How to Write Copy that Google Loves

Erin Huebscher | February 1, 2019 BY: Namecheap.com

93% of online experiences begin with a search engine.

This statistic isn’t meant for shock value. Rather, it’s meant to emphasize just how much our everyday lives rely on search engines such as Google to supply us with useful and relevant content.

And, because Google’s entire existence is built around creating an index of all the world’s information and making it accessible to all, it’s no wonder why they value content that real people (aka their customers) are looking for. 

As a writer, however, the question remains: how do you write copy that Google loves—or put another way, how do you optimize it for search engines?

An SEO Refresher

Search Engine Optimization, aka SEO, is that ubiquitous term people in the industry just love to throw around.

“It’s just not SEO-friendly enough…” 

“I think we need more SEO.”

“Are you taking into consideration SEO?” 

Without getting too technical, Moz describes SEO as the practice of increasing the quality and quantity of traffic to your website through organic search page results (SERPs). And when we say “organic,” we don’t mean Whole Foods-organic. Organic traffic simply refers to any sort of traffic that you don’t have to pay for. Meaning? That traffic comes naturally. 

organic produce

In order to receive this “natural” traffic, your copy needs to be optimized. In fact, the better optimized your website copy is, the better Google ranks your website in their organic search page results. So, using SEO means you’re doing everything you can to make sure that your website ranks higher on that neverending list of page results. 

But why does optimizing your copy actually matter? Because you’ll receive more clicks, more shares, more likes, more engagement, and you guessed it, more conversions.

SEO Copywriting v. “Normal” Copywriting

Make no mistake, writing copy for the web is nothing short of an art form; an art that undoubtedly requires talent but most importantly, the ability to write optimized content that resonates with users. Remember, even if you’ve written fantastic copy, if no one can find your website, then all those beautiful words of yours will be hidden from view. 

To clarify the difference between SEO copywriting and “normal” copywriting, Namecheap’s Senior SEO Content Manager Kevin Church eloquently sums it up:

“With ‘normal’ copywriting for an article or print ad, you’ve probably already got the audience’s attention in some way or another—it’s in a magazine they read, there’s an attractive image, etc.—but with SEO copywriting, you have to think about how they’re going to find your piece through Google or another search engine. You’ll want to do keyword research and create a strong outline based on actual interest versus what you think readers want.”

More on keywords later but in essence, SEO copywriting is primarily driven by metrics, meaning you’re specifically creating content to attract search engine traffic while at the same time appealing to your users.  

As Liam Barrett, Namecheap’s On-Page SEO Specialist, explains: 

“The best copywriters use the best of both worlds. For example, ‘normal’ copywriting can tell a great story and keep a user engaged, but may not reach the correct audience. By adding SEO research into your content, you can refine your content to get more visibility.”

Prioritize Keyword Research

If you really want the copy you write to rank well in Google, you’ll have to roll up your sleeves and do a little research—keyword research. 

Think of it sort of like preparing for a first date with someone you really like. You tend to do your homework before meeting them, don’t you? It’s the same rationale with keywords. Knowing which ones will pique your audience’s (ahem, date’s) interest and take notice of you. 

Proper keyword research ultimately means understanding your audience. More specifically, it’s knowing what they need and/or what particular problems they’re they looking to solve. When doing keyword research you may notice that people describe their problems in a variety of ways. 

For example, let’s say you’re looking for an inexpensive hotel in Italy. While you may type in, “cheap Italian hotels” others may search for, “inexpensive places to stay in Italy” or “affordable accommodation in Tuscany.”  

If you can begin to understand and anticipate which words/phrases your readers are most likely to use to describe their problems or queries, you’re well on your way to writing more compelling copy (and ranking higher in Google). Quicksprout, an online marketing resource, does a great job of identifying what keyword research can reveal to you

website metrics illustration

Now that you know the importance of keyword research, it’s time to make keyword research tools your best friend. 

Rand Fishkin over at Moz gives an excellent tutorial on how discover and prioritize the best keywords. His advice? Don’t limit yourself to one source when searching for keywords. His top picks on the best online keyword tools are: AdwordsGoogle SuggestSEMrush, and KeywordTool.io

Once you’ve got your prioritized list of chosen keywords, try to avoid “stuffing” those keywords throughout your copy. To keep your keywords in check, Barrett recommends wordcounter.net, which is a helpful tool to ensure you’re not over or under optimizing your written content.

Headlines Count

“When you have written your headline, you have spent eighty cents out of your dollar.” 
–David Ogilvy

Headlines should always be what attracts your users’ attention, encouraging them to click and read more. A mediocre headline, accompanied by stellar copy, unfortunately, does very little for your click-through-rate (CTR)

This is why successful SEO copywriters write their headlines before writing the rest of their content. As a general rule of thumb, if your headline is clickable, attractive, and under 72 characters, you’ve got yourself a keeper. (Exceeding 72 characters sends the hint to Google that you’re only writing for search-engine purposes, not your users.)

According to Conversion XL, headlines with numbers always work. So, if a numerical figure applies to what you’re writing about, go ahead and include that number in your headline. And, if you happen to use WordPress, Yoast SEOis a fantastic plugin that helps with optimizing your website copy so you’ve got content that not only ranks high in Google but also attracts clicks from potential users.

Write Quality Meta Descriptions

Contrary to popular belief, meta descriptions—snippets of copy that summarize a page’s content in less than 155 characters—are not used for Google rankings. They are, however, used by readers like you to help better understand what topic a website is about.

Using our previous search example regarding cheap hotels in Italy, here’s what a well-written meta description might be written like:

Discover affordable and charming hotels, right in the heart of central Italy. Search and book your inexpensive Italian accommodation with us today!

When you see a meta description that includes the words and phrases you’ve already been searching for, you’re far more likely to click on it since you assume it’s relevant to your search query. And, although there’s no direct correlation between meta descriptions and Google rankings, Google will indirectly reward websites with a high click-through-rate.

