How to make your site user-friendly while boosting SEO

Many Search Engine Optimisation (SEO) specialists, content writers, and web designers think of on-site SEO as distasteful, user-hostile work. However, I believe SEO can actually improve the user experience when implemented correctly.


It requires a paradigm shift in the perception of SEO. You must shed outdated SEO concepts such as keyword stuffing, and getting massive amounts of (irrelevant) backlinks etc. An SEO strategy built on top of these tactics is no longer sound, and leaves a bad taste in everyone’s mouth.

This is because Google has come a long, long way since it became everyone’s search engine of choice in the early 2000s. Search is now smarter, faster, and – more importantly – human.

SEO: 7 Reasons to Use a Site Crawler

Image result for SEO: 7 Reasons to Use a Site Crawler

Third-party crawlers, such as DeepCrawl (shown here) and Screaming Frog, can mimic search engine bots and uncover problems to a site that affect search rankings.

No matter how well you think you know your site, a crawler will always turn up something new. In some cases, it’s those things that you don’t know about that can sink your SEO ship.

Search engines use highly developed bots to crawl the web looking for content to index. If a search engine’s crawlers can’t find the content on your site, it won’t rank or drive natural search traffic. Even if it’s findable, if the content on your site isn’t sending the appropriate relevance signals, it still won’t rank or drive natural search traffic.

Since they mimic the actions of more sophisticated search engine crawlers, third-party crawlers, such as DeepCrawl and Screaming Frog’s SEO Spider, can uncover a wide variety of technical and content issues to improve natural search performance.

7 Reasons to Use a Site Crawler

What’s out there? Owners and managers think of their websites as the pieces that customers will (hopefully) see. But search engines find and remember all the obsolete and orphaned areas of sites, as well. A crawler can help catalog the outdated content so that you can determine what to do next. Maybe some of it is still useful if it’s refreshed. Maybe some of it can be 301 redirected so that its link authority can strengthen other areas of the site.

How is this page performing? Some crawlers can pull analytics data in from Google Search Console and Google Analytics. They make it easy to view correlations between the performance of individual pages and the data found on the page itself.

Not enough indexation or way too much? By omission, crawlers can identify what’s potentially not accessible by bots. If your crawl report has some holes where you know sections of your site should be, can bots access that content? If not, there might be a problem with disallows, noindexcommands, or the way it’s coded that is keeping bots out.

Alternately, a crawler can show you when you have duplicate content. When your sifting through the URLs listed, look for telltale signs like redundant product ID numbers or duplicate title tags or other signs that the content might be the same between two or more pages.

Keep in mind that the ability to crawl does not equate to indexation, merely the ability to be indexed.

What’s that error, and why is that redirecting? Crawlers make finding and reviewing technical fixes much faster. A quick crawl of the site automatically returns a server header status code for every page encountered. Simply filter for the 404s and you have a list of errors to track down. Need to test those redirects that just went live? Switch to list mode and specify the old URLs to crawl. Your crawler will tell you which are redirecting and where they’re sending visitors to now.

Is the metadata complete? Without a crawler, it’s too difficult to identify existing metadata and create a plan to optimize it on a larger scale. Use it to quickly gather data about title tags, meta descriptions, and keywords, H headings, language tags, and more.

Does the site send mixed signals? When not structured correctly, data on individual pages can tie bots into knots. Canonical tags and robots directives, in combination with redirects and disallows affecting the same pages, can send a combination of confusing signals to search engines that can mess up your indexation and ability to perform in natural search.

If you have a sudden problem with performance in a key page, check for a noindex directive and, also, confirm the page that the canonical tag specifies. Does it convey contradictory signals to a redirect sending traffic to the page, or a disallow in the robots.txt file? You never know when something could accidentally change as a result of some other release that developers pushed out.

Is the text correct? Some crawlers also allow you to search for custom bits of text on a page. Maybe your company is rebranding and you want to be sure that you find every instance of the old brand on the site. Or maybe you recently updated schema on a page template and you want to be sure that it’s found on certain pages. If it’s something that involves searching for and reporting on a piece of text within the source code of a group of web pages, your crawler can help.

Plan Crawl Times

It’s important to remember, however, that third-party crawlers can put a heavy burden on your servers. They tend to be set to crawl too quickly as a default, and the rapid-fire requests can stress your servers if they’re already experiencing a high customer volume. Your development team may even have blocked your crawler previously based on suspected scraping by spammers.

Talk to your developers to explain what you need to accomplish and ask for the best time to do it. They almost certainly have a crawler that they use — they may even be able to give you access to their software license. Or they may volunteer to do the crawl for you and send you the file. At the least, they’ll want to advise you as to the best times of day to crawl and the frequency at which to set the bot’s requests. It’s a small courtesy that helps build respect.


Walkthrough – How to Conduct a Technical SEO Audit for Your Site

seo audit

What is an SEO Audit?

Search Engine Optimization (SEO) Audit is an evaluation of search engine friendliness of a website in a number of specific areas.

It identifies issues that need improvement, can be a basis for an action plan and helps to keep a website up-to-date with newest developments in a search marketing. General in-depth SEO Audit strategy usually includes 4 important parts:

  • Technical Analysis
  • On-Page Analysis
  • Off-Page Analysis
  • Competitive Analysis and Keyword Research

When is an SEO Audit needed?

Nowadays SEO industry is changing rapidly, as the content requirements set up by Google are quite high and are getting higher every day. So it is becoming more and more important to keep an eye on the website’s health. For that purpose, SEO industry has both SEO specialists and a number of automated tools.

Latest investigations recommend a quick SEO Analysis every month and in-depth full SEO Analysis once a quarter or at least twice a year, for the website to be competitive and well-visited. Also, it is important to do an SEO Audit at the beginning of a new project or before the first website release.

Why is Technical SEO Audit important?

