UKThe United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom and colloquially Great Britain or simply Britain, is a sovereign country in western Europe. times of extreme crisis, whether famines or financials, they should. Furthermore, national debt is not the sum of your debt and my debt, and it has no real bearing on our live whatsoever: just as you can happily carry a credit card balance forever, and many people do, so prosperous nations can bear debt, and the strength of a nation is precisely to be able to do so USA…
UK times of extreme crisis, whether famines or financials, they should. Furthermore, national debt is not the sum of your debt and my debt, and it has no real bearing on our live whatsoever: just as you can happily carry a credit card balance forever, and many people do, so prosperous nations can bear debt, and the strength of a nation is precisely to be able to do so USA.
I want to tell you a story of economics, love, and death. Kind of a Romeo and Juliet parable for the modern age, where the protagonist are societies, not people, who made a kind of suicide pact.
Today, the >UK — we’ll get to the US, the world, and the future, but let’s begin here — released some genuinely stunning economic “numbers.” It forecast the economy basically never to grow again, and for incomes not to rise to 2008 levels until 2028. But of course the contradiction is that if the economy will never grow again, then incomes are hardly likely to rise, so we are seeing the death of a modern economy. But it is not the first, it is the second: the first death was the USA, which is now something like a post-economic country, nominally rich, but plagued by things like mass school shooting and medical bankruptcies, which do not even happen really in Delhi or Bangkok.
Two deaths. Are they homicides? Let’s think about it.
In 2007, the greatest financial crisis of of the modern age hit like a tsunami. What was the response from the UK? Well, it was to bail out the banks with public money. Of course, that raised levels of debt. Now, that was no big deal: governments can always print money, and during times of extreme crisis, whether famines or financials, they should. Furthermore, national debt is not the sum of your debt and my debt, and it has no real bearing on our live whatsoever: just as you can happily carry a credit card balance forever, and many people do, so prosperous nations can bear debt, and the strength of a nation is precisely to be able to do so.
But the average person was tricked into believing the very opposite. They came to think, through sophistry masquerading as economics and punditry disguising itself as analysis and sheer propaganda that there was no way out of this mess except to rip the heart out of public life, to pay off the debt incurred by bailing out the banks by cutting public goods and services. Thus public goods — the NHS BBCThe Royal Marsden Hospital is a specialist cancer treatment hospital in London. It is an NHS Foundation TrUSt, and operates facilities on two sites: The Chelsea site in Brompton, next to the Royal Brompton Hospital, in Fulham Road The Sutton site in Belmont, close to Sutton Hospital, High Down and Downview Prisons, transport, education, and so on — were eviscerated to pay off private debts, and even that is an understatement: the moneys spent went of course to lavish compensation packages and grand accoutrements, not really to “paying off debt”, which is still high, and still doesn’t matter a whit to the average person.
PermaPerma is a town and arrondissement in the Atakora Department of northwestern Benin. It is an administrative division under the jurisdiction of the commune of Natitingou. austerity killed the UK economy, by producing perma stagnation. And then came BrexitBrexit is the popular term for the prospective withdrawal of the United Kingdom from the EUropean Union. In a referendum on 23 June 2016, 51.9% of the participating UK electorate voted to leave the EU. . Brexit was another misguided, maleducated response: since the UK needed to “save money” to “pay off its debt” the average Brit was again conned into believing that the next great cost, after public goods, was EUThe EUropean Union is a political and economic union of 28 member states that are located primarily in EUrope. It has an area of 4,475,757 km², and an estimated population of over 510 million. membership. “You’ll save millions a week!” the propaganda went. But who was “saving” and what precisely was being “saved?” Nothing at all, as it turns out, because now the economy is well and truly dead, stagnant into forever.
So: this logic, that one must “save money” to “pay off the national debt” or else — who knows? Just like a mafia intimidation tactics, the threat is never really fully stated, is it? — has been proven to be wrong. It has killed the British economy dead.
And it’s also precisely how the American economy died, too. Where do you think BritainThe United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom and colloquially Great Britain or simply Britain, is a sovereign country in western EUrope. learned this illogic from? From the American fringe. There, starting in the 1980s, American extremists championed a strange new set of concepts: “fiscal responsibility,” “personal responsibility,” “balanced budgets,” and so on, all of which really meant the above: “pay off the debt” by “saving money” — perma austerity, which also means that we can never invest in anything at a social level, because, of course, that would add debt for a few years. Why? Because cities and towns and countries don’t pay for things in cash or gold, they issue bonds, and that is how finance has always worked since the beginning of time. Do you think any society in human history has paid for a subway system or healthcare system in cash or gold? How? By sending supertankers of notes across the world? Perhaps you see the absurdity of perma austerity now.
So. “Paying off the debt” to “save money,” “personal responsibility” and “fiscal responsibility” — these aren’t economic ideas: they are to economics what ancient aliens are to biology. They have no empirical basis, no factual reality, and no evidential proof. Indeed, the opposite is true.
Imagine that you owned your own currency — one that people were willing to trade you useful things for. Now, your kids were starving. Would you say: “wait! I must pay off every penny of my mortgage and credit cards and car loans and outstanding bills before my children eat!”? Or would you trade some of that currency for bread and water and wine, feed your kids, raise them to be healthy and happy and wise, and let them make more useful things than that currency to trade with people? That’s precisely what the US and UK should have done: invested in one another, instead of imagining they’d “pay off the debt”, which never happened anyways, because now there is nothing to pay it with. Economics is simple. The religion it became, on the other hand, is not: it asks us to pervert the obvious logic of everyday reality.
Ever since launching in late 2008, Google Chrome has slowly been growing to become the default browser for many, and in early 2016 Chrome was crowned the world’s most popular internet browser.
Chrome’s Omnibox feature was an instant hit with users and has established itself as the default navigational tool for many of us.
