How “WordPress SEO By Yoast” Could Get Your Site Hacked [Security Alert]

If you are running your site on WordPress platform and using this [Wordpress SEO By Yoast] awesome plugin then i would advise you to first update it before further reading the article, if not already. A huge flaw was found in the plugin by a freelance security consultant Ryan Dewhurst which puts your site in danger and could even get it hacked.

wordpress-seo-by-yoast-security-bug

You can read more about the technical aspect of the bug from WPScan Vulnerablility Database.
According to it ”

The authenticated Blind SQL Injection vulnerability can be found within the 'admin/class-bulk-editor-list-table.php' file. The orderby and order GET parameters are not sufficiently sanitised before being used within a SQL query.

In layman’s terms a malicious hacker could change your database by making an logged-in author visit a malformed URL through Social Engineering.

The severity of the bug was so huge that it made the WordPress team to force-push this update by which the plugin will be updated automatically if the auto-update feature is not turned-off. The update will be automatically rolled to you if you are,

  • running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
  • If you were running on 1.6.*, you’ll have been updated to 1.6.4.
  • If you were running on 1.5.*, you’ll have been updated to 1.5.7.

Yesterday Yoast team released a blog-post outlining the bug and what they did to patch the flaw.

So all in all if your on older version of the plugin then you must update it as soon as possible to avoid any risks of your site getting hacked or compromised.

Note: WordPress SEO By Yoast Premium users need to manually update the plugin by going to Plugins->Installed Plugins->Wordpress SEO By Yoast and clicking on ‘update plugin’.

How To Create And Optimize Robots.txt For Search Engines

Robots.txt, a file residing into the root directory of your website which gives directions to spiders and crawlers, is one of the most under appreciated factors in your SEO list. This file follows Robots Exclusion Standard also known as Robots Exclusion Protocol. It is a standard used by websites to communicate or direct web crawlers and spiders on whether to crawl a certain webpage or not.

robots.txt

According to Wikipedia : The standard specifies the instruction format to be used to inform the robot about which areas of the website should not be processed or scanned. Robots are often used by search engines to categorize and archive web sites, or by webmasters to proofread source code. Not all robots cooperate with the standard including email harvesters, spambots and malware robots that scan for security vulnerabilities. The standard is different from, but can be used in conjunction with, Sitemaps, a robot inclusion standard for websites.

Why Should You Care About Robots.txt?

  • Improper usage of the robots.txt file can hurt your ranking
  • The robots.txt file controls how search engine spiders see and interact with your webpages
  • This file is mentioned in several of the Google guidelines
  • This file, and the bots it interact with, are fundamental parts of how search engines work

What You Should Do First :-

  • Check if you have a robots.txt file already.
  • If yes, whether it’s blocking important files from crawlers and spiders.
  • If no then Do you need it ?

Determining The Existence Of Robots.txt :-

To check whether a robots.txt file exists already or not, you just have to enter your url into the address bar and concatanate it with /robots.txt.

For Example :- wwww.technonerdz.org/robots.txt

Determining Robots.txt’s Effect On SEO :-

To determine whether your robots.txt is blocking important files which could help search engines rank your page, you can use this tool by FeedtheBot. The tool works mainly on Google’s guidelines for webmasters.
But to understand completely how robots.txt works you need to understand it’s contents by yourself.

Keep reading to learn whether your site needs a robots.txt file or not.

Need Of A Robots.txt file For You ?

There are many cases where a website doesn’t need a robots.txt file but including one doesn’t hurt anyone either. But if you are not sure whether your site needs it or not you refer to the following points and if any one of them stands true for you then you must have a robots.txt file.

  • You want some of your content to be blocked from search engines and site crawlers.
  • You want your underdeveloped but live site not to be indexed until it is fully developed.
  • You want to block malicious bots from crawling your site and unnecessarily loading up your server.
  • You need to give proper directions to bots for affiliate or paid links on your site.
  • You need one or all of the above things.

In case you decide that you are better-off without a robots.txt file – it’s Ok but in that case bots with full access to your site and if you want to create this file you can follow the easy guidelines below.

How To Create Robots.txt For Your Site :-

Robots.txt is nothing but a text file in your sites root directory. To create one – just open a text editor and start typing the directives you want for the crawlers.

Directives :-

Allow Indexing Of Everything : If you want the spiders to crawl and index everything on your website add these rules to your robots.txt.

User-Agent: *
 Allow: /

Disallow Indexing Of Everything : To block the spiders from your site completely, you need to use these directives.

