How Using Too Many WordPress Plugins Can Kill Your Website

There are many thousands of WordPress plugins you can use for free, and there are also more you can buy for different purposes. According to WP Beginner, as of September 2012 there were more than 21,000 free plugins in the WordPress plugins repository! The question is; do you have to use all of them? You have probably seen a sidebar of a blog with a mile long list of awards and a multitude of links to other pages. Some people go as far as including hundreds of flashy widgets. If you are thinking of using several plugins, you should first learn why using too many of them will impact negatively on your readership.

They May Slow Down Your Website

This is, perhaps, the most annoying feature of using too many WordPress plugins. This slow down occurs because every plugin you use sends a server request when each of your readers loads the site. Imagine the effect of having fifty plugins when ten users are on your site. What about a hundred plugins with a thousand users? Do you really want your site to be that slow?

Some WordPress Plugins are not Secure

Just because a plugin works well does not mean that it is secure. Some plugins, especially the free ones, can be exploited by hackers who can then hack into your site. For example, users of some plugins such as WP Total Cache and WPTouch have been asked in the past to update their passwords after it was realized they were not secure. Since it is not always easy to know upfront which plugin is safe and which one is not, you will be doing a great deal of service to your site by installing only the minimum number necessary.

[Continue Reading…]


Why Google’s Author Tag will Change WordPress SEO

Google introduced its author information initative a while back. It’s a way for content writers to explicitly mark themselves as the author of a piece of work – it’s more than just putting “By Steve Claridge” next to your post, it’s about tagging your work with a machine-readable attribute that uniquely identifies you.

This is a very hot topic in SEO and Marketing circles at the moment but a lot of people are only looking at the short-term win of using this tag to increase click-throughs to your posts from search results. The author tag is going to be way more important than that.

What is it anyway?

rel=author is actually an HTML attribute that can be used on link tags to signify that the person referenced in the link is the author of the webpage. It’s not a Google invention, they are just using it in a very smart and useful way. This means that if, for example, you are blogging and you have “By Joe Snow” above all of your articles you can modify that line slightly to make the “Joe Snow” part a link to your Google+ page and Google will then know that everything on that blog with “By Joe Snow” and the link on it was written by you. Not just written by a person called Joe Snow, but specifically by you.

Why Google and why Google+?

Identifying authors has always been a problem and the web has made it a much bigger one. Do a search for your name and it’s likely you will come up with thousands of different people; many of those results will be articles about people and many will be articles written by those people but which of those articles are written by Bob Duncan from Michigan, which are by Bob from Oxford and which are yours? You might be able to
tell by looking but how’s a machine supposed to know? Wouldn’t it be nice if you read a great article by Bob from Oxford and you wanted to see what else he’d written on the entire Web? If everything he had written was marked with his unique rel=authorattribute then that would be easy.

Google are in a unique place to make this happen. They basically are the Web for many people, they are already indexing most of pages on it and they hold a power over most site owners: if they say “jump” then we say “how high?”. If anyone is going to pull off a global author identification scheme then it’s Google.

But why Google+ for the author information when we could just point all our articles to our own site’s About Me page? Well, obviously Google has a strong interest in making sure Google+ succeeds so locking us into that is a smart move for them.

[Continue Reading…]


Free eBook: The WordPress Blogging Guide

It’s been nearly four years since I discovered WPHacks – or Hack WordPress as it was called back then – and it was here Kyle was kind enough to offer me the chance to have my very first blog post published. At the time I was using WordPress to power a small video games review site I ran with some friends, but when I found Hack WordPress and by extension the whole WordPress community, I was immediately hooked. This was where I wanted to be.

After a couple of posts here I decided to create my own “WordPress tutorials” site, which I called WPShout. Since founding the site in March 2009, I’ve nurtured the site into a 3000 strong community for WordPress enthusiasts. And in that time, whilst building that community, I’ve learned a thing or two about blogging. I’ve been on a journey, if you will, and that journey started right here.

So I thought it’d be fitting to come back here once more just to let you know that I’ve recently published a 45 page free eBook on WPShout and you should totally download it right now.

Those forty five pages of The WordPress Blogging Guide contain six thousand words of content, which are broken down into three sections:

  1. Blogging essentials
  2. Monetization
  3. Social & Analytics

The book’s release post tells you more, should you wish for a more detailed synopsis.

That’s all from me. I just want to thank Kyle again for starting me off on my blogging journey and graciously allowing me to return to publish this short piece. And of course don’t forget to download the eBook. It’s free!


How to Handle a Hacked WordPress Install

WordPress is the most popular Content Management System in the world, and a significant percentage of the sites on the Internet use it. That popularity is well-deserved, but it also makes WordPress an irresistible target for hackers who want to spread malware.

How to Tell if Your Site’s been Hacked

Sometimes it is obvious that your site has been hacked. Occasionally hackers will simply redirect the site to a different server, so that visitors to your domain end up at a site infected by malware, a site displaying advertising the hacker can profit from, or a porn site. But often hackers add malware or spam links to a site which they want to remain undetected for as long as possible. Having a hacked site can infect your visitors with malware, and it will almost certainly result in a huge hit to your SERP rankings, or even blocking by search engines, so it’s important to be vigilant. There are a number of tools available to webmasters to determine whether a site is vulnerable and whether it has been hacked.