As a part of a full SEO Audit, the technical analysis is a first thing to do, for it shows whether the website is working properly. If the website has a lot of technical issues, it affects general website performance and a number of visits.

Technical SEO Audit is aimed to ease the crawl and indexing the website in search engine, find broken links, improve rankings and optimize the overall speed of the website work.

It is a basis of the SEO Audit strategy. Technical analysis can be compared to a foundation of a house. If a foundation is bad or broken, everything else will be crooked too.

What is checked by Technical SEO Audit?

As already mentioned, technical analysis is the best place to start a complete SEO Audit. It will bring quick wins and will help to plan the basic improvement of the website. The main aspects to be checked are websites:

  • Accessibility
  • Indexability
  • Site Performance

Let’s make a short overview of each of them.


It is important to make sure that the website’s content is available for search engines. When this step contains even one single mistake, the website won’t be crawled by search engines, which leads to the lack of rankings, for nobody will be able to find such a website. This issue, though, is easy to find and fix. The most used are the Robots.txt Checker tool. It will find whether there are any pages blocked from crawling.

Accessibility checks up also include an investigation of HTTP Status Codes. The process is well-known. A crawler requests a specific page of a website, and a web server gives back an HTTP status code with a response. So the response code should be marked with the number 200, it would mean that everything is working fine. If a status code returns with 4xx or 5xx, it means something went wrong and has to be fixed.

Canonicalization is another important thing to check under Accessibility point. It is dealing with duplicated pages, like





For a user, all these URLs seem to be one page, but for a search crawler, each of them is a unique page. On this small example, we illustrate that there is a big number of duplicated URLs coming up when dealing with a single homepage. No need to talk about the entire website. Canonicalization is a process of creating a redirection of all these duplicated pages to an original one.

Popular Read:  AngularJS vs React – War of Facts | An Infographic

Interlinking is the last thing we will mention under Accessibility point. Interlinking is a process of creating internal links between all the pages of the website. If some of the pages stay isolated, crawler won’t be able to find them. Which also means visits decrease.


Checking accessibility of the website ensures the visibility of a website in the search engines. Now search engines are actually allowed to access the pages of the website. But this is not enough for a website to be visited.

Next thing in the check up list should be an investigation on how many of those accessible pages are indexed by web crawlers. The more pages of the website are indexed, the higher is the rating of the entire website and the higher status in a search queue.

To check websites indexability there are different tools, like Google Webmaster. They will point out how many pages of the website are indexed.

Site Performance

Speed. Is. Important. This is the big thing to remember when doing a technical analysis. Nowadays people tend to visit websites via smartphones or tablets, which usually means the usage of a slower mobile internet connection. If the website takes more than 5 seconds to load, nobody will wait. They simply сlick ‘return’ and go to the next search result. That’s why the speed of a website load is a very high priority.

There is plenty of different tools to check whether the website is running fast enough and whether it is compatible with smartphones and tablets. Each of them can be used.

2 Ways to Perform a Technical SEO Audit

SEO is becoming a big part of IT industry, and this rapid development hasn’t gone unnoticed. Industry’s ‘big players’ know how important is the upbringing of young specialists with a good insight on SEO tendencies. That is why SEO is not a rare topic for student’s works now. On contrary, students examine case studies of successful SEO strategies and write analytical works about the industry overall, about how SEO has changedand on a  smooth adaptation to these changes.

SEO specialist becomes a popular and wanted position, even though it demands a detailed, attentive and patient attitude to websites analysis. The big increase is seen in developers creating of automated tools and applications for helping people to cope with all the necessary moments in SEO Audit. The industry is attracting a lot of attention.

Now, we can say, there are two main ways to perform a Technical SEO Audit for a website.

  1. Order Audit from SEO analyst

SEO specialist is someone who can perform an in-depth investigation, analyze every aspect of the website health, create a report about the issues and make a good plan how to improve them.

It is important to remember, that there is no need to pay to a ‘specialist’ who will only use automated tools and present the report done by programs. A true SEO specialist surely uses tools and applications, but still, he performs a deep analysis of the reports and creates a strategy to improve the situation.

  1. Use automated tools for SEO Audit

Also, there is an option to perform a Technical Audit without an SEO specialist, and it is available if you are familiar with SEO techniques and have good analytical skills. There is a number of tools and applications to do that. But, we should mention, it is a time-consuming process, that will demand patience, accuracy and strategic thinking. The application or tool most surely won’t come up with a brilliant solution to the web sites problems. The best thing it can do is to point them out. If you are enough self-confident, go straight to the next point of our article. We will briefly overview the most popular tools and applications to perform Technical SEO Audit.

Popular Read:  Why Technology is a Breakthrough Factor in the B2B eCommerce Space in India?

Tools for Technical SEO Audit

  1. Screaming Frog or Xenu

Tools like Screaming Frog and Xenu check how many pages of the website are indexed. They allow to take a website and crawl through its pages like search engines do. These tools detect issues like as incorrect canonicalization, internal redirects and duplicated pages on different URLs. Screaming Frog is free to use if a website has less than 500 pages. If the website is bigger you would need either to pay for a Screaming Frog subscription (apr. 126$ per year for unlimited access) or use another tool, like Xenu, which is free of charge.

  1. IIS SEO Toolkit

Similarly to Screaming Frog, IIS SEO Toolkit works from the desktop and analyze web site’s how searchable the website is. Still, it differs a bit. It helps to improve web site’s relevance in search results by recommending how to make the site content more search engine-friendly.

  1. SEMrush Site Audit

SEMrush Site Audit advantage is crawling a website from a web browser, creating an online report with potential issues in an easy-to-read format with an option to export and perform offline analysis. Also, a customer benefits from comparative and historical sections. They show whether implemented changes had a good or bad SEO impact on the website.

  1. Pingdom DNS Check

A helpful tool to avoid crawl errors, check DNS health and whether DNS servers are set up correctly. Easy and quick check up to save nerves and time in future.