User-Agent: *
Disallow: /

Disallow Indexing Of A Specific Folder : Add these directives to block just a specific folder on your site to the crawlers.

User-Agent: *
Disallow: /folder/

Disallow Access To A Particular Bot : Sometimes you want to block access for a particular bot because of many reasons like content scraping, spamming or a bot with malicious activities.

User-Agent: Googlebot
Disallow: /

Set Crawl Rate : Setting crawl rate means advising crawlers and spiders about the amount of traffic they can send to your site in a given amount of time. Note that it could make Google and other search engines reduce the frequency they visit your site.

User-agent: bingbot
Crawl-delay: 10
where the 10 is in seconds.

Note that Google doesn’t provide support for crawl delay directly from the robots.txt but you can set crawl limit from the webmasters tool.

Conclusion :-

So now that you know how to create and use a robots.txt file, it’s up to you to implement it on your site. To get a nice further reading i must recommend this great article from SEOBOOK – Robots.txt Tutorial.

If this article helped you create a highly optimized robots.txt for your site or if you find it useful enough then don’t forget to share it among your peers.

Website Speed Optimization Guide For Technically Advanced Webmasters

The value of optimizing a website for speed is increasing day by day, more so – since Google announced that it would be a major ranking factor in coming days. As search-engines are becoming more and more smart they are giving user experience more priority than just the traditional quality of content and authoritative backlinks for SERP’s.

 

website-speed-optimization-guide

 

Optimizing a website for speed is a vital part of web development which every webmaster must follow but is often overlooked by many of us. A fully optimized site could engage users better and can help shoot your conversion rate through the sky. Average loading time for a typical site or blog should not be more than 3 seconds, for every 1 second increase in page load time you lose 11 % of page views and 7 % conversion rate according to a study by Aberdeen Group Research.

You can only imagine how much it can help increase your readership and potentially save you and your readers money on bandwidth. I also conducted a test on one of my new blogs where decreasing the page load time from 6+ seconds to 2.5 seconds caused the organic traffic to increase almost two fold.

So if you have a site which is very slow on load time you could follow this guide which covers many topics from beginner to advance level for optimizing it for speed.

Table Of Contents :-
  • Determining Current Speed Score
  • Website Speed Optimization : Basic Level
    1. Choose A Good Web Host
    2. Getting An Optimized Web-Template Or Theme
    3. Optimize Images
    4. Use A Caching Plugin
    5. Use Fewer Plugins
  • Website Speed Optimization : Intermediate Level
    1. Optimize Your Landing Page
    2. Disable Pingbacks And Trackbacks
    3. Follow The Golden Rule For C. S. S. And Javascript
    4. Add Lazyload To Images
    5. Remove Unnecessary PHP Tags
  • Website Speed Optimization : Advanced Level
    1. Minification Of Code
    2. .HTAccess Tweaks
    3. Hyperfast Social Sharing Buttons
    4. Use A Content Delivery Network
    5. Use CSS Sprites
    6. Optimize WordPress Database
  • Conclusion

Determining Current Speed Score :-

To optimize our website we first have to analyze what is it’s current speed score and what is causing our site to load slowly, just like a Doctor diagnoses for a disease before prescribing medications.

To analyze our site we will use three tools – Google Page Speed Insights, YSlow and Pingdom and believe me they are one of the best you can get.

Firstly you should try your hand with Pingdom and get a basic idea of how much time your site is taking to load and what resources are proving to be too heavy. Then try Google Page Speed Insight to get Google’s perspective of your site and then you can use Yslow.

Minimum Acceptable Score : A score between 60 to 65 is not so good for your site and you must optimize it further. 65 to 70 is acceptable for most site’s and a score of around 80 or 80+ is considered good. You should try to target that.

 

pingdom-tools

 

I started with a Pingdom score of 62 and now it is residing on 86 to 88 out 100 so i think it’s pretty much acceptable now. Google Insights also gives you a score on how your site is performing on mobile devices and you must not ignore this score either.

Website Speed Optimization : Basic Level :-

In the basic level i’m going to suggest most widely used ways of speed optimizations which you can use to boost your website.

Choose A Good Web Host :-

Many of us don’t realize the importance of choosing a correct web host according to our needs. Choosing a host which provide cheap services could be a good idea for newly found low traffic sites but they could prove to be a hurdle in your site’s growth when it becomes popular.

If you are serious about your site you should consider investing in a good host probably a V. P. S. (Virtual Private Server). I would advise you against Shared Hosting if you are going to make your site your earning source.

