How To Stop Your WordPress Blog Getting Penalized For Duplicate Content

This is a guest contribution by Felipe Kurpiel, an internet marketer

I came across this topic by accident. One day I was monitoring my analytics data I noticed a big drop on my traffic stats and I didn’t understand why.

Actually, I had a hint because I was starting to interlink my posts. That gave me a clue that the problem was internal which I thought was a good thing. But that is not enough because then I had to analyze what Google is focusing on now.

If you have been involved with SEO at all you know that duplicate content is a bad thing. But how can you identify the duplicate content on your site?

Ok, let’s get started with that.

Identifying Internal Duplicate Content!

That is a little advanced because we are about the crawl our website the way Google does. That is the best way to analyze the source of any problems.

To do that I like to use a Free Tool called Screaming Frog SEO Spider. If you never used this tool it can be a little complicated but don’t let that scares you.

You just have to follow some steps. Actually you can analyze a lot of factors using this tool but for our example, we are just considering duplicate content.

First Step: Add your URL website into the software and let it run.

It can take a while depending on how big your website is, but after that we are ready to filter what we are looking for.

Screaming Frog tabs

Second: Go to the Page Titles tab and then filter by Duplicate

If you are lucky you will not have any result showing when you choose this filter. But unfortunately that was not my case and I saw dozens of results which were the proof that my website had internal duplicate content.

Third Step: It’s time to analyze what is generating the problem

You can do this on Screaming Frog or you can export the file to Microsoft Excel (or similar) in order to deeply analyze what you have to do to solve the issue.

In my case, the duplicate content was being generated by comments. Weird, isn’t?

That is what I thought and I also noticed that the pages with comments were being flagged by Google because they disappeared from search results.

When that happens, you have no turning back but fix the source of the problem.

Understanding Comments

Every comment on my website was generating a variable named “?replytocom”.

You don’t need to understand exactly what this variable does but put it simple; it is like each comment you have on your posts has the ability to create a copy of this particular post in your site. It can be considered as a pagination problem. And that is terrible because when Google crawl your website it can see that your site has the same content being repeated over and over again.

Do you think you are going to rank with that blog post? Not a change!

How to solve this problem

More important than to identify this issue is to create a clear solution to get rid of this pagination issue.

In order to deal with this variable there are two solutions. The first is really simple but not so effective and the second can be seen as complicated but it’s really the ultimate solution.

But let’s cover the easy solution first.

I run my blog on WordPress and one of the few essential plugins I use for SEO is WP SEO by Yoast. If you are using this plugin you just have to go to the plugin dashboard and then click on Permalinks. Once you do that just check the box to “Remove ?replytocom variables”.

Permalink Settings

This is really simple but sometimes you won’t get the results you are expecting, however, if you are having this kind of problem with comments you MUST check this option.

Second Option

After that you can run your website URL using Screaming Frog to see if the problem was solved. Unfortunately this can take a while but if after one day or two you are still noticing problems for duplicated content you have to try the second option.

Now we just have to access Google Webmaster Tools and select our website.

Then under Configuration we must go to URL Parameters.

We will see a list of parameters being crawled by Google in addition, here we have the chance to tell Google what to do when a parameter in particular is affecting our website. That is really cool.

For this replytocom problem I just have to click Edit and use the following settings.

Parameter replytocom

Click Save and you solved the problem!

Now if you tried the first option using the plugin, then you used Webmaster Tools to tell Google what to do with this parameter and after a few days you still see duplicate content, there is one more thing you can try!

Now I am talking about Robots.txt!

Don’t worry if you don’t have this file on your website, because you just have to create a txt file and upload it on the root of your domain. Nothing that complicated!

Once you have created this file you just have to add a command line in the file.

If your Robots.txt is blank, just add these commands there:

User-agent: *

Disallow: /wp-admin/

Disallow: /wp-includes/

Disallow: *?replytocom

If you already had this file, just add the final line: “Disallow: *?replytocom”

It will for sure take care of everything!

Final Thoughts and Monitoring

The best way to avoid this or similar problems is monitoring your data. So here are my three tips to keep your website Google friendly.

  • When working On-Page be careful with the settings you are using on Yoast WordPress SEO plugin. Don’t forget to review Titles & Metas tab and check the “no index, follow” option for every little thing that can be considered as duplicate content.

An example is the “Other” tab where you MUST check this “no index” option so your Author Archives will not be seen as duplicate content when Google crawls your site. Remember, you have to make your website good for users and for search engines.

  • At least twice a week, analyze your traffic on Google Analytics. Go to Traffic Sources tab then Search Engine Optimization and keep an eye on Impressions.

You should also use an additional tool to track your keywords rankings so you can see if your search engine positions remain intact or if some of them are facing some drops. When that happens you will know it’s time to take some action.

  • Every two weeks, use Screaming Frog to crawl your website. This can be really important to check if the changes you made on-site already had the impact you were expecting.

