Coming soon: SEO copywriting training

Andrew Raynor

 

 

Writing quality content is of great importance for your SEO strategy. At Yoast, we’re strong believers in the importance of nicely written and easy-to-read articles. Such content, however, requires strong writing skills. In order to help you write quality content, we’ve set up a SEO copywriting training.

As of June 7, you’ll be able to purchase our SEO copywriting training. It will available at an introductory price of $249 (later on, it will cost $299). The SEO copywriting training contains 6 modules with lots of training videos and some screencasts. On top of that, you’ll get tons of challenging questions and exercises in which we’ll test your (knowledge about) writing skills.

Assignments and feedback

As this is a course in which we’ll teach you how to write, you’ll have to do some genuine writing yourself. You’ll receive feedback on your writing assignment from one of the members of the Yoast team. The course also contains an assignment in which we ask you to set up your own keyword research. Again, you’ll receive feedback on your work from one of the members of the Yoast team.

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/

Can You Relaunch an Old Book?

Andrew Raynor

A year ago, I published my best book yet, The Art of Work, and it immediately hit several best sellers lists: The Washington Post, Publisher’s Weekly (two weeks in a row), and USATODAY. But the most gratifying part of writing this book has been the countless stories from readers whose lives have been changed by it.

Can You Relaunch an Old Book?

Like Rachel who told me the message of the book gave her the courage to continue working in the nonprofit she started. In fact, it helped her to understand why some things weren’t working and how to respond to failure, which is an important theme of the book.

Or Dan, who said: “Your book, The Art of Work, is the catalyst that is helping me transform here and now. Thank you for the courage you took to decide to write full-time. Thank you for the courage to build that book. Thank you to the many people who shared their story and inspired you to build content and meaning behind their life story thus far.”

The book continues to sell well and reach new readers. But I want to help more people discover the work they were meant to do. So for the next month, I am focusing fully on relaunching this book.

Can you relaunch a book?

I’m often asked by writers if you can relaunch a book and sell a significant number of copies to new readers. I believe it’s never too late for someone to discover a good book. Books, when we find them, are new to us, no matter how old they may be. Besides, many of your readers may have no idea about your book. This is why I’m going to relaunch The Art of Work.

But this begs the question, “Can you relaunch a book?” Well, that’s what we’re going to find out!

If you’d like to follow along, here’s what we’re going to do:

  1. In the next month, I am going to do everything I can to try to sell 10,000 new copies of my not-so-new book, The Art of Work. I’ll take every guest post, interview, and promo opportunity I can.
  2. I’ll update you throughout the process (if you want) for free with occasional email updates and videos, sharing what I’m learning along the way.
  3. At the end, I’ll share a detailed post-mortem of what went right, what went wrong, and what I learned. And in the end, we’ll get to see if you actually can relaunch something.

If you’d like to join me in this process, click here to sign up for occasional email updates.

I’ll notify you once a week of the progress in my weekly newsletter and may occasionally invite you to something else I think would be helpful, like a webinar.

Maybe this will inspire you to consider relaunching an old project you thought was lost or beyond hope. Or maybe it’ll just be fun to follow along. And of course, if you’d like to support me by picking up a copy of the book for yourself or a friend, that is, of course, much appreciated. You can do that here.

Have you ever tried to relaunch an old, and possibly even failed, project? What were the results? Share in the comments

Andrew Raynor

Ask Yoast: can backlinks from one site hurt my rankings?

Andrew Raynor

 

 

Backlinks to your website usually contribute to your rankings. So generally you’d be happy to get lots links to your posts and pages. But what if you get lots of links from one site? Would Google consider that as suspicious, and could you therefore be penalized?

In this Ask Yoast we’ll take a question from Gabriel Heffes of Alberta Home Services:

“I recently had a post on Tumblr that was reblogged and resulted in 9000 links to my page, making Tumblr and that post the most link sending post. Will these thousands of links cause a Penguin penalty and hurt my rankings?”

In the video below we’ll explain whether all those links could result in a penalty or not!

Are backlinks from Tumblr dangerous?

Not able to watch the video? You can read the transcript here:

“The honest answer is: no. This is actually a good thing, not a bad thing. Google knows how Tumblr works. It can see that these links are not bought or in any other way bad. So don’t worry about them. Celebrate the fact that you’ve got so many links on Tumblr! And make sure you’ll create another post like this, because it will actually help in your ranking. Good luck!”

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/

SEO copywriting: the ultimate guide

Andrew Raynor

 

 

SEO copywriting is both a key element and a challenge in every SEO strategy. As search engines spider texts, the content of your website should be fine-tuned to the (ever-changing) algorithms of search engines. On top of that, your text should be written in such a way that your audience enjoys and understands your writing.