Let’s remind ourselves how this feature works. Using a fresh profile, the example below demonstrates a user looking to navigate to the BBC website.
Searching via the Google Chrome Omnibox
As there is no history associated with this account, upon hitting enter, Chrome will perform a Google search for ‘BBC’, bypassing the need to visit Google, but still performing a Google search.
With time, Google learns about a users habits and the Omnibox becomes more useful, presenting multiple options to the user. In the example below a wide range of BBC pages are displayed and if clicked, they take the user directly to the BBC website, bypassing Google completely.
Google Chrome Omnibox suggestions
Hands up if you do this? I certainly do. It saves time, reduces the need for bookmarks and generally makes browsing more efficient.
WordPress security is a topic of huge importance for every website owner. Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing. If you are serious about your website, then you need to pay attention to the WordPress security best practices. In this guide, we will share all the top WordPress security tips to help you protect your website against hackers and malware.
While WordPress core software is very secure, and it’s audited regularly by hundreds of developers, there is a lot that can be done to harden your WordPress website.
At WPBeginner, we believe that security is not just about risk elimination. It’s also about risk reduction. As a website owner, there’s a lot that you can do to improve your WordPress security (even if you’re not tech savvy).
We have a number of actionable steps that you can take to improve your WordPress security.
To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress security guide.
Table of Contents
Basics of WordPress Security
- Why WordPress Security is Important?
- Keeping WordPress Updated
- Passwords and User Permissions
- The Role of Web Hosting
WordPress Security in Easy Steps (No Coding)
- Install a WordPress Backup Solution
- Best WordPress Security Plugin
- Enable Web Application Firewall (WAF)
WordPress Security for DIY Users
- Change the Default “admin” username
- Disable File Editing
- Disable PHP File Execution
- Limit Login Attempts
- Change WordPress Database Prefix
- Password Protect WP-Admin and Login
- Disable Directory Indexing and Browsing
- Disable XML-RPC in WordPress
- Automatically log out Idle Users
- Add Security Questions to WordPress Login
- Fixing a Hacked WordPress Site
Ready? Let’s get started.
Why Website Security is Important?
A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.
Worst, you may find yourself paying ransomware to hackers just to regain access to your website.
In March 2016, Google reported that more than 50 million website users have been warned about a website they’re visiting may contain malware or steal information.
Furthermore, Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.
If your website is a business, then you need to pay extra attention to your WordPress security.
Similar to how it’s the business owners responsibility to protect their physical store building, as an online business owner it is your responsibility to protect your business website.
Keeping WordPress Updated
WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.
WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well.
These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.
Strong Passwords and User Permissions
The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your professional email address.
The top reason why beginners don’t like using strong passwords is because they’re hard to remember. The good thing is you don’t need to remember passwords anymore. You can use a password manager. See our guide on how to manage WordPress passwords.
Another way to reduce the risk is to not give any one access to your WordPress admin account unless you absolutely have to. If you have a large team or guest authors, then make sure that you understand user roles and capabilities in WordPress before you add new user and authors to your WordPress site.
The Role of WordPress Hosting
Your WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like BlueHost or Siteground take the extra measures to protect their servers against common threats.
However, on shared hosting you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.
Using a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates, and more advanced security configurations to protect your website
WordPress Security in Easy Steps (No Coding)
We know that improving WordPress security can be a terrifying thought for beginners. Specially if you’re not techy. Guess what – you’re not alone.
We have helped thousands of WordPress users in hardening their WordPress security.
We will show you how you can improve your WordPress security with just a few clicks (no coding required).
If you can point-and-click, you can do this!
Install a WordPress Backup Solution
Backups are your first defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.
Backups allow you to quickly restore your WordPress site in case something bad was to happen.
There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account).
We recommend storing it on a cloud service like Amazon, Dropbox, or private clouds like Stash.
Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.
Best WordPress Security Plugin
After backups, the next thing we need to do is setup an auditing and monitoring system that keeps track of everything that happens on your website.
This includes file integrity monitoring, failed login attempts, malware scanning, etc.
Thankfully, this can be all taken care by the best free WordPress security plugin, Sucuri Scanner.
Upon activation, you need to go to the Sucuri menu in your WordPress admin.
The first thing you will be asked to do is Generate a free API key. This enables audit logging, integrity checking, email alerts, and other important features.
The next thing, you need to do is click on the Hardening tab from the Sucuri Menu. Go through every option and click on the “Harden” button.
These options help you lock down the key areas that hackers often use in their attacks. The only hardening option that’s a paid upgrade is the Web Application Firewall which we will explain in the next step, so skip it for now.
We have also covered a lot of these “Hardening” options later in this article for those who want to do it without using a plugin or the ones that require additional steps such as “Database Prefix change” or “Changing the Admin Username”.
After the hardening part, most default settings of this plugin are good and doesn’t need changing. The only thing we recommend customizing is the Email Alerts.
The default alert settings can clutter your inbox with emails. We recommend receiving alerts for key actions like changes in plugins, new user registration, etc. You can configure the alerts by going to Sucuri Settings » Alerts.
This WordPress security plugin is very powerful, so browse through all the tabs and settings to see all that it does such as Malware scanning, Audit logs, Failed Login Attempt tracking, etc.
Enable Web Application Firewall (WAF)
The easiest way to protect your website and be confident about your WordPress security is by using a web application firewall (WAF). The firewall blocks all malicious traffic before it even reaches your website.
We use and recommend Sucuri as the best web-application firewall for WordPress. You can read about how Sucuri helped us block 450,000 WordPress attacks in a month.
The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).
This is a pretty strong warranty because repairing hacked websites is expensive. Security experts normally charge $250 per hour. Whereas you can get the entire Sucuri security stack for $199 per year.
Sucuri is not the only firewall provider out there. The other popular competitor is Cloudflare. See our comparison of Sucuri vs Cloudflare (Pros and Cons).
