Google+ Comments for WordPress Plugin

google-plus-commentsFor many years now Facebook has had a very popular login feature and also offered the ability to easily integrate blog comments using your Facebook account. These options have proven to be very popular with all types of webmasters as they provide several convenient features and also help to discourage spammy or anonymous comments.

It always surprised me that Google wasn’t in this game, but the introduction of Google+ seems to offer Google the ability to offer these features to webmasters and be the ones collecting this information.  According to reports, apps that support Google’s login are now getting favorable search treatment and Google is starting to really push this feature.  Then last month, Google announced that Google+ comment integration is now available for Blogger users. So, what about WordPress users?

Not long after the Blogger integration was announced, the necessary code was discovered to do this manually using the following code:


<script src="">

Valid HTML5 version:

<script src="">

Comments counter HTML (replaces < g:comments >):

<g:commentcount href="[URL]"></g:commentcount>

Valid HTML5 version (replaces < div >):

<div data-href="[URL]"></div>

Replace ‘[URL]’ with the URL of your web page and fit the ‘width’.

Link your web page to your Google+ profile to verify authorship.

Dynamic Google+ Comments HTML:

<div id="comments"></div>
gapi.comments.render('comments', {
    href: window.location,
    width: '624',
    first_party_property: 'BLOGGER',
    view_type: 'FILTERED_POSTMOD'

Google+ Comments Counter:

<div id="commentscounter"></div>
gapi.commentcount.render('commentscounter', {
    href: window.location

Google+ Comments for WordPress Plugin

Fortunately, the WordPress community has already come through with an easier solution, the Google+ Comments for WordPress plugin. This plugin makes the comment section tabbed by seamlessly adding tabs for Google+ Comments, Facebook, Disqus, WordPress Comments, and Trackbacks. Early reviews are promising and I manage this plugin will continue to evolve over time.

If you decide to give this plugin on your website leave us a comment and let us know how the setup went.

  • Leave a Comment
  • PSA: Massive Botnet Attacks on WordPress Installations

    Over the past 24 hours it has come to our attention that a large network of over 90,000 IP addresses have ramped up their use of a brute force attack to target WordPress blog installations. According to several published reports, the botnet is attempting to gain access to WordPress installations by using the default Admin user name and trying multiple passwords. By default, WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

    Popular hosting providers CloudFlare and HostGator are reporting that the scale of the current attack is much larger than what they typically experience, with some reports claiming that they are blocking 60 million requests per hour during peak times. After reviewing our logs we’ve already noticed several failed login attempts using the username Admin.

    What can I do to protect my WordPress installation(s)?

    1. If your username is currently set as Admin, change it to something custom. The easiest way is probably by using something like the Better WP Security WordPress plugin.
    2. Change/strengthen your password. Your password should include capital letters and symbols (%+!#)
    3. Install a plugin to limit login requests.  We use the appropriately titled Limit Login Attempts WordPress plugin, but there are several other plugins with similar functionality.

    Once that is done, sit back and hope for the best!

    Update: HostGator has provided additional tips.

  • Leave a Comment
  • How Using Too Many WordPress Plugins Can Kill Your Website

    There are many thousands of WordPress plugins you can use for free, and there are also more you can buy for different purposes. According to WP Beginner, as of September 2012 there were more than 21,000 free plugins in the WordPress plugins repository! The question is; do you have to use all of them? You have probably seen a sidebar of a blog with a mile long list of awards and a multitude of links to other pages. Some people go as far as including hundreds of flashy widgets. If you are thinking of using several plugins, you should first learn why using too many of them will impact negatively on your readership.

    They May Slow Down Your Website

    This is, perhaps, the most annoying feature of using too many WordPress plugins. This slow down occurs because every plugin you use sends a server request when each of your readers loads the site. Imagine the effect of having fifty plugins when ten users are on your site. What about a hundred plugins with a thousand users? Do you really want your site to be that slow?