In this complete guide to SEO copywriting, I’ll talk you through the process of keyword research and the 3 stages of the writing process. This guide should help you to write the SEO-friendly and readable articles you need on your website!

This guide to SEO copywriting covers:

SEO copywriting and holistic SEO

At Yoast, we profess what we call ‘holistic SEO’. In our view, your primary goal should be to build and maintain THE BEST website. Ranking in Google will come automatically if your website is of extremely high quality.

Google wants to serve their customers. Their mission is: to index all the world’s information and make it universally accessible. Of course, Google also wants to make some money, but if they want to make the world’s information accessible, they’ll have to show people results that fit their wishes. People would otherwise stop wanting to use Google. So, let’s agree on Google’s willingness to show people the best results: if your website is the best in your niche market, Google wants to rank it high.

Holistic SEO is an interdisciplinary marketing strategy aimed at making the best website in a specific niche market. In order to do so, the technical design of your website should be excellent, the UX of your website flawless and all security aspects covered. Most importantly, the content of your website should be well written and aimed at the audience your website serves. Such an approach asks for rather advanced writing skills.

To make sure your website is the best in your niche market, the text on your websites should be nice and easy to read. Without making any concessions to the quality of your text, you should tweak and fine-tune your text to the specific demands of search engines. The process of SEO copywriting strongly resembles the process of writing any other text. It’s hard work and some of us have more writing talent than others. We can’t all be Hemingway, but with some training, anyone should be able to write a decent article.

Read more: ‘5 tips to write readable blog posts!’ »

Before writing: always start with keyword research

The very first step of SEO copywriting has little to do with writing. You’ll have to decide what you’re going to write about. What topics do you want to be found for? You’ll need to use the keywords you want to rank for. Therefore, the first step of SEO copywriting is keyword research. Keyword research can be defined as the activities you undertake in order to compile an extensive list of keywords and keyphrases which you would like to rank for.

Proper keyword research consists of the following three steps:

Step 1: Formulate a mission

Before starting the actual keyword research, you should think about your mission. Your mission is the thing that makes you stand out from all the other blogs. While formulating your mission you should answer questions like: who are you and what is your blog about? What makes it special? Take the time and literally write down your mission. If you want to know more about formulating your mission, make sure to read our post about the mission of your website.

Step 2: Make a list of relevant keywords

Once you have formulated a clear mission, you can start making a list of all the search terms (keywords) you want your website to be found for. If your mission is clear, you should have little trouble coming up with search terms that apply to your niche market and your unique selling points. Those will be keywords you want to be found for.

In order to come up with good terms you really have to get inside the heads of your audience. How are they most likely to find you? What would they search for on Google? At the end of your keyword research, you should have a list of all the relevant search terms people could use. Also, think of combinations and nuances within these terms.

There are a few tools which can make keyword research a lot easier. Read our post about keyword research tools and the post about how to choose your perfect focus keyword if you need more hands-on tips.

Eventually, you should make a useful overview. Creating a table can help with this. Try to come up with combinations of keywords as well. And order the keywords by some kind of priority – which of the keywords are especially important to rank for (very close to your mission) and which ones are less important? When choosing which keywords to tackle first, you should also consider how likely it is that your pages will rank for that specific keyword. In many cases, focusing on less popular and less competitive keywords can be a good strategy at first. Read our posts about why you should focus on long-tail keywords and befriend the long tail if you would like to know more about the importance of less competitive keywords.

Step 3: Construct landing pages

The final step of keyword research is to create awesome landing pages for the keywords you want to be found for. A landing page is a page that is tailored to draw in visitors who reached your blog through a specific keyword. This could be a dedicated page or a blog post optimized for a specific keyword. Do make sure your visitors can find their way through your blog from every landing page. And make sure you make a landing page for every relevant keyword you come up with.

Your keyword research will give you much direction on what to blog about. You’ll have to unlock content around a specific word. A word is not a topic though. Next to a keyword (or keyphrase), you will need an angle, a specific story around that keyword. Read our tips on how to come up with ideas for your blog if you would like to know more about that.

Three phases of writing an article

Once you’ve decided upon a topic or a story you want to write, the writing process begins. In our view, the writing process consists of three stages: preparing, writing and correcting.