When it comes to duplicate content the most important tabs to monitor on Screaming Frog are Page Title and Meta Description. However, in order to have a website that can be considered Google friendly it’s vital to analyze the Response Codes as well and eliminate every Client Error (4xx) and Server Error (5xx) you identify when crawling it.

Felipe Kurpiel is an internet marketer passionate about SEO and affiliate marketing. On his blog there are great insights about how to rank your website, link building strategies and YouTube marketing. 

4 Tools for Creating a Bulletproof Idea Capture System

This is a guest contribution by Charles Cuninghame is a freelance content writer.

Have you ever experienced the terrible frustration of remembering you’ve had a great idea for a blog post or e-book you’re writing, but not being able to remember exactly what the actual thought or idea was? ‘

Don’t you hate that!

Every blogger knows that ideas are the lifeblood of a successful blog. But ideas rarely come all in one magnificent burst of inspiration.

They’re usually drip fed by your unconscious, one here, one there. And often at the most inopportune times: in the middle of a conversation, riding public transport, walking your dog, and, frequently, when you’re taking a shower.

So if you’re going to trap all those flashes of genius and store them for later use, you need to create a simple idea capture system.

Swiss Army Knife of blog tools

Here are four of the most useful idea capture tools I’ve used, from low-fi pen and paper to cutting edge apps:

3 X 5 inch index cards

Cheap, convenient and effective, the “hipster PDA” is the simplest but possibly the most useful idea capture tool. To make one you just clip a bunch of 3 X 5 inch index cards together with a bulldog clip.

Whenever you have a great idea, jot it down on a card.

Restrict yourself to one idea or topic per card. That way it’s much easier to file your ideas, notes, and to-dos in the right spot when you’re back at your desk.

It’s also a good practice to create multiple hipster PDAs and put them in different places e.g. in your backpack or purse, your jacket pocket, your car, and one on the hall table next to where you leave your keys, so you can pick it up when you leave the house.

This way you’re more likely to always have an index card at hand when inspiration strikes.

Voice recorder

Nowadays almost every mobile phone has a voice recording feature. Which means most of us have an idea capture tool close at hand every waking minute.

The beauty of “talking” your ideas instead of writing them down is you can capture a lot of material very quickly. You can also use a voice recorder in situations where you can’t write e.g. while you’re driving your car or going for a walk. It’s also easy to record a brainstorming session with multiple people – even over the phone.

If you record a lot of ideas (or hate typing!) it may be economical to get your recordings transcribed. This is one of the easiest ways to go from idea to rough draft.

Postie WordPress Plugin

The beauty of the Postie plugin is that it allows you to capture all your ideas in the same place as you’re going to use them: your blog.

Once you set it up, Postie allows you post to your blog via email. Given how easy it is to compose and send email from your mobile devices these days, posting to your blog via email is often easier than logging in your dashboard.

When you use Posite to capture random ideas and links to research material you find on the web, and draft outlines and posts, you build a repository of raw material for your blog. When you next log in to WordPress, you can cut ‘n’ paste your snippets and polish up your rough drafts into finished posts.

Just make sure you set Postie’s “post status” setting to “draft” so you don’t inadvertently publish your brainstorming.


Evernote is the Swiss Army Knife of idea capture tools. It allows you to write notes, snap photos or record audio and store it all in one place. You can even forward emails and save PDFs (e-books for example) into Evernote.

Because it’s a cross-platform app, all your notes are synced and accessible across all your touch points: your computer, smart phone, tablet and on the web.

The Web Clipper browser extension allows you to clip snippets of text, images or even whole web pages as you browse the web. These clips are permanent snapshots of the page that preserve navigation, text, images and links. You can then write you own notes right into the clips.

Evernote’s excellent search function means you’re always able to find your notes and ideas when you need them. With its OCR technology you can even search text contained in images.

You can also organise your related notes and clips into notebooks.

The “best” idea capture system

Ultimately the best idea capture system is the one you use.

So don’t get too hung up on finding the “perfect” tool – just start with something simple. Because the most important thing is to always have something handy to record your ideas when they arrive.

If there are any idea capture tools that you’ve found particularly useful, please tell us about them in the comments.

Charles Cuninghame is a freelance content writer and the author of the Website Content Cheat-Sheet. His favourite idea capture tool is the hipster PDA.

6 Tips for Managing Multi-Author Blogs Without Losing Your Mind

This is a guest contribution from  Alexis Grant, an entrepreneurial writer and digital strategist.

Managing multi-author blogs can be a lot of work; you’re juggling contributors, an editing funnel, your calendar and maybe even promotion on social channels. But if you put certain systems in place, stay organized and know where to focus your efforts, you can decrease your time spent on the project while significantly increasing your blog traffic.

Because my company, Socialexis, manages several large blogs, we’ve discovered a few handy tips for being both efficient and effective. Here are six ideas for handling posts from a variety of contributors in a way that will help you grow your traffic and your community:

1. Create contributor guidelines.

Putting some work into this up front will make your life much easier later. Rather than explain again and again what you’re looking for and how to submit, create guidelines and post them on your site, so you can refer potential contributors to that page.