    Some WordPress Plugins are not Secure

    Just because a plugin works well does not mean that it is secure. Some plugins, especially the free ones, can be exploited by hackers who can then hack into your site. For example, users of some plugins such as WP Total Cache and WPTouch have been asked in the past to update their passwords after it was realized they were not secure. Since it is not always easy to know upfront which plugin is safe and which one is not, you will be doing a great deal of service to your site by installing only the minimum number necessary.

    [Continue Reading…]

  • Leave a Comment
  • 10 Most Common WordPress Plugins

    The viability of WordPress (WP) as a blogging tool is non-existent without the existence of WordPress plugins. These are part of the features that enable bloggers to extend the abilities of their blogs beyond their base installs. Plugins are integral in the addition of widgets. They are also useful in undertaking SEO activities. Currently, WordPress boasts of 18,000 plugins in its database. The following are ten of the most popular WordPress plugins:

    1) Contact Form 7

    Contact Form 7 allows web developers and bloggers alike to manage numerous contact forms. They can also undertake a customization of WP’s mail contents and form. This is usually a flexible process that involves the use of simple markups. Contact Form 7 supports CAPTCHA, Akismet-based spam filtering and Ajax-oriented submitting.

    2) Jetpack

    This plugin uses the cloud power from to supercharge self-hosted WordPress sites. It boasts of numerous features that comprise email subscriptions for comments and blog posts. It also allows users to submit comments via social networks. Jetpack comes embedded with widgets that display the most current tweets while commenters can benefit from Hovercard popups via Gravatar.

    3) WordPress SEO

    The Yoast-made plugin allows bloggers to preview the appearance of their posts in search results. As such, they can adjust certain features of their posts to their liking. These include the title and meta descriptions. WordPress SEO also analyzes the post to check for availability of images, subheadings, meta descriptions and alt tags among others. This enables bloggers to add anything that they may have forgotten.

    Its packages do not end there; WordPress SEO also creates XML sitemaps automatically before sending a notification to various search engines. Bloggers can also increase their SEO rankings. This is usually possible through the addition of links to RSS feeds.

    4) WordPress Importer

    Thanks to WordPress Importer, bloggers or web developers can transfer content from WP export files. Examples of such content include comments, authors, post metas and custom fields. It is also possible to import pages, custom posts, tags and categories.

    [Continue Reading…]

  • Leave a Comment
  • Should My WordPress Site Use a Related Posts Plugin?

    Related Posts Plugins are an amazing way to keep a visitor engaged on your site. By doing some magic on the backend of a site, they can make tailored post suggestions according to the content on-page. Tailored recommendations will boost average time on site, average page views, and the like. Related posts are also awesome ways to add advertisements to a site.

    Unfortunately, related posts plugins can also destroy a site’s performance, or bring it down entirely.

    Many related posts plugins work by creating a “FULLTEXT index” on the “posts” table in MySQL. This is a mechanism to make complex queries against the content of posts.  For example, “posts which contain A and B but not C or D.” Usually, this means indexing categories, tags, specific keywords, and a number of other data points and querying them later.

    It’s a cool way to search, but MySQL wasn’t built to make queries like this.

    In MySQL, FULLTEXT indexes consume high loads of resources at run-time, particularly for larger sites with proportionally large databases.  Under heavy traffic loads, this will slow the entire site down, or crash it entirely.

    To make matters worse, when changes are made to (large) tables with FULLTEXT indexes, rebuilding that index can take hours and hours. Sometimes rebuilding will even fail, producing a corrupted MySQL table. This can happen when you do something like upgrade to the latest version of WordPress.

    That was a lot of bad news. Here’s the good news!

    There are TWO PLUGINS that achieve “related posts” functionality, but do it off-server, so that you don’t bog down MySQL.

    Take a look at nrelate’s and LinkWithin’s “related posts” plugins. These do their calculations on their own servers and don’t cause the same issues with the databases.

    Nrelate has 3 different plugins based on whether you want your most popular content or related content to display, as well as if you want the related post to “fly out” at the reader.  All three are available in the WordPress plugin repository.  LinkWithin will make recommendations to related posts based on several factors, including title, tags, and content.