But shared hosting is not that bad as it sounds, it is a valid option for beginners who are starting small to learn their way up. If you consider using shared hosting there are plenty of Web-Hosts which provide better than average services for a small amount of price.

I would suggest Bluehost Web Hosting, they are one of the leaders in the industry providing 100% up time with 24/7 customer support. If you sign-up using the link below you would get a beefy discount of more than 50% on regular hosting and a free domain-name on your purchase.

Getting An Optimized Web-Template Or Theme :-

The next step is to use a nice theme which is not pre-loaded with unnecessary add-ons and javascripts. We often choose a theme which looks nice to us but some of them are amateurishly coded and have lots of bloatware.
Try to get a simple theme and customize your way up if you know how to code a little or you could get any of the below beautiful themes :

These are very nicely coded themes which are Search Engine Optimized and provide a very nice foundation for your blog.

Optimize Images :-

Un-optimized images could easily slow down your website. You should always optimize your images before putting them live on your website. To compress images for use on web you could use a nice little tool by Yahoo, Smush.it. If you are using wordpress there is a plugin which you can use to automatize the process. The plugin is named WP Smush.it and can be downloaded from here.

To optimize images manually with photoshop software follow this post or you could watch the video below :



You should also define the correct height and width of the image so that the page can continue loading side by side the image. You also should not try to resize them image using html means if you want a image of 300 x 200 then don’t get an image of 600 x 400 and resize it on the fly using html codes.

Use A Caching Plugin :-

Using a caching plugin considerably reduces web page loading time by serving static pages from it’s cache. W3 Total Cache is one of the best wordpress caching plugin.

Benefits of using W3 Total Cache :

  • At least 10x improvement in overall site performance (Grade A in YSlow or significant Google Page Speed improvements) when fully configured.
  • Improved conversion rates and “site performance” which affect your site’s rank on Google.com.
  • “Instant” subsequent page views: browser caching.
  • Optimized progressive render: pages start rendering quickly.
  • Reduced page load time: increased visitor time on site; visitors view more pages.
  • Improved web server performance; sustain high traffic periods.
  • Up to 80% bandwidth savings via minify and HTTP compression of HTML, CSS, JavaScript and feeds.

If you were to use wordpress then you should definitely use this do-it-all plugin.

Use Of Fewer Plugins :-

Using loads of plugins and add-ons will unnecessarily bog down your website. You should only use plugins that are most required. For eg: Use of plugins for normal contact forms and likes will only slow down your website. You should use hard-code wherever possible which would in turn reduce the load on your server.


Website Speed Optimizations : Intermediate Level :-

Intermediate level is where you will be doing most of the optimizations manually like optimizing your homepage, disabling non-required services like pingbacks and trackbacks etc.

Optimize Your Landing Page :-

Optimizing your homepage for speed would ensure visitor engagement for a longer time as it is the page which most of your users will be visiting first so the faster it loads the better. You could do many little tweaks to speed it up like :

  • Show excerpts instead of full posts.
  • Reduce the number of posts on the page, a number between 5 to 7 is good.
  • Remove unnecessary sharing widgets from the home page (include them only in posts).
  • Remove inactive plugins and widgets that you don’t need from your landing page.

Disable Pingbacks And Trackbacks :-

WordPress by default notifies you whenever any website mentions your site or links back to it through pingbacks. You could turn off this setting by going to Settings -> Discussion -> Uncheck the option “Attempt to notify any blogs linked to from the article” and “Allow link notifications from other blogs (pingbacks and trackbacks) “. If you want to know why you should disable pingbacks and trackbacks read this post.

Follow The Golden Rule For C. S. S. And Javascript :-

The golden rule is to place links to your CSS files as close to the top and link to your javascripts as below as possible. Place the CSS links just after the meta tags in your head section and there is no better place to put javascript links other than the footer.

The reason for it being the page loads in a flow meaning the content is loaded with the styles applied and also it doesn’t have to wait for Javascripts to load before the content. They will be loaded after the whole page has been parsed.

Add Lazyload To Images :-

Okay this step is optional, it would only be viable if you use a lot of images on your site. What lazyload does is it only downloads the images which are above the fold and the rest of them are downloaded as the user scrolls down thereby considerably reducing page load time.

To apply lazyload you could use this wordpress plugin : jQuery Image Lazy Load WP.

Remove Unnecessary PHP Tags :-

On our sites there could be many instances where the backend would be processing unnecessary calls for static information like calling for ‘charset’ info in head section of your site. What you should do is replace the PHP with static HTML like
<meta charset=”UTF-8″> instead of
<meta charset=”<?php bloginfo( ‘charset’ ); ?>”>.

