Fighting Blog Spam with Akismet
It’s been about a week and a half since I started this blog and I’m beginning to get spam comments as well as pingbacks from blogs that are just posting the first paragraph of my posts. Since I don’t want to have to moderate each individual comment, especially as the site grows, today I’m going to activate the Akismet spam filtering plugin that comes with WordPress. The Akisment plugin requires an API key from wordpress.com. As long as you’re not making more than $500/month from your personal blog, you can get an API key for free by signing up for a wordpress.com account.
1. Sign up at wordpress.com
If you don’t already have a wordpress.com account, you’ll need to go sign up. If you do, just skip to step two.
2. Retrieve your API key
Sign in to wordpress.com and click My Account>Edit Profile. Your API key will be listed at the top of the page. Copy the API key, you’ll need it in a minute.
3. Activate Akismet
Login to WordPress on your website (not wordpress.com) and click Plugins. Find Akisment and click Activate (it’s on the right). You will get a message at the top of the page saying “Akismet is almost ready. You must enter your WordPress.com API key for it to work.” Go ahead and click enter your WordPress.com API key.
4. Enter your API key
Enter the API key you copied earlier into the textbox. I also chose to to check the “Automatically discard spam comments on posts older than a month” checkbox as well. I don’t see a point in letting them take up space in the database. Click Update Options and you should get a message saying “Your key has been verified. Happy blogging!”
So… Happy blogging!
- PublishedJune 12, 2009
- Posted InWordpress
WordPress and SEO
And now for the topic of search engine optimization (SEO). As I mentioned last week, as I build this blog you’re reading I’ll write about everything I’m doing to it. Well today I’m working on improving its SEO. There internet is full of information on SEO and you could spend months or even years trying to figure it all out. I’ll start out with the basics of how SEO works and then give some practical examples of how I’m improving my SEO and how you can to.
1. What is SEO?
Search engine optimization is the process of building your website in such a way as to give it the best possible chance of being listed highly in the major search engines. According to Jason Geiger, the top search engine position gets over 40% of the clicks for any given search phrase. So if you want traffic flowing to your blog (and who doesn’t?) it pays to be the top ranked listing for something that people are actually searching for (I’ll discuss how to find out what people are searching for in a later post). But how do you do that?
2. Types of SEO
There are two types of Search Engine Optimization. The first is on-page SEO. This involves only what you have on your site or page. This is the easier of the two types of SEO to improve, since you are in control of what you put on your pages. The second type is off-page SEO and it deals with links to your site and what people are saying about you. You don’t have as much control over off-page SEO. Today we’re going to deal primarily with on-page SEO and how we can improve SEO within WordPress.
3. What do search engines look for?
Search engines judge importance much like humans. If you were attempting to find out in a short amount of time exactly what an article was about, you would read the title and headings, right? So do search engines. They also look at the page URL. For example, something like:
http://alexmansfield.com/wordpress/changing-wordpress-widgets
gives a much better indication of what the post is about than the WordPress default URL:
http://alexmansfield.com/?=13
We’ll look at how to change that in a few minutes. There are also a couple hidden fields specifically for search engines (description and keywords). Although they don’t matter like they once did (because they made it too easy to lie to the search engines) it’s still a good idea to use them properly. Now let’s get to work.
4. The All in One SEO Pack
The All in One SEO Pack is a WordPress plugin designed to make basic search engine optimization tasks easy. You don’t have to know any HTML or other technical gibberish. It gives you the option of customizing your title, description, and keywords. The title is what goes in the title bar of your web browser. Whenever you write or edit a post, scroll down to the very bottom of the page and you’ll find SEO options.
Here you can make sure that your title, description, and keywords are all present and accounted for.
5. Permalinks
I already posted a tutorial on improving the permalink structure in WordPress when I updated mine a few days ago, but I’ll give a brief overview here as well. Here’s the WordPress default I mentioned earlier:
http://alexmansfield.com/?p=123
That’s just not very informative. I prefer to have the URL display the category and then the post name. For example:
http://alexmansfield.com/seo/wordpress-and-seo
To accomplish this, go to Settings>Permalinks and paste /%category%/%postname% in the Custom Structure field and click Save Changes.
6. Slugs
The slug is just the Title of the post as it shows up in the URL. For example, by default, the slug for this post would be wordpress-and-seo which would make the full URL to this post (due to our /%category%/%postname% permalink structure):
http://alexmansfield.com/seo/wordpress-and-seo
Not bad. However, if I were to name this post Ways to Increase Search Engine Optimization in WordPress things would get ugly:
http://alexmansfield.com/seo/ways-to-increase-search-engine-optimization-in-wordpress
Thankfully WordPress has a simple way of editing your slug, and it’s found just below the title box.
Click Edit and give your post an elegant and relevant slug.
Click Save and you should be set!