    How they work

    Nrelate creates its own, secure, RSS feed, and feeds your content directly their servers. This means their pinghost is added to your Update Services. So each time you update your blog with new content, nrelate gets the feed and can analyze it for related posts. Then, they use Natural Language Processing inside a database designed for search to analyze your content and make related recommendations.

    LinkWithin similarly analyzes your content off-server. They have a context engine that looks at categories, tags, keywords, and a few other aspects of your content in order to make recommendations. LinkWithin used to redirect traffic through their site, but no longer. You get all the SEO juice from the links.

    Both plugins accomplish the related posts functionality off-server. I’m personally a big fan of nrelate’s strategy of using the RSS feed to get the content and then processing it with NLP.  I was also able to speak on the phone with both developers from nrelate in the writing of the article, which indicates the support they’re providing their plugin.


    LinkWithin has secure processes to pull your content, and there are zero known security issues with their plugin.

    When I spoke with nReleate, they talked about how their RSS feed can only be accessed with a random key that is generated when you install the plugin.  They hired Mark Jaquith to build this part of the plugin with airtight security.

    Image options

    With nRelate, you can either show your content as one of six sizes of thumbnails, or as very simple bullets. The plugin automatically creates a thumbnail from the featured image, but you can also specify which image to use.  If you don’t have any images on your post, nrelate will actually pull one from their image library.  You can see examples of their ads on Huffington Post and Endgadget.

    LinkWithin relies heavily on featured images from your page in order to provide thumbnails.  If you don’t set featured images, the plugin won’t show any.  It also provides very customized sizing of images that are optimized for your site.


    You can add your advertising networks to nRelate (they have their own ad network) and serve your ads along with the recommended content. Linkwithin does not currently support advertising.


    Your css is automatically adopted by nRelate, so the thumbnails and font styling will automatically look like your design, but you can still customize things as you like.

    International Languages

    Nrelate is also in the following languages: Dutch, English, French, German, Indonesian, Italian, Polish, Portuguese, Russian, Spanish, Swedish and Turkish.

    Check out both of those plugins to see which one works for your needs. Both of them offer significant speed and scalability benefits to your site.

    Are you using a related post plugin for your site?  How has it affected your traffic?  Have you noticed any performance issues?

  • Leave a Comment
  • How to Protect WordPress from Malware Infections

    WordPress is installed on so many websites now, the global reach is comparable to a company like Microsoft. Hackers, scammers, and phisherman target Windows because it’s installed on millions of computers all over the world. If you’re going to break into computers with malicious intent, you want the biggest target.

    You will find (at times) some proponents of other popular open source CMS software (Joomla, Drupal) may try to say “WordPress isn’t safe, look at all the hacked websites”. WordPress is actually very stable, mature, and secure. But by it’s very nature, being software, it must be maintained (or security holes appear over time). If everyone kept WordPress, plugins, and themes updated, and performed just the slightest bit of preventative maintenance and hardening, the amount of compromised WP websites would probably go down by 90%. In this article we’re going to go over the basic steps of how to protect your WordPress website from malware, virus infections, and malicious code and scripts.

    First let’s talk about some basics you should know…

    What is (website) malware?

    You probably already know the word “malware” from PC’s and computers. Computer viruses have been around a long time, as well as virus scanning software. With the Internet age came “spyware” (programs that spy on what you do and send the details to a remove computer), as well as “anti-spyware” computer software. You might also have hard about trojans, and key-logging software as types of computer virii. The term “malware” in conjunction with a computer means something installed on your PC in order to deliver a payload. Like installing a browser toolbar, and having it (on the backend) install a script, program, or trojan without your knowledge as the payload.

    Google started tracking malware in websites a few years back as part of Google webmaster tools. Malware (at that time) was known mostly as something installed in your website designed to deliver a payload unknowingly to the website visitor (also like a virus, trojan, program, script, etc.). Now, the term is used to cover nearly any compromised website wither it delivers an actual payload, redirects the user to a rogue website, or just plain contains simple SEO spam.

    How do websites get infected with malware?