Some more PHP tags which you could remove from your wordpress blog without thinking twice are :

  1. <?php language_attributes(); ?> found in header.php.
  2. <?php bloginfo(‘html_type’); ?> found in header.php.
  3. <?php bloginfo(‘charset’); ?> found in header.php.
  4. <?php bloginfo(‘name’); ?> found throughout the theme.
  5. <meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” /> <!– leave this for stats –> found in header.php.
  6. <?php bloginfo(‘stylesheet_url’); ?> found in header.php.
  7. <?php bloginfo(‘rss2_url’); ?> founder in header.php, sidebar.php and footer.php.
  8. <?php bloginfo(‘pingback_url’); ?> found in header.php.
  9. <?php bloginfo(‘stylesheet_directory’); ?> found throughout the theme.
  10. <?php bloginfo(‘description’); ?> found throughout the theme.
  11. <?php bloginfo(‘comments_rss2_url’); ?> found in sidebar.php and footer.php.
  12. <!– <?php echo get_num_queries(); ?> queries. <?php timer_stop(1); ?> seconds. –>found in footer.php. This HTML comment won’t be overly useful to many of us, so delete away!

These tags are as useless as Red Lights in Grand Theft Auto so delete them without feeling any remorse, believe me they don’t do any good.


Website Speed Optimizations : Advanced Level :-

So now we are going to tinker into our site’s backend code to juice out last possible second which we can save. This section will consist of many tricks which will require a little technical know-how on your part.

Minification Of Code :-

Minification is removing all unnecessary characters and whitespaces from your code (HTML, CSS, Javascript). There are many ways to do this but as this is the advanced level so we are going to this manually.

But to minify your CSS and Javascript files you first need to combine them into one, it’s more than possible that your site is using more than one CSS or Javascript files which increases HTTP requests thereby increasing the load times so by combining them into one you are reducing the requests made and also the size by minifying them.

To Minify The CSS Files, copy the entire contents of your CSS file and copy it to the minifier on CSSMinifier.com and click on minify, you will get some words which will make no sense – don’t worry just copy them and replace it with the contents in your CSS file and it’s done. You will notice that the file is much smaller as compared to before, this will save time in downloading it.

To Minify Javascripts – The process is just about the same as above, you only need to head to Jscompress.com instead of cssminifier.com.

.HTAccess Tweaks :-

A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. They are placed inside the web tree, and are able to override a subset of the server’s global configuration for the directory that they are in, and all sub-directories.[1]

The original purpose of .htaccess—reflected in its name—was to allow per-directory access control by, for example, requiring a password to access the content. More commonly, however, the .htaccess files override many other configuration settings such as content type, character set, CGI handlers, etc – (Wikipedia).

The file .HTaccess can also be used for many performance tweaks to your server which could considerably improve your page speed score but before modifying your .HTAccess file make sure you back it up, if you have already done that then let’s get to it.

Disabling Hotlinking Of Your Images is the first thing you should do to your site if you upload high quality, original images. Hotlinking means that the image is embeded on another site with your site server’s url rather than their own, this increases strain on your server which would surely decrease it’s performance and will also affect your bandwidth.

To prevent this we could easily add just a few lines of code to our .HTAccess file :

Disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?technonerdz.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?technonerdz.org/feed [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]

 

Before adding the above code make sure you change the RSS feed address to your own otherwise images would not appear correctly.

Leveraging Browser Caching For Static Resources is another nice little tweak you can perform with .HTAccess. By enabling caching for static resources like CSS, Javascript, Images etc. can make your webpages significantly faster.

You need to add following lines to your HTAccess :

<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault “access plus 1 month”
# My favicon
ExpiresByType image/x-icon “access plus 1 year”
# Images
ExpiresByType image/gif “access plus 1 month”
ExpiresByType image/png “access plus 1 month”
ExpiresByType image/jpg “access plus 1 month”
ExpiresByType image/jpeg “access plus 1 month”
# CSS
ExpiresByType text/css “access 1 month”
# Javascript
ExpiresByType application/javascript “access plus 1 year”
</IfModule>

 

Enabling Gzip Compression is the next thing on this list. Gzip compresses the files before sending it from your server there by reducing it size, upon receiving user’s browser decompresses it. Advantages of using Gzip – smaller files to transfer, low cost on bandwidth, faster page loads.

Add following lines to your .HTAccess for instantly activating Compression on your server :

## ENABLE GZIP COMPRESSION ##
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
## ENABLE GZIP COMPRESSION ##

 

Once you’ve added this snippet of code to .htaccess, test whether Gzip is working on your website by running Check Gzip Compression.

