Close
Close

Secure Your WordPress Blog Without Touching Any Code

This guest post is by Karol K of ThemeFuse.

Right now WordPress powers 48 of the top 100 blogs online. More than that, WordPress actually powers 19% of the web as a whole.

Essentially, this is great. Such a strong community of users and developers means that the platform is sure to evolve even further and provide us with lots of cool features that are yet to be developed.

Unfortunately, this creates some dangers as well… Whenever there’s a big number of people trying to make something happen, there’s another group of people trying to take it all down.

The cases where a blog owner loses complete access to their site are not uncommon. Actually, sometimes even whole domains get hijacked, and I honestly have no idea on how that’s done.

But we don’t have to know how hijacking a domain or stealing a blog works to be able to implement some basic security precautions. And that is exactly what this post is about—making your blog secure without playing with source code, understanding things, and stuff.

Typical WordPress security problems

WordPress as a whole (a website management platform) is very well designed. It doesn’t have any preposterous security issues that beginning programmers could exploit. The problems, however, arise when you try to tweak your installation of WordPress by adding new plugins or themes, implementing hacks, or doing anything else that interferes with WordPress.

Of course, this doesn’t mean that you should settle for the default installation, not use any plugins, and only blog using the default theme. What it means is that you simply need to be careful when installing new stuff on your blog, as well as when setting up your blog for the first time.

Let’s start by discussing some of the common security problems you’ll need to handle.

The basics

Excuse me for being obvious, but you really need to start with proper usernames and passwords for your user accounts. Everyone realizes the importance of this, but not as many people implement the best practices.

You must use complex passwords—letters, numbers, special characters, spaces—and usernames that are not obvious. A password of “admin,” for example, is extra-obvious.

For more information on account security, see my recent guest post here on ProBlogger, which explained user accounts and roles, and how to set them up properly.

The name of the next problem in line: shady, untested plugins. WordPress plugins have a fair amount of power over how your WordPress installation works. If a plugin contains some buggy code, it can crash your blog completely. The same goes for code that’s not secure. Finally, if one of your plugins doesn’t implement any security features, it can become the point of entry for malicious bots or direct attacks by hackers.

Remember, the weakest link is where the chain breaks. You only need one low-quality plugin to get into trouble.

The advice I have here is: don’t use any plugin that hasn’t been updated in a while, or hasn’t been officially tested with the newest version of WordPress. Being up to date is always the best precaution. Also, plugins that are more popular are usually more secure as well.

There’s one more big issue we have to in terms of shady code, and that’s WordPress themes. I will say this again—and I’m not sorry for it—free themes are evil.

Well okay, not all of them. There are two kinds of free themes: (1) the good ones, released by quality theme stores as a way of attracting new customers by spreading one or two great free themes, (2) the evil ones made primarily to look great, attract many users, and use the space in the footer for SEO purposes.

These SEO-focused themes often use some strange, encrypted PHP code that can’t be removed, otherwise the theme stops working. This code usually displays search-optimized links (sometimes in an invisible font).

You never, let me repeat, never want to have encrypted code on your site. Even when you get the theme for free in exchange for hosting this encrypted section, it’s not worth it.

If you’re planning to use your WordPress site as the base of your online business then buying a quality theme is a must. If you have a bigger budget, you could even hire a developer to build your theme on top of some popular theme framework.

Since we’ve now covered the basics—user accounts, plugins, and themes—let’s look into some of the things that you can do to actively make your blog more secure.

Steps to better security

First, let’s talk through some of the best practices in terms of security. Then, let me show you some cool security plugins.

Hosting security

Yes, it all starts here. The story is similar to the one about WordPress themes: if you want to have a secure environment, you simply need to invest money. Don’t use free hosting.

Make sure that your web host implements basic security features and that it has good reviews among users (search on forums; Google is likely to display only affiliate reviews, which aren’t always credible).

Secure your own machine first

This is not something that comes to mind immediately when we’re talking WordPress security, is it? But what’s the point of securing your WordPress installation on the host if you have a malicious key-logger installed on your computer that will pick up your password and send it to the attacker?

You always need to start by securing the machine you’re using to connect with your WordPress blog. There are many good antivirus apps available, so I won’t discuss this any further. Just keep in mind that this issue is equally as important as anything else described in this post.

Update, update, update

Update WordPress. Update your plugins. Update your theme. Try to install these updates immediately after the alert apepars in your Dashboard.

Here’s why. Fixes to new bugs and security holes are always a big part of every update. The minute an update gets released, all the changes are announced in the official doc that goes along with the update.

If a hacker wants to attack a site that hasn’t been updated yet, they just have to take a look at the document, do a little research and tackle the holes that the new version fixes.

For example, here’s an excerpt from the information on the newest version of WordPress:

“WordPress 3.3.2 also addresses: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.”

Essentially, such information is a guide for hackers on how to attack outdated sites. So be sure to update everything, without delay.

Back up regularly

No one likes to get hacked, but we can’t assume that it won’t ever happen. You always should have an up-to-date backup of your WordPress site, just in case something goes wrong and you have to restore your blog.

You can do backups manually, or you can sign up to a paid service or simply get a plugin to do this for you (more on this later).

Delete plugins you don’t use

There’s no point in occupying your server’s resources with stuff you don’t use. The same advice applies to themes. Leave just the theme your blog uses, and delete the rest (you can leave the default theme, just in case).

Handy plugins to improve your blog’s security

Everybody loves them some cool plugins, right?! So here’s a list of the ones I recommend you use to make your blog more secure:

  • AntiVirus: This plugin protects your blog against exploits, malware, and spam injections. It scans your theme’s files and notifies you if anything suspicious is going on.
  • Online Backup for WordPress: This app is the one I use for my backups. You can use a schedule or perform backups by hand, and have them sent to your email address or made downloadable. The plugin backs up the database as well as the file system.
  • Secure WordPress: This is where you stop scanning and start acting! This plugin performs a number of security tweaks to your blog. There’s no point in listing them here, so I invite you to check for yourself. Also, you can choose which ones you want to enable and which you don’t need.
  • BulletProof Security: The list of things this plugin does is quite impressive. It’s a really serious piece of software. Just to name a few features: protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts, one-click htaccess protection, wp-config.php protection, and loads of other tweaks. It’s really worth looking into.
  • Hide Login: This plugin has a very simple idea behind it. You can use it to hide your login page. In other words, it creates a custom login URL. It also lets you create a custom admin URL (instead of domain.com/wp-admin), and a custom logout URL.

Other considerations

Content security

Your content is the most valuable asset on your blog. You naturally don’t want it to get stolen by some evil content scrapers and SEO marketers who just want to launch thousands of sites with content from various RSS feeds.

Unfortunately, you can’t protect against this completely. There’s always a danger that someone can steal your content and republish it without attribution. But you can make it just a little harder, or at least let everyone know that your content is protected.

Try checking Copyscape. It’s a service that searches for copies of your content around the internet. If it finds some, you get an alert and some instructions on how to get it taken down. Copyscape offers a couple of different services, so it’s good to pay them a visit and choose one that suits you best.

The just-in-case approach

No matter what you do to protect your blog, something bad is always possible. That’s why you need to have a strategy set in place for the time when something goes wrong, and you need to act fast.

I invite you to check out two of my own: how to restore your blog after a crash, and what to do when you lose access to your blog. And I truly hope that you’ll never have to use either of these guides.

How secure is your blog?

There you have it. I think that’s it when it comes to securing your WordPress site without going into code and implementing various tweaks manually. There’s always a never-ending stream of things you can do, but if you take care of just the ones described here you’ll have a pretty secure blog, and you’ll be ready in case something bad happens.

How diligent are you when it comes to your blog’s security? And what security tweaks would you add to this list?

