WordPress and Basic SEO

At a recent business lunch event, I heard a competitor of mine make the claim that you can’t update key SEO elements of a page in WordPress. Because of that, they argued WordPress should be avoided. Unfortunately, I had already spoken and talked a bit about myself and my business at the meeting, or I would have corrected the point in my introduction. SEO elements like meta title and description CAN be easily updated in WordPress.

I’ve heard from other companies in my industry that WordPress is full of pitfalls and shortcomings. I agree with that point – it is full of them; but so is every content management system on the market. They’ve all got their pros and cons. The great thing about WordPress it that it is pretty easy to overcome any such issue.

The meta title and description tags, while not a huge factor in ranking, should be customized for each individual page on a site. With the out-of-the-box WordPress install, that’s not really doable. But by simply adding the Yoast SEO plugin, it’s easily taken care of. Plus, there are countless other benefits of using Yoast on a site. Heck, Yoast alone is reason enough to use WordPress.

Yes, there are security shortcomings, but again, it’s 2018 – ALL content managements systems and event straight HTML sites have security concerns. Again, with WordPress, we can install WordFence and those security issues are addressed.

If you’re worried about SEO or security limitations in WordPress, I can assure you, they are easily taken care of with a few simple plugins. I’ve played around with several content management systems and even built one internally (Blossom, RIP), and all pale in comparison to WordPress.

If you hear someone saying those things about WordPress, they probably haven’t spent a minute or two actually looking into the program to see just what is available. As an out-of-the-box system, it’s one thing, but with the addition of a few simple plugins, the content management system takes on a whole new life. If you’ve got any concerns about security or SEO in WordPress, feel free to reach out. We’d be happy to answer any questions you may have.

Security by Obscurity?

In 2018, security on your website is a big deal. One security measure you may have heard of is “security by obscurity” or SBO for short. While it may sound like a great idea, the results will likely leave you frustrated. Security by obscurity – while sounding logical – is actually a huge vulnerability.

SBO can be traced as far back as Alfred Charles Hobbs, who in 1851 (yes, 167 years ago) demonstrated and spoke of the issue as it applies to padlocks of the time. The idea behind SBO (again, yes logical) is that if the bad guys (hackers) don’t know how your systems are laid out, they’ll never be able to hack them. Many programmers, including yours truly, have used this technique only to see it fail… miserably. Hackers and spammers are just simply too good. Yes, SBO might keep the rookies out, but anyone who has been at it a while will still get through.

Thankfully, with WordPress (my content management system – CMS – of choice), there are a couple of great ways to provide security to your site. One way is with the plugin WordFence. We talked about WordFence in a recent blog about brute force attacks. You can easily install and set up the plugin to block unnecessary logins in and scan your site for vulnerabilities.

Another great feature of WordPress is that the core system (and themes and plugins) are updated fairly often; in fact, we just had another big update this week. While the hackers do have access to the new code, they will need to dig into it and start working up a new way to hack into sites all over again. Of course, this is only a benefit if you keep your site regularly updated. If you have Security Essentials Hosting from Full Scope Creative, no worries – we handle all those for you.

While it sounds logical, security by obscurity will eventually lead to headaches for your site. It’s been proven wrong for at least 167 years thanks to Alfred Charles Hobbs. Security is a big deal, obviously, for any website. Take the time and make sure you use the best security measures available for your site.

What is a Brute-Force Attack?

I’m sure you’ve heard the phrase ‘brute-force’ at some point in time. Whether used to describe an army invading a castle or a raging river, it simply speaks to the sheer volume and power of the force. In recent years, the phrase “brute force” has taken on a new meaning. Today, a brute-force attack is one of the most common and cornering security threats to any website or secured login. Thankfully, there are a couple of great options for preventing our sites, especially WordPress sites, from falling victim to a brute-force attack.

A brute-force attack is a trial and error type of method used to guess useful information, such as username and password. Just like a river slowly and gently flowing downstream isn’t too big of a concern, a person sitting and guessing usernames and passwords isn’t that big of a concern (though still not appreciated). The concern with the river and our logins, is simply in the sheer brute force. To accomplish this, spammers and hackers will use a software-based algorithm to automatically generate a large number of guesses for the desired piece of information. Some sources that these guesses can be as numerous as up to 350 billion per second. As you can probably guess, 350 guesses per second can be a problem – and 350 billion per second can be catastrophic. The obvious concern is that the attacker could gain access into your site and wreak havoc. The problem with that many hits on a page (attempts to login) is that it will eventually cause your website to crash and simply be down. While that can stop the attacker, it also means legitimate users can’t access your site. Thankfully, there are several easy-to-implement security protocols in WordPress as well as basic practices that can help eliminate the risk for brute-force attack.