  1. Builtwith

Is good for identifying areas of SEO concern. It checks the architecture of a domain and creates a report on its structure. So, the report will present the information on the server type, operating system, about the installed plugins, etc. So, the user knows the things that make up the website in advance and has the possibility to resolve the potential issues regarding them.

  1. GTmetrix

As we already know, speed really matters. Not a single user will stay on the website that takes ages to load. And by ‘ages’ here we mean ‘more than 5 seconds’ time.

A faster website is a website, that is crawled more. A faster website is attracting more visits. A faster website has good rankings.

GTmetrix is a free online tool, that goes through the page and shows the elements that have to be improved as they are causing a slow load. It also includes the history of a website speed, if used several times.

  1. Google Webmaster Tools

The name speaks for itself. Google nowadays is one of the most recognized brands and one of the most trusted. Its Webmaster Tools help a lot in defining issues with the on-page, link and technical health of a website. It is good in looking for crawl errors, to have a look on pages indexation, find structured data issues, blocked resources, and many others.


An SEO audit itself can be an exhausting thing to perform, still, it definitely will bring benefits for the website. Technical analysis is considered to be the basis of all the Audit. It indicates main technical issues and problems, including:

  • Website’s accessibility
  • Indexability
  • Site Performance

Plenty of automated tools and applications are already developed to perform a technical audit quickly and easily. They differ in their functions and capabilities, but all of them are detail oriented and help to find even tiniest mistakes.

Still, a powerful tool called a human brain is still needed to perform analysis of all the automated reports and outline the state


The SEO benefits of developing a solid site structure

When a user lands on your site for the very first time, do they know where to go? Can they find the information they are searching for quickly, without having to search deep into your site? While site structure may not be a large factor when it comes to most ranking algorithms, search engines use the structure of your site to better understand your content and the relationships between subjects on your site.

There are so many factors that impact your site’s online visibility. We often talk about content, links and other optimization tweaks we can use to get results. One area that we often overlook is the structure of the website we are working on. Having a well-organized site will not only help your users find what they are looking for faster, but it will also help crawlers better understand your site’s content and purpose.

Flat vs. deep site structures

The two most common types of site structure are deep and flat. Deep sites create a long path of links to access detailed content. Flat structure requires a minimal number of clicks to access any page.

According to “The Art of SEO” by Eric Enge, Stephan Spencer and Jessie Stricchiola, “For nearly every site with fewer than 10,000 pages, all content should be accessible through a maximum of four clicks from the home page and/on sitemap page.”

With deep site structures, not only does it take a user longer to find the content they are looking for, but it can also take the search crawlers longer to find your content. A flat site structure makes it easier for search engines to find and index your site, and it has great benefits for the users as well. It limits the number of pages a user has to pass through to find the content they are looking for (which, in theory, results in greater engagement with your site).

Building a structure that makes sense

When building a site structure, there is a lot more that goes into it than just making it “flat.” SEOs are tasked with structuring the site in a way that helps crawlers understand the content of your site. Search engines are collecting huge amounts of data every day and are working to make sense of it all. Instead of having them “guess” about the relative importance of pages on your site, you can direct them with the proper site structure.

While search engines are getting more advanced and can build semantic relationships between topics, the more we can help them the better. Break down your content in a way that makes logical sense. Start by breaking your content into core categories, then work your way down into logical subcategories from there.

This, again, has a positive impact for crawlers and users alike. Your users can more easily find the content they need, and search engines can better understand your site.

Navigation and sitemaps

The two most visible representations of your site structure are found in your navigation and your sitemap.


When creating your site’s navigation, you want to think about both your users and the search crawlers. As we shared above, a flat site structure will help both your users and the crawlers find your content faster.

Having clear and easy-to-use navigation is an important aspect of any site. Building a navigation should not be rushed. Take time to think about your content, your themes and categories, and use cards to test different navigation flows before just throwing one together.

I would suggest you follow these six steps, as laid out in “The Art of SEO”:

  1. List all the requisite content pages (blogs, articles, product detail pages and so on)
  2. Create top-level navigation that can comfortably hold all of the unique types of detailed content for the type.
  3. Reverse the traditional top-down process by starting with the detailed content and work your way to an organizational structure capable of holding each page.
  4. Once you understand the bottom, fill in the middle. Build out a structure for sub-navigation to sensibly connect top-level pages with detailed content. In small sites, there may be no need for this level, whereas in larger sites, two or even three levels of sub navigation may be required.
  5. Include secondary pages such as copyright, contact information and other nonessentials.
  6. Build a visual hierarchy that shows (to at least the last level of sub-navigation) each page of the site.


While many sites have HTML sitemaps, most today just use XML sitemaps. An XML sitemap provides a list of URLs on your site, and you can submit your XML sitemap(s) to many major search engines to indicate which pages you would like to have crawled. (Note that including a URL in your sitemap does not guarantee that it will be indexed, but it does make it easier for search engines to find and crawl the page.)

Having both an HTML sitemap and an XML sitemap is recommended. XML sitemaps are designed for use by search engines, while HTML sitemaps are designed for use by humans. Matt Cutts, former Google head of webspam, says, “Once you make an HTML sitemap, making an XML version is extremely easy. So my advice? Do both, if possible.”

Building a sitemap is not difficult, especially once you have your site structure together. For your HTML sitemap, you’ll create a new HTML page on your site with a hierarchical list of all your URLs. This will reflect your site’s navigation.

For XML, you can use a number of tools like or WordPress plugins to create your sitemaps. Be careful using these tools, because you may not want to include everything in your sitemap. You may want to exclude login pages, pagination pages or pages that have low value.