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Currently, he’s working on a new e-book titled “WordPress Startup Guide – little known things worth doing when creating a WordPress site.” The e-book launches soon, and now the best part … it’s free. Also, don’t forget to visit ThemeFuse to get your hands on some premium WordPress themes.

Use Email to Post to Your WordPress.org Blog

This guest post is by Anurag Bansal of Techacker.

Owners of WordPress.org blogs don’t get the flexibility to post by email through a WordPress service. It’s very surprising to see that such a popular platform doesn’t offer a native way of creating blog post by sending an email—especially since WordPress.com owners can update their blogs using native WordPress functionality.

If you have a blog on Tumblr or Posterous (which was recently acquired by Twitter), you know how convenient it is to update your blog using email. It naturally increases the frequency with which you update your blog.

Today I’m going to introduce you to an easy way to post by email to your WordPress.org blog using a service I am a big fan of—ifttt.

ifttt stands for If This, Then That. This service, which was introduced recently on ProBlogger, makes it really easy to do many online tasks, some of which are mentioned below.

How to post by email to a WordPress.org blog

  1. Create an ifttt account if you don’t already have one.
  2. Activate and authorize the WordPress.org blog you want to post by email to. To do this, click on WordPress logo under Channels on ifttt. Then add the appropriate details to authorize your WordPress blog to use with ifttt. Once activated, you will see a similar screen to the one shown below.Authorize your account
  3. Activate the email channel connection to the email account from which you’d like to send posts. All you need is to click on Email icon and enter your email address. ifttt will immediately send a PIN to this email address. Copy that PIN from the email into the box on ifttt. Once your account’s confirmed, you’ll have successfully activated the email channel.Activate email channel
  4. Use this recipe to create a task. While creating the task, you can edit the details shown in the screenshot below to suit your needs.Create task
  5. Once the task is activated, all you have to do is send an email from the email account you confirmed in Step 3 to [email protected] with the specified # tag in the subject line. In ifttt terms, that tag says, “if email is received from the account specified earlier, then post it to the WordPress blog set up earlier.”
  6. ifttt will create a post on your WordPress.org blog, using the email details as follows:
    1. The subject of the email becomes the title of the blog post.
    2. The body of the email becomes the content of the blog post.
    3. Tags for the post are specified in the recipe. You can change these in the task details on ifttt.
    4. Categories for the post are also specified by you in the ifttt recipe.

There are many other recipes I use to update my WordPress.org blog, including:

  1. Post photos simultaneously on Instagram and a WordPress blog.
  2. Cross-post from a Tumblr blog to WordPress blog.

I have been able to successfully post many updates to my blog using this process. It’s easy, painless and quick. All it takes to update your blog is an email!

Stop postponing that great blog post idea just because you didn’t have the right tools at the time. Now, there’s no need to install any plugins—just use email.

How do you update your WordPress blog now? Do you think email updates would make it easier for you to update your blog? If you’re already using emil updates on another platform, is it helpful? Let us know in the comments.

Anurag Bansal is a technology enthusiasts and internet addict. He reviews various internet services, Android and iPhone apps and provide tips on many technology related topics on his blog at Techacker. Anurag also releases a FREE Monthly Magazine - THM - on his blog. You may follow him on Twitter and Facebook.

Install Your First WordPress Theme

This guest post is by Karol K of ThemeFuse.

Seeing a headline like “How to Install a WordPress Theme” on ProBlogger might seem strange at first. This doesn’t sound like a “pro”-thing at all, right? If you’ve been dealing with WordPress for a while then this is probably even more than obvious to you.

However, everyone starts somewhere, and there are plenty of experienced bloggers who haven’t ever installed a WordPress theme—but would like to give it a try. Maybe you’re installing your first theme right now, and you’re searching for a quick guide on how to do it.

Where can you get a good WordPress theme?

This is tricky. You see, when you’re installing a plugin the best place to go is the official directory at wordpress.org. When you’re installing a theme, however, the official theme directory is not the best place to go, I’m afraid.

Of course, you can find some interesting themes there, but you’re more likely to make your search much more fruitful if you just go to Google.

The thing with the official directory is that it only contains 1,490 themes or so. This is by no means the total number of themes available on the internet. There’s much much more interesting stuff out there, and settling for what you can find in the official directory would not be a wise thing to do.

Yesterday, I described how to select a theme that’s perfect for you and your blog. So here I will just assume that you already know which theme you want to use.

Step 1. Download the theme

Once you find a theme you like, you’ll need to download it to your computer before you can do anything else with it.

The package containing your theme can consist of many various elements. Depending on the license you’ve selected, you might find some PSD files, additional bonuses, documents, and so on. Of course, the theme files themselves will be present as well. Most of the time, all the contents of a theme are delivered as a ZIP archive.

2. Extract the files

Next, you have to extract the archive somewhere—onto your desktop, for example. If the archive contains more elements than just the theme (like the bonuses I mentioned above), open the archive’s readme file to locate the main theme’s directory.

As an example, here’s what you’ll find inside a ThemeFuse theme archive:

Once you’ve successfully identified the main theme directory, you can proceed to the next step.

3. Upload the theme to your WordPress blog

This step will require FTP access to your hosting account, and a piece of FTP software. You can try FileZilla—it’s good, and it’s free.

The theme’s main directory is the one you’ll be uploading to your blog. Connect to your site via FTP (the FTP tool’s help documentation will explain how to do this if you’re not sure) and navigate to the wp-content/themes directory of your site. This is where you upload your theme’s main directory.

Here’s the default look of the directory when it contains only one theme—the default theme TwentyEleven:

The next step in the process takes place in your WordPress Admin panel.

4. Activate your new theme

Log in to your WordPress Admin panel using your Admin account details.

Installing new themes requires Admin access rights; it can’t be done through other types of accounts.

Go to Appearance > Themes, as shown here:

Your new theme should be visible among all the others. The only thing left for you to do now is activate it:

If everything goes well, your new theme will be marked as the Current Theme, and your blog will have an entirely new look.

5. All done!

This is where the guide ends. There’s nothing more for you to do now other than enjoy your new theme! Of course, you could make some final adjustments to make your blog look truly unique, for instance, adding branding elements such as your logo, pictures, and so on. Or, if you’re ready to install a WordPress plugin, we have a guide to that, too!

Have you installed a WordPress theme yet? Share your tips with us in the comments.

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Currently, he’s working on a new e-book titled “WordPress Startup Guide – little known things worth doing when creating a WordPress site.” The e-book launches soon, and now the best part … it’s free. Also, don’t forget to visit ThemeFuse to get your hands on some premium WordPress themes.

How to Select the Perfect WordPress Theme for Your Blog

This guest post is by Karol K of ThemeFuse.

Selecting a WordPress theme is one of those tasks that seem fairly easy at first How hard can it be? you ask yourself. You simply go to Google, type in “best free WordPress themes” and you’re good to go, right?

I’m sure you already know where I’m going with this. So let’s just say it out loud so we can put it behind us: Forget about free themes! They are evil! This is something I’ve been saying for a little more than a year now. And hey, don’t blame me, it’s just the way it is.

Long story short, almost all free WordPress themes include some kind of strange code in their structures, usually in the footer section. The code is encrypted, and, often, the theme stops working if you try to remove it. Also, you don’t have a clue about what’s actually in that code until you decrypt it. Just to make things clear, as a developer, designer, or simply a website owner, you never want to have any unknown code on your site.

What other solutions are there if free themes are out of the game, then? Three main ones:

  • You can have the theme developed by someone on a contract agreement.
  • You can develop the theme yourself on top of a popular theme framework (and create the design as well).
  • You can buy a premium theme.

Of course, at ThemeFuse (the theme store I’m a part of), we strongly encourage you to take advantage of the last option because, well, that’s our business.