But don’t stop there. Over time, make note of questions potential contributors ask, and add the answers to that web page. My team also likes to create links for contributor guidelines, so we can easily remember and share the links.

For solid examples of contributor guidelines, check out guidelines for Muck Rack and Get Rich Slowly. If you can let your publication’s voice and personality shine in those guidelines, even better.

2. Take advantage of free tools.

There’s a huge range of blog management tools out there, but you can usually get by with free tools, especially if you’re not running a high-volume site. We use Google Calendar as an editorial calendar and share it with anyone within the organization who needs to know when certain posts will run.

We also use WordPress’s Editorial Calendar plug-in, which lets you drag and drop drafts if you need to change your schedule. And Google Docs — also free — is a great tool for collaborative editing, so the author can see what changes we’ve made.

3. Use Canned Responses.

This Gmail Lab is brilliant when it comes to emails you send again and again.

Keep receiving requests to write for your blog? Create a Canned Response that says you’d love to consider a post, with a link to your guidelines. Get a lot of pitches that aren’t a good fit? A Canned Response that says something along the lines of “Thanks, but this isn’t right for our audience” will do the trick.

To add Canned Responses to your Gmail, navigate to Settings, then Labs, then search for Canned Responses.

4. Create a database of writers.

To avoid finding yourself without solid blog posts, keep track of quality writers, and encourage one-time contributors to submit again. We ask writers to add themselves to our database of freelance writers, but you could also keep track via a simple Google spreadsheet. (If you’re a writer who wants to add yourself to our database, go ahead.)

This works whether you’ve got a particular topic you want someone to blog about (you can ask a blogger to write that post) or if your pitch well has gone dry (you can email the list letting them know you need submissions).

5. Optimize your headlines for SEO.

This is one of the best things you can do to help new readers find your site, and once you get the hang of it, it only takes a minute or two per post — putting it smack in the middle of the big-bang-for-your-buck category.

Sometimes, your SEO efforts will only send a trickle of traffic to the site until… BAM! One day, a post catches on in Google, and you land hundreds or thousands of new subscribers. Be consistent about tweaking your headlines so readers can find you via search, and your efforts will pay off in the long run. The increase in traffic will bring more potential contributors to your site, which makes your job as editor easier.

6. Work ahead.

When we respond to writers and let them know their post will run in three or four weeks, they’re often surprised to hear we schedule content that far in advance. But working ahead is the best way to minimize stress, increase quality and, yes, maintain your sanity.

When you schedule blog posts in advance, you’re far less likely to fall into the trap of publishing sub-par content just to get something on the blog by your deadline. This also gives you time to put posts aside and look at them with fresh eyes, which is one of the best ways to catch grammatical errors. Working ahead sounds simple, but it’s a great strategy for reaching your goals.

Follow these tips — along with offering valuable, relevant content — and you’ll be on your way to an awesome multi-author blog.

 Alexis Grant is an entrepreneurial writer and digital strategist. She and her team manage several large blogs, including a new site for writers, The Write Life.

Optin Skin Plugin Review

In June, Darren shared 3 Ways to Get More Subscribers for Your Blog. In that post, he identified the area under the blog post as being one of the ‘hot zones’ for calls to subscribe.

This area is a solid location to place a call to action, but it can require some effort to style a subscribe form that fits with your theme. In this post, I will be reviewing a plugin that helps you easily create appealing opt-in forms and social share boxes to your blog.

It’s called Optin Skin (aff) and it’s pretty swanky.

I bought this product in 2011 and definitely believe that it’s worth the money. It was really easy to figure out and use. I have no statistics about whether or not it increased the size of my list as I stopped blogging shortly after I installed it. This review is primarily based on ease of use.

The features

Skin Design:

Creating a skin is simple. You simply click ‘Add New’ after hovering over the text for Optin Skin in the sidebar. This will take you to a page where you get to customize the design and skin placement.

You have the choice of about 18 skins, which may be limiting if you don’t like any of the existing options. Customizing the design elements – font, text, size – are easy. You may need to consult design palettes to find colours that complement your theme. The designs are split between being perfect for the sidebar and perfect for below a post.

There are four options for skin placement:

  • Below a post
  • Below the first paragraph
  • At the top of posts
  • Floated right of second paragraph

Once the skin is created, a widget with the skin will be available for sidebar use. You will also receive a shortcode to insert the skin. This makes it so easy for you to put the form (or forms) wherever you like.

You also have the option to redirect people to another page after they sign up, which is perfect for a thank you page.

Split Testing

Split testing is one of the features that really excited me. I’m not technical at all, so will often resort to the default opt in form. I don’t have the resources to get two forms designed to do testing and am not comfortable with the HTML.

This plugin makes split testing easy but you are limited to testing designs rather then locations. You have the options to split test a plugin in the sidebar, or within content, but the optin form has to be in the same area.

I recommend that you test this out. It is so much easier then other form of split testing and can give you lots of useful information.