7. Sitemaps
Sitemaps are a simple way of letting search engines know about all the pages on your site so they can make sure to index all of them. Keeping a sitemap up to date by hand would be quite a chore, so I’m installing a WordPress plugin to take care of it for me. I’ve chosen the Google XML Sitemaps plugin by Arne Brachhold. Install it just like any other plugin and then go to Settings>XML-Sitemap. If no sitemap has been created yet, there will be a link at the top to build one the first time. You can also adjust how often a new sitemap is generated, whether the search engines should be notified of a change, and more. Once a sitemap has been generated, the settings page will give you an overview of the last sitemap it generated.
8. Duplicate content
I didn’t mention at the beginning that search engines don’t like duplicate content. Unfortunately due to the way WordPress works, each post can be found at a number of different URLs, causing the appearance of duplicate content. Once again, I’m going to use a plugin to help fix this issue. This time it’s the Robots Meta plugin. You’ll find the settings for this plugin under Plugins>Robots Meta. It has quite a list of options, but each one has a nice explanation and often a suggestion or two about when or when not to use it.
Well that’s all for now. Do you have any other tips or tricks that you like to use to improve SEO on your blog? Please consider sharing it in the comments below.
Changing WordPress Widgets
At the time of this writing, I’m using the Thematic Theme Framwork. I’m sure I’ll build my own theme for this blog in time, but for the moment I’m concentrating on other things. The Thematic Theme Framwork has 13 widget ready areas, which is more than plenty. I’m just going to rearrainge my sidebar today, so I’ll show you how it’s done.
1. Manage widgets
Log into WordPress and go to Appearance>Widgets. Mine looks something like this:
On the left side is a list of all the available widgets. On the right side is a list of the widgets that are currently in use in the selected widget ready area.
2. Add and remove widgets
Use the drop down list at the top of the right side to select which widget ready area you want to add or remove widgets from. To add a new widget, find the one you want in the left hand column and click Add. To remove a widget that is already in use, find it in the right had column and click Edit and then Remove. Other aspects of the widget can also be changed in the Edit section.
3. Rearranging widgets
Finally, to rearrange the widgets that are currently in use, you can just drag-and-drop them into the order you prefer. It’s pretty handy. Have fun!
- PublishedJune 9, 2009
- Posted InWordpress
Claiming Your Blog on Technorati
Technorati is an search engine specifically for blogs. It was founded to help bloggers succeed by collecting, highlighting, and distributing the global online conversation. It’s quite a site, and I’m claiming my blog there today. I’ll walk you though it here.
1. Sign up
Go to http://technorati.com/account/signup/ and sign up for a Technorati account.
It’s not too difficult, just follow the instructions and you’ll have your account in no time!
2. Claim your blog
To get to your account settings (where you can claim your blog) click on your username in the top right hand corner next to the sign out link. Then click the Claimed Blogs tab and claim your blog.
Type in the URL of your blog and click begin claim.
Technorati will provide you with a small piece of code to put on your home page. This allows them to verify that the blog you’re claiming really belongs to you. It’s really just a special link back to Technorati. Don’t worry, you won’t have to leave it there forever. Once you’ve posted the code so that it shows up on your home page, go back to Technorati and click Complete Claim. Technorati will search your home page to verify that the link is there. When it finds the link, you will be given the chance to provide a little more information about your blog.
Tell Technorati a little about your blog and click Save Blog Info. Congratulations, you’ve claimed your blog on Technorati!
- PublishedJune 9, 2009
- Posted InSEO
One Week
I started this blog one week ago and promised to write about everything I did in my attempt to build a successful blog. Well it’s a lot of work setting up a blog for success and so there was quite a bit going on. Consequently, I had a lot of writing to do in order to explain everything. That resulted in 9 posts this week, which is not a posting schedule I plan sticking with. According to Google Analytics (which I haven’t written about yet, sorry) I ended the week with 5 visitors and 1 spam comment. It’s only the first week though, so I’m not concerned. Google crawled my site on the second day, but hasn’t been back since, so not many of my posts are indexed yet. Looking on the bright side though, after only one week, my blog is in the 3rd position for the Google search “Alex Mansfield” (although that doesn’t say much, since I don’t share my name with anyone famous). Also, according to the Hubspot Website Grader, which grades website SEO/marketing effectiveness, I have a score of 45/100. Looks like I’ve got lot’s of room for improvement. Now that lots of the groundwork has been laid, I’ll start to focus a little more on search optimization and bringing traffic.
- PublishedJune 8, 2009
- Posted InProgress
Installing WordPress in a Subdirectory
There are two reasons I like to install WordPress in its own folder, rather than the root. First, I like to keep my root folder uncluttered. I don’t like a bunch of WordPress files that I’ll never be messing with getting in my way. That’s just a matter of personal preference though. The second reason is for security. To prevent automated site scans from easily finding my WordPress files, I simply place them in a separate directory. So… here’s how you do it. It’s actually quite simple.
