From Tips

Secure WordPress with 2.8.6

upgrade-wordpressWordPress 2.8.6 was released today. It includes some security fixes for vulnerabilities found by WordPress users.

As always you can get the newest version of WordPress from the WordPress.org download page. We recommend always upgrading WordPress to the latest stable version available. If you don’t have the time or don’t know how, you can always hire us to make the upgrade for you. Just fill out the form on our “need help?” page and we’ll be in touch.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

More on Duplicate Pages for SEO Success

Here something else to think about and take your duplicate page avoidance to the next level. (Be sure to read the previous post regarding duplicate pages first.)  Even after incorporating the tips from the previous post, there is still a bit of overlap between content on the home page, the categories/tag/archive pages and post pages.  When you publish a post, that content will appear on the home and category/tag/archive until it is rotated out by newer posts.  So, there is still some duplicate content to address.

A trick to solving this is to truncate posts when they are on aggregate pages.  Limit the amount of content displayed and add a “read more” link to take them to the full page.  There are actually two benefits to this.  First, you are cutting down on duplicate content (woohoo!).  Second, you’ll get a better sense of how many people are reading all the way through your posts via click stats.  (You have some sort of stat plugin installed, right?  I prefer WordPress.com Stats myself.)

But wait, there’s more.  We can minimize even more!  We can use “The Excerpt” box on the post page to write tailor-made summaries of our posts.  Rather than just using a truncated portion of the post, as mentioned above, we write a separate excerpt to create even more content for our sites rife with even more delicious keyword-rich content.

To display the Excerpt in lieu of the Content on the post, dig into your theme’s archive, search and home pages and replace the the_content() call for the_excerpt().  Don’t for get to include a link to the whole story!  Something like this will do:

<?php the_excerpt(); _e(‘<p><a href=”‘.get_permalink().'”>Continue reading about ‘); the_title(); _e(‘</a></p>’);  ?>

There are many ways to go about putting The Excerpt into our sites, but I won’t go into that now.  I mainly wanted to get you thinking about the concept of The Excerpt in general.

Happy Blogging!

Avoid Duplicate Pages for SEO Success

If you are interested in improving your search engine rankings, this one is for you.  One of the criteria Google and other website index engines will ding a site on is duplicate content.  The trouble is, with WordPress, many of us are duplicating content without even knowing it.  But the good news is, there’s an easy fix.

The issue stems from the many, many ways WordPress allows the reader to access a particular page.  Let’s say we innocently publish a simple post call “Innocent Simple Post.”  In doing so, we’ve likely created several different possible URLs:

http://www.yoursite.com/archive/innocent-simple-post

http://www.yoursite.com/tag/innocent-simple-post

http://www.yoursite.com/category/innocent-simple-post

Of course, this depends on how your WordPress is configured, but you get the idea.  Google and other search engines will see several distinct URLs, but each with the exact same content.  Then the power of one page is distributed over three pages.  Better to have one strong page, then several weak pages.  Essentially, all we need to do is tell Google and the others to chill out and only index one page.

First, if you are not already running the All-In-One-SEO plug-in on your site, get it and install it directly.  (This is one of those core plug-ins, no blogger should be without.)  Second, let’s tell Google and the others to knock off all the silliness.  Log into your WordPress admin, click on Settings, then click “All in One SEO.”  Near the bottom of the page there are some checkboxes for “Use noindex for Categories,” “Use noindex for Archives” and “Use noindex for Tag Archives.”  Checking one of those will tell site crawlers and spiders to ignore pages under each respective umbrella.  Pick two of those three boxes and check them.  Personally, I’d say leave “categories” in there as that is the most valuable keyword of the bunch, but there is some debate on that.  Now “Innocent Simple Post” will only be indexed once and its content will be deemed more valuable than it would have had it been distributed between “three” pages.

Why Aren't the Dates Showing Up in My WordPress Posts?

If you are a prolific writer you may have this problem: You are looking at your archive, index or search page results and notice that not all your posts are showing their respective post dates.  What’s the deal with that?

The deal is that the WordPress Loop will not print out the same day more than once.  So if you have more than one post for a single day, only the first post of that day will have the post date printed out.  This is a function of the “the_date()” Template Tag.

But there is a very easy solution, fellow bloggers (unless you are such a voracious poster that you post several posts at the exact same time).  Go into you template folder and open up the index.php, archive.php and search.php pages (and any other pages that list out posts).  Within The Loop simply swap out “the_date()” for “the_time().” Assuming your posts don’t have the same post time, each post time will be unique and therefore print out.

Now, use the PHP date formating to configure your prefered date display format and use that for the argument in “the_time().”  For example, let’s say you like the date on your posts to read like so: June 18 , 2009, 6:30 pm. Then you would replace your the_date() with the_time(“F j, Y, g:i a”). And if you don’t want the time shown at all, no problem. Using the_time(“F j, Y”) would produce just June 18 , 2009.

Increase SEO Keywords in your Posts

Here’s another little tidbit I picked up from WordCamp.  This is comes to you from Matt Cutts.  (For credentials, Matt has a Ph.D., has been with Google since 2009 and is currently head of Google’s Webspam team.  So, I trust this tip.)  Granted, this is not a huge thing, but still every little bit helps.  So, here’s how to squeeze every little bit of SEO goodness out of your blog posts.