But I’m not speaking as a businessman now. I’m speaking as a WordPress developer. So let me take you through the most important elements of the decision-making process, so you can select the perfect WordPress theme for your website or blog.

What do you need the theme for?

This is the first and the most important question you can ask yourself.

Every website has its own purpose. And this purpose will greatly affect the kind of theme you should be searching for.

WordPress was originally designed to work with traditional text blogs, but over the years this purpose has evolved into something much broader. Nowadays, WordPress can successfully run almost any kind of website.

Some possible applications include:

  • Video blogs: this is a new breed in the blogging world. Every day there are more and more bloggers who present their content exclusively through video.
  • Photo blogs (or graphical portfolios): These blogs are popular among photographers and designers who want to showcase their work.
  • Online magazines: These sites are created around the idea of publishing news from a given field, often along with a descriptive image to accompany text content.
  • Business sites: These sites are owned by all kinds of professionals and contract workers, from dentists and tailors, to consultants and teachers … and more!
  • Traditional blogs: These are run by people who want to share their own articles. Mostly, traditional blogs are text only content. In other words, these are blogs like we know them.
  • Corporate sites: Big companies have a slightly different idea of what a good website contains, and that’s why the corporate style has sprouted up.
  • Software/app/product sites: Some businesses are built around a given product or a piece of software. The websites of such businesses tend to focus on the product, rather than on the business itself.
  • Small to medium-sized business sites: Such businesses often find it hard to choose a site design. The corporate style is too big, and a product site just doesn’t seem to fit many service-based businesses.
  • Real-world, local business sites: This is a type of site that’s targeted towards all kinds of physical businesses, like hotels, restaurants, galleries, shopping malls, and every other brick-and-mortar business imaginable.

There are probably tens of other types of sites that WordPress can handle, but let’s just stop here as I’m sure you get the idea.

Whatever you hope your site will end up to be, you have to start with its purpose. That purpose will suggest specific goals for your site, and its design should reflect those goals. Only when you’ve decided what’s important for your future site and what isn’t, can you start searching for a theme.

The most important features of a WordPress theme

There are tons of features a custom WordPress theme can provide you with, but let’s just focus on the most essential stuff—the things you’ll actually use on a daily basis (or during the initial setup).

Price and license

This is probably the most important factor to consider when you’re choosing a theme. Just like every soon-to-be website owner, you’ll have a specific budget set aside for this, and you’ll tell yourself you won’t get anything too expensive no matter how great it is. This is a perfectly reasonable approach.

Therefore, there are some important things to be aware of here. For instance, ask:

  • Does the license you’re about to get allow you to use the theme on more than one site?
  • Do you get free support?
  • Do you get the PSD files?
  • Do you get the source files?
  • Do you get any additional bonuses?

If you’re a WordPress developer and you plan on using a given theme for more than one client, you should consider getting a multiple site license, or maybe even a complete theme package (containing all themes a given theme store has to offer). Of course, the more you want, the more you have to spend, but such an investment might pay off soon.

If you’re only looking for a theme for your own site, then getting the most basic license will probably be the best choice for you.

An SEO friendly structure

No matter what other website owners are saying, SEO still is, and will remain, a very important element for the whole “getting popular on the internet” thing.

An SEO friendly theme is a really valuable asset. If you’re planning on doing any kind of SEO work around your site, then such a theme is essential. And even if you don’t have time for SEO, an SEO friendly theme can do a surprisingly big part of the work for you anyway.

Good SEO always starts with getting the basic characteristics of your site just right. Only then you can tackle link-building and other off-page SEO tasks.

How can you find out whether a theme is SEO friendly or not? Unfortunately, you can’t know for sure until you start working with a given theme. However, there are still some things to look for when you’re playing with a theme’s live demo, or analyzing the screenshots of a theme.

  • Is there the ability to set the titles and descriptions for every post and page individually (including the homepage)?
  • Does the theme use <H> headings?
  • Are the categories and tags visible?
  • Is the layout clean and simple?
  • Does the theme support major SEO plugins?

Some of these factors can be seen when you’re looking at a theme, while others are simply listed in the promotional materials of the theme. Make sure to pay attention to these considerations, though. The more SEO features a theme has, the better.

Compatibility with every browser

This is a very important feature to look for when you’re selecting a theme. Your visitors will always use a range of browsers and devices to access your site. You, as the website owner or the developer need to make sure that the site looks the same in every environment. This is difficult to do if your theme doesn’t provide that functionality from the get-go.

There are a couple of ways to find out whether the theme you’re interested in has cross-browser and device compatibility built in. The time-consuming way is to check the live demo on different browsers yourself. The easy way is to look for the information in the theme’s promotional materials.

Customizable design

Your new theme shouldn’t force you to stick to the default layout. It’s usually difficult to find a theme that fits your requirements exactly. Serious theme developers understand this, so they provide you with the possibility to change the layout a bit.

Changes like switching to a two sidebar layout, or moving sidebars from left to right should be available inside a good theme.

Also, the sidebars should be dynamic, so that you don’t have to settle for a given layout for the whole site. You should be able to choose custom layouts for individual pages of your blog.

Different color schemes available

Sticking to the topic of customization, let’s have a word about color schemes.

Every website needs a brand identity or some other point of differentiation. Chances are that you already have a logo made, and that you want to use it with your new theme. The logo itself represents most of your visual identity, so the theme should follow the same direction and be in tune with the logo.

There’s no easier way of keeping everything in tune than by simply changing the color scheme of your theme. Good themes have a couple of predefined color schemes built in, as well as a number of well-defined CSS classes that enable you to create new color schemes with little effort.

This might not sound important at first, but it actually makes tuning the theme a lot easier if you have a color scheme in place at the outset.

Easily customizable header

Whenever someone gets a new theme, the header is always the first place where any sort of customization happens. This isn’t surprising at all: everyone wants to include their own logo, their own menu, or an advertisement banner.

Customizable headers are essential for every theme. If the theme you’re considering doesn’t support this, it’s going to be really time-consuming for you to do any kind of modifications by hand (i.e. by working with HTML and PHP code).

Widget-ready areas

Widgets are small blocks of content you can include in various areas of your blog’s structure. The most common location for widgets is the sidebar, but that’s not a rule.

Every quality theme has a number of widget-ready areas predefined within its structure. Such areas are not only a form of a placeholder, but in most cases, they’re set with custom formatting and styling too.

The most common uses of widgets are:

  • displaying your Twitter stream and other social media icons
  • displaying recent comments
  • offering an additional search field
  • showing categories and tags
  • listing recent posts
  • showing popular posts
  • displaying archive links
  • displaying ads, additional menus, and so on.

Custom homepage support

For a traditional blog, the homepage is simply a list of recent posts. This is how it used to work for years, and it’s still the default setting in WordPress. But as I said earlier, there are many possible uses of the WordPress platform these days, and this default listing is the optimal solution for almost none of them.

Of course, if you’re a blogger publishing insightful articles on a regular basis, then by all means you should make the default listing of recent posts your homepage. However, if you’re a business owner of any kind, you’re probably better off to create a custom homepage displaying the most important information about your business and its offerings.

Most quality themes enable you to create a custom homepage and choose the individual elements you want to place on it. This is either done by a special category or another widget area (depending on the theme).

Video and image friendly

Just to make things clear, you can obviously display videos and images on every WordPress blog … I haven’t stumbled upon a situation where a blog wouldn’t support images. However, some themes make working with multimedia really, really effortless.

For instance, here’s a YouTube video. If you want to embed it into a standard WordPress theme, you have to go to YouTube, click the Share button, click the Embed button, grab the embed code, go back to your blog, switch to HTML editor, and finally paste the embed code where you want it.