First things first – I gotta say this, and I know you’ve heard it before: PASSWORD for your password is a HORRIBLE idea! 1234 is a horrible idea! When you’re setting up your password in WordPress, one of its great security features is that WordPress will let you know how secure it feels your password is. Simply keep adding to your password until it comes up as Very Strong. To do this, you’ll most likely be using a combination of lower and uppercase letters, numbers, and special characters (!, @, #,$, etc.). For example, as I’m writing this, I’m listening to Quiet Riot. A musically influenced strong password would be something like Qu!t3#Ri0t#coftnoize – (Quiet Riot, Come On Feel the Noize). I added in uppercase, lowercase, numbers, and characters.

Okay, so now that we got the obvious one out of the way…. You can also install a plugin such as WordFence and customize its installation to protect your site further. With WordFence, you can take additional steps such as blocking a username. I never set up the username ‘admin’ – that’s far too obvious. With WordFence, if anyone tried to use that username, they’d be automatically blocked from being able to login for however long you specify. You can also set it up so that if they do try a legitimate username but miss the password a certain number of times (10 or 20 ideally, if you use strong passwords), it will again lock them out.

With WordFence, you can also run a scan on your site to see if there are any effected or infected files on your site that need to be cleared up. If there are any suspicious files, the program will let you know which ones are causing concern and which specific folders they’re in so you (or your web developer) can check them out and remove them if necessary. While this won’t stop a brute-force attack from hitting or entering your site, this scan can help prevent the amount of damage that can be caused by an attack.

Thankfully, there are several simple and easy-to-implement tools and plugins to help prevent brute-force attacks. Unfortunately, cyber threats such as a brute-force attack are one of the most common and concerning security threats that we face with websites, and the problems (the hackers/spammers/evil-doers) won’t be going away anytime soon. Just like when an invading army would storm a castle or the water in a river rages, we can be proactive and ready to counter these attacks when they come.

What to do with Unused Plugins

WordPress is an awesome Content Management System (CMS). Compared to many other leading CMS platforms (such as Drupal, Kentico, or Joomla), one of the great things about WordPress is how easy it is to keep the system updated and secure. Obviously, it is 2018 and there is no such thing as a “perfect” system – every CMS is vulnerable to attacks. Fortunately, there are several steps you can take to keep WordPress as safe and stable as possible. One area often overlooked is unused plugins.

One of the things that makes WordPress so amazing is how easy it is to install any of the countless plugins to expand your site’s offerings to fit your business needs. With just a few clicks, a new plugin can be installed and with just a few minutes of configuration, it can be ready to use. Once a good and stable plugin is selected and installed, keeping it updated regularly will help keep your site and that plugin safe and stable. However, it’s important to remember that when you’re done using that plugin or if you switch to a new plugin, you need to delete that plugin.

Alternatively, you can deactivate the plugin, but if you choose to go that route, the plugin’s code is still lying dormant on your site. The problem with unused plugins is that it can be easy to forget to update them. Kind of like an “out of sight – out of mind” sort of thing; if the plugin isn’t used, it’s easily overlooked during updates. So instead of just deactivating the plugin, be sure to go through and fully delete it.

There are some plugins, however, that for various reasons, you might not want to delete after you’re done with them. If that is the case, just be sure to always run the plugin updates as they become available. At Full Scope, we recommend checking for updates at least 3 times per week.

WordPress is a great CMS, partially because of the wide range of plugins available for use. That wide range of plugins, if left installed and forgotten, can also be a major undoing of WordPress. One of the best ways to keep your site safe and secure is to keep your plugins updated, and, if they aren’t being used, simply delete them.

Different Authors?

Some of our clients have multiple individuals writing blogs for their website. Having content from different perspectives is a great way to showcase all that your business has to offer. However, you may not always want to give admin access to all blog contributors. Thankfully, with WordPress, there are two really great options.

The first option is to set the additional writers up with a WordPress account and set their role as “author.” By doing this, those contributors will be able to login as needed, create new blog posts (and a select few other types of posts, depending on the plugins used on the site), and edit older posts. They will not, however, be able to add new pages or edit older ones. With this account role, your additional writers can edit their personal WordPress accounts, but they will not be able to create any new accounts or change their own role.

Alternatively, a business may opt to not allow individual authors WordPress access. We’ve had a few clients who have had additional blog writers contribute, but all content had to be approved by one person before that content could go live. To achieve this, the client simply created a user account for each writer, but did not share any login information with them.