Process of good SEO Copywriting explained in a picture: 40% prepaparation, 20% writing, 40% correcting

Phase 1 of the writing process: preparing your text

The first phase of the writing process is preparing your text. Before you put your pen to paper, or your fingers on the keyboard, take some time and think about what you’re going to write. You probably have a topic in mind, but before you start writing, you should have clear answers to the following questions:

  1. What is the purpose of your piece? Why are you writing? What do you want to achieve?
  2. What will be the main message of your post? What is the central question you want to answer?
  3. Who are your readers?
  4. What information do you need to write your piece?
  5. In what order will you present your information? What will be the structure of your article?

In our post about preparing a blog post, you can read all about how to come up with proper and clear answers to the first 4 questions phrased above.

Text structure

The most important element of preparing your text is setting up the structure of your text. The structure of the text on your site is important for SEO. If your content is clearly structured, your chance to rank well in Google will be higher.

It really pays off to think about the structure of your piece before you actually start writing. The structure is the skeleton of your text: it will help the reader grasp the main idea of your text.

Posts or pages with a clear structure will also result in higher conversions on your website. If your message is properly understood by your audience, chances are higher that they’ll buy your products or return to your website. If you want practical tips on how to set up the structure of a piece of writing, you should read creating a clear blogpost structure.

Phase 2 of the writing process: writing your text

After the initial preparation you can start the actual writing process. This will take about 20 % of the total time you spend on your article.

Just write!

The most important tip for this phase is: just write. People often have trouble coming up with the first sentence (or the first paragraph for that matter). You can skip writing that first paragraph altogether. Just put down a couple of words referring to the content that first paragraph should have and start writing the second paragraph. Beginnings and endings are easier to write once you’ve fleshed out the body of your post.

If a sentence isn’t grammatically correct or sounds awkward, just keep going and don’t worry about it just yet. You can rewrite these things in the next phase, which is editing. In the writing phase, it is important to stay in the flow of writing.

Guard the structure of your text

While writing, use the structure you established in your preparation phase as an outline. Try to write the paragraphs according to that plan. Make sure you write clear paragraphs. We advise you to start each paragraph with the most important sentence. Then explain or elaborate on that sentence. A reader will be able to grasp the most important content from your article, just by reading the first sentences of your paragraphs.

Make sure your text is readable

Reading from a screen can be hard. If you want your readers to read your entire blog post, you should make sure it’s easy to read. Posts that are nice and easy to read will result in more returning visitors and a higher conversion rate. Most importantly, make sure your text isn’t too difficult for the audience you’re writing for.
Like to read more tips on writing readable texts? Please read our post with tips on how to make blog posts more readable and our post with tips on how to improve the typography of your blog. 

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/

Crafting good titles for SEO

Andrew Raynor

 

 

Writing good page titles is an essential skill for anyone doing SEO. The title tag is the first thing a user sees in the search results. It’s also one of the most important factors for Google to decide what the topic of a page is. The combination of these two factors makes it so essential. This article covers both the why and the how of creating a good page title.

HTML title tag or main heading?

First, let’s get some confusion out of the way: we’re talking about the HTML title tag. If you would look at the source of a page, this would be found in the head section and it would look like this:

<title>This is an example page title - Example.com</title>

In tabbed browsers, this title is usually shown in the page tab, as shown in the image below. It’s not to be confused with the main heading of the page, which the user sees on the page itself. That main heading is important too! In fact, we have an entire article about headings and SEO, but it’s not the topic of this article.

Page title in a tab

What’s the (SEO) purpose of a page title?

There are two goals that a good title must achieve:

  1. it must help you rank for a keyword;
  2. it must make the user want to click to your page.

These two goals are not mutually exclusive, but they do sometimes have competing interests. If you’re ranking but nobody is clicking on your result, the ranking doesn’t do you much good. Be aware that if you’re ranking but never getting clicks, over time, your rankings might deteriorate.

Titles and click-through rates (CTR)

Google uses the CTR (click-through rate) as a determinant for how relevant you are for a specific keyword. If your CTR is too low, relative to what Google expects you would get at a certain position, your rankings will drop. The opposite is also true, so a title that gets people to click will also help you rank better.

Your page title & focus keyword

If you’ve chosen a good focus keyword for your post, you should make sure to include that focus keyword in your page title. The page title is one of the most important ways for Google to determine your page’s topic. Not having the focus keyword in the title severely decreases your chance of ranking.

Because people are scanning the search results it’s important that the title immediately “catches their eye”. To do that well, having the focus keyword in the beginning of your page title is very beneficial as Google will highlight it when they search for it. Sometimes, when you’re optimizing for a keyword that has a lot of competition, everyone will have the keyword at the beginning of the page title. If that’s the case, having one or two words in front of your focus keyword, thereby slightly “indenting” your result and breaking the flow of other results, can be a good idea.