What does this mean, exactly? Well, the more people who click on your search result (and read your relevant meta description), the more Google considers your page to be “good,” subsequently moving your position up their ranks. Not a bad deal.

Link It Up

Consider links, both internal and external, as the basic building blocks of your website.

chain with glowing link

When you link out to other useful sites and pages (including your own), this sends the signal to Google that you value content others create. Doing so aligns with Google’s aforementioned mission of making content accessible to everyone, everywhere.

Church wholeheartedly agrees, especially when it comes to internal linking.“You’ll want to make sure that you link to your new page from other pages on your website.” Meanwhile, Barrett recommends “linking/referencing other articles on your site (with relevant keywords)” and not being “afraid” of adding in some external links.

Thanks to the folks over at Boostability.com, here’s how to recognize what makes a good link.

The Takeaways

As any SEO pro would advise, the best kind of website copy follows the KISS (Keep It Simple Stupid) principle

This doesn’t necessarily mean your copy has to always be short and sweet. In fact, according to Barrett, lengthy content is encouraged. His advice, however? Try cutting unnecessary words or sentences and focus on a simple goal or set of keywords.” A helpful tool Church likes to recommend for constructing those easy-to-read sentences and paragraphs is the Hemingway editor

Writing great SEO copy, Church explains, should ultimately be “invisible,” and naturally incorporates the terms that people type into their search engines, making it both readable and informative. 

So, what have we just learned? That the best type of copy resonates andincludes SEO, keyword research is not just a suggestion—it’s mandatory, headlines under 72 characters always score, meta descriptions must be relevant, and linking means you care about awesome content.   

Whew. Now, are you ready to make Google fall in love with your words?

Best Android apps in 2018

Article originally by: https://www.androidcentral.com/best-apps-android
By:  ARA WAGONER

Our phones are pocket-sized supercomputers with professional-grade cameras and battery for days, but without the apps to take advantage of it, what would be the point? There are millions upon millions of Android apps that transform our phones from shiny glass slabs into productivity powerhouses, and over the last year, these are the apps that have seized the day and made our lives easier, faster, and better.

Most improved service

Google Assistant

From Assistant Routines in Google Clock alarms to the vast expansion of Assistant-compatible smart home devices to the overhaul of visual responses, it has been a busy year for Google Assistant. It feels like a century ago when Android Auto added Google Assistant, but that simple addition made millions of drivers safer, especially during these long, frustrating holiday drives.

Free at Google Play

Smart home control

Google Home

Whether you need to control your lights, smart plugs, thermostats, or Assistant speakers/displays from the warmth of bed or from the farthest corners of the globe, the new Home View in the Google Home app makes it easy. Being able to add Home members to use what you’ve already set up is a huge step forward for making smart homes more accessible for all skill levels.

Free at Google Play

Keep it all together

Google Keep

Keep your Evernote and your Todoist, Google Keep is with me to the end of the line and it is 100% free. Keep is yet another Google app to see a visual update this year, and while I’m still waiting on a dark theme, the expanded 12 color options, addition of subtasks to checklists, and improved Drive integration make Keep the only task manager and inspiration board I use.

Free at Google Play

Darkness, at last

YouTube

Fire up the confetti cannons, boys; YouTube for Android finally got a dark theme this year, over 6 months after iOS and years after YouTube.com. This year also saw the expansion of YouTube Red to YouTube Premium in over a dozen countries, with a major overhaul of YouTube Music that puts Google’s AI prowess on full display. Now, show me that Lion King trailer again.

Free at Google Play

Only movies worth buying

Movies Anywhere

This service might be the only reason to actually buy movies anymore. Movies Anywhere is the cross-platform movie locker that lets you watch your movies on just about every platform — and you can use it to check prices between digital retailers like Vudu, Google Play, FandangoNow, and Amazon Prime Video. If you buy a movie, it better be compatible with Movies Anywhere!

Free at Google Play

Upvote all the gifs

Reddit official app

I’ve been a third-party reddit lurker for years, but this year the official Reddit app breezed past Relay, Boost, and the rest this year. Reddit’s new website look has been a source of no small debate, but I’ve actually rather enjoyed both the new website look at the continued improvements on the Android app. Now if only /r/Writing Prompts didn’t suck up all of my dinner breaks…

Free at Google Play

Texting from anywhere

Google Messages

Dark theme! Messages for web! It’s been a big year for Google’s SMS app, and while I still miss Mood Messenger and Textra’s themes, about the only third-party SMS app that can compete with Messages for web is Pulse’s paid SMS-syncing service, which is compatible with more platforms and browsers. Messages’ theming might be lacking, but the dark theme is a welcome addition.

Free at Google Play

Party in the threads!

Slack

Android Central has Slacked for years because Slack is one of the best chat apps on the market today, business or personal. Threads allow us to get into minutiae without spamming the main chat, and everyone can upload custom slackmoji like :bader: or :jerrybird: for added flair. All it needs now is a dark theme so I don’t blind my bosses when I ping them at 2 AM. 😇

Free at Google Play

Best backup system

Google Photos

Backing up and sharing photos are two of the most important functions of our phones, because the camera you have is the camera you use, and we use our phone’s cameras a lot. Google Photos free backups continue to be the best way to backup, catalog, and share your photos. Integration with Google Assistant and Google Lens also let you find and identify pictures easier.

Free at Google Play

Most consistent dev team

Microsoft Launcher

Microsoft has been upping its considerably skilled Android game this year, and the Microsoft Launcher Team keeps the updates and new features coming faster than any other major launcher on the market today. Granted, it’s very much geared towards Microsoft services — like the recent Cortana integration — but it’s a launcher that gets better every month.