‘HTTP Keep Alive’ is allows the client’s machine to download multiple files without having to repeatedly ask for permission, thus saving bandwidth.

To enable Keep Alive, simply copy and paste the code below into your .htaccess file.

Header set Connection keep-alive

 

Hyperfast Social Sharing Buttons :-

We all need some sort of engagement from users of social sites because of which we add social sharing buttons our webpages but in case there is more than one button on a page it increases the page load time as they are served through javascripts. Though it is possible to load Javascripts asynchronously but multiple scripts means multiple HTTP request which equals to more download time required to parse the page.

To go around this problem Stoyan of PHPIED.com wrote nice little code snippet by combining the code of Facebook’s Like button, Google’s +1 and Twitter’s tweet button. Using this code is much lighter on your server and proves to be much faster than conventional social sharing buttons.

You need to add the following lines just before the </body> tag on your website :

<div id=”fb-root”></div><!– fb needs this –>
<script>(function(d, s) {
var js, fjs = d.getElementsByTagName(s)[0], load = function(url, id) {
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.src = url; js.id = id;
fjs.parentNode.insertBefore(js, fjs);
};
load(‘//connect.facebook.net/en_US/all.js#xfbml=1’, ‘fbjssdk’);
load(‘https://apis.google.com/js/plusone.js’, ‘gplus1js’);
load(‘//platform.twitter.com/widgets.js’, ‘tweetjs’);
}(document, ‘script’));</script>

 

Once you’ve added them now we need to implement the markup where we need the buttons to show-up, just add these lines in your site’s HTML code where you want the buttons to appear :

<!– facebook like –>
<div class=”fb-like” data-send=”false” data-width=”280″></div>
<!– twitter –>
<a class=”twitter-share-button” data-count=”horizontal”>Tweet</a>
<!– g+ –>
<div class=”g-plusone” data-size=”medium”></div>

 

To see these buttons live in action scroll this page to the end, the method is implemented on this blog also.

Use A Content Delivery Network :-

A content delivery network caches your static files and stores them on it’s server’s so when a user requests your webpage it is delivered from the geographically nearest server which helps increases page load speed many fold.

Cloudflare is one such free C. D. N which you can use to speed up your site. To implement Cloudflare you can through this awesome post on Shoutmeloud. Cloudflare with W3 Total Cache is a killer combination, you cannot imagine the results you would get when using these two side by side.

Use C. S. S. Sprites :-

An image sprite is a collection of images put into a single image. A web page with many images can take a long time to load and generates multiple server requests. Using image sprites will reduce the number of server requests and save bandwidth.

To use sprites follow this easy to follow tutorial on W3schools.

Optimize WordPress Database :-

If your are using WordPress as a Content Management System it’s database becomes cluttered over-time which could affect it’s performance. You should develop a habit of optimizing it occasionally.

A free plugin named WP-Optimize could do it for free and without any hassles. You can download it from wordpress repositories from here.


Conclusion :-

So if you have made it this far into the post your site should be faster than 75% to 80% of websites around the internet assuming you followed every tweak from this post.

If you enjoyed reading this article feel free to share it among your social peers. Ciao..

5 Places To Share Your Killer Quality Content For Insane Traffic

If you’ve finished writing a killer quality article and waiting for the traffic to come organically then let me be the bearer of bad news, You’re Doing It Wrong..!! Writing quality article alone doesn’t guarantee that it will rank high on search engines, though half of the work is done but the remaining half is much harder as compared to writing quality content.

Share_Your_Killer_Quality_Content_For_Insane_Traffic

Thousands of bloggers churn out millions of quality articles daily which don’t get ranked well just because of one single reason which is they don’t know how to promote it well enough among their targeted audience. For an article to rank well in search engines, the author must optimize it using On & Off page S.E.O. techniques. As the search engines are getting smarter by regularly updating their indexing algorithms, they are also taking social reach of an article into consideration for ranking. If a post is actively shared or liked in social media it sends a much positive signal to search engines than just the quality of content.

So now the question arises Where To Share Your Killer Quality Content For Insane Traffic ? If you don’t know the answer to this question then this post is going to help you immensely, here i have listed some of the biggest social media sites which you can use to get thousands of targeted traffic to your blog in a very short span of time.

5 Awesome Places To Promote Your Quality Content :-

REDDIT :

A social media place which categorizes user generated links in sub-reddits based on their category. It is also called as the front-page of the internet. After a link is posted, users can vote-up or down if they like the post or not which in-turn decides the position of the link on the page. It is one of the biggest traffic source for this blog and also my favorite social platform.