Optimal title length for SEO

The optimal length for a title is determined by how much Google can show in their search results. There are currently three “modes” in which Google can show a title. These modes are: wide screen, smaller screen and mobile. On a wide screen and on mobile, Google shows a longer page title than it does on the smaller screen. Let me show you what that looks like:

A wide result:

Page title showing completely in a wide result

A smaller screen result for the same URL:

page title not showing completely on a smaller screen

A mobile result for the same URL:

The page title showing completely on a mobile result

The snippet preview in Yoast SEO currently works for the smaller screen result, as that used to be the default up until early May 2016. From then on, Google changed the maximum width and now shows longer titles when the screen has the space for it. This means the optimal title length for SEO differs per type of result. We would suggest getting your most important keyword in the first half of the title, but if your title is slightly longer than the small result because of branding: let it be!

If you’re asking “how many characters does Google show?”, the answer is: “it depends”. Google doesn’t count a particular number of characters but has a fixed width in which it can show the title. This means it could show many more i’s than it could show w’s. The snippet preview in Yoast SEO accounts for this and shows you the same thing Google would show.

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/

105: Redefining What Success Means to Us with Aaron Walker

Andrew Raynor

Living a “successful” life isn’t what it’s all cracked up to be. We often believe if we have more money, recognition, or significant achievements, then we will feel satisfied. But I can tell you from personal experience, this isn’t the case at all.

105: Redefining Success with Aaron Walker

Publishing a book, obtaining a promotion, or finally working full-time for yourself will bring you temporary satisfaction, but these good things will not please you forever. This is because, many times, the goals we pursue are about us. But success is so much more than this.

I used to believe that pursuing a dream and being successful was only about myself. But I couldn’t have been more wrong. It wasn’t until I got everything I wanted in life when I realized none of it was for me.

This week on The Portfolio Life, Aaron Walker and I talk about why success isn’t measured by what we gain, but rather by who we influence. There’s no one better to speak fresh truth into this topic than Aaron Walker. He has built multiple successful businesses. But it wasn’t until he experienced a tragic accident that he realized there is more to life than achieving success.

Listen in as Aaron shares what he has learned about living a life of significance and practical steps you can take in leaving a legacy.

Listen to the podcast

To listen to the show, click the player below (If you are reading this via email or RSS, please click here).

Show highlights

In this episode, Aaron Walker and I discuss:

  • Why we need a reason to get up in the morning
  • The difference between living a life of success versus significance
  • Why pursuing success will not satisfy you forever
  • Whether you have to hit rock bottom to figure out your life
  • The importance of having people in your life to challenge you
  • What you need to help you live a life of significance
  • How to get around the right people

Quotes and takeaways

  • “We need contentment, not complacency.” —Aaron Walker
  • “You are the average of the five people you spend the most time with.” —Jim Rohn
  • “We have to train ourselves to be generous in all areas.” —Aaron Walker
  • “The answer is always ‘no’ unless you ask.” —Aaron Walker
  • “Fear missing an opportunity more than failure.” —Aaron Walker

Resources

What would you do today if you had no limitations? Share in the comments

Andrew Raynor

WordPress Security

Andrew Raynor

 

 

WordPress security has always been food for thought. Even though most of the latest updates (including WordPress 4.5.2) deal with WordPress security issues, there is still a lot that can be done to improve that security, even by the less tech-savvy of us. In this article, I’d like to enumerate a number of suggestions on how to improve security on your own WordPress website.

wordpress security must read article by yoast

Table of contents

WordPress itself has a list on WordPress security you might want to read. Of course, some of the things in that list will be repeated in the article below. Personally, I prefer a more hands on list and direction, that’s why we decided to write this article.

Don’t use admin as a username

Think about this. This is perhaps the easiest baseline step for WordPress security you can take as a WordPress user. It costs you nothing, and the install makes it really easy to do. A majority of today’s attacks target your wp-admin / wp-login access points using a combination of admin and some password in what is known as Brute Force attacks. Common sense would dictate that if you remove admin you’ll also kill the attack outright.

Yes, the argument exists that the attacker can still enumerate the user ID and Name and can in some instances pull the new username. There is no denying this. Remember though, like our friends at Sucuri like to say, Security is not about risk elimination, it’s about risk reduction.

For the everyday, automated Brute Force attack, removing the default admin or administrator username will already help a lot. You’re at least making it a bit harder for the hacker to guess the username. For the sake of clarity, understand that when we say admin we are speaking specifically to the username only and not the role.