Free at Google Play

Theme smarter not harder

Smart Launcher 5

If at the beginning of the year you told me that the launcher I’d use most this year was Smart Launcher, I’d’ve laughed in your face. Then Smart Launcher 5 arrived and I fell in love. The flexibly categorized app drawer is better than ever, and with the integration of Icon Pack Studio and a gridless widget system, SL5 makes building and switching themes a breeze.

Free at Google Play

Precision pro theming

KLWP Pro

Big brother of Kustom Widget maker KWGT, Kustom Live Wallpaper’s one-stop theming has grown on me considerably this year. While SL5’s gridless widgets is nice, nothing beats the pinpoint, edge-to-edge widget and element placement in KLWP. The formulas and menus can be daunting, but KLWP’s robust community, especially on Reddit, help make any theme possible.

$5 at Google Play

Automation overhaul

Tasker

Tasker stagnated a bit in previous years, but new owner João Dias — maker of the AutoApps plugin suite and Tasker’s most ardent fan — the automation app has seen a UI overhaul and major updates the last few months. With TaskerNet and improved export/importing, it’s never been easier to share, tweak, and create amazing profiles and tasks for Android (and beyond).

$3 at Google Play

Cloud copy & stream

Solid Explorer

File managers are one of those “basic” apps that most users take for granted, but a great file manager can do far more than help you find your files. Robust cloud storage integration lets me copy files to and from Google Drive easily, but what I really love are the media streaming features, which I can use to stream Drive videos directly to a video player app or Chromecast!

$3 at Google Play

Floating above the rest

Gboard

Gboard’s keyboard continues to dominate the market with an ever-expanding array of features on Android, iOS, and soon on Chromebooks, too! Some of this year’s additions like making your own emoji pack or gifs may seem trivial, but Gboard has also added support for dozens of new languages, as well as the recent floating keyboard mode that makes filling out forms a breeze.

Free at Google Play

Yes, there are more than a few Google apps in here, but with the amount of visual updates and feature expansions, every app here more than earned its spot on the team. Smart Launcher 5 was the biggest surprise for me this year, but it really is hard to understate just how much Google Assistant has improved both its own experience and the Android experience as a whole in the last 12 months. Reddit draws me in more and more every time I open it, but I’m hoping it takes a few more navigation cues from third-party clients, especially when trying to jump between threads in AMAs.

WHY YOU SHOULD CARE ABOUT ONLINE PRIVACY

 – Namecheap

Data breaches and violations of our privacy seem to be a daily occurrence.

From Edward Snowden’s bombshell that the American government tracks its citizens to Cambridge Analytica collecting Facebook data from millions of people to allegedly influence the 2016 US presidential election, it’s clear that a lot of our personal information is out there. And it’s not always being used in the most transparent, ethical, or even legal ways.

It seems as if every aspect of our private lives can be dissected and scrutinized by corporate and government interests—or by other parties that mean to do us harm.

It’s a difficult topic, but awareness is the first step in protecting yourself. So with that in mind, let’s take a closer look at some of the ways others access our personal data and examine ways in which you can protect your privacy.

Hackers Want Your Personal Data

The most obvious issue that comes to mind when thinking about privacy violations is hacking and other criminal activity. There are people out there who will stop at nothing to try to grab your information and break into your private accounts. Here are a few ways they do it.

  • Data breaches. The Equifax breach that may have leaked millions of people’s data, including Social Security numbers, was just one of many examples where hackers gained access to a vast database of information that could be used for identity theft. These things happen more often than most of us realize, so it’s important to remain vigilant and regularly update your passwords.
  • Webcams. Do you cover the webcam on your computer when you’re not using it? Maybe you should. The camera on your laptop or computer monitor can be hacked to give strangers access to what’s going on inside your house.
  • Web browsing and email. When you’re on the Internet, it’s way too easy for other people to get information about you. Beyond social media and shopping behavior, just surfing the web and checking your email can get you into trouble. Innocent-looking emails might send you to fraudulent banking or other websites that try to capture your login details, a process called phishing. Other websites might track your online behavior by placing nefarious cookies in your browser that send your data places you might not want it to be.
  • Social Engineering. Often it’s just small bits of data that hackers are after. Your date of birth, along with your email or mailing address (perhaps listed on your website or Whois information on your domain) could provide a key that a criminal can use to reset your account passwords or gain access to important accounts. For example, back in 2012, hackers compromised Wired staff writer Mat Honan’s digital accounts and deleted all of his computer files just by having critical bits of information about him.

These are just a few ways hackers can disrupt your life. Security experts warn that with more of us connecting additional devices to the Internet (things like our thermostats, digital assistants like the Amazon Echo or Google Home, and home security systems) that’s just exposing even more of our lives to potential hacking.

It’s More than Just Hacking

Beyond the illegal activities, there are dozens of ways people gain legitimate access to your data on a daily basis, often with your explicit consent. It’s worth considering how often your activities are being monitored and what kinds of information you willingly provide to corporations and the government. Here are just a handful of examples to consider:

dna strand

  • DNA records. In the past few years, companies like 23andMe and Ancestry.com have started offering genetic mapping and profiling services: you simply mail in a cheek swab and, in return, the company sends you the results and stores your DNA records in their databases. But have you ever considered how this data might be used in the future? As we recently saw with the apprehension of the Golden State Killer in California using a genetic database at the genealogy service Ysearch.org, you never know how your DNA records might be used. Today it might be solving a murder, but in the future, who knows? Your genetic profile could be used to determine health coverage or other purposes you didn’t expect.
  • Ride sharing. Go ahead and call a Lyft or Uber. You’ll give that company data on where you live, who else lives there, and your entertainment habits. Uber even got caught tracking their customersafter they dropped them off.
  • Pokémon Go and other mobile games. It’s just a game, right? By using GPS data to provide location-based entertainment, this addictive mobile app also keeps a close eye on where you–or your kids–are throughout the day.
  • Amazon and other retail apps. If you’re like many people, you turn to Amazon for much of your online purchases and household services. You might use the Starbucks or Target apps on your phone to order in advance or get discounts. And each time you buy online from major retailers or use their apps, you’re giving them rich data for future use.
  • Cell phones. This may be a no-brainer, but every mobile device has a GPS chip that locates the phone even when it’s turned off. This allows emergency services to locate you when you need help—but the question is, who else has access to that data?
  • Video surveillance/closed-circuit television (CCTV). From ATMs to ‘eye in the sky’ cameras at department stores, cameras are always watching you when you’re out on public streets. Red light cameras and cameras on toll roads snap your car’s license plate to send you violation notices or fee invoices. Any time you leave your home in most urban centers in the US and Europe (and in major cities across the world), someone knows what you’re doing.