Final thoughts

SEO is more than just content and links. There are a number of moving pieces that impact your site’s visibility.  Taking the time to build a solid information structure will pay off in the long run. Know who your users are, and structure your site in a way that makes it easy for them to find the content they need. In doing this, you will also create a structure that makes it easy for the crawlers to understand your site. The better your content is consumed and understood by both your users and crawlers, the more visibility your site will have.


8 of the Best Plugins for Securing Your WordPress Site

This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.

How do you avoid getting hacked? Our last article detailed forty techniques for securing your WordPress site. This follow-up post is a quick reference of the best plugins that look after your security needs.

We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution, installing one of these would be a great first step in your security strategy.

Have we missed your favorite security plugin? Let us know in the comments.

1. WordFence

  • Cost: Free, Premium from $99/year
  • Active installs: 2+ million
  • Rating: 4.8 out of 5 stars (3,048 reviews)

Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.

WordFence includes these security features:

  • Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
  • Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
  • Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
  • Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
  • Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.


2. All In One WP Security & Firewall

  • Cost: Free
  • Active installs: 500,000+
  • Rating: 4.8 out of 5 stars (669 reviews)

A comprehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

All In One WP Security & Firewall includes these security features:

  • User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
  • User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
  • User registration security. Enable manual approval, CAPTCHA, Honeypot.
  • Database security. Set the default WP prefix, schedule automatic backups.
  • File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
  • htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
  • Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
  • Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
  • Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
  • Whois lookup. Get full details of a suspicous host.
  • Security scanner. File change alerts, scan database tables for suspicious strings.
  • Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
  • Front-end text copy protection. Disables right click, text selection and the copy option.


3. iThemes Security

  • Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime.
  • Previously called Better WP Security
  • Active installs: 800,000+
  • Rating: 4.7 out of 5 stars (3,812 reviews)

iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.

The free version gives you some protection, but the Pro version includes these security features:

  • Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
  • WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
  • Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
  • Password Security. “Generate strong passwords right from your profile screen.”
  • Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
  • Google reCAPTCHA. “Protect your site against spammers.”
  • User Action Logging. “Track when users edit content, login or logout.”
  • Import/Export Settings. “Saves time setting up multiple WordPress sites.”
  • Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
  • Online File Comparison. “When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.”
  • Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
  • wp-cli Integration. “Manage your site’s security from the command line.”


4. Sucuri Security

  • Cost: Free, Basic $199/year, Pro $299/year, Business $499/year
  • Active installs: 300,000+
  • Rating: 4.6 out of 5 stars (260 reviews)

We keep your website safe and hack-free! The Sucuri Platform is a suite of tools designed for complete website security. With no additional cost or hidden fees, the Sucuri Platform is affordable, easy to deploy, and supported by a team of professionals at your disposal.

Sucuri forms part of the security solution of many quality hosting providers, including SiteGround. It’s a valuable tool for SiteGround to protect its clients’ sites from malware, because it scans every link that is accessible from the website homepage on a daily basis. It includes these security features:

  • Clean and repair hacked websites. “Professional security incident response team available 24/7/365.”
  • Attack and hack prevention. “A cloud-based WAF/IPS solution designed to stop hacks and attacks.”
  • Continuous monitoring. “Continuous monitoring and alerting of any security-related issues.”

The free WordPress security plugin includes these features:

  • Security Activity Audit Logging
  • File Integrity Monitoring
  • Remote Malware Scanning
  • Blacklist Monitoring
  • Effective Security Hardening
  • Post-Hack Security Actions
  • Security Notifications


5. Jetpack, which now includes VaultPress

  • Cost: Free, Personal ($39/year), Premium ($99/year), Professional ($299/year)
  • Active installs: 3+ million
  • Rating: 4.1 out of 5 stars (1,330 reviews)

Jetpack (by Automattic, who bring you WordPress) does more than just security. It basically brings the features of to the rest of us, which is appealing. For security and backup the paid plans includes VaultPress.

VaultPress is a real-time backup and security scanning service designed and built by Automattic, the same company that operates (and backs up!) millions of sites on

VaultPress is now powered by Jetpack and effortlessly backs up every post, comment, media file, revision, and dashboard setting on your site to our servers. With VaultPress you’re protected against hackers, malware, accidental damage, and host outages.

VaultPress includes these security features:

  • Backups. “Comprehensive daily or real-time automated backups stored in our offsite digital vault, optimized for WordPress and better than your host.”
  • Restores. “Even during the most stressful moments we have your back. Restore your entire online presence quickly and easily without needing your host.”
  • File scanning. “Automatically detect and eliminate viruses, malware, and other exploitable security problems that may be hiding in your website.”
  • Automated file repair. “Fix detected viruses, malware, and other dangerous threats with a single click.”
  • Spam defense. “Protect your SEO, readers, and brand reputation by automatically blocking all spammers.”


6. BulletProof Security

  • Cost: Free, Pro $59.95 (one time purchase)
  • Active installs: 100,000+
  • Rating: 4.7 out of 5 stars (302 reviews)

BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.

100% hack free website guarantee. If your website is hacked after installing BPS Pro, we will clean up your hacked website for free. We can easily offer that awesome deal because your website will never be hacked if you have BPS Pro installed.

The free version includes these security features:

  • One-Click setup wizard
  • .htaccess website security protection (firewalls)
  • Hidden plugin folders / files cron (HPF)
  • Login security & monitoring
  • Idle session logout (ISL)
  • Auth cookie expiration (ACE)
  • DB backup: full/Partial, manual/scheduled, email/zip, cron delete old backups, logging
  • DB table prefix changer
  • Security logging
  • HTTP error logging

The Pro version adds these features:

  • AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)
  • Quarantine Intrusion Detection & Prevention System (ARQ IDPS)
  • Real-time file monitor (IDPS)
  • DB Monitor Intrusion Detection System (IDS)
  • DB diff tool: data comparison tool
  • DB status & info
  • Plugin firewall (IP Firewall): automated whitelisting & IP address updating in real time
  • JTC anti-spam/anti-hacker
  • Uploads folder anti-exploit guard (UAEG)
  • Custom php.ini website security
  • F-Lock: read only file locking
  • Additional logging options
  • S-Monitor: monitoring & alerting core
  • Pro Tools: 16 mini-plugins


7. SecuPress

  • Cost: Free, 1 site $57.60/year, 3 sites $144/year, 10 sites $288/year, unlimited sites $479/year
  • Active installs: 5,000+
  • Rating: 4.8 out of 5 stars (19 reviews)

Protect your WordPress with malware scans, block bots & suspicious IPs. Get a complete WordPress security toolkit for free or as a pro plugin.

