Wordpress - Learn Wordpress in A DAY! - The Ultimate Crash Course To Learning The Basics of Wordpress in No Time (PDFDrive)

By
Acodemy
© Copyright 2015
All rights reserved. No portion of this book may be
reproduced – mechanically, electronically, or by any
other means, including photocopying without the
permission of the publisher
LEARN WORDPRESS IN A DAY
The Ultimate Crash Course to
Learning the Basics of Wordpress in
No Time
Disclaimer
The information provided in this book is designed or written to provide helpful
information on the subjects discussed. The author’s books are only meant to
provide the reader with the basic knowledge of a certain topics related to
different subjects, without any warranties whether the student will, or will not,
be able to incorporate and apply all the information provided. Although the
writer has made his best effort to share the insights of Wordpress with the help
different tutorials in this book but there is need to understand that learning is a
difficult task and each person needs a different timeframe to fully incorporate a
new topic. Neither this book nor any other book of the writer promises that
reader will learn certain topics and subjects at any extent within a certain
timeframe. This is all because learning is process that depends various aspects
including the learner’s capability to understand, practice and perform the topic or
subject he/she is learning.
Table of Contents Chapter 1: Introduction
Chapter 2: Installing WordPress
Chapter 3: Understanding the WordPress Dashboard
Chapter 4: Plugins
Chapter 5: Creating Pages and Posts
Chapter 6: Site Architecture
Chapter 8: Backups
Chapter 9: Optimizing WordPress
Chapter 10: SEO
Chapter 11: Comments
Chapter 12: Monetizing
Chapter 13: Maintenance
Chapter 14: Organizing Content
Chapter 15: Working with Contributors
Chapter 16: WordPress Security
Conclusion
Chapter 1: Introduction

Objective: This chapter gives you a brief overview of WordPress and what it
can do to help you create a website.

If you’re new to websites in general but you want to create a blog or site, you’ve
probably seen a product called WordPress thrown around. WordPress is well
known in the webmaster world, because it’s easy to use, you can create a blog
within minutes, and best of all – it’s free. In this eBook we’ll cover everything
you need to know about WordPress and how it helps you create a brand and a
presence on the Internet.

Why Use WordPress

If you’re looking at a WordPress solution, you’ve probably already decided to
build a website. WordPress is used by professionals, enthusiasts, and hobbyists.
It’s also a good solution for people who have never had a website and don’t
know where to start. That’s what makes WordPress so valuable for website
owners. You don’t need any type of technology knowledge to get started. You
can even build a website for free on the wordpress.com domain. Your site
becomes a subdomain of the main wordpress.com domain, so you just need to
write without the worries about hosting and maintenance.

WordPress is also very versatile, so you can use it for several different types of
sites. It was originally made for bloggers, so it’s well designed for blogging
content. After its popularity evolved, several developers created ecommerce
plugins. WooCommerce is probably the most commonly known ecommerce
solution for WordPress.

Content continues to be one of the most important ranking signal for search
engines, so many companies use WordPress for content management solutions.
You don’t need to be an expert in any blogging platforms to implement
WordPress, and it’s compatible with alternative platforms such as Windows
servers and Microsoft SQL Server. You’ll need to do some additional
configurations to get it to work, but WordPress is globally available for most
platforms and server environments.

The first benefit of WordPress is the ease of use. If you’ve never used it before,
it might be a bit intimidating, but once you work with the platform you’ll find
that it’s one of the easiest content management tools to work with. You don’t
need to keep track of posts, pages, or even plugins. The WordPress dashboard
shows you a list of published and draft posts, so you can easily organize your
website content. The WordPress dashboard couldn’t be more intuitive.

You can manage your content from anywhere in the world. Since the WordPress
dashboard is included in the hosted application, you can open your dashboard
from any browser as long as you have access to the Internet and your website.

Even experienced site owners don’t need any HTML or FTP knowledge to work
with WordPress. You don’t need to upload any files or edit any HTML. You just
need to install WordPress and start writing. No technical skill is required to get
started.