When you write a new post in WordPress, WordPress usually take the title of the post and uses that as part of the Permalink for the page’s URL.  (I’m assuming you have set up your URLs to contain the post title in there somewhere.  If you haven’t you are probably not into search engine optimization…and this post may not interest you.)  When checking the content of your post page, Google (and other search engines) will look at the URL of the page, items in headers tags (like <h1>, <h2>, <h3>…), links, alt tags…so on and so forth.

One thing that search engines do not do however is look at your page and say, “Wow, this page mentions ‘WordPress’ 88 times.  This page must REALLY be about WordPress and therefore we will rank this one so high for the keyword ‘WordPress.'”  Instead, Google will see “WordPress” mentioned a few times and think, “WordPress.  Got it.  What else?”

So, rather than flood your post with tons of the same keyword – spice it up*.  Specifically for this tip, there’s no reason for the title of your post and the Permalink to be exatly the same.  So, use those two things to add some variation.  Notice what I’ve done here with this post.  The title is “Increase SEO Keywords in your Posts,” wheras the URL is “more-keyword-in-blog-url.”  (I admit my URL looks like a caveman wrote it.  I’m not saying this is a great example; I’m just saying notice what I did. Hopefully you can do it better than I can.)  So in addition to keywords “Keywords” and “Post,” by changing the Permalink, I’ve also told Google and other search engines to also consider “Keyword” (singular), “Blog” and “URL.”

Happy blogging, buddies.

*When you spruce up the keywords in your posts, don’t just run to the thesaurus and toss in a bunch of synonyms.  Yes, you want variation.  But remember, after the search engines look at it, humans have to read it too – so keep it natural.

YSlow and Compress Components with GZip

With the Firebug add-on YSlow, one of the components that gets rated is something called Compress components with gzip. When you run YSlow to optimize your website or blog, you may be getting dinged on that component. Here is how to improve your site’s speed a bit – with two huge caveats:

  1. You web server must be running Apache 1.3
  2. Your Apache 1.3 must use mod_gzip

If those two items are true, then to set up gzip compression, paste the following into you .htaccess file**.

<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_keep_workfiles No
mod_gzip_can_negotiate Yes
mod_gzip_add_header_count Yes
mod_gzip_send_vary Yes
mod_gzip_command_version '/mod_gzip_status'
mod_gzip_min_http 1000
mod_gzip_minimum_file_size 300
mod_gzip_maximum_file_size 512000
mod_gzip_maximum_inmem_size 60000
mod_gzip_handle_methods GET POST
mod_gzip_temp_dir /tmp
mod_gzip_item_include file \.html$
mod_gzip_item_include file \.php$
mod_gzip_item_include file \.pl$
mod_gzip_item_include file \.rb$
mod_gzip_item_include file \.py$
mod_gzip_item_include file \.cgi$
mod_gzip_item_include file \.css$
mod_gzip_item_include file \.js$
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^httpd/unix-directory$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include handler ^server-status$
mod_gzip_item_include handler ^server-info$
mod_gzip_item_include handler ^application/x-httpd-php
mod_gzip_item_exclude mime ^image/.*
</IfModule>

If all goes well, you should now get an A for Compress components with gzip*.

*If you don’t get an A, (gzip-compress) it is likely due to the fact that you are calling in external files like JavaScripts, style sheets or images. If that’s the case, you are out of luck unless you have some control or influence over the external file.

**If you do not have an .htaccess file in you file system, you can create one. Simply create a file called “.htaccess” in your web root. Open the file in your favorite editor and paste in the code above, save and close. Sometimes, the .htaccess file is hidden from view. If so, you may need to turn on a toggle for “Show Invisible Files” or something similar in you FTP application or Web File Browser.

Speed Up Your Website or Blog with YSlow

Brandon and I just got back from WordCamp in San Francisco. Boy howdy did we learn a lot of great tips and tricks for WordPress (and met a lot of great new people!).  One of the speakers I saw was Steve Souders, an originator of something called YSlow. So, here’s the first tip I’ll clue you in on – YSlow. YSlow analyzes your website and give suggestions for ways to improve the speed and performance based on a set of rules for high performance web pages.

YSlow is a Firefox add-on integrated with the Firebug web development tool.  So, right off the bat, we’ll need two things.  One, you need to be on FireFox (sorry, IE users, but it’s time to upgrade anyway).  If you don’t have it, get it here.  Next, you’ll need to install Firebug. (It’s easy, FireFox does most of the work for you.)  Finally, install YSlow.

Once all that is set, running YSlow is super easy.

  1. Load the page you want to inspect (in FireFox, of course).
  2. Click the YSlow icon in the bottom bar of the browser (YSlow Icon).

When loaded, you’ll get a letter grade for each “speed element” as well as an overall grade for the speed of the site.  (See a snipit below)  With each of the speed elements, there are tips on how to improve the grade.  In just a few minutes I took Think-Press.com from an “E” graded site that took 6-7 seconds to down load to a “C” graded site that loads in about 2-3 seconds!  Some of element are beyond your control, but there are a lot of good little tidbits in there to help you speed up your site.

You’ll even see a quick stat for each page load in the bottom right corner of the browser like so YSlow Stats.  This gives you the overall grade of the site, the size of the load and the time of the load.  What you see there is the new and improved Think-Press.com.

Happy optimizing!

YSlow Snipit