords off your hard drive. The passwords for Filezilla aren’t even encrypted. Consider how easy it would be for a virus or other malicious software to grab your passwords, through keystroke capture or any other method. It’s vitally important to maintain a secure connection to your site. This would be a good time to run a Microsoft Security Essentials full scan on your computer.

Check the Other Sites on Your Server

It might be that the hack didn’t originate on your own site. Sometimes your hosting may be compromised at the server level, through no fault of your own. To test this out, visit some of the other WordPress sites on your shared hosting server to see if they have the same problem you do. You may not have ever checked out your server neighbors before, but luckily there’s a tool to help you out: the MajesticSEO Neighborhood Checker.

Change ALL the Passwords

There are at least four different passwords which unlock a WordPress site. If one of them has been compromised, the others have been peeled open too. If the hacker has your FTP password they can use that to read the database password which is displayed openly in your WP-config file, and with that they can edit the WP users. If your FTP password is the same as your cpanel login, which is default on many hosting services, then you will also need to worry about email addresses and passwords, database users, and possibly even your domains. Whatever passwords you have, change them, and change them quickly.

Screen Your WordPress Users

It will do you no good to change the passwords if the hackers can recover the passwords of an admin-level user. Make sure that all of the emails associated with your users correspond to an appropriate email address, and not an email controlled by the hacker. If you have a number of admin users and one of them has a compromised email, then you’re in trouble.
hackeduser

Rollback to Backups or Remove the Hacker Code Manually

At this point you should have a good idea of the extent and the source of the hack. If the root directory index.php has been overwritten then you can replace that file with one from a fresh WP installation. If theme files have been overwritten, then hopefully you have a backup. Frequently you can just remove any hardcoded script by hand and be more or less back to normal. Otherwise, if you have a backup of your database and WP-content folder which you know is clean, you can backtrack to those (making sure the old user passwords are secure).

Upgrade Everything

It’s easy to fall behind on updates. Sometimes we’re reluctant to install updates because nothing breaks a site quite as fast as a beta version from a volunteer open source project like WordPress. But sometimes those updates to the WordPress installation or the plugins contain important security patches. It’s not a panacea, but now that you’ve been hacked you want to leave no stone unturned.

Re-install WordPress. This will overwrite most of the critical files in the wp-admin and wp-includes folders and reduce the chance of hidden trojan code hanging around.

Steps You Can Take to Prevent Hacking in the Future

Now that you’ve cleaned up your site, you’re going to want to block attempts at re-infection.

  • Never save SQL backups on any public server.
  • Save frequent SQL backups to your home computer. Having a backup can speed up the cleaning process.
  • Keep your TimThumb.php file up-to-date. This helpful but vulnerable WordPress add-on has been particularly troublesome for WordPress owners over the years.
    Maintain security consciousness with any computer you use to access your site.
  • Add a security plugin like Wordfence. This will prevent brute force attacks from known hacker IPs and plug other security holes you might not have thought about.

Know When You’re Over Your Head!

This article won’t give you a solution to every single hacking problem. We’ll update as we learn more, but hackers are always on the bleeding edge and coming up with new ways to mess things up. If you’re getting repeatedly infected, or if you can’t restore the site to its original state, then it’s time to employ a reputable WordPress expert to lend a hand.

Send Us Your Hacking Stories!

Leave us a comment if you’ve got a hacking story to share. We want to know how they got in and how you fixed it. Show the code if you’ve got it!

How To Delete All WordPress Pending Posts

Have you run a multi-user blog that gone out of control? I had an open blog that over the years accumulated thousands of, ahem, “poor quality” articles in “pending” status. Rather than delete them in batches in the admin, I figured an SQL command that can remove all of them in a few seconds. But before I give you that…

Back Up Your WordPress Database

This is something you should do anyway. You backup your database by logging into your website control panel (hopefully you use cpanel) and clicking the icon for phpMyAdmin. Select “Export” on the top navigation and select SQL format and download the file to your local machine. That file is your database backup.