We’ll cover SEO and search engine visibility, but another benefit of using
WordPress is that the code is clean and it indexes well in search engines. Most
webmasters are concerned with Google, and WordPress sites are easily able to
rank and index in the search engine. There are also plenty of plugins and themes
that help improve your SEO strategies and help engage users with the right
layout.

WordPress doesn’t require you to have any maintenance or patch skills. You just
need to log in to your dashboard and update any plugins or even WordPress
itself with just one click of the mouse. Again, you don’t need any technical skill
to maintain your site. You just need to add a few plugins, pick a theme, and then
start writing. It’s really that simple.

If you want to learn web development, WordPress is a great platform. If you
don’t, that’s alright too. The point is that WordPress is completely customizable,
so you don’t need to stick with the same theme as other webmasters. You can
hire a developer to customize a theme and your layout, or you can get into the
code yourself and start with WordPress customizations and coding. You’ll need
a background in PHP coding, HTML and CSS. All three of these languages are
easy to learn, so you can get started with WordPress development with little
experience and a little practice with your own site.

Several other blogging benefits are already packaged with the WordPress
installation. You already have RSS feeds installed, a comments filter called
Askimet that filters spam, the right theme gives you an advertising panel where
you can include ads for monetization, and most WordPress themes are
responsive for mobile traffic. All of these benefits are included with either a
theme you download directly from the WordPress plugin store or with the blog
installation. This means you don’t need to take time to develop or install these
features yourself, which saves you time and effort when starting a website.

Plugins are one of the best benefits of WordPress. You don’t need to add
extensions to your site or find a developer to create additions. Thousands of
plugins are available for you to download for free. Every plugin from SEO,
content formatting, image creation, layouts, and any other number of features
you need for your blog are available on the WordPress Codex site. There are
also numerous premium plugin sites if you can’t find the right one at the Codex
site.

You might be a small site owner now, but you could have a successful high-
volume site in the future. You need scalability to manage site growth, and
WordPress will never hold you back from growing your business. Some large
corporations use WordPress to manage their content, so you’re in good company
when you work with WordPress instead of using a custom solution. As a matter
of fact, WordPress is one of the leading content management tools on the
market.

Once your business grows, you can add users to your WordPress dashboard to
gain more contributors. WordPress uses a tiered access model where you can
have writers, editors, and administrators. You can have a team of contributors
who work on managing your site, so you can manage other parts of your
business. Some site owners contract content managers who find the writers,
develop topics, and then have them edited before posting. They even create a
schedule for your content, which is beneficial especially during the holidays or
important events. For large sites, it can take hours from the owner’s time to
properly manage content, and these content management help reduce the
overhead of finding topics and ensuring that nothing but quality is posted to the
site.

A Few Disadvantages

Even with its numerous advantages, every solution has some disadvantages,
including WordPress. The benefits definitely outweigh the disadvantages, but
you still should know what to look out for when searching for the right solution.

WordPress plugins are extremely convenient, but they also pose a security threat
to the site owner. You rely on third-party coders to keep their code secure and
well written. If a WordPress plugin coder doesn’t use standards that protect the
code from vulnerabilities, then your site becomes vulnerable. This is probably
the number one con to using WordPress. Several hackers publish scripts that run
against any WordPress site to find vulnerabilities. This means that you don’t
need to be a hacker to find issues with a WordPress site. Just download a script
on the Internet and run it against a site, and you could hack the site with your
own content.

You can keep your site protected from hackers by continually updating your site
with the latest patches, and you should only download plugins from developers
who continually update their code.

WordPress plugins provide several flexible features, but you are still limited to
the API. You can customize WordPress to a point. Any modifications that must
work outside the WordPress API will need to run separately from the core code
on the site.

Some site owners might find the limitations too much for their ideal
functionality. If that’s the case with your site, you’ll need to hire a developer to
create a custom site, which is much more costly.

These limitations and disadvantages are just a few to consider, but as you can
see the advantages are much more numerous. If you’re a new site owner and
don’t know where to start, WordPress can make your startup creation much
simpler. In this eBook, we’re going to discuss the benefits and functionality of
WordPress to help you decide if it’s the right platform for your business.