WordPress Security for DIY Users
If you do everything that we have mentioned thus far, then you’re in a pretty good shape.
But as always, there’s more that you can do to harden your WordPress security.
Some of these steps may require coding knowledge.
Change the Default “admin” username
In the old days, the default WordPress admin username was “admin”. Since usernames make up half of login credentials, this made it easier for hackers to do brute-force attacks.
Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.
However, some 1-click WordPress installers, still set the default admin username to “admin”. If you notice that to be the case, then it’s probably a good idea to switch your web hosting.
Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.
- Create a new admin username and delete the old one.
- Use the Username Changer plugin
- Update username from phpMyAdmin
We have covered all three of these in our detailed guide on how to properly change your WordPress username (step by step).
Note: We’re talking about the username called “admin”, not the administrator role.
Disable File Editing
WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.
You can easily do this by adding the following code in your wp-config.php file.
Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.
Disable PHP File Execution in Certain WordPress Directories
Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.
You can do this by opening a text editor like Notepad and paste this code:
Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using an FTP client.
For more detailed explanation, see our guide on how to disable PHP execution in certain WordPress directories
Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.
Limit Login Attempts
By default, WordPress allows users to try to login as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to login with different combinations.
This can be easily fixed by limiting the failed login attempts a user can make. If you’re using the web application firewall mentioned earlier, then this is automatically take care of.
However, if you don’t have the firewall setup, then proceed with the steps below.
Upon activation, visit Settings » Login LockDown page to setup the plugin.
For detailed instructions, take a look at our guide on how and why you should limit login attempts in WordPress.
Change WordPress Database Prefix
By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is. This is why we recommend changing it.
You can change your database prefix by following our step by step tutorial on how to change WordPress database prefix to improve security.
Note: This can break your site if it’s not done properly. Only proceed, if you feel comfortable with your coding skills.
Password Protect WordPress Admin and Login Page
Normally, hackers can request your wp-admin folder and login page without any restriction. This allows hackers to try their hacking tricks or run DDoS attacks.
You can add additional password protection on a server side which will effectively block those requests.
Follow our step-by-step instructions on how to password protect your WordPress admin (wp-admin) directory.
Disable Directory Indexing and Browsing
Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.
Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.
You need to connect to your website using FTP or cPanel’s file manager. Next, locate the .htaccess file in your website’s root directory. If you cannot see it there, then refer to our guide on why you can’t see .htaccess file in WordPress.
After that, you need to add the following line at the end of the .htaccess file:
Don’t forget to save and upload .htaccess file back to your site. For more on this topic, see our article on how to disable directory browsing in WordPress.
Disable XML-RPC in WordPress
XML-RPC was enabled by default in WordPress 3.5 because it helps connecting your WordPress site with web and mobile apps.
However because of it’s powerful nature, XML-RPC can significantly amplify the brute-force attacks.
For example, traditionally if a hacker wanted to try 500 different passwords on your website, they would have to make 500 separate login attempts which will be caught and blocked by the login lockdown plugin.
But with XML-RPC, a hacker can use the system.multicall function to try thousands of password with say 20 or 50 requests.
This is why if you’re not using XML-RPC, we recommend that you disable it.
There are 3 ways to disable XML-RPC in WordPress, and we have covered all of them in our step by step tutorial on how to disable XML-RPC in WordPress.
Tip: The .htaccess method is the best one because it’s the least resource intensive.
If you’re using the web-application firewall mentioned earlier, then this can be taken care of by the firewall.
Automatically log out Idle Users in WordPress
Logged in users can sometimes wander away from screen, and this poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.
This is why many banking and financial sites automatically log out an inactive user. You can implement similar functionality on your WordPress site as well.
You will need to install and activate the Idle User Logout plugin. Upon activation, visit Settings » Idle User Logout page to configure plugin settings.
Simply set the time duration and uncheck the box next to ‘Disable in wp admin’ option for better security. Don’t forget to click on the save changes button to store your settings.
For more detailed instructions, see our guide on how to automatically log out idle users in WordPress.
Add Security Questions to WordPress Login Screen
Adding a security question to your WordPress login screen makes it even harder for someone to get unauthorized access.
You can add security questions by installing the WP Security Questions plugin. Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.
For more detailed instructions, see our tutorial on how to add security questions to WordPress login screen.
Fixing a Hacked WordPress Site
Many WordPress users don’t realize the importance of backups and website security until their website is hacked.
Cleaning up a WordPress site can be very difficult and time consuming. Our first advice would be to let a professional take care of it.
Hackers install backdoors on affected sites, and if these backdoors are not fixed properly, then your website will likely get hacked again.
Allowing a professional security company like Sucuri to fix your website will ensure that your site is safe to use again. It will also protect you against any future attacks.
For the adventurous and DIY users, we have compiled a step by step guide on fixing a hacked WordPress site.
That’s all, we hope this article helped you learn the top WordPress security best practices as well as discover the best WordPress security plugins for your website.
WP-Optimize is an effective tool for automatically cleaning your WordPress database so that it runs at maximum efficiency.
- Removes all unnecessary data (e.g. trashed/unapproved/spam comments, stale data) plus pingbacks, trackbacks and expired transient options
- Compact/de-fragment MySQL tables with a button-press
- Detailed control of which optimizations you wish to carry out
- Carries out automatic weekly (or otherwise) clean-ups
- Retains a set number of weeks’ data during clean-ups
- Performs optimizations without the need for running manual queries
- Automatically trigger a pre-optimize backup via UpdraftPlus (https://updraftplus.com)
- Show database statistics and potential savings
- Mobile friendly and easy-to-use
- Translated into several languages
- More planned!
