WordPress SEO CONFIGURATION

A WordPress safety plan for SEOs and developers

WordPress powers an astonishing one-third of all websites these days. It has been the CMS platform of choice for our community since the mid-aughts when many of WordPress’s SEO features were implemented. It is therefore relentlessly attacked, largely for SEO spam reasons, but attacks can escalate to much worse.

Here’s a look at some WordPress fundamentals and ways to ensure your WordPress site stays safe.

Is WordPress safe?

The latest version of WordPress is very safe out of the box. Neglecting to update it, however, among other things, can make it unsafe. This is why many security professionals and developers aren’t WordPress fans. WordPress also resembles PHP spaghetti code which is inherently insecure, where WordPress itself warns that vulnerabilities “stem from the platform’s extensible parts, specifically plugins and themes.”

WordPress updates

There is no such thing as a 100 percent secure system. WordPress needs security updates to operate safely, and those updates shouldn’t negatively affect you. Turn on automatic security updates. Updating the WordPress core, however, does require that you make sure everything is compatible. Update plugins and themes as soon as compatible versions are available.

Open source

WordPress is open source, which entails risks as well as benefits. The project benefits from a developer community that contributes code for the core, the core team patches security flaws found by the community, while hooligans discover ways to pry things open. Vulnerabilities are scripted into scans by exploit applications which can detect what versions of things are running to match known flaws to your versions.

Protect yourself first

There are things you can do to protect yourself even when you don’t have an administrator role. Make sure you’re working on a secure network with a regularly scanned workstation. Block ads to prevent sophisticated attacks that masquerade as images. Use VPN for end-to-end encryption whenever you’re working at public WiFi hotspots to prevent session hijacking and MITM attacks.

Secure passwords

Securely managing passwords is important no matter what role you have. Make sure your password is unique and long enough. Combinations of numbers and letters are not safe enough, even with punctuation, when passwords aren’t long enough. You need long passwords. Use phrases of four or five words strung together if you need to memorize but it’s better to use a password manager that generates passwords for you.

Password length

Why is length so important? Put it this way, eight character passwords crack in less than 2.5 hours using a free and open source utility called HashCat. It doesn’t matter how unintelligible your password is, it only takes hours to crack short passwords. Starting at 13+ characters, cracking begins to get insurmountable, at least for now.

Administrators

If you have an admin user role, create a new user for yourself that’s limited to an editor role. Begin using the new profile instead of admin. That way, wide area net attacks will be centered on attacking your editor role credentials, and if your session gets hijacked you have the admin capacity to change passwords and wrest control away from the intruders. Compel everyone, perhaps through the use of a plugin, to follow a strong password policy.

Security policy

If you have security experience, perform code audits of your plugins and themes (obviously). Establish the principle of least privilege for all the users. You then are forcing hackers to perform shell popping tricks and privilege escalation which involves attacking targets other than WordPress credentials.

Change file permissions

If you control the host, provide yourself with a SFTP account through the use of the Control Panel if you have one, or try what administrator user interface you have access to. It may have the side effect of configuring credentials to open a secure shell terminal window (SSH). That way you can perform additional security measures using system utilities and more.

Lock down critical files

There are a few files that should never be accessed except by the PHP process running WordPress. You can change file permissions and edit the .htaccess file to further lock these files down. To change file permissions, either use your SFTP client (if it has the option), or open a terminal shell window and run the chmod utility command.

$ chmod 400 .wp-config$ ls -la

This means that only the PHP process running WordPress will be able to read the file, and nothing else. The file should never have the “execute bit” set, like with chmod 700. You should always have zeros in the second and third place — that’s what really locks it down. Verify your changes running the ls utility with -la options and have a look.

Having strict file permission settings means nothing can be written to the file, even by WordPress. You’ll want to grant write permissions back with $ chmod 600 .wp-config when there is a major WordPress update wherein the config file has modifications. That should happen extremely rarely, if ever.

WordPress login file

I like to lock down the wp-login.php file using .htaccess rules. Limiting access to only my IP addresses is great for when I work from one statically assigned IP, or a small handful of addresses for myself and some users. It’s not difficult to change the setting if you’re logging in from another location as long as you can obtain a shell on the host. Simply comment out the deny directive, login with your browser, and uncomment it afterwards.

XSS and SQL injection

By far the scariest attacks that you’ll encounter will be cross-site scripting (XSS) and SQL injection. There are .htaccess query string rewrite rules you can use to stop some of these, and you might be best off using a plugin that will manage this for you. Some security plugins will scan your installation looking for signs of compromise. If you know how to use rewrites, redirect or block query string signatures for attacks you read about or see in your logs.

Security plugins

Some security plugins will scan your installation looking for signs of compromise. Wordfense is a popular security plugin, and it gets regularly updated. Sucuri Scanner has a paid option that will scan your installation. Ninja Firewall is going to try and limit request-base attacks, blocking them before they reach WordPress core. You can also write an application utilizing Google’s new Web Risk API to scan your site’s pages.