SQL Command to Delete WordPress Pending Posts

Again, in phpMyAdmin, click “SQL” on the top navigation, and enter the following command and click “Go”. This will also delete pending pages!

DELETE FROM wp_posts WHERE post_status = "pending";

Delete WP Pending Posts

That’s it. Your pending posts and pages will all be deleted.

Setting Up a Stripe.com Single Payment Page for WordPress

Stripe.com handles credit card payments at 2.9% (the same as PayPal) and let’s you integrate a single payment page or popup page within your WordPress site. Stripe is setup not as a total ecommerce solution, but rather is a better fit for single payments or donations. It has the advantage over PayPal in that customers aren’t required to sign up for an acount and aren’t taken to a separate gateway to make a payment.

Another option for payment solutions for those willing to attempt to gsayPal and Stripe in terms of price, as it’s only 25 cents per transaction. Dwolla offers the simple integration of a button and a WordPress plugin as well, but it does require that customers go through a signup process.

Stripe works well and is very easy to integrate with the WP-Stripe plugin which allows for installation vis shortcode or template insert.

Stripe.com Installation for WordPress

Here we’ll cover the installation of the plugin and how to set up Stripe.com for WordPress.

Lets start within WordPress. Login to your site and navigate to Plugins. Click Add New and Search for “WP Stripe.”

Click Install > Okay > Activate Plugin

Install-WP-Stripe

Then under the Settings tab of your WordPress admin, select WP Stripe.

Then select the WP Stripe Settings Tab.

WP-Stripe-Settings

In order to start taking payments and test payments, you need to go register an account at Stripe.com.

Register-Stripe.com

Once you’ve registered and logged in. You’ll be able to grab your API keys at this link: Stripe API Keys.

Take those API Keys (both the live and test keys) and copy/paste them into your WP Stripe settings area within your WordPress Dashboard. Then click Save Changes.

stripe-API-keys

Then you want to create a new page and enter the WP Stripe short code [wp-stripe]

Publish the page and it will look something like this:

stripe-button

One neat thing about Stripe is that it includes a popup form so that you really don’t have to modify any CSS if you’d rather not. Unlike a heavy eCommerce cart, Stripe is a fairly lightweight solution, so other than the plugin, with this particular type of integration, all the heavy lifting is done through Stripe.com which also means better security.

To test Stripe, (highly recommended) before sending clients to the newly created payments page, use the following dummy info.

Card Number 4242424242424242
Card Month 05
Card Year 2015
CVC Number 123

After you run the test, you should see the amount of test money you sent show up both in your WP Stripe area of the WordPress admin and in the Stripe dashboard as well.

Pro tip: If you want to eliminate the optional check box that asks to display recent donations or payments in the payment popup window, simply uncheck “Enable Recent Widget?” in the WP Stripe admin area.

That covers basic setup of WP-Stripe for a WordPress website. For more advanced tutorials and documentation Stripe has a well organized Developers portal. You can find an archive of our WordPress tutorials here.

Author: Ryan Howard is a TastyPlacement alumnus who now runs a digital refinery offering WordPress designs, local search marketing, ecommerce SEO services, and social media strategy.

WordPress Tutorial: Display All Posts on a Page

How to Create an Interior /blog/ Page That Mimics a Traditional WordPress Front Page

We got hung up recently trying to create an interior blog page (i.e., www.agreatsite.com/blog)  for a client’s design. This problem is more common now with full-featured templates and frameworks that employ sliders and carousels on the front page that are triggered by a template’s index.php file.

First, Create a Custom WordPress Page Template

First, you’ll need to create a custom WordPress page template. All WordPress templates have a page.php file as part of the default template–we simply want to vary that file a little bit. Make a copy of your page.php file and name it page-blog.php.

Next, you need to enter a few lines of code at the very top of your new php file:

<?php
/*
Template Name: Blog
*/
?>

The code above is a naming tag–the template name, in this case “Blog” will be the name that appears in the template selection box at the WordPress page edit window, which we’ll screenshot below.