WP-OPTIMIZE HELPS YOU TO:
- Make space: When you edit a post or page on your website, WordPress automatically saves the new revision to the database. If you edit things a few times (and particularly if the post is long), your database soon gets clogged up with old revisions that just sit there, taking up valuable space. WP-Optimize removes these unnecessary post revisions, freeing up valuable Megabytes of data and increasing speed and efficiency. It also cleans up your comments table, removing all the spam and un-approved comments that have built up with a single click.
- Take control: WP-Optimize reports on exactly which of your database tables have overhead and wasted space, giving you the insight, control and power to keep your website neat, fast and efficient.
- Keep it clean: Once enabled, WP-Optimize can run an automatic clean-up on a schedule, keeping a selected number of weeks’ data, according to your specification.
When you use this plugin for the first time or just updated to major version, make a backup of your database (we recommend UpdraftPlus). Though none of the queries used are dangerous, it is always the best practice to make a database backup before altering your database.
HOW THIS COULD HELP YOU?
- The tables in MySQL (the database that WordPress uses) will, over time, become inefficient as data is added, removed, moved around. Asking MySQL to optimize its tables every now and again will keep your site running as fast as possible. It won’t happen by itself.
- Every-time you save a new post or pages, WordPress creates a revision of that post or page. If you edit a post 6 times you might have 5 copy of that post as revisions. This quickly adds lots of rarely-used data to your database tables, making them unnecessarily bloated, and slower to access.
- Similar to the scenario described above, there might be thousands of spam and un-approved comments in your comments table, WP-Optimize can clean and remove those in a single click.
- WP-Optimize reports which database tables have overhead and wasted spaces also it allows you to shrink and get rid of those wasted spaces.
- Automatically cleans database every week and respects the “Keeps selected number of weeks data” option.
If you interested in the development of this plugin, join with us at our GitLab: https://source.updraftplus.com/team-updraft/wp-optimize/ (but please file all support questions in the wordpress.org system).
Translators are welcome to contribute to the plugin. Please use the WordPress translation website.
WordPress out of the box is already technically quite a good platform for SEO. This was true when Joost wrote his original WordPress SEO article in 2008 (updated every few months) and it’s still true today, but that doesn’t mean you can’t improve it further! This plugin is written from the ground up by Joost de Valk and his team at Yoast to improve your site’s SEO on all needed aspects. While this Yoast SEO plugin goes the extra mile to take care of all the technical optimization, more on that below, it first and foremost helps you write better content. Yoast SEO forces you to choose a focus keyword when you’re writing your articles, and then makes sure you use that focus keyword everywhere.
The Yoast team does not always provide active support for the Yoast SEO plugin on the WordPress.org forums. One-on-one email support is available to people who bought the Premium Yoast SEO plugin only.
Note that the Premium SEO plugin has several extra features too, including the option to have multiple focus keywords and a redirect manager, so it might be well worth your investment!
Bug reports for Yoast SEO are welcomed on GitHub. Please note GitHub is not a support forum, and issues that aren’t properly qualified as bugs will be closed.
WRITE BETTER CONTENT WITH YOAST SEO
Using the snippet preview, you can see a rendering of what your post or page will look like in the search results, whether your title is too long or too short, and whether your meta description makes sense in the context of a search result. This way the plugin will help you not only increase rankings but also increase the click through rate for organic search results.
The Yoast SEO plugins Page Analysis functionality checks simple things you’re bound to forget. It checks, for instance, if you have images in your post and whether they have an alt tag containing the focus keyword for that post. It also checks whether your posts are long enough, whether you’ve written a meta description and if that meta description contains your focus keyword, if you’ve used any subheadings within your post, etc. etc.
The plugin also allows you to write meta titles and descriptions for all your category, tag and custom taxonomy archives, giving you the option to further optimize those pages.
Combined, this plugin makes sure that your content is the type of content search engines will love!
TECHNICAL WORDPRESS SEARCH ENGINE OPTIMIZATION
While out of the box WordPress is pretty good for SEO, it needs some tweaks here and there. This Yoast SEO plugin guides you through some of the settings needed, for instance by reminding you to enable pretty permalinks. But it also goes beyond that, by automatically optimizing and inserting the meta tags and link elements that Google and other search engines like so much:
META & LINK ELEMENTS
With the Yoast SEO plugin you can control which pages Google shows in its search results and which pages it doesn’t show. By default, it will tell search engines to index all of your pages, including category and tag archives, but to only show the first pages in the search results. It’s not very useful for a user to end up on the third page of your “personal” category, right?
WordPress itself only shows canonical link elements on single pages, but Yoast SEO makes it output canonical link elements everywhere. Google has recently announced they would also use
rel="prev"link elements in the
head section of your paginated archives. This plugin adds those automatically. See this post for more info.
The Yoast SEO plugin has the most advanced XML Sitemaps functionality in any WordPress plugin. Once you check the box, it automatically creates XML sitemaps and notifies Google & Bing of the sitemaps’ existence. These XML sitemaps include the images in your posts & pages too, so that your images may be found better in the search engines too.
These XML Sitemaps will even work on large sites, because of how they’re created, using one index sitemap that links to sub-sitemaps for each 1,000 posts. They will also work with custom post types and custom taxonomies automatically, while giving you the option to remove those from the XML sitemap should you wish to.
Because of using XSL stylesheets for these XML Sitemaps, the XML sitemaps are easily readable for the human eye too, so you can spot things that shouldn’t be in there.
Are you being outranked by scrapers? Instead of cursing at them, use them to your advantage! By automatically adding a link to your RSS feed pointing back to the original article, you’re telling the search engine where they should be looking for the original. This way, the Yoast SEO plugin increases your own chance of ranking for your chosen keywords and gets rid of scrapers in one go!
If your theme is compatible, and themes based on for instance Genesis or by WooThemes often are, you can use the built-in Breadcrumbs functionality. This allows you to create an easy navigation that is great for both users and search engines, and will support the search engines in understanding the structure of your site.