If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then SecuPress pro is the way to go. Our plugin takes care of everything with automated tasks.

SecuPress includes these features:

  • Anti brute force login
  • Blocked IPs
  • Firewall
  • Security alerts
  • Malware scan (Pro)
  • Block country by geolocation
  • Protection of security keys
  • Block visits from bad bots
  • Vulnerable plugins & themes detection (Pro)
  • Security reports in PDF format (Pro)


8. Security Ninja

  • Cost: Single site $29 (1 year updates/support), multi site $79 (1 year updates/support), forever unlimited $199
  • Active installs: 6,000+
  • Rating: 5 out of 5 stars (6 reviews)

Security Ninja helps thousands to stay safe and prevent downtime due to security issues. 50+ tests will provide a comprehensive overview of your site’s security.

The free version lets you achieve the following:

  • Perform 50+ security tests including brute-force attacks.
  • Check your site for security vulnerabilities and holes.
  • Take preventive measures against attacks.
  • Prevent 0-day exploit attacks.
  • Use included code snippets for quick fixes.
  • Brute-force attack on user accounts to test password strength.
  • Numerous installation parameters tests.
  • File permissions.
  • Version hiding.
  • 0-day exploits tests.
  • Debug and auto-update modes tests.
  • Database configuration tests.
  • Apache and PHP related tests
  • WP options tests.

You can even more protection using these Pro modules:

  • Core scanner. “Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click.”
  • Malware scanner. “Powerful heuristic malware scanning algorithm will check all your themes, plugins, uploaded files and options table for suspicious content.”
  • Auto fixer. “If you don’t like creating backups, editing files, messing with code and getting your hands dirty – Security Ninja PRO will do everything for you. Fix security issues with one click.”
  • Events logger. “Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes – Events Logger sees everything.”
  • Scheduled scanner. “Have Security Ninja do automatic, periodic scans of your sites, including scans of core files. If there are any changes you’ll be notified via email.”


How to add cloud functionality to your WordPress site with an easy to use plugin

One reason I always recommend WordPress for more than just blogs is its flexibility. With WordPress you can create sites centered around blogging, services, e-commerce, community, and so much more. Plus, with the help of a massive repository of plugins, WordPress can be expanded into almost any type of site.

If you use WordPress as either a community or a client-based website, you’ll be interested to know about a cloud-centric plugin called WP Cloud that enables users to:

  • Upload and view files
  • View assigned cloud space
  • View cloud space used

Must-Read Cloud

  • Take advantage of training and certification discounts for Microsoft Azure
  • Video: The 5 trends that form the future of cloud computing
  • Video: The hybrid cloud ‘condition,’ and what Amazon is doing to address it
  • Subscribe to TechRepublic’s Cloud Insights newsletter

At the moment, the plugin is limited in what it can do, and it doesn’t have an associated mobile plugin yet, but what it does offer goes a long way to extend the built-in features for users.

A word of warning about WP Cloud: The development has come to a standstill over the last two years. Even with that in mind, it’s a solid solution if you want to allow your users a bit of cloud space on your WordPress site. Hopefully, with a bit of prodding, the developer will resume working on it again, or open source the code so it can be continued by another developer.

Let’s install and use WP Cloud. I am assuming you have access to the admin section of your WordPress site.

SEE: Working with WordPress: Control your site support, prevent zombie apocalypse (ZDNet)

Installing WP Cloud

The installation of WP Cloud is as simple as installing any other WordPress plugin.

  1. Log into your WordPress site as the administrator or as a user that has admin permissions.
  2. Click Plugins | Add New from the left navigation.
  3. In the Search Plugins box, type WP Cloud and hit Enter on your keyboard.
  4. Click the Install Now button associated with the WP Cloud plugin.
  5. Once the installation completes, click the Activate button.

    Using WP Cloud

    The WP Cloud plugin is now available for your users. Each user has to point their browser to http://SITE_URL/cloud (SITE_URL is the actual domain or IP address of your WordPress site). Each logged in user will be presented with their cloud space on the site. Note: Users have to be registered and logged into the site to use the WP Cloud plugin.

    Before opening the floodgates to users, you might want to take care of a little housekeeping first. If you go to Cloud | Settings, you can set a user quota for the plugin—this is especially important when you’re limited on server storage space. This is an all-or-none quota, which means you cannot set different quotas for different users. There are really only two options:

    • 0 = cloud hosting disabled
    • X = any positive number (in megabytes) will enable hosting and set the quota to that number

    There is also a setting called “overlaps” (which is described as Overload in the documentation) that allows you to set a percentage that will—once it’s reached—prevent a user from uploading a file. The description, according to the developer, is:

    • 9 of 10 MB used. Overload 10%. File to upload: 2MB. -> YES
    • 9 of 10 MB used. Overload 0%. File to upload: 2MB. -> NO
    • 10 of 10MB used. Overload 10%. File to upload: 1MB. -> NO
    • 9.99 of 10MB used. Overload 10%. File to upload: 1MB. -> YES

    This allows you to prevent users from uploading files when they are close to their quota. You set the overlaps in percentage from 0-100.

    When you have the quota and overlaps settings ready, you can point users to the cloud link for your site. When a registered/logged in user goes to the cloud URL, they will be greeted by a simple page that allows them to upload, view, and delete their files (Figure B). The user will also see the percentage of space used in their cloud storage.