You cannot realize the insane amount of traffic it can send to your site until you use it. I submitted a very casually written article on How To Find Bugs In A Website to one of it’s sub-reddits and what i’ve got was near about 11,000 views from targeted users in a day. So you can just assume what a nice in-depth article would bring. In my suggestion if you have a nice article then you must submit it to REDDIT but do not spam as it follows one of the most strict policy against spammers and can ban you in minutes.


StumbleUpon :

StumbleUpon – a content curation website, it is one of the oldest and popular social bookmarking site. You just need to create an account and share your article with right tags, and description and wait. If your article is found and liked by users it will be added to it’s index.

It works in this way – after you submit your url it is showed to a limited number of users and if it is liked and up-voted then it is added to it’s index but if not it will be dropped. Some 7 months ago i submitted an article on Top 50 Hacking Tools but didn’t got any traffic but last month a user with only 90+ likes found my article and up-voted it and since then i got around 20,500+ views on that article alone and it’s been liked by some 1700 stumblers. Getting traffic from StumbleUpon could take some time but the wait is totally worth it.


Google+ :

Yes Google+, many of us don’t realize the affect Google+ can have on our posts ranking in search engines especially Google. Though there is no official word whether it affects search rankings or not but my research shows that a post which is shared handsomely on Google+ tends to rank higher as compared to articles with shares on other social platforms.

Being a new social media platform it don’t have that much user-base which is why you must use it, as there is less competition your posts can rank higher for more time as compared to other social sites. Google+ communities also offer decent traffic if used correctly. Be careful before posting as some communities only allow discussions and not links, ignoring the rules can get you flagged as a spammer and moderators could ban you.


Facebook :

Creating a Facebook page for any blogger for his brand is a must. With 1.35 Billion users of which 864 million users are regularly active makes Facebook one of the most promising and prominent social media platform for bloggers. It is the top source for referral traffic for many famous bloggers like Harsh Agrawal of ShoutMeLoud and Neil Patel of Quicksprout.

Though i’m not a fan of paid advertising but Facebook’s advertising program could feature your content to a wide variety of audience in a fraction of time and cost.


Twitter :

A micro-blogging platform with a nice user-base which can be leveraged to direct traffic to your blog. You can tweet your post link multiple times for maximum exposure but be sure to wait atleast 12 to 15 hours between each tweet. You can also use services like Tweriod to determine which is the optimum time for tweeting your blog link.


So these are some the biggest social platforms which you must utilize after writing your posts. Though there are many more places for blog promotion, following this list is a must for every blogger. Here are some more niche based social-bookmarking websites where you can share your posts.

  • Scoop.It
  • Inbound.org : For SEO, SMO, Blogging and internet marketing related articles.
  • DZone : For Developers
  • DesignFloat : For Web Designers.
  • ManageWP.org : For WordPress related articles.

If there is another source which is working great for you then why don’t you drop a comment and let me know about it. It could be a great addition to the article. Cheers..

How To Scan A WordPress Site For Vulnerabilities

WordPress is the most popular open-source C. M. S. (Content Management System) with ‘N’ number of plugins & themes which could make it very fun to use. But sometimes these plugins and themes could cause security issues on our site as many of them are poorly coded. So in this tutorial we are going to discuss the ways on – How to scan a WordPress site for vulnerabilities and fixing it.

scan wordpress for vulnerabilities

Vulnerability scanner which we will be using for this tutorial is named ‘WPScan’ which is free to download and install. You can also use the almighty KALI Linux which pre-includes this tool and many more. If you don’t have KALI : GET IT FROM HERE.

So Let’s Get To It :-

WPScan works by scanning the installed themes & plugins on a given website and matching them to it’s ‘database’ of vulnerable plugins/themes. If a match is found it will show a few links to SecurityFocus’s CVE database where you can read more about the vulnerability.

Scan A Website :-

wpscan –url “http://example.com”

This command will check a given site and provide various information about the installation of wordpress, themes and plugins installed.

Scan Installed Plugins For Vulnerability :-

wpscan –url “http://example.com” –enumerate vp

After executing this command, WPScan will start to match the installed plugins from it’s database and upon finding a vulnerability it will show CVE (Common Vulnerabilities and Exposures) reference links.

Scan Installed Themes For Vulnerability :-

wpscan –url “http://example.com” –enumerate t

Like the command before this, it will scan for vulnerable themes and show the related CVE reference links.