Making your theme compatible isn’t hard either, check these instructions.
EDIT YOUR .HTACCESS AND ROBOTS.TXT FILE
Using the built-in file editor, you can edit your WordPress blog’s
robots.txt file, giving you direct access to the two most powerful files, from an SEO perspective, in your WordPress install.
SEO and Social Media are heavily intertwined. That’s why this plugin also comes with a Facebook OpenGraph implementation and will soon also support Google+ sharing tags.
The Yoast SEO plugin, unlike some others, is fully Multi-Site compatible. The XML Sitemaps work fine in all setups and you even have the option, in the Network settings, to copy the settings from one blog to another, or make blogs default to the settings for a specific blog.
IMPORT & EXPORT FUNCTIONALITY
If you have multiple blogs, setting up plugins like this one on all of them might seem like a daunting task. Except that it’s not, because what you can do is simple: you set up the plugin once. You then export your settings and simply import them on all your other sites. It’s that simple!
IMPORT FUNCTIONALITY FOR OTHER WORDPRESS SEO PLUGINS
If you’ve used All In One SEO Pack or HeadSpace2 before using this plugin, you might want to import all your old titles and descriptions. You can do that easily using the built-in import functionality. There’s also import functionality for some of the older Yoast plugins, like Robots Meta and RSS footer.
Should you have a need to import from another SEO plugin to Yoast SEO, or from a theme like Genesis or Thesis, you can use the SEO Data Transporter plugin, which will easily convert your SEO meta data from and to a whole set of plugins like Platinum SEO, SEO Ultimate, Greg’s High Performance SEO, and themes like Headway, Hybrid, WooFramework, Catalyst etc.
Read this migration guide if you still have questions about migrating from another SEO plugin to Yoast SEO.
YOAST SEO PLUGIN IN YOUR LANGUAGE!
Currently a huge translation project is underway, translating Yoast SEO in as much as 24 languages. So far, the translations for French and Dutch are complete, but we still need help on a lot of other languages, so if you’re good at translating, please join us at translate.yoast.com.
Be sure to also check out the premium News SEO module if you need Google News Sitemaps. It tightly integrates with Yoast SEO to give you the combined power of News Sitemaps and full Search Engine Optimization.
For more info, check out the following articles:
- The Yoast SEO Knowledgebase.
- WordPress SEO – The definitive Guide by Yoast.
- Once you have great SEO, you’ll need the best WordPress Hosting.
- The Yoast SEO Plugin official homepage.
- Other WordPress Plugins by the same team.
- Follow Yoast on Facebook & Twitter.
FROM WITHIN WORDPRESS
- Visit ‘Plugins > Add New’
- Search for ‘Yoast SEO’
- Activate Yoast SEO from your Plugins page.
- Go to “after activation” below.
- Upload the
wordpress-seofolder to the
- Activate the Yoast SEO plugin through the ‘Plugins’ menu in WordPress
- Go to “after activation” below.
- You should see (a notice to start) the Yoast SEO configuration wizard.
- Go through the configuration wizard and set up the plugin for your site.
- You’re done!
You’ll find answers to many of your questions on kb.yoast.com.
Contributors & Developers
“Yoast SEO” is open source software. The following people have contributed to this plugin.
Improving your WordPress SEO is crucial for getting more traffic to your website. Sadly most WordPress SEO guides are too technical for new users to get started. If you are serious about increasing your website traffic, then you need to pay attention to the WordPress SEO best practices. In this guide, we will share the top WordPress SEO tips to help you improve your WordPress SEO and get more organic traffic.
You might have heard experts saying that WordPress is SEO friendly. This is actually why a lot of people choose WordPress to start a blog or website.
While WordPress makes sure that the code it generates follows the SEO best practices, there is a lot more you need to do if you want to maximize your SEO efforts.
We have a number of actionable steps that you need to take to properly optimize your WordPress SEO.
To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress SEO guide.
Table of Contents
The Basics of WordPress SEO
- Check your site’s visibility settings
- Using SEO friendly URL structure in WordPress
- WWW vs non-WWW in URLs
The Best WordPress SEO Plugin
- Choosing the Best WordPress SEO plugin
- Add XML sitemaps in WordPress
- Add your site to Google Search Console
- Optimizing your blog posts for SEO
WordPress SEO Best Practices
- Properly using categories and tags in WordPress
- Make internal linking a habit
- Optimize WordPress comments
- NoFollow external links in WordPress
- Full posts vs summaries (excerpts)
Speed and Security for WordPress SEO
- Optimize your site’s speed and performance
- Optimizing images in WordPress for SEO
- Security and safety of your WordPress site
- Start using SSL/HTTPS
Finally, see more SEO tools and resources to take your WordPress SEO even farther.
We know the idea of optimizing for WordPress SEO can be intimidating for beginners, especially if you’re not not a tech geek.
But don’t worry — it doesn’t have to be complicated. Start here to learn the basics, and then you can start applying them to your own website.
What is SEO?
SEO is an acronym that stands for Search Engine Optimization. It’s a strategy used by website owners to get more traffic by ranking higher in search engines.
Search engine optimization isn’t about tricking Google or gaming the system. It’s simply about creating a website that has optimized code and formatting which makes it easy for search engines to find your website.
When people search the web for the topics you write about, your search-engine-optimized content will appear higher in the search results, and you’ll get more people clicking through to your website.
Why SEO is important
Search engines are often the biggest source of traffic for most websites.
Google and other search engines use advanced algorithms to understand and rank pages appropriately in search results. But those algorithms aren’t perfect — they still need your help to understand what your content is about.
If your content isn’t optimized, then search engines won’t know how to rank it. When people search for the topics you write about, your website won’t appear in the search results, and you’ll miss out on all that traffic.
It is really important for all business owners to make their website search engine friendly, so that they can maximize their search traffic.