    The developer has enabled shortcodes so you can add custom pages that include WP Cloud options. The available shortcodes are:

    • [cloud] prints a list of files for the current user
    • [cloud_show id=”0″] prints a list of files of the given user id
    • [cloud_upload] prints a simple upload form that allows the current user to upload a file in his/her directory
    • [cloud_send] prints a simple upload form that allows the current user to upload a file to another user directory by specifying login_name or email

    Here’s hoping for more

    WP Cloud is a handy plugin to add to various types of WordPress sites. Although WP Cloud is limited in features, it makes up for it in ease of use.

    My hope is that the developer will either return to work on the plugin or allow someone to fork it so that it can expand its feature set. Even as it is now, WP Cloud is a worthwhile addition to WordPress.

[Source:-Tech Reepublic]

Twitter co-founder Ev Williams slashes 50 jobs at blogging site Medium

Ev Williams, the founder of Medium — the blogging site started by the Twitter co-founder – has announced it will slash 50 jobs, or a third of its workforce, as it closes its New York and Washington offices.

In a lengthy post on Medium, Williams blamed the ad-driven economics of the web and admitted he needed to refocus in order to find a new business strategy, reported the New York Post.

The job losses are in business, sales and support, he said.

“They tended to do packages of sponsored content more than what you would consider a standard ad. It’s hard to scale an ad business these days without a standardized ad model built into the platform,” said Noah Malin, head of social MEC, North America.

Medium built a name for itself as a place where people could answer their critics. Postings and readership have risen 300 percent since last year, Williams said.

In late 2015, Amazon’s chief spokesman Jay Carney used Medium to respond to a critical New York Times story on the company’s tough workplace practices.

But growth hasn’t kept pace with spending at Medium, and Williams lashed out at ad-driven media as a “broken system” that doesn’t serve readers — replete with “fake news” and clickbait that his startup has failed to fix.

“The vast majority of articles, videos, and other ‘content’ we all consume on a daily basis is paid for  —  directly or indirectly  —  by corporations who are funding it in order to advance their goals,” Williams wrote. “And it is measured, amplified, and rewarded based on its ability to do that. Period. As a result, we get … well, what we get. And it’s getting worse.”

In response, Williams said Medium will search for a “new model for writers and creators to be rewarded, based on the value they’re creating for people.”

“It is too soon to say exactly what this will look like,” Williams wrote. “This strategy is more focused but also less proven. It will require time to get it right, as well as some different skills.”

[Source:-The American Bazzar]


Wordpress Security's Plugins

Being the most popular blogging platform worldwide, it’s only natural that WordPress would have a user base in the millions. However, in today’s world, popularity is a double-edged sword – the more popular a particular website is, the higher the chances of spammers and hackers attacking it. Unlike other online platforms for blog, it could be a problem for WordPress and though it’s got strong security features, nothing’s set in stone. Thus, your priority should be to ascertain the safety of your blog and deter hackers from stealing and altering your private information. You wouldn’t want all your effort to go to waste, would you?

Take a look at the top 15 WordPress plugins that are used by bloggers around the world to beef up the security of their site.

Clean and simple, this plugin maintains a log of everything that happens on your WordPress blog or website. You can easily track any suspicious activity and determine the threat level. You receive security alerts in real-time whenever:

  • A new user profile is created
  • WordPress gets an upgrade
  • Users install and activate a WP theme
  • Change their email address or passwords
  • An existing page, post, or category is modified
  • Failed login attempts
  • And much more…


  1. Security Ninja


A combination of WP security best practices rolled into a single plugin, Security Ninja performs over 31 security tests, like brute-force attacks. Your site is checked thoroughly for holes and security vulnerabilities, and preventative measures help stop attacks.


  1. BulletProof Security Pro


A single click is all you need to safeguard your Root website folder and your ‘wp-admin’ folder when you have this plugin installed. No longer do you have to worry about hacking trials like XSS, CSRF, SQL Injection, Base64, RFI and Code Injection. A one-time fee is required to activate the spam and hacker protection features.


  1. iThemes Security


Are you looking for a strong security plugin that is simple enough for novices to operate? Well, you’re in luck. iThemes Security fixes multiple issues that makes WordPress blogs vulnerable, and also boosts the security. The plugin dashboard contains a checklist of action items, arranged in descending order of importance, that you can turn on or off as per your convenience.


  1. 6Scan Security


Hackers beware! 6Scan provides your site with rule-based protection and regularly updates the security features. The built-in security scanner checks and protects your website against a variety of threats, but the most significant feature of this plugin has got to be the automatic vulnerability fix. Any vulnerable code is automatically fixed using an auto-fix server-side agent solution. Moreover, malware-related issues are easily taken care of by 6Scan.


  1. All in One WPSecurity


So what features constitute the perfect WP security plugin?

  • Blacklist feature
  • System file security
  • User login security
  • Regular plugin updates
  • Database security
  • User account security
  • Firewall setup
  • Simple user interface

You’ll be happy to know that All in One WPSecurity and Firewall contains all of these features and more, making it one of the most effective WordPress security plugins available online.


  1. Sucuri Security


Being one of the best web security experts, Sucuri’s plugin was bound to be great. What users didn’t expect was a comprehensive tool that tracked every activity on their site. No breach in security goes unnoticed, and it’s easy for users to review activity logs and notice anything out of the ordinary.


  1. BruteProtect


Brute force attacks are the most common methods employed by hackers to gain access to your site. However, you need not worry when you have the BruteProtect plugin. Whenever a particular IP address tries to log in to your site and fails more times than usual, it automatically gets blocked.


  1. AntiVirus for WordPress


This plugin prevents your WordPress blog against malware, viruses and worms. You receive warnings about possible attacks. However, the highlight of this plugin has got to be the multilingual support, which not many plugins deem as necessary.