This is a long list of ways companies can compromise your privacy, all in the name of day-to-day business. When you think about it, it’s almost enough to make you want to throw your hands up and surrender, right?

Don’t despair! While some things are out of your control, there are still things you can do to protect your information.

Simple Steps to Protect Your Privacy Online

Let’s face it: if you’re online, a lot of your information is out there.

You might not care if companies know your purchase history or where you go on the weekends. And you might not worry about the government tracking you because you think you have nothing to hide. What’s more, there are benefits to sharing our data to take advantage of everything our modern society enables us to do. It’s nice to be able to use Google Maps to find a new restaurant or chat with your friends on Facebook.

So unless you pursue an off-the-grid lifestyle out in the country, modern convenience requires surrendering a certain amount of your privacy.

password graphic

That being said, there are some ways you can minimize the impact of potential privacy violations and prevent people from gaining access to information that can compromise your safety and well-being.

  • Provide the bare minimum. Many times companies will ask for personal information that they don’t need. Challenge anyone who asks for your Social Security number or email address. Don’t put your address on your resume or job search websites, and if you have a home business, consider getting a P. O. Box to avoid giving out your personal address.
  • Protect your email address. Everyone wants your email, which can be flattering depending on who’s asking for it. But it can also be a ticket to spam as well as a possible gateway for phishing or hackers to access your account. If you find yourself giving out your email often, consider creating a disposable email address using a free Gmail or Yahoo account. Then, whenever you enter a sweepstakes or join a mailing list, enter that address rather than your personal one. You can still receive messages at that address if you want by forwarding it to your real address and filtering it into a separate folder.
  • Avoid giving your information to unknown parties. Don’t play games on Facebook that require you to connect your profile. Use privacy settings to lock down your social media profiles so only your friends can see what you’re posting.
  • Cover your webcam. You can use a post-it note, masking tape, or removable sticker. Also, consider disabling the front-facing camera on your mobile devices. For more ideas, check out this Mashable article.
  • Regularly check your credit reports. In the US, you can order a report for free once a year through each credit reporting agency or by going to AnnualCreditReport.com.
  • Be smart with passwords. Don’t use the same password for different websites, and change your most important passwords regularly. If a site gets hacked, don’t hand the hacker the keys to all of your other accounts. And never give out a password to anyone over the phone or email. Customer support professionals have secure ways of accessing your account (if necessary) without having to ask for your password.
  • Beware of public Wi-Fi. As we described in a previous article, it’s far too easy for hackers to gain access to your login data. If you frequently use the Wi-Fi in coffee shops or restaurants, consider investing in an inexpensive VPN solution.
  • Enable two-factor authentication (2FA) everywhere. Many major websites—including blogging platforms, banks, and even online games—offer 2FA protection, which is a second step of authentication that’s difficult for a hacker to replicate. Often, 2FA will require you to enter a code texted to your mobile device or sent via a third-party app.
  • Use a passcode on your cell phone. Sure, it’s annoying to always have to enter your passcode, but passcode protection keeps people from gaining access to your personal data, contacts, social media accounts, and email if you get separated from your device even for a few minutes.

This list is just the tip of the iceberg, but it’s a great way to get started. For an even longer list of steps you might take to protect yourself, check out the 66 privacy tips from Consumer Reports.

Protect Your Personal Data

At Namecheap, we value your privacy. We don’t sell your personal information to other companies, and here on the blog, we work to keep you aware of different ways your privacy might be violated.

We also believe that we should do our part to keep your personal contact information out of the hands of hackers, spammers, and Internet marketers.

That’s why we now provide WhoisGuard free for all of our eligible domains—for life! If you register your domains with us, you can rest easy knowing that you’ve taken one vital step to keeping your personal information safe.

The Ultimate WordPress Security Guide – Step by Step (2018)

Article Origin https://www.wpbeginner.com

WordPress security is a topic of huge importance for every website owner. Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing. If you are serious about your website, then you need to pay attention to the WordPress security best practices. In this guide, we will share all the top WordPress security tips to help you protect your website against hackers and malware.

Improve WordPress Security

While WordPress core software is very secure, and it’s audited regularly by hundreds of developers, there is a lot that can be done to harden your WordPress website.

At WPBeginner, we believe that security is not just about risk elimination. It’s also about risk reduction. As a website owner, there’s a lot that you can do to improve your WordPress security (even if you’re not tech savvy).

We have a number of actionable steps that you can take to improve your WordPress security.

To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress security guide.

Table of Contents

Basics of WordPress Security

WordPress Security in Easy Steps (No Coding)

WordPress Security for DIY Users

Ready? Let’s get started.

Why Website Security is Important?

A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.

Worst, you may find yourself paying ransomware to hackers just to regain access to your website.

Why WordPress Security is Important

In March 2016, Google reported that more than 50 million website users have been warned about a website they’re visiting may contain malware or steal information.

Furthermore, Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.

If your website is a business, then you need to pay extra attention to your WordPress security.

Similar to how it’s the business owners responsibility to protect their physical store building, as an online business owner it is your responsibility to protect your business website.

[Back to Top ↑]

Keeping WordPress Updated

Keeping WordPress Updated

WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.

WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well.

These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.

[Back to Top ↑]

Strong Passwords and User Permissions

Manage strong passwords

The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your professional email address.

The top reason why beginners don’t like using strong passwords is because they’re hard to remember. The good thing is you don’t need to remember passwords anymore. You can use a password manager. See our guide on how to manage WordPress passwords.

Another way to reduce the risk is to not give any one access to your WordPress admin account unless you absolutely have to. If you have a large team or guest authors, then make sure that you understand user roles and capabilities in WordPress before you add new user and authors to your WordPress site.

[Back to Top ↑]

The Role of WordPress Hosting

Your WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like BlueHost or Siteground take the extra measures to protect their servers against common threats.

However, on shared hosting you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.

Using a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates, and more advanced security configurations to protect your website

We recommend WPEngine as our preferred managed WordPress hosting provider. They’re also the most popular one in the industry. (See our special WPEngine coupon).

[Back to Top ↑]

WordPress Security in Easy Steps (No Coding)

We know that improving WordPress security can be a terrifying thought for beginners. Specially if you’re not techy. Guess what – you’re not alone.

We have helped thousands of WordPress users in hardening their WordPress security.

We will show you how you can improve your WordPress security with just a few clicks (no coding required).

If you can point-and-click, you can do this!

Install a WordPress Backup Solution

Install a WordPress backup solution

Backups are your first defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.

Backups allow you to quickly restore your WordPress site in case something bad was to happen.

There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account).

We recommend storing it on a cloud service like Amazon, Dropbox, or private clouds like Stash.

Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.

Thankfully this can be easily done by using plugins like VaultPress or BackupBuddy. They are both reliable and most importantly easy to use (no coding needed).

[Back to Top ↑]

Best WordPress Security Plugin

After backups, the next thing we need to do is setup an auditing and monitoring system that keeps track of everything that happens on your website.

This includes file integrity monitoring, failed login attempts, malware scanning, etc.

Thankfully, this can be all taken care by the best free WordPress security plugin, Sucuri Scanner.

You need to install and activate the free Sucuri Security plugin. For more details, please see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to go to the Sucuri menu in your WordPress admin.

Sucuri Admin Menu

The first thing you will be asked to do is Generate a free API key. This enables audit logging, integrity checking, email alerts, and other important features.

Sucuri Generate Free API

The next thing, you need to do is click on the Hardening tab from the Sucuri Menu. Go through every option and click on the “Harden” button.

Sucuri Hardening

These options help you lock down the key areas that hackers often use in their attacks. The only hardening option that’s a paid upgrade is the Web Application Firewall which we will explain in the next step, so skip it for now.

We have also covered a lot of these “Hardening” options later in this article for those who want to do it without using a plugin or the ones that require additional steps such as “Database Prefix change” or “Changing the Admin Username”.

After the hardening part, most default settings of this plugin are good and doesn’t need changing. The only thing we recommend customizing is the Email Alerts.

The default alert settings can clutter your inbox with emails. We recommend receiving alerts for key actions like changes in plugins, new user registration, etc. You can configure the alerts by going to Sucuri Settings » Alerts.

Sucuri Email Alerts

This WordPress security plugin is very powerful, so browse through all the tabs and settings to see all that it does such as Malware scanning, Audit logs, Failed Login Attempt tracking, etc.

Enable Web Application Firewall (WAF)

The easiest way to protect your website and be confident about your WordPress security is by using a web application firewall (WAF). The firewall blocks all malicious traffic before it even reaches your website.

Sucuri Website Application Firewall

We use and recommend Sucuri as the best web-application firewall for WordPress. You can read about how Sucuri helped us block 450,000 WordPress attacks in a month.

Sucuri Attack Block Chart

The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).

This is a pretty strong warranty because repairing hacked websites is expensive. Security experts normally charge $250 per hour. Whereas you can get the entire Sucuri security stack for $199 per year.

Improve your WordPress Security with the Sucuri Firewall »

Sucuri is not the only firewall provider out there. The other popular competitor is Cloudflare. See our comparison of Sucuri vs Cloudflare (Pros and Cons).

[Back to Top ↑]

WordPress Security for DIY Users

If you do everything that we have mentioned thus far, then you’re in a pretty good shape.

But as always, there’s more that you can do to harden your WordPress security.

Some of these steps may require coding knowledge.

Change the Default “admin” username

In the old days, the default WordPress admin username was “admin”. Since usernames make up half of login credentials, this made it easier for hackers to do brute-force attacks.

Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.

However, some 1-click WordPress installers, still set the default admin username to “admin”. If you notice that to be the case, then it’s probably a good idea to switch your web hosting.

Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

  1. Create a new admin username and delete the old one.
  2. Use the Username Changer plugin
  3. Update username from phpMyAdmin

We have covered all three of these in our detailed guide on how to properly change your WordPress username (step by step).

Note: We’re talking about the username called “admin”, not the administrator role.

[Back to Top ↑]

Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.

Disable file editing

You can easily do this by adding the following code in your wp-config.php file.

1
2
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

[Back to Top ↑]

Disable PHP File Execution in Certain WordPress Directories

Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.

You can do this by opening a text editor like Notepad and paste this code:

1
2
3
<Files *.php>
deny from all
</Files>

Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using an FTP client.

For more detailed explanation, see our guide on how to disable PHP execution in certain WordPress directories

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

[Back to Top ↑]

Limit Login Attempts

By default, WordPress allows users to try to login as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to login with different combinations.

This can be easily fixed by limiting the failed login attempts a user can make. If you’re using the web application firewall mentioned earlier, then this is automatically take care of.

However, if you don’t have the firewall setup, then proceed with the steps below.

First, you need to install and activate the Login LockDown plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, visit Settings » Login LockDown page to setup the plugin.

Login LockDown settings

For detailed instructions, take a look at our guide on how and why you should limit login attempts in WordPress.