Lab Questions

1. If you want to add a new feature to your WordPress blog, what is the easiest,
fastest way to do it?

a. Hire a developer to customize a plugin
b. Open the WordPress dashboard and customize the code
c. Search the Codex and add a new plugin
d. Download and install a new feature using FTP

Explanation: WordPress has a plugin feature where you can add features without
any coding experience.

2. What is one disadvantage of WordPress?

a. It needs several customizations before it will work for you
b. It requires a coder for additional features
c. Hackers provide scripts to find vulnerabilities in WordPress
d. It’s not a flexible solution for scalability

Explanation: Since WordPress is the same across all sites, a vulnerability in one
plugin can mean vulnerabilities for thousands of site owners.
Chapter 2: Installing WordPress

Objective: Before you can start working with WordPress, you need to install it.
This chapter covers how to install WordPress on a new hosting account.

WordPress is a free download. You should only download programs from the
official developer source, and WordPress is no different. You can download the
WordPress files from WordPress.org. Store them on your computer, because
you’ll need to upload them to your host account.

Prerequisites Before You Install

Before you begin the installation, you need a few prerequisites. This lesson
assumes that you have your own hosting account. The WordPress.com domain
lets you create a free WordPress blog, but you can’t customize or do much with
the free account. We’ll cover self-hosted WordPress accounts that include the
need for installation.

You need a hosting account that uses PHP and allows you to create a MySQL
database. You’ll see these hosting accounts referred as LAMP, which stands for
Linux, Apache, MySQL and PHP. WordPress will run on Windows hosts, and it
can even be configured to work with SQL Server. However, this isn’t the native
platform intended for WordPress installations, so we’ll cover the standard
environment.

Just to recap on what you need before you install WordPress:

A hosting account with Apache
PHP enabled on the host
FTP or some way to upload files to the server
At least one MySQL database, but most hosts give you several and
even unlimited
The downloaded files from WordPress.org (never download from any
other source)

Installing on Your Host

The first step is to upload the files to your host. There are several different ways
you can accomplish this part. The WordPress download is in a zip file, so you
can upload the entire zip file or file by file. If you plan to upload by file, make
sure you upload the files to the right WordPress directory or your site won’t
function properly. When you upload your files, you need to use the
“public_html” folder on the host server.

You can either upload files using FTP or using the host panel. If you choose
FTP, you need an FTP client. You can upload using FTP commands through a
command shell, but this makes it much more difficult than using a friendlier
interface. To use this option, you also need FTP access through your hosting
account. Some hosts don’t allow FTP access, so check with the host and your
features included in the contract.

If you don’t have FTP, the host offers an interface that lets you upload files
through a custom interface. A common control panel named cPanel is included
with a LAMP hosting service. When you log in to your host, you should find
cPanel as a link. This interface should have a file management button that then
opens a file management window. From this window, you can open your
WordPress files.

To make it easier, the cPanel File Management interface lets you upload and
extract a zip file. You should see an “Extract” option in the window menu. It’s
much easier to upload the entire WordPress zip file and then use the Extract
option on the file to unpack the files to the host. The benefit is that you don’t
need to worry about directory structure and uploading files to the right directory.

That’s all it takes to install the files on your host. Once you’re finished with the
installation, you just need to configure it.

Configuring WordPress

The next time you access your site, WordPress is automatically detected and
sees that it’s not configured. Open your browser and type in your domain URL.
The domain URL is http://yoursite.com, where yoursite.com is replaced with
your own domain.

When you open your site, the first thing you see is a warning from WordPress
that says no configuration file is present. You need this file to run WordPress,
and another great benefit with WordPress is that you don’t need to create one
manually. WordPress has a friendly wizard that creates the file for you, but you
need to enter important information about your environment to allow WordPress
to create a database, run database queries, create the tables used to store your
information, and then any WordPress-specific configurations.

Click the “Create a Configuration File” button at the starting page for your
domain. This starts the configuration process and lets you create a file using the
WordPress setup wizard.