  1. Acunetix WP Security


Searching for a free but powerful security tool that secures your WP installation? Acunetix is the solution. It suggests corrective measures that boost the security of your database, secure file permissions, hide versions, and offer admin protection for your blog. Your site is checked for security vulnerabilities, and if any are found, corrective actions are suggested at once.


  1. WP-DBManager


This is a great plugin that enables you to optimize the database of your site, repair it properly, backup the database, restore it whenever necessary, delete the backup, easily empty/drop tables, and run specific queries. This plugin even supports the automatic scheduling of optimization, repair, and backup tasks for the database.


  1. VaultPress


From the makers of WordPress comes VaultPress, a premium subscription service. This plugin makes it easy to back up your website daily or in real-time. All the content on your website is synced, and if any threats are detected during scans of your files, they’re immediately dealt with.


  1. Clef Two-Factor Authentication


For people who don’t want the hassle of dealing with passwords or simply want a better, more secure logging in process, this plugin is the perfect solution. You open the Clef app on your phone and then hold it up in front of the WordPress login screen. Your next task is to line up the patterns on both the devices. You’ll be able to log in to your WP site only when they’ve detected one another.


  1. Wordfence Security


This free security and performance plugin for WordPress speeds up your site almost 50 times, making it more secure in the process. Any infections already on your site are checked for thoroughly. Though this plugin is free, you can access the Premium version which comes with advanced features like country blocking, two-factor SMS authentication services, and the ability to schedule scans as per your wish.


  1. Google Authenticator


Two-factor authentication is the way to go when you log onto your website, and this plugin provides just that. No longer do you have to worry about hackers gaining access to your website and uncovering your passwords. You’ll have to download the Google Authenticator app on your smartphone for this to work.

Malicious attacks on websites and blogs are becoming more common with every passing day, and it is imperative that website owners take proper precautions to defend their blogs. For users who don’t know how to code, plugins are the next best option and there are plenty of great WP plugins that offer complete security. The majority of them are safe, simple, and free, and in the end, it all depends on which one you find the best.

About the Author

I’m a professional writer, web developer and CEO of I’ve been working as web interface developer for 4 years and I have a huge experience in website development. Also I’m fond of photography and marketing and of course, writing articles. My work has been published on several popular online magazines. You can follow Lesley on Google+ .


10 Ways to Protect Your WordPress Site You Didn’t Know About

Do you own a WordPress site? Congratulations, the advanced security features of the platform will protect you for life…or so you’d like to think. Unlike ready SaaS solutions, online website builders with centralized managements, WordPress is a popular open-source CMS with open code with lots of security vulnerabilities. And believe me, these vulnerabilities can be easily used to bring harm to your website and business. You need to defend yourself, and the best way to do so is add reinforcements. I know what you’re thinking – plugins! However, plugins aren’t a 100 percent foolproof. In fact, it’s now being said that the more plugins, themes, and custom codes you add to your WordPress blog, the higher the likelihood of getting hacked. No, what you need to do is secure your site’s administrator. Betcha didn’t know about that! To know how to find out below.

Read: How to secure your cyber infrastructure from threats like ransomware?

Limit Plugin Usage

Try not be tempted by the various plugins available for WordPress. Install only the ones you think are indispensable. The more careful you are with your plugin choices, the more secure your site will be. Plugins not only hamper your security but affect the performance and speed of your site as well. Too many plugins can drastically slow down your WordPress site. Your best bet would be to consider plugins that combine multiple items on your must-have features list.

Premium Plugins for Free? No Thanks

We can understand the temptation to download and install free premium quality plugins when on a budget, but it’s best not to do so. Unless you purchase them from an official source, illegal versions of premium plugins generally contain malicious code. Not to mention the fact that piracy is illegal! So, the next time you spot premium plugins available for no cost, be very wary – what was once a good plugin with the excellent code has now become a hacker’s direct line into the backend of your website. Ask yourself – Are all these risks worth saving a few bucks?

Automatic Core Updates are a Must

You should update your WordPress installation as soon as a new version’s released. Older versions of WordPress have their security flaws listed all over the Internet. It won’t take long for a hacker to use that info, and mount an attack against your website. Make site maintenance a regular habit. Or, if you’re too lazy, you could always turn on automatic updates. This fulfills both your criteria of a hands-off approach and a secure website.

Automatic Updates for Themes and Plugins

Themes and plugins generally need to be updated manually. However, if you don’t schedule site maintenance regularly, configuring automatic updates might be the best way to stay on top of things without any immediate intervention.

Get Rid of the Theme and Plugin Editor

There are plenty of developers who make tweaks and changes to WP platform themes and plugins on a regular basis. This step is not meant for them. In the case of users who don’t use the built-in theme and plugin editor in the WordPress dashboard occasionally, it is better if the option is disabled. What does the editor have to do with security? Well, for starters, this editor is used by authorized WordPress users and if their accounts get hacked, the editor might be responsible for the downfall of the entire website. All this can be achieved with a few code modifications.

Remove PHP Error Reporting

The backend of your WP website is rife with weak spots and holes. Actually, very few sites aren’t. However, this does not excuse the fact that if a theme or plugin doesn’t function properly, an error message would be flashed across the screen. The problem stems from the fact that such error messages sometimes include your server path, the whole of which is visible in the error report. Thus, disabling error reporting is the best possible solution.

Never Put Author Usernames on Display

Never leave the WordPress defaults intact. It makes it very easy for hackers to find out your username, and since, more often than not, you are the administrator too, they get access to your admin username as well. This is never a good sign. Hackers can use even the smallest bit of info to compromise your site. The best course of action would be to hide the username of the author. Then if hackers try to get admin information, they’ll be directed back to the homepage.