Simply create a new user in WordPress at Users > New User and make that a user with Administrator rights. After that, delete the admin user. Don’t worry about the post or pages the admin user has already created. WordPress will nicely ask you: “What should be done with content owned by this user?” and give you the option to delete all content or assign it to a new user, like the one you have just created.

Use a less common password

An easy thing to remember is CLU: Complex. Long. Unique.

This is where tools like 1Password and LastPass come into play, as they each have password generators. You type in the length, and it generates the password. You save the link, save the password, and move on with your day. Depending on how secure I want the password to be, I usually set length of the password (20 characters is always right) and decide on things like the inclusion of less usual characters like # or *.

‘123456’ isn’t a password. ‘qwerty’ is like writing your security code on your bank card. ‘letmein’; seriously? Shame on you. Even ‘starwars’ made the 2015 list of 25 most used passwords. Remember, you’re never as unique as you think you are…

Add Two-Factor Authentication

Even if you’re not using ‘admin’ and are using a strong, randomly generated password, Brute Force attacks can still be a problem. To address this, things like Two-Factor Authentication are key to helping to reduce the risk of such attacks.

Oh, I know, the hassle two-factor authentication is. But for now, it’s your Fort Knox. The essence of two-factor authentication for WordPress security is exactly as implied in the name, two forms of authentication. It’s the recognized standard today for enhanced security at your access points.  You are already using two-factor authentication for Gmail, Paypal, and the works (at least you should be), why not add it to your WordPress security toolkit as well. Ipstenu (Mika Epstein) did an article on the subject you might want to read: Two Factor Authentication.

There is a plugin for that: Google Authenticator. An alternative that takes a slightly different approach for the same purpose is the Rublon Plugin.

Employ Least Privileged principles

The WordPress.org team put together a great article in the WordPress Codex regarding Roles and Capabilities. We encourage you to read it and become familiar with it because it applies to this step.

The concept of Least Privileged is simple, give permissions to:

  • those that need it,
  • when they need it and
  • only for the time they need it.

If someone requires administrator access momentarily for a configuration change, grant it, but then remove it upon completion of the task. The good news is you don’t have to do much here, other than employ best practices.

Contrary to popular belief, not every user accessing your WordPress instance needs to be categorized under the administrator role. Assign people to the appropriate roles and you’ll greatly reduce your security risk.

Hide wp-config.php and .htaccess

No, thou less tech-savvy WordPress website owner, that is not hard to do. It’s actually really simple, especially when you are using Yoast SEO for WordPress > Tools > File Editor to edit your .htaccess.

For better WordPress security, you’d need to add this to your .htacces file to protect wp-config.php:

<Files wp-config.php>
order allow,deny
deny from all
</Files>

That will prevent the file from being accessed. Similar code can be used for your .htacces file itself, by the way:

<Files .htaccess>
order allow,deny
deny from all
</Files>

You can do it. It’s no rocket science.

Use WordPress security keys for authentication

Authentication Keys and Salts work in conjunction with each other to protect your cookies and passwords in transit between the browser and web server. These authentication keys are basically set of random variables, used to improve security (encryption) of information in cookies. Changing this in wp-config.php can be simply done by getting a new set of keys here and add these. These keys change on a refresh of that page, so you’ll always get a fresh set.

Syed Balkhi at WPBeginner did an article on WP security keys, in case you want some more background information. The Sucuri plugin can help you with these keys as well.

Disable file editing

If a hacker gets in, the easiest way to change your files would be to go to Appearance > Editor in WordPress. To lift your WordPress security, you could disable writing of these files via that editor. Again, open wp-config.php and add this line of code:

define('DISALLOW_FILE_EDIT', true);

You’ll still be able to edit your templates via your favorite FTP application, you just won’t be able to do it via WordPress itself.

Limit login attempts

Attacks like a Brute Force attack, target your login form. Specifically for WordPress security, the All in One WP Security & Firewall plugin has an option to simply change the default URL (/wp-admin/) for that login form.

Next to that, you could also limit the number of attempts to login from a certain IP address. There are several WordPress plugins to help you to protect your login form from IP addresses that fire a multitude of login attempts your way. We haven’t tested all, but feel free to let me know your experiences.

Be selective with XML-RPC

XML-RPC is an application program interface (API) that’s been around for a while. It’s used by a number of plugins and themes, so we caution the less technical to be mindful how they implement this specific hardening tip.

While functional, disabling can come with a cost. Which is why we don’t recommend disabling for everything, but being more selective on how and what you allow to access it. In WordPress, if you use Jetpack you’ll want to be extra careful here.

There are a number of plugins that help you be very selective in the way you implement and disable XML-RPC by default.