The interface allows you to easily visualize data about sign up, impressions and conversion rates. This is a really nice touch as it gives you more data points to base decisions on and means you don’t have to leave your blog.


It was pretty easy to figure out what to do – it was really user friendly. I’ve purchased a lot of products that are promoted as being easy to customize, but require a lot of HTML knowledge. The only HTML knowledge you really need is knowing where to put the shortcode if you choose custom positioning.

I really appreciated how easy it was to set up.

My recommendation:

I believe Optin Skin is great value for money. It has given me the incentive to actually test things with my mailing list rather then relying on “hope marketing”.

It removes a lot of the scary-factor that prevents people, like me, getting off their butt to implement new designs and split testing. I just don’t have the time or mental energy to add something else to my to-do list. This takes about half an hour to set up and then you can tweak as required based on the data.

Editorial Note: ProBlogger is an affiliate for this product but this review is a genuine recommendation by someone who uses the product.

13 Tools and Services I Use Every Day to Build a Profitable Blogging Business

Yesterday, during our Q&A webinar, we received a lot of questions about the tools and services we recommend for different aspects of blogging. While we touched on a few, there are quite a few more that I wanted to touch on.

Not all are strictly ‘blogging tools’ but all are things we regularly use as a team.

Note: I am an affiliate for some of the following tools and services but am also a daily user of all of them and have been for a minimum of 12 months.

Note 2: I’ve updated this list with 6 more tools that I use!

Of course there’s plenty more but they are the main things that come to mind!

What tools and services would you add to the list that make up part of your core online business toolbox?

How to Use Multivariate Testing to Build the Ultimate Opt-in Form

This guest post is by Adam Connell of

There’s a testing technique out there that’s not being used to its full potential—or even used at all by most website owners.

Today I want to show you how you can use it to create the ultimate high-converting opt-in form.

So what is multivariate testing? It’s essentially very similar to split testing. The difference is that it takes into account a lot more variables.

Many site owners avoid multivariate testing as it seems overly complex, and most of the services on the market that provide multivariate testing are paid services, which leaves bloggers unsure of the potential ROI.

In this post you will learn how you can use Google Analytics content experiments to conduct multivariate testing on your own opt-in forms in an easy and controlled way that will allow you to maximise your conversions.

Why multivariate testing?

In early 2012 and Redeye conducted a survey that yielded some interesting results.

Multivariate testing came out as the most valuable testing method for improving conversions, despite only 17% of companies stating that they used it.

According to the same report, taking the leap from A/B split testing to multivariate testing can help you improve conversions by an extra 15%.

This shows a huge opportunity for those site owners and businesses that come on board and start using this testing method.

So let’s see how it’s done.

Step 1. Break down your opt-in form

In order to conduct any worthwhile experiment you need a plan and identify all of the different variables; but in order to come up with a complete list of variables you need to break your opt-in form into its various elements.

Here is a combination of the typical elements you may find in an opt-in form:

  • headline
  • subheadline
  • additional text
  • image/video
  • name capture field
  • email capture field
  • buttons
  • background.

Step 2. Define your variables

Now that we have all of the elements of your opt-in form mapped out, we need to break each element down further and plan out how we might want to vary each one.

Please note, the list below is not exhaustive, nor do you have to vary all of these when you come to experiment. The point is to show you all of the possibilities.

You may think some of these are minor changes, and they are. But the impact of some of these changes can be enormous.

For example, some marketers have tested opt-ins with name capture and email fields against forms with just an email capture field, and have managed to increase conversions by 20%. So it all makes a difference!

  • Headline: font, text size, text colour, capitalisation, alignment
  • Sub-headline: font, text size, text colour, capitalisation, alignment
  • Additional text: yes/no, font, text size, text colour, capitalisation, alignment, bullet points
  • Image/video: yes/no, image size, image content, video size, video content, video audio, video type
  • Name capture: yes/no, text in field, icon to the left
  • Email capture: icon to the left, text in field
  • Button: size, shape, text colour, text font, text size, background colour, rounded edges
  • Background: border, image, drop shadow, border.

Step 3. Plan the test

This is where it starts to get a little bit more complex: you need to come up with the original control version of the form for your test, and as large a number of variations as possible.

The downside to Google Analytics content experiments is that you’re limited to nine variations plus the original (or control) version.

You also need to be able to keep track of the variations and changes that you’re making; you can’t just throw something in and hope for the best.

To make this easy for you, we’ve put together a Google docs spreadsheet that will allow you to keep track of all your elements and variations.

Click here to access the spreadsheet

Please note: you must make a copy of this spreadsheet before altering it, otherwise everyone who visits will be able to see your testing plan!


Due to the number of variations that may be needed in the future we’ve broken the document down into controlled groups.

Now just add the variations, which may look something like this:


At this stage it’s important that you only fill in the variations for group A as you need to use the results of each group’s test to inform the variations you select for the next group.

Step 4. Gear up to test group A

Now that you have planned out your variations for group A, you’re ready to get the test underway.