That way, when the client (or other approver within the organization) received the written information from the author, the client could simply copy and paste the blog into WordPress and manually select the name of the author for that particular post.

With WordPress, there are some easy-to-use options that allow for multiple writers on a blog. Whether each writer has their own login or not, having multiple writers on a blog is a great way to show different perspectives and viewpoints: just one more way to make the most out of your blog and website.

Categories and Tags

When you start blogging and creating new posts in WordPress (which I highly recommend you do), you’ll see two options for organizing your posts: categories and tags. While both do the same basic things, organize and index your posts, they have two very distinct uses.

Categories

With WordPress, categories are generalized. Each blog post should only really fit into one (maybe two) categories. The categories will obviously be different from site to site and business to business. With the categories that you set up, think of the big picture and the broad topics. We’re not looking for specifics with categories, that comes later.

For example, when I was in high school and college I worked at a CD store. We had a couple of different categories to group CDs into: rock & pop, country, rap, soundtracks, oldies, and other; we didn’t get into any sub-genres of music. With the organization system, The Beatles would be categorized under the Rock & Pop section and Garth Brooks would be in the Country section. We didn’t break the basic sections up any further than that.

Tags

While categories are used for general organization and each post should only have one (or two at very most), tags are the complete opposite. Tags are used to drill down to the different sub-groupings of a category. Each post can have as many tags applied to it as makes sense.

I mentioned the store I use to work at and how we didn’t organize past broad genres (Rock, Country, Soundtracks, etc.); however, any of those bands could broken down into further sub-groups. For example, The Beatles could also have tags such as ’60’s Rock, English Rock, Bubblegum pop (they were at first), Psychedelic Rock (they certainly got there towards the end), and many more.

Why have both of them?

As mentioned, both categories and tags serve a purpose. When done correctly, they can help users (search engine or human) easily group posts together and can lead to a better search ranking. I would absolutely use the categories. You really need something to organize your blog posts by, and a general category works great for that. If you want to take more time and assign each post to certain tags, you’ll be that much better off.

WordPress Updates

WordPress is a great content management system with a lot of great features to it. However, like any other CMS on the market there are security risks with it. It’s fairly easy to stave off a lot of the issues by simply keeping everything up to date. When you are running these updates, you need to be sure to practice one skill that many of us are not too good at – patience.

I blogged about some basic security for WordPress a few weeks ago, but one thing I didn’t mention was the need to stay on that page until the updates are fully installed. When they are completed, you’ll see a line that says “All updates have been completed” and will have two links under that for “Return to Plugins/Themes page” and “Return to WordPress Updates page.” Once you see that confirmation you are OK to move on to another page.

The reason you need to be patient and remain on that updates page is that while the updates are running, the system will go into a maintenance mode. If you leave that updates page while the site is still in that maintenance mode, your site will become unavailable to all users and will only say “Briefly unavailable for scheduled maintenance. Check back in a minute.” If you get this message you will likely need to contact your web developer and have them fix the issue by simply deleting the .maintenance file.

Most updates only take about 30 seconds to run. Simply be patient and wait until the page says “All updates have been completed” and then you can continue with any other work you needed to do in the system. Patience is a virtue in many facets of life, with WordPress updates, it can be the difference between your updates being installed properly and you site being locked in maintenance mode.

Basic Security for WordPress

As with any content management system (CMS) available today, there are some security risks that need to be accounted for with WordPress. Thankfully, it’s actually very easy – using a secure password and keeping the system and plugins updated.

As with any online account, it’s very important to use a strong password. It’s also highly recommended to update your password every month or so. Most online accounts (Facebook, Twitter, Netflix, etc) will usually provide an indication of how strong your password is. Even with that indicator, it’s always a good idea to make sure to follow these basic rules:

  1. 10+ character long
  2. Include capital and lowercase letters, numbers, and symbols (*,!,&, etc)
  3. Avoid using your childrens or pets names (to many people know what those names are)

The second things to do to keep WordPress as secure as possible is to make sure you are always running the latest version of the software – both for WordPress and any plugins/themes you have installed. In WordPress, it is very easy to manage upgrades. You’ll see a link labeled Updates whenever there are updates to be done, and then simply follow that link and select which updates you’d like to make and click the Update button. The updates will automatically be installed and any database changes will be made.

WordPress is a great CMS to use and provides countless benefits to it’s users. Like any CMS available, though, security is always an issue and concern. To keep your site safe, keep your passwords strong and keep the system up to date.