But if you know you’ll be using a lot of video and imagery, you’d do better to choose a theme that caters specifically to those content types. For example, doing the same thing in a Themefuse theme requires only one action. In the visual editor, you simply use the shortcode:

[youtube width="600" height="350" link="http://www.youtube.com/watch?v=keIGj-bTagE"]

Making an image slideshow, or displaying a map from Google Maps is quite similar.

Social media integration

Social media and all of its forms is very popular. Everyone has a Twitter or Facebook account, if not tens of other profiles. Quality WordPress themes follow this trend and provide some form of social media integration. The most popular way is to show various share buttons next to the content, Follow or Like buttons, and sometimes even Twitter or Facebook streams.

Of course, you don’t have to use all of these options, but it’s good to make sure the theme you’re considering has a few possibilities you can choose from.

The “wow” effect: your theme’s looks

Setting all the features aside, there’s one really important characteristic that every good theme offers. All the features mean absolutely nothing if you simply don’t like the theme visually.

Some people will try to tell you that looks can always be changed and that you shouldn’t focus on this that much. I advise a different path here.

If you see a theme, and it doesn’t make you think something like “wow, this is great!” then don’t get it. Period.

Of course, remember your purpose for the theme. The looks itself are not enough to make a theme perfect for you—there are other important considerations as well, as we’ve just seen.

A theme can’t be overused

Popularity is a funny thing when it comes to WordPress themes. On one hand, it’s great to get a popular theme because you know that it’s a quality product. It’s a kind of social proof—if many people have decided to buy a certain theme, then it has to be good, right?

On the other hand, if too many people are using the same theme then it loses all of its uniqueness, and it can make branding it difficult.

Now, I’m not saying that an overall number of downloads for a given theme is important in itself, but it is important for your specific niche. The fact that 50 people might be using your theme in a different niche is not a problem. But if ten people are using your theme in your niche, that could be a big problem.

Simply do a little research before buying a theme to make sure that there aren’t too many people using it in the niche where you want to launch a site. (If no one is using the theme, that, of course, is the perfect scenario.)

Reviews are important

Depending on a theme’s popularity, you might be able to find some customer reviews, or even professional reviews to help you decide whether the theme is really worth purchasing.

The best way of finding those reviews is using Google. Search for something like “theme-name review”. The rule is simple: the larger the number of good reviews, the better.

On the other hand, if you don’t find anything, it doesn’t mean that the theme isn’t good quality. Usually, happy customers don’t spend time submitting reviews around the internet, they simply enjoy their purchase and go on with their lives.

Documentation and support

Some developers don’t believe in the power of documentation, and it’s hard to understand why. The fact is that even when you get a new washing machine, you get a user’s manual.

Essentially, digital products are no different—they, too, need a manual of some kind. Serious developers understand this so they always try to make their customers’ lives easier by providing documentation that’s easy to grasp.

Support is different. The better the product is, the less work support teams have. But still, there are times when you’ll need some assistance, either when something stops working or when you simply want to do something unusual with your theme.

Don’t choose a theme that doesn’t have any documentation or support. This might be okay when you’re getting a theme for free, but when you’re paying money, it’s not acceptable.

Only up-to-date themes allowed

This is an easy trap to fall into. Here’s the scenario: you’re browsing the web to find a nice theme, you stumble upon one that’s interesting, and you decide to get it. Only afterwards you find out that the theme you’ve chosen hasn’t been updated lately and that it has been developed for version 2.7 of WordPress, for example.

I’m not saying that every next version of WordPress is completely different from the previous one, but some things do change, and you need to make sure that your theme implements all the new functionality and interesting features of the platform.

Every self-respecting theme store makes sure that the themes it offers are always up-to-date with current versions of WordPress and current trends of the web as a whole. So when you’re shopping for a theme, simply take notice of whether the theme you’re about to get has been updated lately and if it’s compatible with the newest version of WordPress.

A step-by-step approach

This has turned out to be a rather lengthy piece, so let me sum it up with a quick step-by-step guide on how to select the perfect theme for your blog:

  1. Start with the purpose of your site. When you decide what you need the site for, you’ll be able to list its most important traits—traits you need the theme to support.
  2. Note the details about the themes you’re considering. Some possibilities include: price and license, SEO friendly structure, compatibility with every browser, customizable design, different color schemes available, easily modifiable header, widget-ready areas, custom homepage support, video and image friendly, and support for social media integration.
  3. Let me quote myself: If you see a theme, and it doesn’t make you think something like “wow, this is great!”, don’t get it.
  4. Make sure that the theme is not overused in your niche.
  5. Try to find some customer or professional reviews.
  6. Make sure that documentation and support is available for the theme.
  7. Make sure that the theme is up to date with the current version of WordPress.

Even though it seems like there’s much to do when selecting a theme, it can actually be worked through very quickly. You just need to know where to look for the most important information.

Essentially, selecting a good theme is like selecting any other product—digital or otherwise. You just need to know what you’re looking for. Don’t forget to ask or read about the details that are important to you and your blog.

There’s been a lot of talking on my part here. Now it’s your turn: how did you go about selecting your current WordPress theme? What words of wisdom can you give those who are about to do it for the first time? Let us know in the comments—and don’t forget to visit again tomorrow, when I’ll show you how to install the theme you’ve selected, set by step.

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Currently, he’s working on a new e-book titled “WordPress Startup Guide – little known things worth doing when creating a WordPress site.” The e-book launches soon, and now the best part … it’s free. Also, don’t forget to visit ThemeFuse to get your hands on some premium WordPress themes.

Essential SEO Settings for Every New WordPress Blog

This guest post is by Karol K of ThemeFuse.

Some bloggers, designers, and WordPress developers have a kind of love-hate relationship with SEO. I know—some people tend to be overly focused on everything SEO-related, and they just keep blasting us with the next “crucial” SEO advice every day.

On the other hand, some people tend to completely overlook it, and act like there’s no such thing as SEO. The truth is that neither of these approaches is the right one.

Many SEO-centered people don’t put a strong focus on the content quality they’re creating. It’s an easy trap to fall into. There are only so many hours in a day, and if you spend most of them on, for example, link building then there’s not much time left to do some honest writing.

If you’re in the other camp then I’m sorry, but this isn’t good either. No matter if you’re a blogger managing your own site, or a developer creating sites for others, SEO is always an important element, though it may not be the most important one.

Let me agree with the SEO guys for a minute, and admit that SEO is the best way of getting a constant stream of new visitors every day. Of course, there are other methods too, but nothing is as predictable as SEO.

When you do some kind of promotion on social media, for example, and get 1,000 visitors in a day, then that’s great, but the next day you’re likely to see no one. If you work on your SEO, however, and get 1,000 visitors one day, 1,000 the next day, and 1,000 the next day, then there are good chances the fourth day will bring similar results.

Furthermore, everybody is affected by SEO. If you’re a blogger, then getting new visitors is in your best interests, obviously. But if you’re a developer and a scenario occurs in which your client is not able to attract any new visitors to their site on a consistent basis, then it’s probably your last gig with that client.

Now, there are only so many things we can do in terms of SEO when getting a WordPress blog ready to be launched. Of course, the most important factors are what gets done after the launch—the various SEO activities the webmaster takes—and Sophie Lee explained a number of them recently. But in order to provide you with some solid groundwork, the blog needs to be made SEO-friendly from day one. Here’s how.

Setting the site title and tagline

Where I usually start is by deciding on a good site title and tagline. And I’m talking only in terms of SEO.

A good title and tagline contain the main keywords for the site. Some proper research needs to be done first, and I’m not going to cover this here, but after that’s been done, one of the most important things you can do is include your keywords of choice in the title and the tagline of the site.

This is the first point at which the theme you’re using (or designing) might interfere with these settings. Different themes do different things with the site’s title and its tagline. Some simply display it in a visible place; others ignore it entirely.