Scan The Name Of WordPress Users :-

wpscan –url “http://example.com” –enumerate u

Using this command will show the name of users with access to the admin area (wordpress login) of a particular site.

Testing All At Once :-

wpscan –url “http://example.com” –enumerate u,vp,t

If you like, you can also test all the three things at once using this command.

Bruteforcing a Weak WordPress Password :-

This post is just about scanning for vulnerabilities so bruteforcing a password doesn’t need to be here but as this is part of WPScan, it needs a mention. A weak password is no less harmful (infact much harmful) than a vulnerable theme or plugin.

wpscan –url “website.com” –wordlist passwords.txt –username helge

For this command to work you also need to provide the path to a wordlist (a file with possible passwords). You can find number of them spread across the internet but i would recommend this one.

Don’t Miss :- How To Check Website For Vulnerabilities.

Securing The Site :-

When done with the scanning part you should focus on securing your site by removing the reported plugins and themes or update them (if available).

Note :- Do not simply rely on WPScan as it won’t notify you of 0-day (Zero-Day) exploits.

So, don’t waste time & start securing your site. Feedback and suggestions are welcome, feel free to comment.

Enjoy..!!

Also See :- How To Exploit The Heartbleed Bug.

Optimize Images For Better Search Engine Ranking

If you’ve been into blogging then you surely know the importance of the term S.E.O. (Search Engine Optimization). S.E.O. is optimizing your website or blog so as to rank them better in search engines. There are many ways to accomplish that (not easy though) like On-Page S.E.O., Off-Page S.E.O. etc.

image-optimization-for-better-seo

But there is one more factor which is very important but often overlooked, Image Optimization. Optimizing images is another way of getting search engines love (organic traffic).

According to Google (Peter Linsley) :-

  • Users prefer High-Resolution, In-Focus High Quality Images.
  • Links with high-quality thumbnails tends to perform better in search results.
  • Cluttered, Distracting images are a strict NO-NO.

Image Optimization For Better Search Engine Rankings :-

  • Add proper 2-3 words for alt-tag for all images.
  • Height and Width of images should be properly defined as such that it doesn’t block page loading.
  • Good keyword-filled ‘Caption’ for all images should be used.
  • Host all the images on your private server and not on free hosting servers, reason for that being – image loading speed.
  • If you are using blogging platform like WordPress – there are multiple plugins which help automate this process. Techno-Nerdz uses EWWW Image Optimizer.

By following these tips you could rank your images better on search engines and get decent traffic from them. If you know any other way to optimize images, leave a comment.

Also See :- Get Higher Search Engine Ranking By Commenting On These Blogs.

14 WordPress Plug-ins You Must Have

In this post we are going to discuss ‘WordPress Plug-ins’ which are must have for any smooth-sailing blogger. So first thing first, What are plug-ins?

wordpress-plugins

What Are Plug-ins?

Plug-ins are additional software components that adds a specific feature to an existing application. In case of WordPress, it enables customization. Plug-ins can extend wordpress to do anything you can imagine.

14 WordPress Plug-ins You Must Have :-

Akismet :

Akismet is a widely used plug-in for spam protection.

Google XML Sitemaps :

This plug-in is used for generating and submitting sitemaps to google.

Redirection And Bing 404 :

If any 404 error occurs this plug-in would take care of it.

Hyper Cache :

Performance enhancement plug-in which improves site load time by caching pages.

Yoast WordPress SEO :

This is by-far the best Search Engine Optimization plug-in i’ve encountered and used.

WordPress PDA :

If your theme is not responsive and doesn’t support mobile screen viewing then this plug-in will help make it viewable.

WordPress.com Stats :

Use this plug-in to check basic analytic data and traffic in real time from within the dashboard.

Automatic WordPress Backup :

Make backups of your theme, posts and comments with this plug-in.

YARRP :

Yet Another Related Post Plug-in.

Debug-Queries :

This is used for SQL query Debugging.

Smart Youtube :

Embed Youtube videos efficiently with this great plug-in.

Slideshare :

Used for embedding slideshare presentations to your posts.

WP-Associatizer :

This plug-in is used for rewriting Amazon URLs including the associate ID.

WP-Paginate :

WP-Paginate is a simple and flexible pagination plugin which provides users with better navigation on your WordPress site.

Don’t Miss :- Why You Should Move To WordPress From Blogger

These are the plug-ins which are essential for any blogger and some of them are even recommended by one of the top bloggers, Amit Agarwal on his blog.

I feel that this list is missing one key plug-in that must be here, so my recommendation is :

Share This :

This plug-in is used for displaying social share buttons below the posts which makes it easier for readers to share the content they like.