1. Install WordPress in a subdirectory
Just follow the instructions I gave in my post Installing WordPress Manually. Make sure you create a new directory and upload the WordPress installation files there (that’s step three in the post I just mentioned).
2. Edit the index.php file
Once WordPress is installed, download the index.php from the directory where you uploaded WordPress. You’ll need to open it up and make one small change. Find this piece of code:
/** Loads the WordPress Environment and Template */<br />
require('./wp-blog-header.php');
All you need to do is tell it how to find wp-blog-header.php in its new subdirectory. For example, here’s what the code would look like if I installed WordPress in a directory called example.
/** Loads the WordPress Environment and Template */<br />
require('./example/wp-blog-header.php');
Notice how I added /example just before /wp-blog-header.php. So just add the name of your directory in place of example and that’s all the code editing you have to do.
3. Upload the new index.php file
Now that you’ve made the necessary change to your index.php file, it’s time to upload it to your root directory. Make sure you delete the old index.php file in your WordPress directory.
4. Tell WordPress what you did
Finally, you need to let WordPress know about the change. First, log into WordPress. The login page will still be at the old URL (for example http://alexmansfield.com/example/wp-login.php not http://alexmansfield.com/wp-login.php). Go to Settings>General and change the Blog Address field (for example, from http://alexmansfield.com/example/ to http://alexmansfield.com/). Save your changes and that should do it!
If you have any questions, please ask them in the comments section below.
- PublishedJune 8, 2009
- Posted InWordpress
Changing Permalinks in WordPress
This will also be in my upcoming post on improving SEO in WordPress, but since I promised to write about everything I’m doing on this blog, I’ll make a separate post about it now. Permalink structure refers to the way URLs are formed within WordPress. For example, the default permalink structure in WordPress looks like this:
http://alexmansfield.com/?p=123
Not very pretty, useful, or search engine friendly. A human can’t read “?p=123″ and tell what the page is about and neither can a search engine. Thankfully, WordPress makes it easy to change the way your URLs look. Just login to WordPress and go to Settings>Permalinks. First, there are some built in options, such as:
http://alexmansfield.com/2009/06/sample-post/
These are an improvement over “?p=123″ but they’re still not that great. Very few people will include a date in their search, so the date is pretty much just wasting space in your URL. But you don’t have to settle for these built in options. WordPress also gives you the opportunity to specify your own permalink structure. Here’s what I use:
/%category%/%postname%
That displays the category that the post is assigned to, followed by the name of the post. Short and sweet. Unless of course, you use categories like “This-is-the-best-category-on-my-website-and-you-should-read-all-about-it.”
Do you have a different permalink structure that you prefer. Tell us why in the comments section!
- PublishedJune 8, 2009
- Posted InWordpress
Six Steps Toward Securing WordPress
WordPress is a great publishing platform, but there a few steps that should be taken to make it more secure. Here are 6 of the best.
1. Delete the user “admin”
Every WordPress installation automatically generates a user account with the username admin. I’ll admit this is a logical username, but EVERY blog having the same username is not the best idea. Imagine someone trying to compromise your blog. What’s the first username they’re going to attack? That’s right, the admin. So, go to Users>Add New and create a new user for yourself. Make sure to set your role to administrator. Then log out and log back in as the user you just created. Now go back to the Users page and delete the admin account. Problem solved.
2. Use secret keys
According to wordpress.org,
In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers. A password like “password” or “test” is simple and easily broken. A random, unpredictable password such as “88a7da62429ba6ad3cb3c76a09641fc” takes years to come up with the right combination.
WordPress stores the secret keys in the wp-config.php file in your WordPress directory. You need to download a copy of your wp-config.php file in order to add your secret keys. Open the file and scroll down until you find something like this:
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
Now, you can come up with your own unique phrases if you’d like, but I prefer to use the WordPress secret-key generating service. You won’t ever have to remember these keys so they can be long and complicated (actually, they should be long and complicated). To use the key generating service that WordPress provides, go to https://api.wordpress.org/secret-key/1.1/
You’ll see something that looks like this:
define('AUTH_KEY', '|g_-s~>*qlxC|7x>~IYb180rU6u-r}D#dG>Q[GHCR~ql#l.7-noM5n6=E!.~SEDs');
define('SECURE_AUTH_KEY', ':kN}%tH6,O!fBpO|(u3o3~|ve/_q4:He|7Gm@)k(IIGGb}t`qAqD3-vV t/|I+85');
define('LOGGED_IN_KEY', ' ,%4j5%9-v6hEa6THQN,+2CjPywX-HxhLj|vYSRb*7ra.Wl7RG%-Hoy4Ln0ZhTf^');
define('NONCE_KEY', ']{nb6+C)8u&amp;amp;?+e8necJSKzt)e0`x8L vQue!sV!o}d-F<v%DNhZKDv7fFLRH/9]L');
Copy the entire thing and use it to replace the section in wp-config.php that needed the secret keys. Save the file and upload it back to your website in place of the old file.