About The Author Detlef Johnson is Editor at Large for Third Door Media. He writes a column for Search Engine Land entitled "Technical SEO for Developers.” Detlef is one of the original group of pioneering webmasters who established the professional SEO field more than 20 years ago. Since then he has worked for major search engine technology providers, managed programming and marketing teams for Chicago Tribune, and consulted for numerous entities including Fortune 500 companies. Detlef has a strong understanding of Technical SEO and a passion for Web programming. As a noted technology moderator at our SMX conference series, Detlef will continue to promote SEO excellence combined with marketing-programmer features and webmaster tips.

02

The 411 on WordPress SEO: Tools to Optimize Your Site

Search engine optimization (SEO) is an important aspect of website development. SEO exists as a form of best practices meant to increase your ranking in search results from engines like Google. In turn, this helps prospective customers, fans, and followers find your website.

Once your WordPress.com website is up and running, you might want to consider enhancing its SEO, but there are also a variety of WordPress SEO tools that you already have access to (on top of the free ones that can be found across the internet). All of these resources can help you assess and improve your current SEO practices, which will enable you to improve your website’s search ranking.

WordPress.com’s built-in SEO tools

By hosting your website on WordPress.com, you’ve given yourself a leg up on SEO.

According to Matt Cutts, the former head of Google’s web spam team, WordPress takes care of 80 – 90 percent of SEO mechanics for you. This includes key features like mobile-friendly layouts and GoogleBot crawling.

All WordPress.com websites also include detailed statistics powered by Jetpack, which allows you to extract insights about your site visitors. Within your site dashboard, you’ll find data on how many site views and unique visitors you receive per day, where your visitors are coming from, what pages they previously visited, any links that they clicked on, and more.

WordPress.com’s expanded SEO toolkit

If you upgrade to a WordPress.com Business plan, you’ll have access to even more helpful SEO tools. With the Business plan, you’ll be able to customize your site’s front page meta descriptions, blog post meta descriptions, title formats, and search engine and social media previews.

A WordPress.com Business plan also offers access to hundreds of WordPress plugins, many of which improve your site’s SEO. Some popular SEO plugins include:

Yoast, which gives you advanced XML sitemap functionality, control over site breadcrumbs, templates for title and meta descriptions, and more.

All in One SEO Pack, which provides XML sitemap support, Google Analytics support, advanced canonical URLs, automatic title optimization and meta tag generation, and more.

Google Analytics, which includes advanced SEO features to complement WordPress.com stats, such as goal conversions and visitor site paths.

When used correctly, these tools can improve your website’s search ranking, driving even more potential followers and customers to your site.

The best free SEO tools on the internet

There are multiple factors that contribute to SEO, including keywords, website speed, click-through and bounce rates, and inbound links. If you want to assess your website for how well it’s performing based on these factors, there are a variety of online SEO tools that can help (many of which are available for free).

For example, SEMRush tracks your website’s ranking on specific keywords. With the free plan, you can track up to ten keywords and see how you rank compared to other websites in your niche. You can also use SEMRush to analyze your site’s backlinks (when one website links to another).

Another helpful tool is GTmetrix, which analyzes your website’s loading speed for free. In addition to providing you with a speed rating, it details any of your site’s problem areas and recommends ways to improve your score.

Combine tools to grow your site

No matter which aspect of WordPress SEO you want to improve or analyze, you can likely find a free tool online to help you do so. Using online tools in conjunction with those built into WordPress.com can position you to effectively analyze and improve your search engine ranking.

Tags: Plugins, SEO

03

Selecting the Perfect WordPress Woocommerce Theme – 5 Things You Should Consider

WordPress is used to make all type of sites. That is why each template caters to a different market. Your WordPress Woocommerce theme is the face of your WordPress online store and plays a vital role in how users as well as search engine see it.

Now, let’s take a look at the steps you can take to ensure that you pick the best WordPress WooCommerce theme for your WordPress website.

Go for simplicity

Many WooCommerce theme comes with lots of colors, flashy animations, complex layouts, etc. sometimes you may need those things, but in most cases you do not truly need all that.

Look for a theme that a best design layout that helps your store goal. It needs to look best but without compromising on simplicity and usability.

Mobile-friendly

Most WooCommerce wordpress theme area already responsive by default. But there are still sellers who are selling fix width layouts that are not responsive at all. Ensure that the template you are picking for your store is mobile friendly.

Page builders

Page builders are WordPress plugins that permit you to make page layouts using drag and drop user interface. Many WordPress WooCommerce themes come with page builders pre-installed. Some of these builders are used by that template developers only.

SEO friendliness

Your best wordpress woocommerce themes plays a vital role in your sites SEO friendliness. A best looking theme can still produce badly coded HTML, this could affect your website performance on search engines.

Support option

If you mess up your WordPress WooCommerce theme, then you will have to figure it out on your own. You can also end up paying a 3rd party developers to solve the little issues.

Ensure that you pick a WordPress WooCommerce theme that has best documentation and support option.

Link1:https://smartsoftcode.com/

Link2: https://smartsoftcode.com/wordpress-ecommerce-themes/