To configure WordPress, you’ll need information from your host. Your host
cPanel should have a link to manage your databases. You want to create a new
database for your site. Ensure that you name your database something that
pinpoints the site it links to. For instance, don’t name the database “blog” if you
plan to have several blogs for different sites linking to the same database server.
You want to give your database name either a branded name or a distinct name
that you can use to immediately determine which site it belongs to.

Another point to note when creating your database is that you need to give the
WordPress full control of the database. When you configure WordPress, this
user name and password are used to create tables and set up database
configurations. Unless you understand the granular levels of MySQL database
administration permissions, you should give this user full control to avoid any
issues with the site.

When you create a database, you’re given a host name where the database server
resides, and then you’re asked to create a user name and password. These
credentials are extremely important. You’ll need them for your configuration
file, but you never want to give these credentials to a third-party unless you have
a contract that restricts from maliciously using them.

These credentials are stored in your WordPress configuration file, which is one
reason you should always keep your hosting account safe from hackers or
unauthorized people.

Click the “Let’s Go” button on the next configuration screen.

The first text box asks you for the database name. This is the database name that
you entered when you created it in your host’s cPanel account. For instance, if
you named the database “MyFirstBlog,” enter this name in the text box.

The next text box asks you for your user name. This is the user name you set up
when you configured your database. The following text box asks you for the
password. Both of these values are what you used when you set up your
WordPress database in cPanel.

The next text box is labeled Database Host. In most cases, you can use the name
localhost. Localhost is a specialized name that tells any language that you want
to use the database server that’s local to the web server. For this name to work,
it’s dependent on your host configurations. You can try this host name, and if
WordPress is unable to connect to your database server, then you know that you
need to use the host name available in your host’s cPanel.

The final text box is labeled Table Prefix. To avoid overwriting existing
WordPress or other tables in a database, the installation process asks for a prefix.
This also helps you identify WordPress from other tables in your database. You
can add WordPress tables to an existing database, and this will keep them
separated from others. If you already have a WordPress site and want to install a
second using the same database, ensure that you use a distinct prefix to avoid
any data corruption.

After you set up your configurations, you can now click the “Submit” button and
set up the WordPress configuration file. If everything was entered correctly, the
next screen you see is the success message, and the next time you open
WordPress, you see a basic website information form.

The next form sets up your administration panel. It asks you for a site title,
which is the name of your blog such as “My First Blog.” You then create an
administrator user name and password. You should create a user name other than
the default admin name. WordPress hackers assume that the administration name
is admin and try to guess your password. If the administration name is something
other than admin, you immediately cut off many hacker attacks.

The final text box is your email address. This is the address WordPress uses to
send you reports, alerts, and notifications about your blog.

The check box labeled “Allow search engines to index this site” allows your site
to be crawled by search engines. You can leave this check box checked if you
want to immediately release your site. Uncheck it if you want to perform
configurations such as set up a theme or install plugins before it is indexed in
search engines. For the most part, you probably want to make customizations to
the site, so you want to remove the check mark.

In just one chapter we explained how to install WordPress, because that’s how
easy it is to set up. Once you have the setup finished, you’re ready to get started
with your blog.

Lab Questions

1. Before you can use WordPress, what must you create during installation?

a. an INI file
b. a configuration file
c. an index.php file
d. a zip file

Explanation: The WordPress configuration file is what allows WordPress to
work with your site and database.

2. What is one thing you need before you can use WordPress?

a. an index.php file
b. a free account on the Wordpress.com domain
c. a MySQL database
d. a cPanel account

Explanation: The MySQL database stores the information for your WordPress
blog, so it’s essential to run WordPress 3. What is the common host name for the
database location?

a. a fully qualified domain name
b. the directory path to the database files
c. localhost
d. the name of the web server

Explanation: The localhost name tells the web server that the database is located
on the same server as the website.
Chapter 3: Understanding the WordPress Dashboard

Objective: The main WordPress dashboard is where you configure your site,
create your content, and update your site and plugins. This chapter explains the
dashboard.