Hosting & WordPress security

In the past years of website reviews, we have had our share of website owners stating that their hosting company couldn’t help with this, or knew jack about that. Hosting companies simply see your website differently. There is no simple rule to decide on your WordPress hosting company. But the choice of a hosting company does matter when optimizing your WordPress security.

Every article written on hosting or hosting companies seems to start by telling you that the cheapest one is probably not the best one. Most cheaper hosting plans won’t have support to help you out with a hacked site. These plans include little to secure your website, like for instance set up a Website Firewall (more on the Sucuri Website Firewall later). Shared hosting, for instance, does imply that your hosting server is also populated with other websites. These might have security issues of their own, which in turn might affect your own website’s security as well.

WordPress security seems to be one of the main USPs offered in specialized WordPress hosting products, like the one offered by GoDaddy. They offer backups, redundant firewalls, malware scanning and DDoS protection and automatic WordPress updates for very reasonable pricing (understatement).

Be mindful of host account

One of the biggest challenges with hosts is in their account configuration for website owners. Website owners are allowed to install and configure as many websites as they want, and this fosters “soup kitchen”-like environments.

This is challenging because, in many instances, a website is compromised via a concept known as cross-site contamination in which a neighboring site is used as the attack vector. The attacker penetrates the server, then moves laterally into neighboring sites on the server.

The best way to account for this is to create two accounts, one which you treat as a production environment – only live sites are published – and a staging one, in which you put everything else.

Stay up-to-date

Staying up-to-date is an easy statement to make, but for website owners in the day-to-day, we realize how hard this can be. Our websites are complex beings, we have 150 different things going at any given time, and sometimes it’s difficult to apply the changes quickly. A recent study shows that 56% of WordPress installations were running out of date versions of core.
Updates need to extend beyond WordPress core. The same study shows that a very large percentage of the website hacks came from out-of-date, vulnerable, versions of plugins.

This can be compounded in really complex environments in which dependencies make it so that backups can’t be achieved. This is why we personally employ Sucuri’s Firewall. This firewall virtually patches and hardens our website at the edge. It gives us the time we require to go back and apply updates in a more reasonable time frame, allowing us to test in our staging environments first, and only then push to production.

(Free) plugins & themes

Most WordPress users tend to apply themes and plugins at will to their posts. Unless you’re doing this on a test server for the sole purpose of testing that theme or plugin, that makes no sense, especially not with reference to WordPress security. Most plugins and a lot of themes are free, and unless you have a solid business model to accompany these free giveaways. If a developer is maintaining a plugin just because it’s good fun, chances are he or she did not take the time to do proper security checks.

We have teamed up with Sucuri years ago, to make sure every plugin is checked for security before release, and we have an agreement with them for ongoing checks as well. If you are creating a free theme or free plugin, you might not have the resources to add solid checks like that.

How to pick the right plugin

Ratings on WordPress.org exampleIf you want to be taken by the hand in selecting the right WordPress security plugin for your website, please read this in-depth article Tony Perez did on the subject: Understanding the WordPress Security Plugin Ecosystem.

Let me focus on the basics of plugin selection here. As explained above, free plugins and themes could be a possible vulnerability. When adding a plugin (or theme for that matter), always check the rating of that plugin. WordPress.org shows ratings, but one five star rating won’t tell you anything, so also check the number or ratings. Depending on the niche, a plugin should be able to get multiple reviews. If more people think a plugin is awesome and take the time to rate it, you could decide to use it too.

WordPress 4.5.2 compatible exampleThere is one other thing you want to check. If a plugin hasn’t been updated for two years, WordPress will tell you that. That doesn’t mean it’s a bad plugin, it could also mean there hasn’t been a need to update it, simply because the plugin still works. The ratings will tell you that, and the compatibility with the current WordPress version, which is also listed on the plugin page at wordpress.org. Having said that, Sucuri strongly recommends against using any plugins that haven’t been updated for that long. You should take their word for it.

Based on these ratings and compatibility, you could pick your plugins less random and have a larger chance of some kind of security being added.

I’ve already mentioned our friends at Sucuri. Daniel and Tony have done a tremendous job on our plugins and have helped on several hacked websites in the past. If you’re not familiar with these gentlemen, they are the owners and managers of Sucuri.

Sucuri is a globally recognized website security company known for their ability to clean and protect websites, bringing peace of mind to website owners, including us here at Yoast.
We’ve partnered with Sucuri because we take security very seriously, it’s not and should not be an afterthought. There is a variety of ways to address WordPress security, and we found that security was best addressed remotely at the edge beyond the application. What Daniel and Tony have built is a product / service that lets you get back to running your business. They are our partners, the security team we lean on when we need help the most.