    If you think about the amount of WordPress websites online (more than 73 million and counting), when reports come out that say “10,000 websites hacked from ABC vulnerability” it’s a small percentage in comparison to the whole. Then again, that’s 10,000 broken websites that are either down, redirected, or infested with spam.

    Often people have a perception that there are actual people (or hackers) trying to break into websites. That’s not really the case, it’s an automated process. Hackers, spammers, and criminals write scripts to seek out and search for websites with specific vulnerabilities they can use to break in. They watch the latest security holes patched in WordPress itself, as well as themes and plugins. They also look for other software with holes, such as Joomla, Mambo, Drupal, phpBulletin, Simple Machines forum, phpBB, and anything else they can find. Often scripts are written to break in through one hole, and then just infect all PHP files, all sites in a hosting account, or just all WordPress installations at once.

    So think about the home you live in and it’s security. You have locks on the doors and windows, and if someone were trying to get in – you’d know about it right away. The bulk of websites online are in shared hosting accounts. Unless you have some alerting or monitoring installed for your website (and even if you do), the only place break-in and hack attempts are stored is the server logs. You don’t know it but your website is being “attacked” night and day 24/7 hundreds (if not thousands) of times. You have no idea that something is constantly trying to break into your website. If you did – you’d actually beef up the security a bit.

    Back to how the websites get infected. These automated scripts look for security holes in WordPress itself, themes, and plugins. If your website (or themes or plugins) are out of date – you might be open to one of these attacks looking for a way in. But this isn’t the only way.

    Another way websites can be compromised (any website, not just WordPress) is by using an insecure connection to either login to FTP, your wp-admin dashboard, or your web hosting account. Remember when we talked about computer viruses and malware? If your PC is compromised and you connect to your WordPress website, your connection information could be sent to a remove PC by a keylogger or trojan. Even is your PC is clean, if you connect to any of these by an insecure connection such as Starbucks connection, public wifi in a hotel or airport, the same thing could happen (same if your home wireless router isn’t secured).

    Yet another way your WP website can be infected is through your webhost itself. Maybe your account is managed with cpanel or Plesk control panel and your webhost hasn’t applied the latest patches for that software. Hackers can get in through those security holes. What if an exiting employee from a webhost steals the password files (which has actually happened) – you could be compromised. What if someone external breaks into your webhost and steals your login information (which has also happened at multiple webhosts multiple times), you can also be broken into.

    More often than not what we do see, are large webhosts with shared webservers where hackers break into as many sites as they can on one box at once (bad neighborhood or guilt by association break-ins). Hosts that do stupid things like leave directory indexing on by default – don’t help matters much.

    How to Protect WordPress from malware?

    Now that you know what malware is, and how websites get infected, it’s time to find out how to protect your own website from malware (infections). While we can’t give you complete step by step instructions, we can give you some great points to follow which will make your website more secure and hardened than it ever has been.

    • Reset your password(s): regularly reset your WordPress admin, FTP, and web hosting control panel passwords every 30-60 days. Be sure to use a 12+ character strong password from somewhere like Never use the same password at multiple websites or for multiple accounts.
    • Update everything: as previously mentioned, be sure to keep WordPress itself updated, and all plugins and your theme as well at all times. Check to see if your theme has an update available if you purchased it from a developer or a theme house. Have it reviewed by a competent WordPress developer once per year for vulnerabilities if it was custom coded.
    • Remove unused and outdated items: The worst security holes are the ones that you forget about. Always remove all themes and plugins that are unused and inactive. In addition be sure to remove (or at least have an expert check out) any plugins that haven’t had an update in 12-18+ months or more.
    • Get rid of common WordPress elements: Your WordPress installation shows what version you are running in the meta generator tag of every HTML page it displays sitewide. Use a security plugin like Secure WordPress or Better WP Security to suppress this from being displayed in your public pages. You can also remove, hide, or limit access files like readme.txt which also display WP version information.
    • Limit Access: Limit and give admin access to only those with a “need to know” basis within your WordPress website. You should be able to count full site admins on one hand (preferable one or two fingers). Give the rest lesser user roles as needed.
    • Setup alerting and monitoring: There are all kinds of free services (some by web hosting companies) that will alert or monitor you if your website is down (or if certain pages have changed in content)
    • Register with Google Webmaster Tools: If you register with Google Webmaster Tools and they find malware in your website, they will notify you via email. Keep in mind (in our experience) by the time they notify you, your website could have been infected for days or weeks (or longer)
    • Monitor changed files: There are many free plugins that will monitor your website for changed files, Better WP Security is one of them.
    • Update wp-config security salts: Since before version 3.0 the wp-config.php file of every WP installation has contained “security salts” and a URL to get random ones to update the file with. Be sure to update your wp-config file.
    • Install and configure a security plugin: Setup and configure an all-inclusive security plugin, something like Better WP Security or Secure WordPress
    • Setup and test a backup solution: By all means, make sure that in the event something does happen you have a disaster recovery plan. You can use a free plugin, premium solution, or web based service to backup your website to an offsite location for recovery in case you are hacked, or something at your web host goes down. This is even protection against issues if you upgrade WordPress or plugins and a conflict takes your website down. At least with an option like this, if you are taking regular versioned backups, you can easily revert to the last known good version