The test

The setup process here is fairly straightforward:

    1. Set up a new page for each variation.
    2. Add the pages to Google analytics content experiments. Log in to your account, then navigate to standard reporting > content > experiments.
    3. Set your goals. Note: the easiest way to do this is to ensure your opt-in form directs users to a thank you page, then find the URL and add this as the goal URL.
    4. Add the content experiments code to your pages.
    5. Let the experiment run.

It’s important to let your experiments run for as long as possible, so you can get data from the largest possible amount of traffic.

The more traffic you run this experiment on, the better, but if your blog doesn’t have as much traffic, then you will need to run it for even longer.

You are just looking for conversion rate here so, strictly speaking, you can run each test on different numbers of traffic. You need a statistically significant result for each test; you don’t need every test to involve the same amount of traffic.

Step 5. Review results and prepare to test group B

By now you will have had the results from group A, which means you can start thinking about the group B tests.

The first thing to do is to take the best performing variation from group A and add it as the original for group B (don’t forget to update your main page on your website at this point).

Now it’s just a case of rinsing and repeating the process above, tweaking and coming up with new variations to test each time.

A potential 15% conversion boost

Using this guide you will be able to create additional experiments for other parts of your sites, not just opt-in forms. You can easily tweak this method to use on sales pages, product reviews, squeeze pages, ad layouts or anything else you can think of.

The important thing is laying out your variations and keeping track of them. Then, just rinse and repeat.

Are you using any form of testing at the moment? We would love to hear about which methods you’re using and how much you’ve managed to increase your conversions in the comments.

Adam Connell is an internet marketing and SEO nut from the UK. He can be found blogging over at Follow him on Twitter @adamjayc.

10 Essential WordPress Security Plugins For 2013

This guest post is by of The WordPress Security Checklist.

Now that we have left 2012 behind, we can start planning 2013. And there is no better time to review the security plugins you use on your WordPress site.

Last year important new security plugins were released, and some of the existing plugins were updated.

The great challenge when it comes to WordPress Security Plugins is to find the magic combination which gives you optimal cover without conflicts or overlapping functionality.

Here we bring you the winning combination for a prosperous (and safe) 2013.

Let the party begin!

Make sure only invited guests pop in

When you throw a big party, you’d best think about who you let in. Otherwise the party might get out of hand.

These clever little plugins are your broad-shouldered bouncers. And they mean business!

WP Login Security 2

This is a personal favorite of mine. It’s very clever.

If an unknown guest arrives at your party your bouncer will ask for ID, but you can walk straight in.

Similarly, the plugin will send a verification email to the registered email address of the user if he tries to log in from an unknown IP address. Only if he validates the IP address by clicking on a link in the email will he be allowed in.

This is a very effective way of stopping brute force attacks. Even if someone does guess your userid and password, they still can’t get in.

If, on the other hand, you log in from a known IP address, you are let in straight away.


Semisecure Login Reimagined

At your party, the bouncer will make sure no one eavesdrops when you whisper the secret password in his ear.

Ideally you would want to send your login information over SSL when you access your WordPress administration panel. However, there is a cost involved in obtaining a SSL certificate and if you are on a shared server you would also need a dedicated IP address.

This plugin is the next best thing for those of us who’d rather spend our money on party hats.

It will automatically encrypt your login information so it is much more difficult for an outsider to steal your credentials.


Login Security Solution

This is the mother of all bouncers. He will only accept photo ID, he can check the expiry date and you can tell him that library cards are no longer accepted. He can even throw out people who fall asleep on the premises.

Or, in technical terms: with this plugin, password strength is enforced, password aging is an option, and password resets for all users can be forced. And you can even log out idle sessions automatically.

Another clever feature of this plugin: instead of locking out IP addresses of brute force attackers it will slow down the response times gradually. This means that you can get your own password wrong without being locked out, and it will still make brute force attacks almost impossible.


WordPress Firewall 2

This is the wall around your house that makes sure no one sneaks in through your backdoor or a window, bypassing your bouncers. It’s very important.

Windows Firewall 2 inspects all incoming traffic to identify if anyone sends you malicious requests or tries to inject data into your database.


Block Bad Queries

This plugin is like the barbed wire or the broken glass on top of the wall. Yes, the internet is really a bad neighborhood!

BBQ extends your firewall and helps filter incoming traffic to stop known bad guys.


Keeping tabs on what goes on in your house

Once your party is going you want to keep an eye on what is happening. If someone breaks your TV you’d like to know who’s responsible and how much damage was caused.

These plugins are your eyes and your ears. And they are awake!

WordPress File Monitor Plus

This is like having surveillance cameras in every room of your house and taping all the action. If anything goes down you can see exactly what happened.

WordPress File Monitor Plus tracks changes to your file system. If any files are added, removed, or changed you will be notified by email. Neat. Could be an invaluable help in cleaning up after you have had visitors!