Always Monitor the Activity on Your Dashboard

If your site has lots of visitors, you should always keep a close eye on what’s going on using your dashboard. It isn’t that all of them are up to no good, but sometimes when there’s too much activity on your site, it pays to be alert. The tiniest misstep can have huge repercussions. This is perhaps the reason why a lot of admins choose to log their dashboard activity – it enables them to retrace the user’s steps up till the point when the site broke down. The dashboard even gives you the opportunity to retrace your own steps.

Your security receives a much-needed boost as you can now connect the dots between a particular action and a particular reaction. Now if your site breaks down due to a certain file upload, you can investigate deeper to see if any malicious code was present or not.

It is possible that you might find the automated information log for WordPress difficult to use and cluttered. In that case, you can always go for a plugin that organizes all of the data.

Keep the Login Page Hidden

It’s true that hiding some elements of your page won’t deter hackers from accessing them, but at least you’ll put up one heck of a resistance. And that is always a good sign! You can rename or relocate your login page to confuse hackers. Most brute force attacks are automated, so when your login page is a little different than the norm, the impact of the attacks will be weaker. There are loads of plugins that can help you make such a simple change.

Update Your Computer

It’s often seen that despite the best security measures, hackers are accessing the WordPress site. This occurs due to vulnerabilities in the computer itself. Your only solution is to keep the system updated. Install software patches as soon as they are released. Upgrade to a newly released operating system as soon as possible.

The task of safeguarding your WordPress site involves a lot more than security plugin installation. You need to devise a complete strategy, taking even subtle nuances into consideration. We sometimes tend to overlook the smaller things, but these can make all the difference between good security and great security.

[Source:-Hack Read]

4 Ways to Future Proof Your WordPress Site

In an online world with ever changing technology and coding standards, predicting the future is tricky. Before you invest your hard earned money into your website build, taking a few minutes to think about future proofing your WordPress site will ensure that:

  • Future customizations are easy to make
  • Existing traffic is not lost
  • You save time supporting and maintaining your site
  • Avoid costly and time consuming problems

Using a mobile optimized and widely popular platform is the first step in future proofing your website. A condition fulfilled by a responsive WordPress theme.

Yet, this is not enough.

In this article, we’ll cover some best known practices to help future proof your WordPress website.

Use a Good Hosting Company and Practice Good Security

In this announcement Google stated that site load time or website speed is now included among its 200+ ranking factors. This means that website speed will have an important effect on how Google ranks your website in search engine results pages (SERPs). With organic traffic accounting for the majority of web traffic on some sites, you certainly don’t want to miss out on that kind of potential traffic.

While a number of factors affect the load time of a website, using a good hosting platform is perhaps the most important of all. A good hosting company should provide optimized tools for WordPress users. This is usually a staging area for testing themes and plugins before finally releasing it to the public.

Articles such as Speed up Your WordPress Website and Separating the Good WordPress Hosts from the Bad will help you choose the right host that caters for serving clients using WordPress.

Practicing good security measures such as using strong passwords, not keeping backups in a public-accessible folder and regularly updating core WordPress, themes and plugins will also help you protect the integrity of your website.

Akismet , Wordfence Security and Sucuri are popular and effective plugins for controlling preventing spam and malware attacks.

Avoid Over-dependence as Much as Possible

Finding the perfect web design is hard and most websites iterate their site design through various tests e.g. A/B testing to find the perfect web design that would optimally capture leads and win more customers.

With many site owners resorting to freelance web designers or agencies, it’s important that over reliance is avoided.

Copies of code changes should be made. Passwords and key configuration changes should also be documented.

This makes it possible to make appropriate changes in the future and avoid being left in the cold, not knowing or forgetting what was done in the past.

This also applies to the usage of themes and plugins. Consideration has to be made when selecting theme frameworks. Only popular and well-supported themes and theme frameworks should be used.

Also, all-in-one plugins should be used sparingly. This will ensure that the website’s core functions are not broken whenever modifications are being carried out on the plugin.

Use Plugins and Themes That Adhere to WordPress Development Best Practices and Also Provide Good Support

With WordPress constantly releasing improvements and bug fixes, it’s important to ensure that all installed plugins are compatible with the latest WordPress version and adhere to latest WordPress standards as stated in the WordPress Codex.

The latest WordPress version makes checking this easier. When searching for new plugins or themes, a tab is shown whether it is compatible or not.

Updraft Plus - Showing compatibility with WordPress

Using a non compatible or poorly developed plugin or theme puts the security of your site and visitors at risk. Non compatible themes or plugins also suggest the developer has potentially stopped fixing bugs or offering support.

Theme Check is a popular plugin that helps test your theme and make sure it’s up to scratch.

This article gives some additional ways to protect yourself from rogue plugins.

Always Backup and Perform Maintenance on Your Site

While a good hosting company might periodically backup your website data. You should also do this yourself and keep a copy remotely (e.g not on the same live server). Doing this will help ensure when tweaking your website, if you run into issues you can always restore from a recent backup.

There are a good number of platforms and plugins (both paid and free) that do a good job of backing up your data. BackWPup and Updraft Plus are a couple of popular backup plugins.

If you, however, would like to backup your site manually, this article is a must read. You should also maintain your site, we’ve got a great guide on WordPress maintenance here.

Use a Child Theme

A child theme is a theme that inherits the functionality of the parent theme. When you make changes to the child theme, it overrides the defaults from the parent theme without touching or breaking files in the parent theme. This allows you to update your parent theme without the risk of breaking your child theme, keeping customizations in tact.

Most theme frameworks provide instructions on how to create a child theme on their documentation page.

Adopting the usage of a child theme helps saves time when tweaking or making A/B tests on your website.

You can find simple, step-by-step solutions to creating your child theme here.


There you have it. Future proofing your website isn’t an easy task, however the benefits in the long run are worth the effort.

What are your tips and techniques for future proofing your WordPress websites? Please let us know in the comments below.

 [Source:-Site Point]