Basics of WordPress SEO
SEO can get technical, but it doesn’t have to be. Just learning a few basic SEO tips to optimize your site can give you a noticeable boost in your website traffic.
You don’t have to be a tech genius to use the techniques below. If you’re already using WordPress, then you’ve got what it takes!
Let’s get started optimizing your website.
Check Your Site’s Visibility Settings
WordPress comes with a built-in option to hide your website from search engines. The purpose of this option is to give you time to work on your website before it’s ready to go public.
However, sometimes this option can get checked accidentally and it makes your website unavailable to search engines.
If your website is not appearing in search results, then the first thing you need to do is to make sure that this option is unchecked.
Simply log in to the admin area of your WordPress site and visit Settings » Readingpage.
You need to scroll down to the ‘Search Engine Visibility’ section and make sure that the box next to ‘Discourage search engines from indexing this site’ is unchecked.
Don’t forget to click on the ‘Save Changes’ button to store your changes.
Using SEO Friendly URL Structures in WordPress
SEO friendly URLs contain words that clearly explain the content of the page, and they’re easy to read by both humans and search engines.
Some examples of SEO friendly URLs are:
Notice that these URLs are readable and a user can guess what they will see on the page just by looking at the URL text.
So what does a non-SEO friendly URL look like?
Notice that these URLs use numbers unrelated to the content, and a user cannot guess what they will find on the page by looking at the URL.
Using SEO friendly permalink structure improves your chances of getting better positions in search results.
Here is how you can check and update your WordPress site’s permalink structure.
You need to visit the Settings » Permalinks page. Select the post name option and then click on the ‘Save Changes’ button to store your settings.
For more detailed instructions take a look at our guide on what is a SEO friendly URL structure in WordPress.
Note: If your website has been running for more than 6 months, then please don’t change your permalink structure unless you’re using the numbers option. If you’re using Day and Name or Month and Name, continue using that.
By changing your permalink structure on an established site, you will lose all of your social media share count and run the risk of losing your existing SEO ranking.
If you must change your permalink structure, then hire a professional, so they can setup proper redirects. You’ll still lose your social share counts on the pages.
WWW vs non-WWW
If you are just starting out with your website, then you need to choose whether you want to use www (http://www.example.com) or non-www (http://example.com) in your site’s URL.
Search engines consider these to be two different websites, so this means you need to choose one and stick to it.
You can set your preference by visiting the Settings » General page. Add your preferred URL in both the ‘WordPress Address’ and ‘Site Address’ fields.
Despite what someone else might say, from a SEO standpoint there’s no advantage to using one or another.
For more detailed information on this topic, take a look at our guide on www vs non-www – which is better for WordPress SEO.
The Best WordPress SEO plugin
One of the best part about WordPress is that there’s a plugin for everything, and SEO is no exception. There are thousands of WordPress SEO plugins which makes it harder for beginners to choose the best WordPress SEO plugin.
Instead of installing separate plugins for individual SEO tasks, we will help you choose the best WordPress SEO plugin that does it all, and it’s 100% free.
Choosing the Best WordPress SEO Plugin
They are both effective solutions, and we’ve done a pros and cons comparison of Yoast SEO vs All in One SEO Pack.
At WPBeginner, we use Yoast SEO, so in this tutorial we’ll be using Yoast SEO for screenshots and examples.
Regardless, we have a step by step guide on properly setting up each of these plugins:
Add XML Sitemaps in WordPress
An XML Sitemap is a specially formatted file that lists every single page on your website. This makes it easy for search engines to find all of your content.
While adding an XML sitemap does not boost your site’s search rankings, it does help search engines find the pages quickly and start ranking them.
If you’re using the Yoast SEO plugin, then it will automatically create an XML sitemap for you. To find your sitemap, just go to this URL (don’t forget to replace example.com with your own domain name):
We will show you how to submit your XML sitemap to Google in the next step.
Add Your Site to Google Search Console
Google Search Console also known as Webmaster Tools is a set of tools offered by Google to give website owners a look at how their content is seen by the search engine.
It provides reports and data to help you understand how your pages appear in search results. You also get to see the actual search terms people are using to find your website, how each page appears in the search results, and how often your pages are clicked.
All this information helps you understand what’s working on your site and what’s not. You can then plan your content strategy accordingly.
Google Search Console also alerts you when there is something wrong with your website, like when search crawlers are unable to access it, find duplicate content, or restricted resources.
We have a step by step guide on how to add your WordPress site to Google Search Console.
If you’re using Yoast SEO, then follow step 11 in our Yoast SEO setup guide.
If you’re not using Yoast SEO, then you can watch our video that shows an alternative way:
Once you have added your website to Google Search Console, click on the Crawl menu and then select Sitemaps.
After that you need to click on the Add Sitemap button.
Your main sitemap is sitemap_index.xml so go ahead and submit that.
Once you have successfully added your sitemap, it will appear as pending. It does take Google some time to crawl your website. After a few hours, you would be able to see some stats about your sitemap. It will show you the number of links it found in your sitemap, how many of them got indexed, a ratio of images and web pages, etc.
We recommend that you check your Search Console at least on a monthly basis for gathering insights and see your website’s SEO progress.
Optimizing Your Blog Posts for SEO
Often beginners make the mistake of thinking that installing and activating a WordPress SEO plugin is all what’s needed. SEO is an ongoing process that you must keep up with if you want to see maximum results.
Yoast SEO allows you to add a title, description, and focus keyword to to every blog post and page. It also shows you a preview of what users will see when they Google your website.
We recommend that you optimize your title and description to get maximum clicks.
When writing your blog post, simply scroll down to the Yoast SEO section and take full advantage of it.
If you’re wondering how to choose a focus keyword, what is a good title, or what is a good meta description, then we have covered it in details in our beginners guide to optimize your blog posts for SEO.