After you install WordPress, you’re ready to work on your site. Don’t forget the
administrator user name and password you created in the last chapter. You’ll
need it to log in to your new site.

Familiarizing Yourself with the Main Dashboard

With the site installed, type your domain into a browser. The administration link
is usually in the footer of your site, but you can always access the main
dashboard by appending /wp-admin to the end of your domain, and the
WordPress admin login screen pops up. Type your administrator user name and
password that you set up during the installation process.

Once you log in, the first page that opens is the main dashboard. Let’s take a
look at an image to get a better idea of what you see.

If you add statistics and analytical plugins to your site, you might have a
different view. These plugins usually add traffic statistics and information about
user habits to the dashboard. The above image is the main, unaltered view of the
dashboard.

Let’s go through the main menu items, which are on the left side of the
dashboard. Again, this might look different if you have plugins installed and
customize your dashboard.

The first link is the Home menu item. If you get lost in the dashboard and just
want to return to the main window, click this link and you’ll return to the same
view as the window above.

The next link is the Updates menu item. The red icon next to the menu item
indicates if you need to update any of your plugins. In the image above, 1 plugin
needs an update. Click the link and you’re taken to the plugin section of the
dashboard. Plugins that need an update are highlighted in pink. You just need to
click “Update” to install the latest patch for your plugin. We’ll cover plugins in
later chapters.

The Post menu item is where you’ll create most of your content. A post is a blog
post that you create. It shows up as the latest post in your list of content, and it’s
sent through your RSS feed to your viewers. We’ll cover the post window in the
next section.

The Media menu item is where you keep all your content that isn’t textual. You
store your videos, images, files and any non-textual object that you want to
display on your site. Even if you don’t display the content immediately, this
upload section will keep your content until you want to use it.

Pages are similar to posts, but they aren’t quite the same. Pages are static content
on your site. You can change your page content as needed, but it’s not
considered a part of your dynamic blog posts. Pages contain content that are a
part of your site but they consume a page on the site. For instance, an About Us
page would be created in this section.

Any user comments can be seen from the Comments menu. A plugin named
Akismet is automatically installed when you install WordPress on your site. This
plugin filters common comment spam, so it will help you manage any automated
submissions. You’ll need to go through this page often to approve new
comments from real users and delete comments that you feel are too spammy.

The following menu items are the main configuration areas for your site. The
Appearance section is used to change your theme or alter your theme content.
The Plugins section we’ll cover in the next chapter. Plugins are the backbone for
your site’s customization.

You can allow other users to access your site using the Users menu item. You
can give another user administrative rights to your site, but always give this type
of permission to only trusted people. With administrative rights, the user can
change any setting, delete and edit content, and even block your WordPress site
from search engines. You can also give people author or writer access. This
allows people to write new posts, but they can’t publish it. You’ll want to hire
editors for editing the content before it’s actually published.

The Tools and Settings options are usually customized once you start installing
plugins. The tools section is empty when you first install WordPress. The
Settings section has basic setup configurations for your site such as the site
name, permalink structure, and whether or not you want your site visible in
search.

The Post Window

We’re going to cover more about posting in chapter 5, but you need a good brief
overview of the Post page and section to get started with WordPress. Click the
Post menu item to see a list of published posts. This page also shows you a list of
posts you’ve set up as drafts.

The above image shows you an example of the Post page. When you first install
WordPress, the Hello World post is published as the default. This helps you get a
brief overview of the way WordPress works to publish content. If you click the
post title, you can see the post and uncheck the Publish check box. Removing
this checkmark removes the page from being published. You don’t need to
unpublished the page right away, but you’ll want to remove it once you start
creating content. The reason for this is that the Hello World page is a part of the
standard installation, and it’s a low quality page that isn’t relevant to your site. It
looks unprofessional to keep this page published.

When you want to create a new post, you click the Add New button at the top of
the page. This will open a window where you create your new content. You can
save a draft, so you can type your post directly in the Post page or write it in a
Word document and copy and paste the content to your site.