WP  Security Scan

The WP Security Scan extension won’t tell you whether your site has been hacked, but it will check for possible attack vectors and vulnerabilities, and offer suggestions for fixes. Of course, often the vulnerabilities will not be in WordPress itself, but in some other part of the software stack. The best way to ensure that there are no known exploits that hackers can use is to keep your software as up-to-date as possible.

Google’s Safe Browsing Diagnostic

Google has a service that enables webmasters to see whether they consider a site to be dangerous to visit. Copy the following URL into your browser address bar and replace the part following ‘?site=’ with your site’s URL.

http://www.google.com/safebrowsing/diagnostic?site=google.com/

Sucuri

Sucuri offers a free site scanning service that will catch major problems, and a paid for monitoring and cleanup service that can help if you are hacked.

Using these tools together can help you ensure that your site remains safe.

What Should You do If You’ve Been Hacked

Unless you are an experienced and expert developer or website administrator, cleaning a site with any level of confidence by yourself is almost impossible. Even if you think you have found all the malicious files and removed all the spam links, the files that make up WordPress itself may have been altered so that they reinfect a site after an attempted cleanup.

Contact your hosting provider and let them know you’ve been hacked. You might not be the only victim and the host provider’s sysadmins may already be taking action.

Securi, as mentioned above is an excellent tool, and it will attempt to auto-clean your WordPress installation. Should you choose not to use Securi, or hire a professional to clean your site, then the next best option is to delete the site and restore it from backups.

Hopefully, your site is hosted with a provider that offers a comprehensive backup service, in which case restoring the site to a previous version should be very simple. If not, we are going to assume that you have been making regular backups of your WordPress database.

Download a fresh install file from WordPress.org, to replace any files that may have been altered during the attack. Do not use the same passwords on the new install as you used on the hacked site.

After you have installed a fresh version of WordPress you can restore the WordPress database from a backup that you know to be clean.

Since you know that your site has been hacked once, and that there were vulnerabilities that malicious parties were able to exploit, if possible, it may be best to completely reinstall the server and restore from backups. At the least very scan the server with an anti-malware tool. If you are reasonably sure that the infection was limited to WordPress, then you should update all of your software to the most recent versions, to close vulnerabilities. If you’re using shared hosting your provider should take care of this for you.

If you haven’t been taking database backups, it may be possible that the WordPress database has not been breached, and that a fresh install of WordPress using the existing database is enough, but in that case be extra vigilant of alterations, follow the rest of the above advice, and start taking regular backups!

About Daniel Page — Daniel is the Director of Business Developement for ASEOhosting, a leading provider in SEO hosting and multiple IP hosting. Follow ASEOhosting on Twitter at @aseohosting.


How to Tweak WordPress for Ecommerce

WordPress has become a favorite platform for many ecommerce sites: it’s easy to set up a sale button for an ebook or any other file in a matter of minutes. But while WordPress can be a decent ecommerce platform out of the box, there are ways to transform it into a great platform with some relatively simple tweaks.

Update Your WordPress — And Keep It Updated

The downside to using a well-known content management system for your site is that more people will be looking for security flaws to exploit. On the other hand, there are also more people working to resolve any security issues. Provided you keep your WordPress installation current, adding each new update as soon as it rolls out, there’s significantly less risk of something happening to your site. Considering that it only takes one malware issue to destroy any trust you’ve built with potential buyers — no one wants to run the risk of putting their payment information into a compromised site — keeping your site up to date and preventing potential security issues has to be a priority.

You can also prevent security issues by carefully vetting any plugins or themes you add to your site. Even if you aren’t able to evaluate the code on a line-by-line basis, do some research into the problems others may have encountered with anything you’re considering adding to your site. Personally, I have a preference for using premium themes and plugins that are well-known for the simple reason that I’m more likely to have support available.

Set Up Clear Permalinks

Built into the core WordPress settings are options to manage your permalinks. Make sure that you’re using links that aren’t just a bunch of numbers or dates, especially if you’re going to be sharing direct links to your sales page online anywhere. Direct links look more trustworthy to buyers, and they also help eliminate problems when people retype a link into their browser. During a longer sales process, you may be surprised by how many times exactly that will happen. In fact, it can be a good idea to have an individual domain that goes directly to your sales page, particularly if you have a lot of other content on your site.

Make Your Shopping Cart, Payment Processor and Everything Else Match

Depending on the themes and plugins you might use to set up different ecommerce elements on your site, you can wind up with a site that sends people off to far-flung parts of the internet to complete the sale. Even if they stay on your site, pages can wind up looking very different.

With only a few exceptions, though, you can make sure that each step of the purchasing process looks identical. Most payment processors will, at least, allow you to add your own logo to the page, if not add CSS styles or other elements to make offsite pages look the same as those that are actually on your site. The more times you ask a buyer to trust an entirely different website (particularly in terms of visual cues) the more likely that buyer is to stop the purchase process and close the window. You need to prevent that as much as possible.