[Back to Top ↑]

Change WordPress Database Prefix

By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is. This is why we recommend changing it.

You can change your database prefix by following our step by step tutorial on how to change WordPress database prefix to improve security.

Note: This can break your site if it’s not done properly. Only proceed, if you feel comfortable with your coding skills.

[Back to Top ↑]

Password Protect WordPress Admin and Login Page

Password protecting wp-admin

Normally, hackers can request your wp-admin folder and login page without any restriction. This allows hackers to try their hacking tricks or run DDoS attacks.

You can add additional password protection on a server side which will effectively block those requests.

Follow our step-by-step instructions on how to password protect your WordPress admin (wp-admin) directory.

[Back to Top ↑]

Disable Directory Indexing and Browsing

Directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.

Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.

You need to connect to your website using FTP or cPanel’s file manager. Next, locate the .htaccess file in your website’s root directory. If you cannot see it there, then refer to our guide on why you can’t see .htaccess file in WordPress.

After that, you need to add the following line at the end of the .htaccess file:

Options -Indexes

Don’t forget to save and upload .htaccess file back to your site. For more on this topic, see our article on how to disable directory browsing in WordPress.

[Back to Top ↑]

Disable XML-RPC in WordPress

XML-RPC was enabled by default in WordPress 3.5 because it helps connecting your WordPress site with web and mobile apps.

However because of it’s powerful nature, XML-RPC can significantly amplify the brute-force attacks.

For example, traditionally if a hacker wanted to try 500 different passwords on your website, they would have to make 500 separate login attempts which will be caught and blocked by the login lockdown plugin.

But with XML-RPC, a hacker can use the system.multicall function to try thousands of password with say 20 or 50 requests.

This is why if you’re not using XML-RPC, we recommend that you disable it.

There are 3 ways to disable XML-RPC in WordPress, and we have covered all of them in our step by step tutorial on how to disable XML-RPC in WordPress.

Tip: The .htaccess method is the best one because it’s the least resource intensive.

If you’re using the web-application firewall mentioned earlier, then this can be taken care of by the firewall.

[Back to Top ↑]

Automatically log out Idle Users in WordPress

Logged in users can sometimes wander away from screen, and this poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.

This is why many banking and financial sites automatically log out an inactive user. You can implement similar functionality on your WordPress site as well.

You will need to install and activate the Idle User Logout plugin. Upon activation, visit Settings » Idle User Logout page to configure plugin settings.

Logout idle user

Simply set the time duration and uncheck the box next to ‘Disable in wp admin’ option for better security. Don’t forget to click on the save changes button to store your settings.

For more detailed instructions, see our guide on how to automatically log out idle users in WordPress.

[Back to Top ↑]

Add Security Questions to WordPress Login Screen

Security questions on login screen

Adding a security question to your WordPress login screen makes it even harder for someone to get unauthorized access.

You can add security questions by installing the WP Security Questions plugin. Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.

For more detailed instructions, see our tutorial on how to add security questions to WordPress login screen.

[Back to Top ↑]

Fixing a Hacked WordPress Site

Many WordPress users don’t realize the importance of backups and website security until their website is hacked.

Cleaning up a WordPress site can be very difficult and time consuming. Our first advice would be to let a professional take care of it.

Hackers install backdoors on affected sites, and if these backdoors are not fixed properly, then your website will likely get hacked again.

Allowing a professional security company like Sucuri to fix your website will ensure that your site is safe to use again. It will also protect you against any future attacks.

For the adventurous and DIY users, we have compiled a step by step guide on fixing a hacked WordPress site.

[Back to Top ↑]

That’s all, we hope this article helped you learn the top WordPress security best practices as well as discover the best WordPress security plugins for your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

 

 

 

4 WordPress Maintenance Tasks You Should Have Performed Regularly

Article originally from https://www.a2hosting.com

Running a website is, in many ways, much like running a business. Behind every successful site you visit, there’s a lot of work that goes on in the background to keep things running smoothly. Without that regular maintenance, your website might not be able to achieve its full potential.

The good news is that WordPress makes your life easier when it comes to website maintenance. Using plugins, for example, can help you automate or simplify many important tasks, such as creating backups, checking for broken links, and more.

In this article, we’re going to talk about why website maintenance is so necessary. Then we’ll introduce you to four tasks you should carry out regularly, in order to keep everything running in top shape. Let’s pop your site’s hood open!

Why WordPress Website Maintenance Is Important

Sometimes, you’ll find that your website isn’t working at full capacity. You can think about your site as a computer – if you set up too many unnecessary programs and fill it with junk, it won’t work as smoothly as it did out of the box. To avoid this eventuality, you’ll need to carry out routine maintenance on your website to keep it running well. This will benefit both you and your visitors.

WordPress maintenance isn’t just about smooth performance either – it also improves security and user experience. Certain maintenance tasks will enable you to protect your site from attacks, while others make it more friendly to your audience. Either way, it’s important to maintain your site and ensure that it’s living up to its full potential.

How to Monitor Your Website’s Loading Times

We’re going to be talking about the importance of performance and loading times throughout this article, since a lot of WordPress maintenance tasks are designed to keep your site running quickly. However, before we do that, let’s touch on how you can measure your site’s performance to find out if needs improvement.

Knowing this metric is important, because if your website takes over two seconds to load, your bounce rate will often increase. With that in mind, you should monitor your loading times periodically using a service such as Pingdom Tools. All you have to do is enter the URL of the page you want to test, select a test server, and click on Start Test:

The Pingdom Tools homepage.

You’ll see a results page shortly. If you’re below the two-second mark, you’re within the ‘good enough’ range. However, we’re not big fans of good enough, and there’s a lot you can do to make your site perform even better.

4 WordPress Maintenance Tasks You Should Perform Regularly

There are plenty of things you can do to improve your website’s performance, security, and user experience. However, these four general maintenance tasks are the most critical, if you want to keep your site free from clutter and in top shape.