 

Try these add-ons one by one and do provide feedback on whether you liked them or not in the comments below.

Also See :- Get Your Site Indexed Quickly

6 Reasons Why I Migrated From Blogger To WordPress

When I started blogging earlier this year, I’ve also made the same stupid mistake that many of us make while starting which is creating a blog on BLOGGER rather than WORDPRESS.

 

migrate-from-blogger-to-wordpress

 

Blogger is no doubt a huge successful blogging platform but it doesn’t give you full control over your site. For a newbie who is just starting, it is enough but as you grow in the industry you will feel the need of complete control. Also the Blogger blogs are free to create whereas WordPress requires you to purchase domain name and hosting.

*Discussion is based around ‘wordpress.org’ not ‘wordpress.com’.

But if you are serious about blogging then the money you will spend on domain and hosting will reap you benefits over time. So, in this post i’m going to mention the advantages which forced me to switch to wordpress from blogger.

Benefits Of WordPress :-

Authority : You could build your own identity with wordpress blogs because of the custom domain name rather than ‘blogspot’ subdomain’s offered by blogger.

Support : As wordpress is the largest C. M. S. (Content Management System) it is hugely supported and have lots of features as compared to blogger. Hell, you could get a PLUG-IN for everything.

Control : Unlike blogger, you have full access to your site’s directories and files. A person with little know-how of web languages can transform his blog amazingly.

Speed : One of the biggest factors i considered while migrating my blog was the ‘Site Loading Speed’. This blog when hosted on blogger was very slow and could take somewhere around 10 seconds on low bandwidth connections which was unacceptable. Also i noticed that blogs which are hosted on blogger fall behind on Alexa ranking compared to wordpress blogs even if they have higher traffic.

Indexing : Blogs hosted on wordpress are easier to index compared to bloggers which in-turn will provide increased organic traffic.

Unlimited Pages : As the site is your’s in wordpress, you could create as many standalone pages as you want which is limited to a total of 10 if you are using Blogger.

These were the reasons which affected me enough to made the move which i’m certainly not regretting. Things are little crazy for me at the start with wordpress as like everything but will smoothen-out once i get friendlier with this platform.

If you are also looking to migrate then i hope these points will help making up your mind.

Got anymore suggestions as to why one should move to wordpress then do leave a comment so everyone can benefit from it.

 

RELATED :- How To Add A Favicon To Your WordPress Blog.

Easiest Way Of Adding A Favicon To Your WordPress Site

Yesterday, my friend who just started blogging contacted me to help him add a favicon to his blog WEOOL Technology. I guided him through the steps but realized if this is proving to be difficult for a new blogger then i should write a post for accomplishing this more easily. So without wasting anytime let’s get to it.

What Is A Favicon ?
Favicon is that small size image which you see in browsers next to the title of the webpage. Like the ‘T’ sign on this page above – Take A Look.
A favicon could be your Companies Logo or anything which describes your site. This gives your website a more professional look and makes it unique among others. So, in this tutorial i’m going to show how you can add a favicon to your website very easily.

favicon

 

Benefits Of A Favicon :

There are many benefits which you can gain by simply adding a favicon.

  • A more professional look.
  • Easy Identification.
  • Increased User Experience.
Creating A Favicon :
Before you can add a favicon to your site, first you need to create it. There are many tools which you can use ranging from Photoshop to simple image editors. Any image which is in 16 x 16 or 32 x 32 size and is in PNG or ICO format will work.
*Note that some older browsers don’t recognize PNG format for favicon.
 
How To Add Favicon To WordPress :
There are multiple ways to accomplish this but we are going to discuss the easiest one’s here.

First Method :-
  • Upload the file to the root directory of your website using FTP or file manager, if your web-host supports it.
  • Now edit your HEADER.PHP file and add the following code :


<link rel=”icon” href=”http://www.techno-nerdz.tk/favicon.ico” type=”image/x-icon” />

<link rel=”shortcut icon” href=”http://www.techno-nerdz.tk/favicon.ico” type=”image/x-icon” />

  • In the above code just change www.technonerdz.org with your website’s url and paste it in your HEADER.PHP.

If this method seems too much technical for you, keep reading :-

Second Method :-
  • Login to your wordpress admin area.
  • Goto the plugins tab and search for a plugin named All In One Favicon.
  • Install the plugin and let it do the dirty work.

This is the easiest you can get for adding a favicon to your wordpress blog. Tell us how you end up doing it or leave a comment if you don’t understand any step.

Related :- How Not To Get Penalized By Google