A completely different approach is to choose not to use the site title or the tagline anywhere on the blog. I don’t see it as a wise choice, though. You can choose not to use the tagline—not every blog needs a tagline. But the title is a crucial element for many more reasons than just SEO. Make sure you choose one and use it.

Creating permalinks

In plan English, permalinks represent the structure of every URL on a blog. A single blog post can have one of many URL structures. Some of the more popular ones are:

  • domain.com/?p=POSTID
  • domain.com/2011/12/03/post-name/
  • domain.com/category/post-name/
  • domain.com/post-name/

These are not the only possibilities. WordPress provides you with a lot of tags, so you’re able to create literally tens of different URL structures. Only few, however, have any point to them.

Let me just quickly summarize the whole issue here (for more info feel free to visit my other post, Getting the Permalink Settings for WordPress Just Right). My favorite permalink structure is the last one presented on the list above, which is: domain.com/post-name/.

Why? It provides the webmaster with a possibility to include keywords into each post’s or page’s URL, which is one of the main on-page SEO factors for Google. Due to the limited space in a URL, Google knows that the most descriptive keywords are most likely to appear there.

I’m not saying that you have to use this exact structure, but if you set the permalinks to a setting that doesn’t enable including keywords then you’re shutting the door for whoever is going to be managing the site later on.

Building a sitemap

The definition I’m using for sitemap is: a file that provides a map of all the URLs that are a part of a website.

Search engines always look for such a file because it’s the easiest way for them to index all pages that need to be indexed. As a blogger, you have to make it possible for such sitemaps to be created automatically whenever a new page or post gets created.

Luckily, there are many plugins that can make it happen. Two of the more popular ones, which I’ve been using successfully(of course, don’t use both of them at the same time) are:

The plugin by Yoast actually offers a lot more than just sitemaps, and it’s the one I’m using right now on my blog.

These sitemap plugins can be a little tough to deal with at some times. I mean, they work just fine, but the amount of possible settings can be frightening. Thankfully, the default settings seem to be optimal.

Using an SEO-friendly theme

This is a big deal—the most important thing, in my opinion. No matter what settings you choose for your blog, your theme needs to support them.

First things first. Free themes are evil.

Theme frameworks or custom-made themes are great. The only problem is that you need to spend a lot of time working on tweaking the theme to fit your requirements perfectly. But the work often pays off, especially for those somewhat WordPress-savvy people who are not afraid to get their hands dirty. What I actually advise is to invest in a premium theme.

Now, let’s talk some SEO characteristics of a good theme. First of all, and this goes for everyone, no matter if you’re shopping for a theme or creating one from the ground up: a good theme needs to provide the possibility for assigning custom SEO titles and descriptions to individual posts, pages, categories, and tags.

By default, WordPress creates those automatically. What happens is the post’s or page’s title becomes the SEO title as well, and the excerpt becomes the SEO description.

This isn’t a perfect solution. Some post titles will inevitably be longer than SEO tells you is optimal (which is about 65 characters). Another thing is that post titles are always more conversational in nature and less SEO-optimized. A proper SEO title should therefore be a kind of a summary of the post title.

Anyway, I’m sure you see the value. Being able to set SEO titles and descriptions is a must. Period.

The HTML structure of a theme has much SEO weight to it too. For instance, HTML errors (you can discover them by installing a plugin for your browser; many of those are available for Firefox, for example). If your blog has a lot of HTML errors, then you’re making it significantly more difficult for a search engine to visit it and read the content.

HTML is not a complicated language, but truly mastering it to the point where you’re not making any structural errors takes a while. This is a skill developers learn over time.

Proper <H> heading usage is another point. Search engines look at every page in a search for fragments of text that have any kind of emphasis placed on them. For example, if you decide to bold something within a sentence, then it’s probably something important—something you want to attract additional attention to.

Google and other search engines see those phrases, too. For this matter, headings are some of the most important elements. A good theme needs to use them for post titles, page titles, and also provide a well formatted style for different headings when used within the content of the post or page itself.

We’re not done with the structure yet. Google doesn’t see every page the same way. For example, you can go to seo-browser.com and do a quick test on whatever site you want. What you’ll notice is that no matter what address you input, the site looks nothing like you’re used to seeing it. Put in a few page URLs and get a feel for how differently Google sees them.

Now, some hints! A well designed theme rearranges the HTML structure of the site. It does it in a way so the main content of the site is always close to the top of the HTML structure. This is a challenge that requires some CSS knowledge to implement, and can be difficult is some cases.

For example, if a site is using one sidebar on the left, one on the right, and the main content block is in the center, then the easiest way of creating such a structure is to first create the code for the left sidebar, then the content block, and then the right sidebar. Unfortunately, this is not the optimal solution. The main content block always needs to appear first in the HTML structure. This is something beginner CSS enthusiasts often find difficult to implement.

And that’s why you need a premium theme: to ensure that the structure of your site is as seo-friendly as possible.

Understanding indexation

No matter what site you’re working on, not every page deserves to be indexed by search engines.

WordPress as a platform creates a lot of duplicate content—category pages, tag pages, date archives, author archives—and for the most part they are all duplicates.

A blog that’s SEO-friendly should define what gets indexed and what doesn’t. One solution of doing this is to use the WordPress SEO plugin by Yoast mentioned earlier.

Some areas you might consider not indexing:

  • category archives or tag archives
  • date-based archives
  • author archives.

Choosing what to index, and what not to index, is a way of speaking to the search engines. What you’re doing is simply helping them to identify what the most important areas of your blog are, by excluding some of the less-important ones.

Now, the first area on the list is “category or tag archives.” It’s for you to decide upon the best approach for your blog. The general rule, as Sophie explained the other day, is not to let duplicate content pages get indexed. If you’re using the same categories or tags for many posts then your category or tag archives are becoming just that: duplicate content. Setting everything up to prevent this from the get-go is a good practice.

Since we’re talking indexation it’s worth to mention nofollow settings. As many of you know, nofollow is an attribute you can give to a link so it remains unfollowed by the search engines. Some of the links that are good to be no-followed are comment links (whatever people commenting on the blog link to).

Your first steps

The topic of SEO for WordPress blogs is a really big one, and it always takes some time before one can get a good grasp on the whole issue. This post presents only the essential, initial steps you’ll want to take care of, and some of the most basic facts.

When you’re searching for additional information keep in mind to read only the latest posts and tutorials. The rules have a tendency to change quite often in the SEO world! For now, feel free to comment and tell me what your initial SEO settings for your new blog are. I’m curious to know.

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Currently, he’s working on a new e-book titled “WordPress Startup Guide – little known things worth doing when creating a WordPress site.” The e-book launches soon, and now the best part … it’s free. Also, don’t forget to visit ThemeFuse to get your hands on some premium WordPress themes.

Weekend Project: Set Safe, Secure User Roles on Your WordPress Blog

This guest post is by Karol K of ThemeFuse.

One of the final steps of the famous five-minute WordPress installation is to set up an Admin account. This account, by default, is assigned to the role of Administrator, which is the most powerful user role in WordPress.

But Administrator isn’t the only role available. You can, and as a matter of fact should, use other roles when working with your blog on a daily basis.

WordPress user roles sounds like a boring topic. It sounds like something a web developer has to deal with, or an administrator, or someone with a similar job description. And that pushes user roles to the bottom of our to-do lists when we’re setting up our blogs. Even though we get exposed to the whole idea quite early, during installation, we usually ignore it completely.

If you’re new to WordPress, and the whole concept of running a site is something you’ve never done before, you might think you only need the main Admin account. This seems reasonable, especially if your blog is a single author’s work, and that author is you.

But that’s not the best approach, unfortunately. For one thing, if you only have one user account, your Dashboard will get cluttered, which lowers the usability of WordPress as a publishing tool.