    With just these few bullet points, your website security can be improved by nearly 95% (or more).

  • Leave a Comment
  • WPTouch: Creating a WordPress Mobile Theme

    Thanks to the huge success of the iPhone/iPod Touch, Android, and other mobile devices, Apps have become all the rage.  The problem for many webmasters and WordPress users is that most smaller WordPress websites/blogs can’t afford to have a custom app developed for their WordPress site.  

    Of course, thanks to beauty of the open source nature of WordPress, WordPress users have access to all sorts of great WordPress plugins.  I recently found myself debating whether or not to develop an app for WordPress Hacks and decided that first I would look into what free WordPress plugins were available.  My goal was simply to find one which would display a WordPress blog to mobile browsers in a mobile friendly format.  

    Based upon roughly 2 million downloads plus great reviews, far and away the best plugin I’ve found to accomplish this is one called WP TouchFor those that haven’t heard of WP Touch, this WordPress plugin automatically transforms your WordPress blog into an iPhone application-style theme, complete with ajax loading articles and effects, and will display this theme when your WordPress blog is viewed from an iPhone/iPod Touch, Android, Palm Pre, Samsung  and BlackBerry Storm/Torch mobile device!

    The admin panel allows you to customize many aspects of its appearance and deliver a fast, user-friendly and stylish version of your WordPress website to mobile visitors, all without modifying a single bit of code or making any changes to your standard WordPress theme.  The mobile theme also includes the ability for visitors to switch between WP Touch view and your site’s regular theme if that is what they prefer.

    If you are looking for a more feature-rich product, I discovered that users can also purchase a Pro version of WP Touch which includes a slew of new features like more style, color and branding customizations, themes, 10 languages, more advertising options, web-app mode, and even iPad support.

  • Leave a Comment
  • Jetpack: Supercharge Your Self Hosted WordPress Site!

    Ever notice how many features the standard installation of WordPress lacks? YouTube embedding, stats, and even a specialized Twitter widget? Well, if you have a self hosted blog at, these features are all given to you. In fact, many of these features are forced upon you by the sponsoring company, Automattic. Wanna learn how to get all of that “cloud-power” for your WordPress site?

    If you are one of the people who would love to have these features at your disposal and already has a account, keep reading. Otherwise, you’re losing out on a great plugin for self-hosted WordPress sites!

    Keep reading to find out more

  • Leave a Comment
  • How To: Integrate Twitter into Your WordPress Blog

    Although I personally am not a major Twitter user, I do see the value in the service and have made several attempts to use it more often. For many others, it has become an addiction and possibly even a major time sink.