WP Security Scan

Although you love opening up your house for the big party, there are still some rooms you do want to keep away from your guests. Locking a few doors will make sure the cats can only play where you want them to.

WP Security Scan checks your file and folder permissions and a few other things to make sure everything that should be locked down is locked down.


Curing the hangover

Depending on the success of your party you might end up with a bit of a hangover the day after. But we’ve got the cure for you.

Update Notifications

This good old trick could save you from getting a hangover in the first place: take a couple of headache tablets before you go to bed.

By using Update Notifications you’re stopping the headaches before they begin. Keep your WordPress site updated at all times and you won’t see the bulk part of the threats circulating the net. This plugin automatically sends you an email when there is an update for your plugins, themes, or core WordPress files.



If you are not feeling well, knowing why can make the difference between recovering quickly or suffering for a long time. If you know you are dehydrated you can drink some water. If you know you have got an infection, penicillin might be the remedy you need.

Wordfence is one of the newer security plugins. However it has matured very quickly. One of the great features of Wordfence is that it will compare the plugin, theme, and WordPress core files on your installation with the official version in the WordPress repository. If there are any discrepancies, the plugin will send you an email.

It will also scan your site for known malware, phishing, backdoors, and virus infections.


Sucuri WordPress Security Plugin

If you are really out of luck, you might pick up some kind of disease at your party. This is the risk of mingling with many people. In this case, you might have to go to the doctor.

Sucuri is more than just a security plugin. In fact, their WordPress plugin is probably one of their least-known products.

Sucuri is a company that specializes in cleaning up infected websites. If your luck is out and your site is infected, they will clean it for less than it would cost you in coffee if you wanted to figure it out on your own—provided you know what you are doing. And they will keep your site clean for a year after that.

The WordPress plugin adds a web application firewall and malware file scanning. The web application firewall will communicate with Sucuri servers, so if one site is under attack from certain IP addresses they can be blocked across the network immediately.


Enjoy 2013!

With a little bit of preparation, you will be able to throw fantastic parties in 2013, and you and your guests can amuse themselves without worrying about accidents or bad guys ruining everything.

Make sure your WordPress site is in good shape and ready to bring you a very prosperous 2013!

Check out ’s free WordPress Security Checklist, which is all about protecting your WordPress assets properly and sleeping well at night.

WordPress Backups: Don’t Make These 9 Mistakes on Your Blog

This guest post is by of The WordPress Security Checklist.

Do you have insurance on your car? And on your house? Of course you do.

Do you have insurance on your WordPress site?

What? Insurance?!

A good backup plan is your insurance policy on your WordPress site!

You might be a serious blogger who is already aware of the value represented by your WordPress site. The time and money you have invested in building it. The income stream it provides. The audience you have attracted. The traffic you get.

Or maybe you are a hobby blogger, and over time you have, little by little, built significant value on your site, be that emotional or monetary value.

Your web presence is like your real life presence. You buy your first house, move in, and get your first home and contents insurance based on the value of your possessions at the time. And ten years later you are still only insured for that initial value.

As with your real house, your WordPress site could disappear in an instant.

It does not matter if the reason is criminal intent, a natural catastrophe, or an accident. If you do not have good insurance, you have to start again from scratch.

So just how good is your WordPress insurance?

Here I’ve compiled a list of the most common WordPress backup mistakes, and added a few tips on how to avoid them.

In no particular order, these are the mistakes:

  • not making a backup at all
  • not making a complete backup
  • relying on manual backups
  • not getting the backup frequency right
  • relying on your hosting company’s backup
  • only storing your backup on your hosting account
  • not storing your backups securely
  • not testing your backup
  • not storing your backups long enough.

Not making a backup at all

Yes, it’s sad, but it happens more often than you would think! Some people don’t take out insurance either. Don’t be one of them.

Tip: Do make backups!

Not making a complete backup

Some WordPress plugins only back up your WordPress database. WordPress consists of a database and a number of files. Unless you have a good backup of everything you probably don’t have anything!

A backup of your database will take you some of the way to a working site, but without images, plugins and themes (some of which might have been customized), you are a long way away from a fully functional site. And if you only have a backup of your files you have lost all your settings, posts and comments.

Tip: Make sure you back everything up!

Relying on manual backups

When the topic of WordPress backups comes up on discussion forums, there is almost always someone who swears by manual backups.

Why is that a problem?

Computers are excellent at performing routine tasks at scheduled intervals. Human beings, not so much. We tend to forget. And go on holidays. Before we know it it’s been six months since we last made a backup. All of a sudden we desperately need that backup. That’s when grown men start crying.

Tip: Let the computers do what they do best: automate your backups!

Not getting the backup frequency right

If your WordPress site changes daily, a monthly backup schedule could cost you up to a months work.

If your site changes monthly and you make daily backups storing only 30 backup archives you could be left without a usable backup archive. This could happen if you discover that you were infected with malware three months ago, for instance.

Different parts of your WordPress site change at different frequencies.