Even more importantly, if you just use the Admin account, you are more prone to all kinds of attacks and hacks than if you took a more systematic approach to user roles.

Why having just one user account is a security issue

Relying on a single user account is a security issue for a number of reasons.

First of all, your username is publically visible to anyone who goes to your author archives (usually at domain.com/author/your-username). This means that if someone wants to hack into your blog, they only need to break your password.

Secondly, if your admin account gets hacked, you can lose everything—your whole blog. You can even have it permanently deleted.

This is why it’s worth knowing a thing or two about user roles, and to use the Administrator role for admin purposes only. (Also, always hide it behind a truly complex and secure password, but that’s a another story.)

What are WordPress user roles for?

Essentially, user roles define what users can and cannot do with a given blog. For instance, depending on the role, one user might have the ability to edit everyone else’s posts, while another user might not even have the ability to hit the Publish button on their own posts.

What’s all this for? If you have a multi-author blog, the answer is obvious. You don’t want to let anyone do whatever they please with your blog. (A good practice is to allow different contributors to do just the bare minimum they must do in order to get their particular jobs done.)

For a single-author blog, creating an additional account can be a solid safety measure. You can use this new account to publish content, and edit posts and pages. And whenever you have to do any administrative work, you can switch to the Admin account.

User roles in WordPress

There are five basic user roles in WordPress, and one “super-role.” They are:

  • Subscriber
  • Contributor
  • Author
  • Editor
  • Administrator
  • Super Admin—the super-role.

Let’s take it from the top.

Subscriber

This is the most basic role for user accounts in WordPress. Most blogs that enable user registration assign every new user account to this role.

Basically, this role doesn’t have any privileges at all. The only thing a subscriber can do is manage their profile—it provides them with access to the WordPress Admin panel, section Users > Your Profile.

Usually, this role is used as a placeholder. If someone is no longer contributing to the blog, but you don’t want to delete their account, you can simply change their role to Subscriber.

Contributor

This is the most popular user role you can give to guest posters and other regular contributors.

Every Contributor can create a new post, edit it, and then submit it for review. They also have access to the comments section and can manage comments. However, once a post is published, a contributor can no longer modify that post.

Contributors don’t have access to anyone else’s content, which makes this role perfect for working with guest authors, as mentioned before. If you’re operating a single-author blog, however, then it’s not a role that will be useful to you.

Author

This is a great role for multi-author blogs. Each author can manage their own posts, edit them, delete them, and publish them to the site. They can also access to the content once the post is published. Essentially, an Author is a Contributor with a possibility to publish posts.

Even though there are three roles above Author, it still should be assigned only to trusted members of your team—people who you consider coauthors of your blog. Giving this role to someone who you’re not in any kind of professional relationship with is not the best idea.

Editor

This role enjoys the privileges of all the previous ones. In addition, it can manage all posts (written by any author), create and edit pages, and has access to every other piece of content published on the blog, including categories and tag management.

All this makes it perfect for single-author blogs. It’s a good idea to set an Editor account for yourself, which you’ll then use to publish and manage content.

For multi-author blogs, this role should be used by the person in charge. That one editor (or a small group of editors if the blog is a bigger one) will get the deciding vote regarding every post or page.

Administrator

In a sentence: this is a role that gets access to all the Admin features. It’s the most powerful role (except for the Super Admin, which we’ll get to in a moment)—there’s no one above the Administrator.

As I mentioned before, you get one Administrator account during installation. You can create more Admin accounts later on, but I don’t advise you to do so if you don’t have a good reason.

Also, make sure that your Admin password is secure and impossible to break. Try to use as many special characters, numbers, and big and small letters in your password as possible. The more complex your password is, the better.

Super Admin

WordPress allows you to create something called a multisite setup. Multisite setup is when you launch more than one WordPress site from a single installation of WordPress. You can have as many sites as you want, but they all have to sit in different directories or sub-domains.

I’m explaining this as an introduction to what the Super Admin role is: basically, it’s someone who has administration access to all the websites in a multisite network. Hence the name “Super Admin.” Apart from that, the role doesn’t have any additional responsibilities over an above those in the Administrator role.

How to set user roles

WordPress has always been quite an easy environment to use, so setting roles is as easy as anything else. You start by going to the section of Users > Add New:

Setting user roles

The form that gets displayed features a dropdown list, where you get to select the role you want to assign to the new user (you can do the same for existing users):

Selecting the role you want

Once you hit Add New User or Update User (depending if you’re creating a new account or editing an existing one), the role will be set. In other words, your work is done. This must be the shortest how-to guide ever!

Just to wrap up, let me give you some quick tips on the role setup I advise you to use for depending on whether you have a single-author blog or a multi-author blog.

Assigning user roles for single-author blogs

This is the simplest setup possible, and it only features two user accounts:

  • Administrator account for all admin tasks, as described in detail earlier in this post.
  • Editor account for all content publishing tasks. This is the account you should use to add new posts, edit pages, moderate comments, and all sorts of other content-related things.

Assigning user roles for multi-author blogs

This is a more complex setup. Consider using it only if you have a bigger team of people managing your blog:

  • One Administrator account for all admin tasks.
  • One, or a small number of Editor accounts. These roles will take care of managing the blog’s content as a whole, doing some final editing, and making sure that all posts share the same quality.
  • Author accounts for every member of your team. These people will have the possibility to publish their posts whenever they please, so you still need to be careful with these accounts.
  • Contributor accounts for all guest authors, contractors, and other regular contributors. After a Contributor submits their post for review, an Editor can check it and hit the Publish button if the post meets the standards of the blog.
  • Subscriber accounts as placeholders for contributors or authors who are no longer active, but might come back someday, so it’s best not to delete them permanently.

This closes the topic of user roles in WordPress. I hope that you can see their value even for single-author blogs. I, personally, have an Editor account on all my blogs, and I rarely log in to my Administrator accounts. Only when I need to perform an update or change something about my plugins or themes will I use the Admin role.

What’s your current approach to WordPress roles? Are you using user roles or are you simply doing every task from your Administrator account?

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Contrary to what you might think, he doesn’t want to be the worst blogger on the planet. Don’t forget to visit ThemeFuse to get your hands on some premium WordPress themes (warning: no boring stuff like everyone else offers).

19 Essential WordPress Plugins for Your Blog

This guest post is by Eric Siu of Evergreen Search.

WordPressers are always looking for helpful plugins for their blogs, and if you’ve been following today’s posts on ProBlogger, especially Install Your First WordPress Plugin, you’re probably in the same boat.

So I thought I’d compile a list of the most popular to get you started. To make things simple, the plugins in this post have been broken into different categories.

SEO plugins

  • WordPress SEO: If there’s one plugin from this list that you should get, this is the one. It sets up title tags, breadcrumbs, meta robots control, XML sitemaps, Google Analytics, Google Webmaster Tools, and much more.Wordpress SEO
  • Broken Link Checker: This handy plugin will tell you which links on your site are broken – an automated problem spotter.
  • WPTouch: Easily create a mobile version of your site.
  • nRelate Related Content: Make it easy for people and search engines to find related content around your site.
  • WP Editorial Calendar: Make blogging more manageable by setting up a blogging calendar with this plugin. Very simple drag-and-drop editing on a calendar.
  • SEO Auto Links & Related Posts: Autolink words to URLs of your choice—great for internal linking.
  • WP Super Cache: This plugin will speed up your blog—and site speed is an SEO factor. While not necessary for smaller blogs, bigger blogs will definitely want this plugin.
  • Blogging Checklist: Sometimes you might forget to include some important steps while blogging. Blogging Checklist allows you to add a list of helpful reminders before you place a blog post. Forget no more!
    Blogging Checklist

Social plugins

  • Social Analytics: Want to see which users are logged in via Google, Google+, Facebook, or Twitter? You can do it with this plugin.
  • Social Sharing Toolkit: This flexible plugin allows you to add “social bling” to your posts or pages. You can add buttons from various social networks in a clean and minimalistic manner. Here’s how it looks:
    social sharing tool kit
  • Tweet Old Post: If you have content that you’d like to resurface to your audience every now and then, Tweet Old Post lets you do it.