1. Back Up Your Website

The UpdraftPlus plugin.

Backups are snapshots of your website at a specific moment in time, and they enable you to revert your site to a previous state if anything goes wrong. Creating regular backups is the most critical thing you can do to secure your site. They can help you fix bugs, solve security issues, reverse data losses, and much more.

Most people know they should back up their data, of course, but it can be easy to put off doing so. That’s where plugins such as UpdraftPlus come in handy. On top of providing you with multiple options for storing your backups, it also enables you to schedule them so they happen automatically.

A while back, we wrote a guide on how to use UpdraftPlus, and we recommend checking it out. If this tool isn’t to your liking, however, there are plenty of alternatives you can try. Regardless of which plugin you use, you should aim to create weekly backups at the very least.

2. Delete Your Discarded Post Drafts and Trashed Articles

All the information on your WordPress website goes into your database. This means that every post, page, comment, link, and so on that you add will contribute to bloating your database over time. The more cluttered your database is, the longer it will take to find the information you (or your users) actually want. For this reason, you should clean out unnecessary data as often as possible.

WordPress likes to keep discarded post drafts and trashed articles around for 30 days by default. However, it’s better to take out the trash more often than that, which means permanently deleting the content you won’t need anymore.

To do this, go to the Posts page in your dashboard, and select the Trash tab. Inside, you can check all the pieces you want to get rid of:

Deleting the posts in your trash.

Then select Delete Permanently, and click on Apply. Emptying your trash can make a real difference to performance, and it helps keep your website clutter-free.

3. Update and Clear Out Your Plugins and Themes

One of the best things about using WordPress is the sheer amount of fantastic plugins and themes you get access to. However, some sites contain dozens of plugins and themes, many of which aren’t actually used or are outdated.

You should always make sure your plugins and themes are updated. Old versions of plugins often cease to work or cause problems, so you want to avoid using them. If you have plugins and themes that you no longer need, on the other hand, you should remove them altogether.

You can manage both of these tasks from the Plugins and Appearance > Themes tabs respectively. Inside, you’ll find notifications when one of your plugins or themes has an update available:

A theme with an update available.

Likewise, you can select the plugins and themes you don’t use and delete them. This will also help you avoid unnecessary security risks.

4. Check Your Posts and Pages for Broken Links

The Broken Link Checker plugin.

Finally, some of the external links you’ve added to your content may stop working over time. The website a link points to might have gone offline, changed address, or simply deleted that particular page.

Broken URLs can confuse your users, since they lead nowhere. What’s more, they can even negatively affect your search rankings. However, finding broken links manually within even the smallest of websites can be a pain. Therefore, you’ll want to use a plugin such as WP Broken Link Status Checker to speed up the process.

Once the plugin is running, it will notify you when it finds broken links (either via the dashboard or email). You can then remove or replace them with new links right away.

Conclusion

Keeping a website running smoothly isn’t as complicated as you might think. You can automate most maintenance tasks using plugins, and the rest can be carried out in a few minutes. If you take time to regularly clean out the pipes, so to speak, your website should always run at top performance.

When it comes to keeping your WordPress site in top shape, here are the four maintenance tasks you’ll want to perform regularly:

  1. Back up your website.
  2. Delete your discarded drafts and trashed articles.
  3. Update your plugins and themes, and delete the ones you’re not using.
  4. Check your posts and pages for broken links.

Do you have any questions about how to keep your WordPress website running smoothly? Let’s talk about them in the comments section below!

CUSTOMER DEMOGRAPHICS – AGE DEMOGRAPHICS FOR ADVERTISING (UPDATED 2017)

CUSTOMER DEMOGRAPHICS – AGE DEMOGRAPHICS FOR ADVERTISING (UPDATED 2017)

Keeping up with age demographics for advertising is an ongoing process. With that in mind I periodically update this post with the best information that I can find! If you have any great data I am missing, please shoot me an email … tara(at)marketingartfully.com. This post was updated August 2017.

Customer demographics are about how old your customers are. It may surprise you to know HOW much age demographics for advertising effects your marketing efforts in this always on world.

Let’s start our talk with the age ranges that advertising execs look at when planning marketing campaigns:

12 – 17
18 – 24
25 – 34
35 – 44
45 – 54
55 – 64
65+

SOME TELLING DATA FOR SOCIAL MEDIA MARKETING….

  • 88% of young adults age 18-29 use social media (Pew – 2016)
  • Facebook has increased its reach to 79% (Pew – 2016)
  • 62% of people over 65 use social media (up from 35% in 2015)
  • Facebook has 1.23 billion daily active users on average for December 2016 (Facebook)
  • 52.82 million U.S. Facebook users are between 25 and 34 years (Statista – 2017)
  • Instagram has 600 million monthly active users  (Instagram – Dec 2016)
  • Pinterest has over 150 million monthly active users (VentureBeat – 2016)

AGE DEMOGRAPHICS FOR ADVERTISING RESOURCES

So how do those age demographics effect your marketing campaigns?

A pop quiz, which group uses email least, young people (12-17) or the old dears in the 65+ category? If I had to guess, I would have thought that older people who can struggle with technology and who did not grow up with it are less likely to be reading their gmail. Come to find out, the young people almost never use email! They like the immediacy of instant messaging or texting!

a great post from the New York Times about how time spent on e-mail rose 15 percent for people 55 to 64, and was up 17 percent for people 65 and older.

 

TARGETING YOUR MARKETING MESSAGE AND PLATFORM TO THE RIGHT AGE DEMOGRAPHIC

So what does that mean for you, my reader who are mostly college educated, women between the ages of 35-54 (site statistic data from alexa.com).

Alexa age demographics for marketingartfully.com

First off, I have men readers (I know because they make comments!) and I have readers who are a little older or a little younger than that, BUT primarily I attract people who are like me! Marketing nuts who are similar in age demographics to me (workaholic woman, college educated, 46 years old).