Please note: if you logged in to your WordPress administration panel before changing they keys, you’ll have to log back in.
3. Turn off directory browsing and protect the wp-config.php file
Don’t let people snoop around your site where they weren’t intended to be. Use an .htaccess file to protect the portions of your website that weren’t meant for public viewing. For example, WordPress has a directory where it stores its plugins. No one needs to look at what plugins you have installed (unless they’re looking for people who are using a plugin with a known vulnerability). So to protect yourself, create a new file and name it .htaccess (yes, it starts with a period) and place the following code in it:
# turn off directory browsing Options All -Indexes # protect wp-config.php <files wp-config.php> Order deny,allow deny from all </files>
Upload the file to the same directory as your wp-config.php file. This protects both your directories and the wp-config.php file that holds important database details.
4. Limit login attempts
No matter how strong a password is, it can be guessed with enough tries. The Limit Login Attempts plugin solves this problem nicely. To protect your site, download the Limit Login Attempts plugin (the download link is at the very bottom of the page), unzip it and upload it to your plugins directory (wp-content/plugins). Now log into WordPress and go to the Plugins page. Find Limit Login Attempts and click Activate (on the far right). You can change how many login attempts are allowed and make other changes by going to Settings>Limit Login Attempts.
5. Encrypt your logins
By default, WordPress login information (username and password) are transfered in plain text. You can use the Chap Secure Login plugin to encrypt your password for increased security. Plugin installations are pretty much all the same, so just follow the same steps as before (download, unzip, upload to plugins folder, activate from admin panel).
Please Note: The first time you try to login after installing this plugin, the login will fail. This is normal. After the first attempt, everything should go back to working properly. As a side note, this failed login will give you a change to see the Limited Login Attempts plugin in action (it should tell you how many tries you have left).
6. Don’t display what version of WordPress you’re using
If there is a known vulnerability with a certain version of WordPress, you don’t want to broadcast to the world that your site contains that vulnerability. WordPress automatically displays the version number as a comment in the header code, but we can change that quite easily. Just add this line to the functions.php file of your WordPress theme if you’re theme doesn’t suppress the version number already.
remove_action('wp_head', 'wp_generator');
Also, if you uploaded the readme.txt file that came with WordPress, you should delete it, since it also contains the version number.
Bonus: Scan you site for vulnerabilities
There is a WordPress plugin developed by the guys over at blogsecurity.net that will scan your site for known vulnerabilities. Do yourself a favor and check your blog.
That’s it for now. Do you have any other techniques that you use to secure your WordPress sites? Please post them in the comments. Thanks.
- PublishedJune 8, 2009
- Posted InSecurity
How to Change the Tagline in WordPress
The default tagline “Just another WordPress weblog” is obviously not the description I would choose for my blog. Today I’m going to change it, and I’ll show you how to change yours as well.
1. Login
If you’re already logged in to WordPress, skip step 1 
2. Change the tagline
You can change the tagline by going to Settings>General. Tagline is the second item on the page. Enter your new tagline and click Save Changes.
Easy enough? If not, comment below.
- PublishedJune 6, 2009
- Posted InWordpress
How to Install a WordPress Theme
Installing a New wordpress theme is quite simple. With very little effort, you can transform the look and feel of your blog. I started this blog less than a week ago and I’m definitely getting tired of looking at the default theme. Eventually I’ll create my own theme for this blog, but for now I’m focusing primarily on content, so I’ll just install a freely available theme. So as I download and install the new theme, I’m going to walk you through the steps I take. Here we go…
1. Download a theme
There are lots of places to find free WordPress themes. There are lots of free themes in the wordpress.org free themes directory. Smashing Apps has a list of 13 Premium-Like WordPress Themes That Are Free. Finally, Instant Shift has a huge list of 140+ Brilliant Free WordPress Themes. For this blog, I’m going to download the Thematic WordPress Theme from themeshaper.com. It is plain and simple, which is just what I’m looking for at the moment. Once you’ve found a theme that you like, download it to your computer and unzip it.
2. Upload the theme
Using your FTP client of choice, upload the theme folder to the /wp-content/themes directory on your server.
3. Activate the theme
Sign into WordPress and click Appearance link. You should see the theme that you just uploaded in the list of themes. Click the new theme and you will be presented with a preview. Click Activate in the top right corner and your blog should look brand new!
If you have any questions about installing themes, please post them in the comments below.
- PublishedJune 6, 2009
- Posted InWordpress