We highly recommend that you read it because on-page SEO is crucial for your success.
WordPress SEO Best Practices
If you follow the basics of WordPress SEO and use the best WordPress SEO plugin, you will already be ahead of most websites.
However if you want even better results, then you need to follow the WordPress SEO best practices below.
These aren’t too technical and most won’t even require you to touch any code. But they will make a big difference if you follow them.
Properly Using Categories and Tags in WordPress
Categories and tags also help search engines understand your website structure and content.
Often beginners get confused on how to best use categories and tags. After explaining this to thousands of readers, here’s how we approach categories and tags.
Categories are meant for broad grouping of your posts. If your blog was a book, then categories will be the table of content.
For example, on a personal blog you can have categories like music, food, travel, etc. Categories are hierarchical, so you can add child categories to them.
On the other hand, tags are more specific keywords that describe the contents of an individual post. For example, a blog post filed under food category can have tags like salad, breakfast, pancakes, etc. Think of these as indexes section in a text book.
For more on this topic, see our guide on categories vs tags and SEO best practices for sorting your content.
By using categories and tags properly, you make it easy for your users to browse your website. Since it’s easy for users, it also makes it easier for search engines to browse your website.
Make Internal Linking a Habit
Search engines assign each page on your website a score (page authority). The recipe of this score is kept secret so that people cannot game the results. However, the most common signals of authority are links.
This is why it’s important that you link to your own content from your other blog posts and pages.
You should make it a habit to interlink your own posts whenever possible. If you have multiple authors, then create a pre-publish blog post checklist that requires them to interlink at least 3 other blog posts.
This will help you boost your pageviews, increases the time users spend on your site, and ultimately will improve the SEO score of your individual blog posts and pages.
Optimize WordPress Comments
Comments can be a strong indication of user engagement on your website. Engaged users means more links back to your site, more traffic, and improved SEO.
But you need to make sure that your comments are real and not spam. Spammers submit comments with bad links which could affect and even ruin your search rankings.
This is why we recommend everyone to start using Akismet. It is one of the two plugins that come pre-installed with every WordPress site, and it helps you combat comment spam.
If Akismet alone is unable to handle comment spam, then see these tips and tools to combat comment spam in WordPress.
If your blog posts attract a lot of genuine, spam-free comments, then you should pat yourself on the shoulder for building such an engaging website!
However, too many comments on a post can make it load slower which also affects your search engine rankings. (Keep reading below to find out more about how speed affects SEO.)
To prepare your website so that it can handle the burden your comments put on your server and speed, you can split comments into multiple pages. See our tutorial on how to paginate comments in WordPress.
(If you’d like to get more comments on your site, check out these 11 ways to get more comments on your WordPress blog posts.)
NoFollow External Links in WordPress
As mentioned above, links help search engines decide which pages are important. When you link to a website, you are passing some of your site’s SEO score to that link. This SEO score is called “link juice.”
For good search rankings you need to make sure that you are getting more link juice from other websites than you are giving away.
Adding the “nofollow” attribute to external links (links to websites that you don’t own) instructs search engines not to follow those links. This helps you save link juice.
A normal external link looks like this in HTML:
<a href="http://example.com">Example Website</a>
An external link with the nofollow attribute looks like this:
<a href="http://example.com" rel="nofollow">Example Website</a>
You can also add rel=”nofollow” checkbox to the insert link popup. This will allow you to easily add nofollow to external links.
Full Posts vs Summaries or Excerpts
WordPress displays and links to your posts from a number of pages like home page, category archive, tags archive, date archive, author pages, etc.
By default, it shows the full article content on all these pages. This affects your site’s SEO, as search engines may find it to be duplicate content. Full articles also make your archive pages load slower.
Showing full articles everywhere also affects your page views. For example, users who subscribe to your RSS feed will be able to read the full article in their feed reader without ever visiting your website.
The easiest way to solve this is by showing summaries or excerpts instead of full articles.
You can do this by going to Settings » Reading and select summary.
For detailed instructions, see our guide on how to customize WordPress excerpts without coding.
Speed and Security for WordPress SEO
Even if you follow all the WordPress SEO tips and best practices above, if your site is slow or gets taken down by a hacker, your search engine rankings will take a big hit.
Here’s how to prevent your site from losing search engine traffic due to slow performance or lax security.
Optimize Your Site’s Speed and Performance
Research shows that in the internet age, the average human attention span is shorter than that of a goldfish.
Web usability experts believe that users decide whether they want to stay or leave within few seconds of visiting a website.
That means that as a website owner, you only have a few seconds to present your content and engage users. You don’t want to waste this precious time making your visitor wait for your website to load. Search engines like Google admit that they rank faster websites higher than slow loading websites.
If you need to improve your site’s speed, check out this expert advice on 18 useful tricks to speed up WordPress and boost performance.
Optimizing Images in WordPress for SEO
Images are more engaging than text but they also take more time to load. If you are not careful with image sizes and quality, then they can slow down your website.
You need to make sure that you use images that are optimized to load faster. See our guide on how to speed up WordPress by optimizing images for the web.
Another trick you can use to optimize your images for search engines is to use descriptive title and alt tags. These tags help search engines understand what your image is about. They also help users with visual impairment as their screen readers can read the alt and title tags to them.
WordPress allows you to add title and alt tags when you upload an image.
If you are a photographer or add a lot of images to your WordPress site, then you need to use a gallery plugin.
Security and Safety of Your WordPress Site
Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing. When a site is blacklisted, it doesn’t show up in any search results at all.
This means that the security of your WordPress site is crucial for good rankings. You don’t want all your hard work on SEO to go to waste if your site is compromised by a hacker.
The good news is that it’s not that difficult to keep your WordPress site safe — see the step by step instructions in our ultimate WordPress security guide.