So if we take a peek at the age demographic data, my best social media response would come from WordPress (my blog), Pinterest, Facebook, and LinkedIn. Pretty on the money although Twitter does alright by me too!

Social Media Age Demographic Stats Over The Years

It is somewhat difficult to find current information about age distribution for the different social media networks. BUT I have started collecting this info from over the years to see the changes over time. Please note the dates of this data before citing it.

Pew Research graph from 2015 showing the progression of social media. 

Pew Research On Social Media 2015 A breakdown of the demographics for each of the different social networks from Business Insider – 2014

Age Distribution At The Top Social Neworks

Older info, but still interesting…age distribution on social networks from Royal Pingdom…there is some great age demographic as well as gender information – 2012

Social network average age chart

Dropbox hack leads to dumping of 68m user passwords on the internet

Data stolen in 2012 breach, containing encrypted passwords and details of around two-thirds of cloud firm’s customers, has been leaked

dropbox on an iPhone
The Dropbox data breach has highlighted the problem of password reuse. Photograph: Alamy

Popular cloud storage firm Dropbox has been hacked, with over 68m users’ email addresses and passwords dumped on to the internet.

The attack took place during 2012. At the time Dropbox reported a collection of user’s email addresses had been stolen. It did not report that passwords had been stolen as well.

The dump of passwords came to light when the database was picked up by security notification service Leakbase, which sent it to Motherboard.

The independent security researcher and operator of the Have I been pwned? data leak database, Troy Hunt, verified the data discovering both his account details and that of his wife.

Hunt said: “There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing.”

Dropbox sent out notifications last week to all users who had not changed their passwords since 2012. The company had around 100m customers at the time, meaning the data dump represents over two-thirds of its user accounts. At the time Dropbox practiced good user data security practice, encrypting the passwords and appears to have been in the process of upgrading the encryption from the SHA1 standard to a more secure standard called bcrypt.

Half the passwords were still encrypted with SHA1 at the time of the theft.

“The bcrypt hashing algorithm protecting [the passwords] is very resilient to cracking and frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public,” said Hunt. “Definitely still change your password if you’re in any doubt whatsoever and make sure youenable Dropbox’s two-step verification while you’re there if it’s not on already.”

Advertisement

The original breach appears to be the result of the reuse of a password a Dropbox employee had previously used on LinkedIn, the professional social network that suffered a breach that revealed the password and allowed the hackers to enter Dropbox’s corporate network. From there they gained access to the user database with passwords that were encrypted and “salted” – the latter a practice of adding a random string of characters during encryption to make it even harder to decrypt.

Dropbox reset a number of users’ passwords at the time, but the company has not said precisely how many.

The hack highlights the need for tight security, both at the user end – the use of strong passwords, two-step authentication and no reuse of passwords – and for the companies storing user data. Even with solid encryption practices for securing users’ passwords, Dropbox fell foul of password reuse and entry into its company network.

Leading security experts recommend the use of a password manager to secure the scores of unique and complex passwords needed to properly secure the various login details needed for daily life. But recent attacks on companies includingbrowser maker Opera, which stores and syncs user passwords, and password manager OneLogin, have exposed the dangers of using the tool.

Picking the right password manager is just as crucial and using one in the first place.

A Dropbox spokesperson said: “There is no indication that Dropbox user accounts have been improperly accessed. Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012. We can confirm that the scope of the password reset we completed last week did protect all impacted users.”

Why it matters what PHP version you are using.

Recently in a facebook group someone posted this image, asking for clarification:

image of text describing how old php 5.2 is, and why a WordPress user should ask their host to update.
This is what’s wrong with web hosting in 2016.

I thought I’d use that as a jumping-off point to talk about “bargain” hosting. This user is on a large (Super-Bowl-ad-budget large) hosting company’s “shared” plan. The irony is that the user would have no way of knowing what version of PHP they are running, were it not for this gently-worded (ahem) encouragement from a plugin developer. This warning didn’t come from the host. It came from a 3rd party plugin developer.

Allow me to be a little more blunt.

But first, a related personal story: some time in 2015, after about 1,000 active users had installed my plugin, I had a user get in touch with me in the support forums saying that they were getting a strange “fatal error” upon activating Better Click To Tweet.

The short and non-technical explanation of the problem my user was having is that the version of PHP they had installed did not include support for a function my plugin needed to function correctly.

The even-shorter explanation: this user used the same large web host as the original picture-sharer above.

For some web hosts, service and security clearly fall outside the scope of expected customer experience.

Here’s the thing: 5.2 has not been officially supported by the PHP development community in YEARS. (since January 06, 2011—to be exact.)

What that means is that any vulnerability discovered in the code has not been patched, since 2011. So, if you are knowingly running version 5.2.x (solve for x) you are implicitly OK with not patching vulnerabilities.

Check out this page for officially supported versions (and note that 5.2 is too old to even make the graph).

literal bug on a computer screen with code.
Who is checking for bugs in your code?
Creative Commons Image Attribution

You read that right. Half of a decade ago developers stopped supporting it, yet some hosts still have it installed on their servers.

If you take your website seriously, you should take your hosting seriously. That means a bare-naked minimum of PHP 5.5, at the time of this writing. Security support for it ends in July of 2016, so you’d be best to go ahead and consider the minimum 5.6.

Some hosts put the onus of updating PHP versions on you, the end user. I think that’s a root problem (pun intended, for my developer readers). Updating PHP versions is a developer task. Any hosting company that has a “one click install” of WordPress can’t expect those users to be comfortable enough to update the scripting language undergirding that one click.

Get in touch with your host. Ask them to update you to an actively supported version of PHP. It should also go without saying, before you update something like that, take a healthy backup of your site (including the database.)

If your host balks at that, it is time for a better host.