Analytics plugins

General plugins

  • Subscribe to Comments: Gives your audience the option to subscribe to comments so they will be alerted when people are posting new comments.
  • Outbound Links: Automatically makes all outbound links open in new windows. Helpful in the sense that you don’t lose your audience completely. These clicks can be tracked in Google Analytics.
  • Post Ender: Add a message at the end of each post—think email subscription and RSS subscription opt-ins, like this:

    Post Ender

    Image via ConversionXL

  • Akismet: Eliminate comment spam. This plugin is already installed—all you need to do is enable it and get an API key.
  • Widget Context: A custom sidebar widget. Sometimes you might need to rotate in different ads or use different widgets for various pages or posts. This plugin helps you accomplish that.

Maintenance plugins

  • WP Database Backup: Backing up your blog is extremely important—you don’t want a freak accident to destroy all your work. This plugin allows you to schedule backups. I personally send them to different gmail accounts for each blog.
  • WordPress Backup to Dropbox: Back up your WordPress files to your Dropbox account.

Conclusion

There are a ton of great WordPress plugins out there—this list is intended just to help you get a head start. You’re sure to find some incredible plugins that suit your needs down the line. What are some other essential WordPress plugins that you use?

Eric Siu is the Vice President of SEO at Evergreen Search, a digital marketing agency in los angeles. He’s also written about Minimum Viable SEO: 8 Ways To Get Startup SEO Right and 10 Immutable Laws of SEO. In his free time, he likes watching football, playing poker, hiking, reading, or eating ice cream. Feel free to follow him on Twitter: @ericosiu :)

Install Your First WordPress Plugin

This guest post is by Karol K of ThemeFuse.

WordPress is a platform that’s rather easy to use, for the most part. Publishing new posts is easy, creating new pages is easy, and moderating comments is—again—easy. And that’s great because, this way, the platform can be used by anybody. As Matt Hooper explained earlier today, in his post What Your Need to Know Before You Start a WordPress Blog, no web development or programming skills are required.

There are, however, some aspects that are not that obvious for people who are new to the whole blogging thing, and who are trying to get their WordPress site running for the first time.

Just to make one thing clear, WordPress doesn’t need any additional software, tools, or plugins to operate. Once you get a clean version you are well-off to join the blogging world. However, if you want to include some extra features in your blog, make it SEO friendly, or enable just a simple contact form, in most cases you’ll have to use plugins.

The word “plugin” sounds like a piece of code or software that needs to be included manually in your WordPress by a professional. This isn’t the case, however.

I admit, if you want to work with other platforms then you might stumble upon some difficulties while installing plugins, but with WordPress you can get any plugin installed in less than a minute.

What are plugins, and what’s their job?

There are almost 20,000 plugins available (at the time of writing) in the official directory, and they enable you to turn your blog into whatever kind of site you like.

To quote the WordPress team themselves: “Plugins can extend WordPress to do almost anything you can imagine.” A simple definition, but accurate nonetheless.

Among the things plugins can do for your blog are: improve its typography, tune the SEO structure, help you to proofread and edit, take care of backups, check for broken links, provide a contact form, protect against spam, connect your site with social media profiles, display social media share buttons, enable Google Analytics, cache recent posts, enable AdSense, make it possible to display different forms of advertising, and many many more.

Where can you get plugins from?

The official WordPress plugin directory can be accessed at: http://wordpress.org/extend/plugins/

You can use the search engine to find any plugin you want by its name, or to use keywords that describe the functionality you’re after. For example, here’s how you’d find the “coming soon” plugin by ThemeFuse:

Now, in this post I’m using ThemeFuse Maintenance Mode —the “coming soon” plugin—as an example to guide you through the whole process of installing a plugin. The process is universal and you can follow it to get any other plugin installed as well.

There are two main ways to “get” your hands on a WordPress plugin, so to speak. You can either:

  • download it from the official directory (or any other website) as a ZIP file
  • have it put straight into your WordPress blog.

The latter is, of course, a much easier way, and a much faster to go through. However, I’m going to tell you about both to make the picture complete.

Install a WordPress plugin through your admin panel (the easy way)

I know that it sounds like a big deal, but this is actually the easier way to install a plugin, and one that can be done in less than a minute.

First, you need to log in to your WordPress panel on an admin account. Installing new plugins always requires admin access rights; it can’t be done through author accounts.

Next, go to Plugins > Add New, as shown below.

There’s a search field in the center of the page. It works almost exactly the same as the one in the official directory available at wordpress.org. You can use this search field to find a plugin by name, or you can use keywords to describe the functionality you want.

In our example, we’ve decided that we want to get the ThemeFuse Maintenance Mode plugin, so this is what we’re going to put in the field. Inevitably, the first result shown is the plugin we want to install.

Now, to the best part. You can have the plugin downloaded to your WordPress and installed just by clicking the link labeled as Install Now, that’s next to the plugin’s name.

The installation itself is pretty quick, and if everything goes well you should see something like this:

The only thing left to do now is to click the link labeled as “Activate Plugin,” shown above. By default, every plugin that gets put in your WordPress blog is deactivated. If you want to use it you have to activate it first.

If the plugin activates successfully it should be visible in your Plugins section and marked as active:

At this point, three main links are visible: Settings, Deactivate, and Edit.

  • Settings: This is where you can set the basic things about your new plugin. Usually, it’s where you start working with a plugin.
  • Deactivate: You can deactivate your plugin if you don’t want to use it anymore.
  • Edit: It’s not advisable to go there if you’re a beginner. This is the place where you can edit the source code executed by a given plugin.

That’s it. Your new plugin is up and running!

Now let’s take a look at a more complicated way of installing a plugin.

Installing a WordPress plugin manually

In this approach, you’ll have to get the ZIP file of the plugin you want to install (1), upload it to your blog through FTP (2), and then activate it in your WordPress admin (3).

1. Getting the ZIP file

As usual, start by searching for a nice plugin in the official directory at wordpress.org. Once you stumble upon something interesting you can download it to your local hard drive.

When you’re at the plugin page (http://wordpress.org/extend/plugins/themefuse-maintenance-mode/, for example) click on the Download button and save the ZIP file somewhere on your computer:

2. Uploading through FTP

For this step, you’ll need a piece of FTP (file transfer protocol) software to transfer the files to your blog hosting directory. Thankfully, there are some free ones, like FileZilla.

Before you can use FTP, you need to take the ZIP archive of your plugin and extract it to a location on your hard drive.

Now, in your FTP software connect to your site (your host will be able to give you the details you ned to be able to do this) and navigate to the wp-content/plugins directory.

Next, upload everything that has been extracted from the plugin’s ZIP file to that location.

3. Activating the plugin

Once you upload the plugin via FTP, you should see it listed in the Plugins section of your WordPress admin panel. But this time it’s deactivated.

The only thing left for you to do now is activate it. Simply click the Activate link, as shown above.

At this point, your new plugin is active and ready to be used, and the same three links (Settings, Deactivate, Edit) are displayed under the plugin’s name.

Since there’s not much more we can say about the installation process itself, let’s take a minute to follow the Settings link mentioned above and see what a standard plugin configuration page looks like.

Adjusting plugin settings

ThemeFuse Maintenance Mode lets you welcome your visitors with a sort of “coming soon” message. This comes handy if you haven’t finished working on your blog yet, and you don’t want anyone to see it half-baked.