At WPBeginner, we use Sucuri to protect our website against attacks. To see why we recommend this service, check out our case study of how Sucuri helped us block 450,000 WordPress attacks in 3 months.
Start Using SSL/HTTPS
SSL (Secure Sockets Layer) is a technology that encrypts the connection between a user’s browser and the server they are connecting to. This adds an additional security layer to your WordPress site.
Websites secured with SSL are indicated by a padlock sign in the browser’s address bar. This makes your website more trustworthy, and it is required if you are running an online store with WordPress and processing sensitive payment information.
If you are using Bluehost, then you can purchase a SSL certificate. If you’re going to purchase your SSL certificate through your web hosting company, see our guide on how to add SSL and HTTPS in WordPress.
For step by step instructions, see our guide on how to add free SSL in WordPress with Let’s Encrypt.
More SEO Tools and Resources
Once you get the hang of WordPress SEO best practices, you’ll want to take your skills even further to get ahead of your competition.
We have compiled a list of best WordPress SEO plugins and tools that you should use to boost your SEO. If you’re ready to try some more advanced techniques, you can also check out our archive of WordPress SEO articles.
We hope this article helped you learn how to properly optimize your WordPress site for SEO. Go ahead and implement a few of these WordPress SEO tips, and you should see an increase in your traffic within a few months as the search engines process your changes.
Often beginner users ask us what are WordPress plugins and how do they work? Plugins are an important part of the WordPress ecosystem, and they are essential for building great websites using WordPress. In this beginners guide, we will explain what are WordPress plugins and how do they work?
What Are WordPress Plugins?
WordPress plugins are apps that allow you to add new features and functionality to your WordPress website. Exactly the same way as apps do for your smartphone.
There are more than 48,000 free plugins available right now on the WordPress.org plugin directory. Thousands more are available from third-party websites like Github.
On top of that, there are also thousands of premium WordPress plugins that are sold by individual developers and companies like ourselves.
In 2003, WordPress started as a simple tool to help you start a blog. Over the years, it has evolved into a powerful content management system and application framework, thanks primarily to plugins.
What Can WordPress Plugins Do?
WordPress plugins are small software apps that integrate and run on top of the WordPress software. This allows you to create almost any kind of website with WordPress (not just blogs).
For example, you can:
- Start an online store with WordPress using the WooCommerce plugin
- Create a job board with WordPress using the Job Manager plugin
- Build a business directory with the best directory plugins for WordPress
- Start a coupon website like RetainMeNot
- Build your photography website using the Envira Gallery Plugin
- Create a Wiki website using the Knowledge base plugin
- Start your own podcast website using WordPress
- … and tons more.
There is a popular saying in the WordPress community, “There is a plugin for that”.
No matter what you are trying to do on your WordPress site, it’s possible. If the feature is not available in default WordPress, then there is certainly a plugin available for that.
Plugins can be small and offer just one tiny little feature (like adding an image to sidebar).
More feature rich plugins can have their own addon plugins to extend them just like you would extend WordPress.
How WordPress Plugins Work?
WordPress is written in a way so that other developers can add their own code into it. The WordPress plugin API offers a robust set of hooks and filters which allow developers to modify existing WordPress functionality or add new functionality.
WordPress also allows developers to store data in the WordPress database. Plugins can utilize WordPress content types, taxonomies, and custom fieldswhich allow users to store different types of content not just post and pages.
Each WordPress plugin installed on your site is registered in your WordPress database. You can activate and deactivate them at any time you want.
Upon each visit, WordPress connects to the database, loads the core software, and then loads your active plugins. All this code is processed on your server and then sent to user’s browser.
How to Find WordPress Plugins and Install Them?
Simply head over to Plugins » Add New page and search by typing plugin name or functionality you want to add.
WordPress will search the plugin directory and display the available plugins in a list. You need to review the results, and click on the install now button next to the plugin you want to install.
However, search results inside the WordPress admin area are not always helpful because they are limited to free plugins only. Most beginners find it difficult to decide which plugin is best for the job.
Another approach is to look for plugin recommendations and tutorials on sites like WPBeginner.com. We have a WordPress plugins section where you can find the best WordPress plugins that we have thoroughly tested and reviewed.
More FAQs About WordPress Plugins
I cannot see or install plugins on my WordPress blog?
Most probably you are using WordPress.com. You can only install WordPress plugins on self-hosted WordPress.org websites. See our guide on the difference between self hosted WordPress.org vs free WordPress.com blog.
How many WordPress plugins are too many?
A common misconception among users is that too many plugins can slow down their website. It is NEVER too many plugins that are slowing down your site. It is always poorly coded plugins that degrade performance. For details see our guide on How many WordPress plugins should you install?.
Should I install plugins not tested with my WordPress version?
Sometimes authors of free plugins do not update their plugin files on each new WordPress release. Simply because if it works, then they don’t feel the need to update it. For more on this topic, see our article on installing plugins not tested with your WordPress version.
How to choose between free vs paid plugins?
There are thousands of free plugins and there is a good chance that you can find a free plugin offering the same functionality as a paid plugin. If it works good for you, then use it.
Please keep in mind that free plugins are offered as they are, with no warranties, and no promise of support. Plugin author can stop working on a plugin at anytime they want.
If you feel you will be needing lots of support, and you want regular updates, then paid plugins do a much better job at it.
We use a combination of both free and paid plugins on all our websites.
How do I get support for free WordPress plugins?
Free WordPress plugins are offered without the promise of support. However, most good plugins offer limited free support for their plugins through the official WordPress support forums. Simply visit the plugin page and click on the support tab to post your question.
For more on this topic, we recommend you take a look at our guide on how to properly ask for WordPress support and get it.
We hope this article helped you understand what are WordPress plugins and how do they work. You may also want to see our beginner’s guide on how to choose the best WordPress plugin.