If you have a large site, you might want to split up your backup based on the update frequency:

  • Themes and plugins rarely change.
  • Backups of the uploads directory can be split by year, or even by month if necessary. Under normal circumstances, only the directory for the current month changes.
  • The database might change daily if you get many comments or release new posts.
    • Tip: Understand your site and adopt a backup schedule that fits!

      Relying on your hosting company’s backup

      Many hosting companies back up their customer’s accounts on their behalf.

      While this is a very good service, you need to ask yourself some questions about it:

      • What will you do if your hosting company cannot give you your backup archives?
      • If they go bankrupt and everything is shut down from one day to another.
      • If they are hacked and all their data disappears (see 4800 Aussie Sites Evaporate After Hack).
      • If they can only go back one month and you need to go further back.
      • If the backup you need did not complete successfully for whatever reason.
      • What do they back up?
      • How often do they back up?
      • For how long to do they keep the backup files?
      • Can they restore single files or tables in the database selectively?
      • Have you tested that they can restore your data?

      While relying on your hosting provider to back up your data can be a very convenient solution to an unwanted technical challenge, it is most likely not the right solution for you.

      You need control.

      Consider that it is quite simple to implement a good backup strategy of your own. If you use the right WordPress plugin, you can customize your backup jobs to match the needs of your WordPress site. And your backup archives can be stored in an offsite location that’s completely under your control.

      Best of all the solution does not have to cost you a thing if you know how to do it right.

      Fortunately the strategy is laid out in my article WordPress Backup – The Plugin and The Plan, which has easy-to-follow instructions.

      Tip: While your hosting company’s backups can be a good complement to your own, don’t let them be the only backups you have!

      Only storing your backup on your hosting account

      Your hosting provider might offer you daily backups of your account. And most WordPress backup plugins allow you to store backups on your hosting account.

      But your hosting account might be compromised and all data erased, or the server might crash, losing all your data. You get the picture.

      That is why we recommend that you have at least two separate backup locations: your hosting account could be one, but make sure at least one of them is off site. Even if you lose one backup location, you’ll still have your backup archives.

      If you’re paranoid, you can also store a backup on a USB drive in your bank vault. You need to ask yourself: how much is your business (web site) worth?

      Tip: Make sure you have complete control over at least one copy of your backup archive and store it outside of your hosting account.

      Not storing your backups securely

      Your backups contain sensitive data. For example, your database userid and password, and the names of your administrative users are stored in your backup archives. If your backup falls into the wrong hands, this makes it too easy for malicious parties to break into your site.

      Some backup plugins allow you to email a backup to yourself. Email is inherently insecure. You have no control over the path an email follows on the way to your inbox, for example. And it gets even worse if you create a webmail account with an easy to remember (and to guess) password.

      Imagine what happens if a hacker takes over control of your webmail account: you have not only left the doors to your WordPress site wide open, but also lost your offsite backup! Ouch!

      It is much safer to upload your backup archives via Secure FTP to an offsite location, or store them on a Dropbox, Amazon S3, or Google Drive account which only you have access to.

      Tip: Make sure you store your backups in a safe location.

      For more information on this topic see the post Are WordPress Backups On Dropbox Safe?

      Not testing your backup

      An essential part of backing up your WordPress site is to test that the backup can be restored. This is a step that many people miss. But it is a crucial step.

      Testing that you can restore your backup serves two purposes:

      1. It ensures that your backup software has created a useful backup archive.
      2. It forces you to learn and practice the procedure for restoring your WordPress site.

      Would you rather discover that the restore process is broken or the backup archive is unusable while you are testing, or while you are trying to restore your live site after a breakdown?

      Ideally you need to test your backup every time the backup software is updated. But at a minimum you should do this once per year. At the same time, you can review your backup plan to determine if you need to change the frequency of your backups.

      Tip: Make sure you can successfully restore your WordPress site from your backup!

      For more information, see How To Test Your WordPress Backup and Have You Tested Your Backup Solution Lately?

      Not storing your backups long enough

      One of the great reasons why you need a good backup is to make your blog easier to recover if someone breaks into your site.

      Cyber criminals who compromise WordPress sites for financial gain (stealing traffic, boosting their own SEO rankings, posting ads etc.) do not want you to find out that your site has been compromised.

      This means it could be months before you realize that you have been hacked.

      If you do daily backups and only store them for 30 days, you could easily be out of luck when it comes to restoring your site.

      I recommend that you use a mix of different backup types:

      • a daily backup that you store for two weeks
      • a weekly backup that you store for three months
      • a monthly backup that you store for two years.

      This allows you to go up to two years back in time if needed.

      Of course, you can adjust the retention period of each type of backup to suit your needs.

      With the right choice of backup software this can all be run on auto-pilot with automatic purging of old backup archives to manage your space requirements.

      Tip: Make sure your backup strategy allows you go to far enough back in time!

      Don’t get caught out!

      As the old saying goes, “Real men don’t make backups, but they cry a lot”.

      With these tips, you can avoid the common pitfalls and sleep well at night knowing that no matter what happens, you’ll be able to recover your blog.