Failing to take the necessary precautions for your WordPress security, and leveraging the experts can lead to malware infections, branding issues, Google blacklists and possibly have huge impacts to your SEO (something dear to our hearts). Because of this, we turn to them for our needs, like they turn to us for website optimization.

Here is a webinar Sucuri put together on how websites get hacked:

A lot of the suggestions in this article can be dealt with by installing and configuring their free Sucuri Scanner plugin for WordPress or hiring them to handle your website’s security. At Yoast, we don’t think this is an ‘extra’, but consider it an absolute necessity. For us, security is not a DIY project, which is why we leave it to the professionals. Visit their website at sucuri.net for more information, and check your site now to see if you have been infected with malware or have been blacklisted.

Yoast recommends Sucuri

If you are serious about your website, you are serious about your security. Get the complete security package of Website Security Stack now:

Get your Sucuri Website Security Stack NOW.

Closing thoughts

If you have come this far in this article, you will have no excuse not to improve the WordPress security for your website. Like adding posts and pages, checking your WordPress security should be a regular routine for every WordPress site owner.

This isn’t the full list of all the things you can do to secure your website. I am aware that one should, for instance, create regular backups. And that WordPress has a number of plugins for this as well. But backups are not part of WordPress security per se, I think these are part of having a website in general – they are administrative/maintenance tasks.

I trust this article about WordPress security gives you a practical list of things you can and should do to secure at least the first layer of defense of your website. Remember, WordPress security isn’t an absolute, and it’s on us to make it harder for the hackers!

Tony, thanks again for your input and additions to this article!

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/

Join Me for a Free Book Study this Summer

Andrew Raynor

Are you trying to figure out what you’re supposed to do with your life? Maybe you know exactly what you’re meant to do but you feel stuck in a dead-end job looking for the escape hatch? Or like many others, you’re somewhere in between and you want to know if you’re heading in the right direction.

Join Me for a Free Book Study This SummerIf this describes you, then I think you will like what I have planned this summer. Many people who read my book, The Art of Work, have asked me questions like, “What now?” or “How do I… ?” So I thought it would be fun to do a live book study for free to help answer these questions and more.

I want to invite you to join me for the next eight weeks in this free book study. We will explore the big questions in life, like, “What’s my purpose?” and “How do I know if I’ve found it?” During this eight-week study, we will talk about these things and a whole lot more.

If you’re a writer who wants to go pro, and you need practical steps to get started, this will help.

If you’re an employee who wants to become an entrepreneur, then there will be lessons you can learn to help you make the transition.

And if you want to find greater meaning in your life and work, we can talk about that, too.

I wrote The Art of Work to challenge people to think about their life as an important journey, one in which they have an important gift to share with the world. I also wrote it to encourage you where you’re at in your journey and offer you some practical tools to help you keep moving in the direction of your life’s work.

So if you:

  • Want to live with a greater purpose,
  • think you are meant for more than an average life,
  • and believe your life is not an accident,

Then this free book study is for you!

Here’s how you can join:

  1. Go buy The Art of Work from your favorite retailer (you can see a list here). If you already have the book, then you’re set!
  2. Enter your email and order or receipt number (if you have it) at artofworkbook.com.
  3. Follow the instructions to get your bonuses, including access to the private Facebook group where I will connect with readers and conduct weekly live video teachings and Q&A.

That’s it!

Ready to get started? Go to The Art of Work book site to make sure you’re signed up. You’ll get an email in a week when we get started on June 1.
Make sure you sign up May 30th so that you don’t miss anything!

Andrew Raynor

Joost & Marieke visit California this summer

Andrew Raynor

 

 

Are you living in the San Francisco Bay Area or in Los Angeles (or surroundings)? And, are you planning to organize a WP Meetup this summer? Joost de Valk would love to come, visit and speak at your WP Meetup this summer!

Marieke and Joost of Yoast visit the US

We (Joost and Marieke) will be traveling through California this summer. We’ll take our four children (aged 10, 6,4 and 1) along with us. It will be mostly fun, sightseeing and vacation, but we’d love to do some Meetups in California as well. So, please let us know if you’d like Joost de Valk to come to your Meetup!

Our timetable

What are the possibilities? From July 23 until July 29 we’ll stay in San Fransisco. Anything within an hour (or 90 minutes) drive is doable!

After July 29, we’ll be off the radar, doing some serious sightseeing. We’ll be in Los Angeles (well, Carlsbad to be precise) from August 12 to August 19.

Please contact us if you would like to have Joost de Valk come to your Meetup. Hope to see you soon!