The Code

Now, you can’t simply run the regular WordPress loop on our custom interior page, we are going to use the WordPress template tag get_posts to query our WordPress database and grab our posts. The following code accomplishes this:

$myposts = get_posts('');
foreach($myposts as $post) :
setup_postdata($post);
?>
  <div class="post-item">
    <div class="post-info">
      <h2 class="post-title">
      <a href="<?php the_permalink() ?>" title="<?php the_title_attribute(); ?>">
      <?php the_title(); ?>
      </a>
      </h2>
      <p class="post-meta">Posted by <?php the_author(); ?></p>
    </div>
    <div class="post-content">
    <?php the_content(); ?>
    </div>
  </div>
<?php comments_template(); ?>
<?php endforeach; wp_reset_postdata(); ?>

For the purposes of illustration, a greatly simplified version of the preceding code, without any html markup, hrefs, author information, post date data, or comment section would be as follows:

$myposts = get_posts('');
foreach($myposts as $post) :
setup_postdata($post);
?>
 <?php the_title(); ?>
 <?php the_content(); ?>
<?php endforeach; wp_reset_postdata(); ?>

How it Works

So what’s happening here? Well, the heart of the whole process is get_posts–this template tag queries the WP database and gets our posts.

Next, the foreach construct processes each post in turn–thus we’ll have all our posts on our blog page.  The setup_postdata WordPress function, well, sets up our data so it’ll display properly (otherwise the_content may not display the text of our posts. Finally, the wp_reset_postdata restores the $post global variable.

Once you’ve created the file, you’ll obviously want to upload it to your template (theme) directory.

Setting Your Blog Page

Your next step is to simply set up your blog page within the WordPress dashboard. From the WP dashboard, go to Pages, then Add New and create a page with a title “Blog” (or whatever is suitable). Remember the custom template we created above under the heading First, Create a Custom WordPress Page Template? You should now see your custom template name appear under the “Template” pull-down in the Page Edit screen, as indicated in the pic below by the green arrow.

Set the blog page by selecting the “blog” template

You don’t need to put any text in the text edit window, you just need a title–you won’t be displaying any page text here, you’ll be bypassing the specific text of this post and grabbing posts from the database.

Some Background on Why This Was Needed

Incidentally, framework and template designers that hijack WordPress’ index.php file to display a homepage slider, while requiring WordPress’ reading settings to be set to “Your latest posts” as shown in the screenshot below are doing a disservice to users (hence mandating this tutorial). The sounder practice is to code sliders and homepage features into a custom WordPress template.

Video Tutorial: All in One SEO Pack to Yoast WordPress SEO Plugin Migration

We’ve seen the light and are converting to the Yoast WordPress SEO plugin on all of our sites. However, when migrating from your existing SEO plugin to the (superior) Yoast plugin, there are a few tricks along the way that will help your conversion go seamlessly and keep your pages displaying properly. This tutorial walks you through the migration from the All in One SEO Pack to the Yoast SEO plugin for WordPress. Watch and learn – you (and your website) will be glad you did.

Video Tutorial: How to Clean Up Your WordPress Head

By default, WordPress prints a lot of extra code to the “head” section of webpages that it generates. For example, it prints a “generator” meta tag that identifies the site as a WordPress site–that can serve as a flag to hackers that specifically target WordPress sites. In this video tutorial we’ll learn a quick and easy way to clean the following items from your WordPress installation:

Here’s code to install in your functions.php to follow the above tutorial:

remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'feed_links', 2);
remove_action('wp_head', 'index_rel_link');
remove_action('wp_head', 'wlwmanifest_link');
remove_action('wp_head', 'feed_links_extra', 3);
remove_action('wp_head', 'start_post_rel_link', 10, 0);
remove_action('wp_head', 'parent_post_rel_link', 10, 0);
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0 );