      It doesn’t have to cost you anything to have a good backup plan, but it could cost you the world if you don’t!

      Check out ’s free WordPress Security Checklist, which is all about protecting your WordPress assets properly and sleeping well at night.

Blogging On the Go: Are Mobile Apps Up To It?

This guest post is by Barry Cooke of QDOS.

With the rise of mobile technology and citizen journalism, being able to blog while on the move is increasingly important.

Unfortunately, many blogging apps are limited, clunky, and make updating from your mobile smartphone or tablet inefficient.

Here we take a look at the main direct blogging apps, as well as a few additional ones that can improve the process, to see if they’re up to the challenge.

Blogging software


The interface and functionality of this app is very stripped down. Your main and most important features are still intact—you can upload photos and videos into your post, but they have to be saved on to your device prior to posting, which means you can’t upload from YouTube, Vimeo, or any other video hosting site.


Typing into this app is cramped but bearable, similar to sending a text or an email from your phone. If you’re using a tablet, then there’s obviously a lot more room for manoeuvre.

So, if your aim is just a simple, predominantly text-based post possibly involving a picture or linked video, then Blogger’s mobile app is perfectly adequate, however it’s not capable of posts that are much more complicated than that.


One of the most proficient mobile blogging apps is available from one of the most proficient blogging platforms available.

The WordPress app is detailed, with a multitude of features including the accessible dashboard user interface, which gives you one-tap access to every blogging feature you need, from posting and creating new pages, to comments and checking statistics.

The quick action bar makes it easy to switch between which of your blogs you want to update, refresh the content, or return to the dashboard. Posting is a joy, with the formatting toolbar allowing you to perfect your text, post links, and embed photos and video. With the latter two, you can also change alignments and alter their sizes quickly and easily.


This micro-blogging site lends itself well to remote blogging on smaller handheld devices such as smartphones and tablets by its very nature. It’s fast and simple to post to, with a clean, minimal mobile interface, making it potentially the most attractive out of the major three blog platofrms.

The recently updated user interface makes it easy to check the other blogs you follow, update your own, and manage multiple posts on a range of blogs. The new and improved navigation bar is more intuitive than the 1.0 version, so bloggers can do more than just post from the dashboard—we can now reply to messages, switch between posts and imbed photos, videos and links with just a few taps.

Other helpful apps

There are also some fantastic third-party apps available that integrate with all the above platforms, as well as photo and video editing software. So if you’re often including rich media in your posts, these are essential additions.


This is, by far, one of the most capable blogging applications on the market. It integrates excellently with other third-party apps like YouTube, Vimeo, Flickr, and Picasa, meaning embedding photos and videos into your post is as easy as drag and drop.

It also supports Blogger, WordPress and Tumblr, so if you’ve got several blogs on different platforms, you can use Blogsy to update all of them, and switch between each with just a few taps of your touchscreen.

The integrated browser means linking out is also a seamless affair. The unfortunate thing is it’s only available on the iPad, so those with smartphones won’t be able to take advantage of its myriad features for blogging on the go.

However, if you’re frequently uploading videos, photos and other sticky media to your blog, then investing in an iPad should be considered as it makes the whole process and far enjoyable and rewarding experience. And at just £2.99, Blogsy is well worth the pennies.


Of the numerous photo editing apps available, Snapseed is the most capable and most user-friendly, with an accessible interface that’s easily navigable even for first timers.

It offers good colour control, allowing you to alter the hue and saturation of your photographs, as well as the standard cropping, image enhancement, and scaling options you would expect.

There are a variety of filters you can apply, with very similar aesthetic choices to Instagram, including vintage and black-and-white effects. It’s also possible to integrate it with Instagram, Facebook, Twitter, and Flickr so sharing your perfected photos is easy. Priced at £2.99, it won’t break the bank.

Pinnacle Studio

For video editing, this app is your best bet. Its clean navigation and easy drag-and-drop interaction makes splicing your video clips uncomplicated and a lot of fun. There are options to add text and titles to your finished videos if you want to give a little contextual explanation. And uploading it to YouTube can be done with a couple of taps.

Unfortunately the controls are quite small, so this application isn’t compatible with smartphones and even if it was, it would be impossible to use. If you’ve got an iPad then the interface isn’t so bad, but many bloggers recommend getting a touch pen or stylus if you do a lot of video editing on the move as it makes the process considerably easier.

Your picks

Which mobile blogging application you choose will largely depend on the nature of your blogging, how advanced your posts are, and which media you will be uploading.

What is undeniable is the fact that if you’re embedding a lot of photographic and video content, and you’re doing it frequently while on the move, then it’s well worth investing in a tablet. The simple fact that it’s bigger makes the blogging process more efficient and far more enjoyable.

What mobile blogging apps do you use? Share them with us in the comments.

This article was written by Barry Cooke. Barry is a respected mobile usability consultant who has been working in the mobile market for over 15 years in a number of different sectors from online dating apps to finance and travel.