Check out this video to see Joost present at WordCamp NL!

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/

5 tips on branding

Andrew Raynor

 

 

Tip 2: Phrase a tagline and make it visible

Your tagline phrases the most important message about your brand or your product in a single sentence. Make sure it stands out on your website. You can for instance place a tagline below your brand name. The tagline of Yoast is: the art & science of website optimization.

If possible, try to write your taglines in an action-oriented way. You can do this by using verbs and sentences that imply an action for the visitor. For instance, we could have a tagline saying: ‘Keep your site optimized with the Yoast SEO Premium plugin!’. This shows people one of the core values of the plugin, and making it active will motivate a lot more people to actually try it.

Tip 3: Use images

Images are a very important aspect of your branding strategy. You can use pictures and illustrations on your website, in your newsletter, on Facebook or in (printed) advertisements.  Of course, you should make sure your images fit your brand. If you sell ballet shoes, you should probably not use pictures of wild animals in the jungle.  You would want to use pictures that express elegance and grace.

If you consistently pick illustrations and photos that fit your brand, your audience will eventually recognize and remember your brand from simply looking at your pictures. At Yoast, we work with two illustrators in order to make unique illustrations that will give the Yoast feeling to our audience.

If you use your own photos, you could try to develop some sort of consistent style. You can for instance make sure all your pictures have the same dimensions, use a similar way of editing or use similar pictures. On Facebook, we always put a text bar on our images. We include the title of our post and the Yoast logo in that text bar. That text bar ensures consistency within all of our Facebook posts.

Tip 4: Use your brand name

Make sure your brand name will become familiar to your audience. That means you should use that brand name! Perhaps you can use your brand name in one of your products like we do in Yoast SEO. Make sure to use your brand name in your newsletter and in your (Facebook) posts. People should hear and read your brand name regularly!

Tip 5: Use your logo

Your logo is of great importance to your branding strategy. Branding is more than designing an awesome logo though (that’s why this is the final tip and not the first one I share). Ideally, your logo should stand out, it should be something people recognize without any context. Designing a logo doesn’t have to be too expensive. Go check out 99designs for instance!

The colors you choose for your logo are of great importance as well. Make sure to use these colors elsewhere: in your newsletter, on your website, in images. If you use the same colors everywhere, these colors will become part of your brand. People will recognize your brand only by looking at the colors in your newsletter or in your Facebook post.

Once you have a kickass logo, make sure to use it! Present it to your audience: on your website, in your newsletter, on Facebook: everywhere!

Conclusion

If you develop a successful branding strategy, people will remember and recognize your brand. In the long run, your logo or brand name will be something that immediately evokes emotions. As people get more familiar with your brand, your SEO will get easier as well. Therefore, combining your SEO strategy with an awesome branding strategy is the way to go!

Read more: ‘Positioning your shop in the online market’ »

SEO New Hampshire

https://twitter.com/andrewraynornh

 

https://plus.google.com/101481704883230173242/

 

https://www.youtube.com/channel/UCqysZhClqGBvHY0biNlwfFw

 

https://www.pinterest.com/andrewraynornh/

 

https://www.facebook.com/Andrew-Raynor-1694677947484186

 

https://www.linkedin.com/in/andrewraynornh

 

https://about.me/andrewraynor

 

https://myspace.com/andrewraynor

 

https://vimeo.com/andrewraynor

 

https://www.crunchbase.com/person/andrew-raynor

 

https://www.reddit.com/user/andrewraynor/

 

https://medium.com/@AndrewRaynor

 

http://andrewraynor.blogspot.com/

 

https://andrewraynoroh.wordpress.com/

 

http://andrewraynor.tumblr.com/

 

https://app.bitly.com/bitlinks/?actions=accountMain

 

https://delicious.com/andrewraynor

 

https://www.diigo.com/profile/andrewraynor

 

https://digg.com/u/andrewraynor

 

http://www.folkd.com/user/andrewraynor

 

https://www.instapaper.com/p/AndrewRaynor

 

http://www.linkagogo.com/go/Page

 

http://andrewraynor.livejournal.com/

 

https://sites.google.com/site/andrewraynornh/

 

https://www.plurk.com/andrewraynor

 

https://getpocket.com/@94aT9A0lg3650p0345d8b95djtpzg653794mvKrd3fT792f3733d9Yf3eHbmYib8

 

http://www.dailymotion.com/AndrewRaynor

 

http://www.stumbleupon.com/stumbler/andrewraynor

 

https://disqus.com/by/andrew_raynor/

 

https://www.readability.com/andrewraynor/