    One trend we are starting to see more often lately is Twitter being integrated into WordPress blogs.  In the past we’ve featured a couple methods to integrate Twitter into your blog such as How to Add a “Tweet This” Link To Your Blog and How to Display Most Recent Twitter Entry. Even more recently there have been some WordPress plugins released to further integrate Twitter into your WordPress blog:

    1. Tweetbacks – This recent plugin by our friend Joost De Valk displays any “tweets” about your blog post below that post in the same way trackbacks/pingbacks are often displayed on WordPress blogs.   You can read more information about the plugin and how to install it here.  A similar plugin called TweetSuite was released recently as well.
    2. Twitter Comments – Works similar to Gravatars, but displays the comment author’s Twitter avatar instead.  If a Twitter avatar is not available, it will then attempt to locate a Gravatar to use instead.

    Due to the popularity of WordPress, I would imagine this is only the tip of the iceberg and many more Twitter WordPress plugins will follow over the coming months/years. Out of curiosity, for those of you that are heavy Twitter users, what have you done to integrate Twitter into your WordPress blog?

    Update: I just ran across this post over at Profit Blogger which shares more than 20 Twitter WordPress plugins that already exist.

  • Leave a Comment
  • Increase Earnings with the PHPBay Premium WordPress Plugin

    Are you looking for another way to monetize your WordPress blog?   Back in November 2008, I wrote about a new premium WordPress plugin called Auction Thumbs.   After that post was published, there seemed to be a lot of interest in this type of product.  This seems to be because people are quickly discovering they can make a lot of money online by doing nothing more than simply sending traffic over to eBay for relevant auctions!  In this post I will be discussing a similar WordPress plugin which has actually been around for over two years now called PHP Bay Pro.

    PHP Bay is an eBay affiliate script that comes in two forms.   The first is a stand-alone API version which allows non-WordPress PHP based websites to quickly and easily add eBay keyword based content advertisements to their website.  The second version is the one which will apply to our readers, and that is the easy to use PHP Bay WordPress plugin.

    PHP Bay Pro lets you take advantage of the 80 million auctions on eBay by adding relevant auctions to your WordPress blog.   When users click on the auctions, they are taken to that auction on eBay.   Then once people buy ANY item on eBay, you earn a commission, even if it wasn’t what you referred them for.  In fact, you get commission for any auctions won over the next 7 days by that person.   If that wasn’t enough, if someone signs up for an eBay account within 7 days of clicking on your eBay auction link, you also get a very nice commission (can be as high as $40.00 I believe, but usually around $15.00 each).

    Here is the feature list you get with PHP Bay:

    • Earn revenue through the Ebay Partner Network or other popular programs like PepperJam, Mediaplex, TradeDoubler or Affilinet!
    • Add keyword rich Ebay items to your php based web site that encourage impulsive buys!
    • Easily Integrate into any New or Existing WordPress Blog!
    • Thousands of free WordPress templates available across the web to create virtually any type of site!
    • Not Javascript based! Auction listings are 100% pure html based creating additional targeted content for your site!
    • List auction items regionally from 17 different countries!
    • List items by postal code (zip code) for localized results.
    • List items from specific Ebay categories.
    • Listings displayed in language and currency of selected country.
    • Listings displayed in rows or specified number of columns for a Web 2.0 look and feel!
    • Access to our active members only forum that offers a tremendous value in how to get more out of phpBay Pro, strategies, tips and tricks and much more!
    • Use on as many sites as you own! phpBay Pro is not limited to one domain. It can be used on one, or hundreds of sites with one license!
    • Comprehensive user manual with illustrations, in PDF format, for both the WordPress version and the API version, that will walk you through, step-by-step, to install and get working quickly with phpBay Pro!
    • Upgrades are free for the life of the product! phpBay Pro is nearly two years old with three major upgrades made with suggestions from our user base!

    If you are considering buying this WordPress plugin, make sure the topic your WordPress blog(s) covers will convert well on eBay.  Product based websites which cover something that is often bought on eBay seems to convert the best (electronics, pictures, etc.).   If your blog covers free products or some sort of service, chances are using a WordPress plugin like this won’t be worth your effort and will annoy your readers.

    If you decide you’re interested in PHP Bay Pro, it looks like it is currently available for $79.00.  I believe they used to have a free version as well, but I’ve not been able to track that down so they may have removed it since I bought my copy of this plugin last year.

  • Leave a Comment