Here’s an example screen that a reader will see when they visit a site where the plugin is active:

The best part is that a user who’s logged in to the site’s admin section (wp-admin) sees the blog normally, so they can work on it without any problems. The screen above is what normal blog visitors see. Now let’s go back to the settings section:

This is what you’ll find when you navigate to Settings > ThemeFuse Maintenance Plugin from the left-hand menu of your WordPress admin area.

Many WordPress plugins provide a small set of initial options that need to be set, but then the rest is done without any additional attention on your part. With this plugin, everything is pretty much set up right from the get-go, and if you want to, you can take care of some adjustments to make the plugin fit your needs perfectly.

The plugin provides some basic customization regarding the way it looks. The first two fields (Upload Logo and Upload Background) let you give the plugin a little branding. I advise you to change at least the logo to one you’re going to use on your site once it’s live.

The easiest way of changing the logo or the background is to upload these files through your blog’s media library, and then copy and paste the file links to the aforementioned fields.

In order to do this, just go to Media > Add New (the left-hand menu of your WordPress admin area):

Click Select Files. After your files are successfully uploaded, you’ll see a screen similar to this:

The marked URL is what you need to copy and paste into either the Upload Logo or Upload Background field.

The remaining fields enable you to customize your welcome message even further:

  • You can input the date on which your site is planned to be completed.
  • You can set a label for the loader bar.
  • You can set the percentage of completion, to give some visual representation of what’s going on.
  • You can include any content you find suitable through the standard WordPress visual (or HTML) editor.
  • Finally, you can set your Twitter username if you want to display a follow button along with your latest tweet.

One important thing you have to remember is that if the plugin is active, everyone who visits your blog and is not logged in will see the Coming Soon page instead of the blog’s normal appearance. When you are done working on your blog, and ready to launch, always remember to deactivate the plugin.

What’s the next step?

That’s all for this guide. I hope that you’ll visit the plugin directory and get yourself a nice shiny plugin right away. Later today, we’ll be publishing a list of some of the more popular plugins for you to check out.

For now, though, what other things about WordPress do you find challenging for a beginner to take care of? Let us know in the comments!

Karol K. is a 20-something year old web 2.0 entrepreneur from Poland and a writer at ThemeFuse.com, where he shares various WordPress advice. Contrary to what you might think, he doesn’t want to be the worst blogger on the planet. Don’t forget to visit ThemeFuse to get your hands on some original WordPress themes (warning: no boring stuff like everyone else offers).

What You Need to Know Before You Start a WordPress Blog

This guest post is by Matt Hooper.

After reading through Darren’s census of ProBlogger results, a couple of numbers stood out to me.

  • 8.7% of ProBlogger readers haven’t started a blog of your own yet.
  • Only just over half of the respondants are on the WordPress.org platform.

The latter caught my attention since you will find a lot of tips and tricks for the WordPress.org platform here on ProBlogger. From looking at these two numbers, you could make a relatively educated guess that there are still a lot of people out there looking to start a WordPress blog.

Finding a home: web hosting

Before you can even start writing your first post, you need to figure out where your online home is going to be. This will be the place that all of your files will live online.

There are different kinds of hosting but they can essentially be classified into three types.

  • shared hosting
  • virtual private server (VPS)
  • dedicated server.

Shared hosting is where most people start out and it is usually adequate for new site owners. Shared hosting is where different users are all on the same physical hardware. This can be compared to roommates. Everyone has their own room but there could be times when someone has a party and nobody gets up early. Like I said, this is good in most cases but if you or one of your roommates gets too much traffic, then the whole server could become slow.

A VPS is the next stage. You are still on a shared machine, but you are more isolated from your neighbours. This usually gives you more processing power and more RAM so that when your traffic spikes, your site isn’t likely to go down. Think of this as having your own apartment where there is a shared building but you can lock the door, and your noisy neighbours really need to have a shaker of a party to disturb you.

Finally, when your traffic is at massive levels, you might consider moving to a dedicated server. As the name implies, this is a dedicated piece of hardware that is entirely yours. All the RAM, the processing power and disk space is yours to do as you wish. This is your own house on acreage and you have no neighbours to worry about. However, the mortgage can start to put a dent in your finances. If you’re at this point, the rest of this post probably isn’t for you.

There are many hosts online, and I’m sure that someone will recommend a good host if you ask nicely. Make sure that you do your research and know what you’re getting into, though. Some shared hosts are crippled in their abilities and will only let you have one domain hosted with them, for example. Or, once you sign up, you discover that “unlimited” isn’t really unlimited.

Moving in: installing WordPress

After you’ve found a place for your blog to live, you’ll need to install the software that will be managing your posts and pages. If you’ve gotten to this point in the post, I’ll hazard the guess that you are probably going with WordPress.

Most shared hosts that are worth their weight will have something called “one-click” installs (it’s actually more than one click, but not much more) or something similar. The “one-click” software varies a bit depending on hosting provider, but they all do the same thing.

This gives you the ability to install WordPress with a few clicks of the mouse. You’ll still need to fill out a username for your site, passwords, site name, etc., but it’s a relatively painless process. The one-click software will set up the database for you, so you don’t need to worry about messing around with that. If you do encounter any problems, the support team at your host should be able to help you out.

Painting the walls: installing a theme

It’s not difficult to find WordPress themes on the internet these days, but you do need to be a little cautious. It’s widely know that the number one result in Google for free themes are full of malware and other nastiness that you’ll want to stay away from.

If you are interested in a free theme then you’re best to look in the WordPress theme repository. The people over at WordPress do their best to vet the themes before they make them available in the repository.

You may not be interested in any of the free themes; instead you might be looking for something with a bit more of a professional look and feel. If this is the case then, you are probably going to want a premium theme or framework. A premium theme or framework usually has a stronger development team behind it, and that team’s there to give you support when you need it. You won’t often get much support with a free theme.

These themes won’t often break the bank, but they will give your WordPress site a little more polish. Frameworks are becoming more and more common, and are probably your best bet. They take a little more work to set up than themes, but will provide you with a custom look without requiring you to drop the cash on a completely custom design.

When you are more established, you may decide that you’re bringing in enough income to justify the custom development costs of a one-off design. A custom design is a complete ground-up design, but in these days of custom frameworks, I think you really need a good reason to want to go with something like this.

Choosing your art: creating content

It’s often a good idea to have some content ready to go on your blog before you launch. This ensures that your visitors have more than just one thing to read when they visit for the first time.

I often recommend what I refer to as the “rule of fives”: launch with five pages, five categories, and five posts for each category. This rule isn’t etched in stone, so there is some flexibility for you to use your creative judgement; nevertheless, it gives you a starting point.

You don’t need to publish all of those posts on the first day—if you like, save some content to slowly roll out. It helps you set the theme of your blog and keeps your content focused. Keep in mind, too, that this doesn’t all need to be written content. It can be a mix of text, audio, images and video, for example.

Home sweet home: everything else

The above will get you started on your journey to blogging bliss, however there are other items to look at. WordPress is very extensible and things like plugins and widgets can really start to make your website your own. However, if you ask 100 different bloggers what their favourite plugins are, you’ll get a hundred different lists.

Later today on ProBlogger, we’ll be talking more about plugins. We’ll show you how to install your first plugin, and take a spin through some of the more popular plugins you might want to consider.

In the end, it’s all about building something that you can be proud of. If it isn’t enjoyable, you might be on the wrong path. Take your time and discover only what you need in order to get to the next step, just don’t sit around trying to figure out everything before you begin. Take action and push through the road blocks—and enjoy the process!

Matthew Hooper helps individuals, small businesses and organizations start blogs or websites as a step to building an internet presence. You can get his free guide on building an internet presence or check out his online WordPress course full of step-by-step videos so that you can learn WordPress in a single weekend.