When you install plugins, many of them alter this page as well. Any plugin that
you create for posting purposes will likely alter this page layout and content.
Most site owners need some time to find the right plugin that works for them.

The Page Window

Pages are considered your static content. About Us, Contact, and location
information are all examples of a Page in WordPress. These pages don’t change
much in terms of content, but you are still able to change them as you need to.

Take a look at the Page window.

You’ll notice that it’s very similar to the Post section. You see a list of published
and draft pages. Again, WordPress creates a Sample Page for you. It’s not a
Hello World page, so you don’t get it confused with the Hello World post. If you
click the Sample Page link, you’ll see the sample content. Just like the sample
post, you should unpublished this sample page to remove it from the blog. You
don’t need to delete the page, but you should at least stop it from showing to
visitors and search engines.

Click around the dashboard and get used to it before you start publishing on your
site. The WordPress dashboard is where you’ll spend most of your time when
you want to maintain and work on your site. Everything in WordPress is
controlled from this page.

Lab Questions

1. What directory contains the location for the WordPress administration
dashboard?

a. wp-content
b. wp-admin
c. wp-media
d. wp-extras

Explanation: If you don’t have a link to the admin dashboard on your site, you
can access the admin dashboard from the wp-admin subdirectory.

2. What is the main difference between a page and a post?

a. a page is static content and a post is dynamic blog content b. a post is static
content and a page is dynamic blog content
c. both pages and posts are static, but a post can be scheduled for publication
d. both pages and posts are static, but a page can be scheduled for publication

Explanation: Pages are the static content on your site, and posts are the dynamic
blog posts that you publish to the site. Both pages and posts can be scheduled for
publication.

3. What plugin is automatically installed with WordPress to block comment
spam?

a. Yoast
b. All in One
c. Google Analytics
d. Akismet

Explanation: Akismet blocks known blog comments from IPs and spammers on
their blacklist.

4. What section of the dashboard lets you store images for use in your blog
posts?

a. Images
b. Videos
c. Media
d. Storage

Explanation: The Media menu item lets you upload images, videos, files and any
other media that you want to display on your site.
Chapter 4: Plugins

Objective: Plugins are the backbone for customizations on your site. This
chapter covers plugins, how you can install them, and what you can do with
them.

Even if you want to streamline your WordPress blog using the least
customization possible, you’ll still need plugins. The WordPress installation is
enough to get you started, but if you want any type of customizations for
posting, SEO, analytics, tracking, and security you’ll need a plugin. In this
chapter, we’re going to discuss searching, installing and maintaining plugins for
your site.

Searching Plugins

To get started, click the Plugins link in the main dashboard. The Plugin link is in
the second section of the main panel on the left under the Appearance menu
item. This link opens the Plugins section where any currently installed plugins
are installed. Since we haven’t added any plugins, you’ll notice that the Akismet
plugin is the only one listed. If you recall from the previous chapter, Akismet is
installed by default to blog comment spammers. You can deactivate it in this
window, but it’s not recommended. Even the Hello World post is open to
spammers if you disable Akismet.

You can also click the “Installed Plugins” menu item to see a list of installed
plugins.

Since we want to search for plugins, click the “Add New” plugin link. The
image below is an example of what the plugin window looks like.

When you first look at a list of plugins available, WordPress ranks the most
popular ones at the top. In this example, BuddyPress and Akismet are listed.

You can click the More Details link to see more information about the plugin.
You’ll also notice that these plugins are featured. WordPress often identifies the
most popular plugins and puts them on the featured section for you to try.

Notice in the top right corner is the Search Plugins text box. This text box is
where you enter your search phrase to find a new plugin for your site. After you
type a phrase or keyword in the search text box, press the Enter key and
WordPress will search its database of plugins. There are thousands of plugins
available, so you can spend days searching for different plugins and trying them.

You should be careful with the plugins you install on your site. WordPress has a
limited review process for code, so unless the plugin doesn’t work or it has
malicious links included, the plugin will pass review and be available for
download. Plugins can come with serious vulnerabilities if they aren’t coded
well. The developer must regularly upgrade the plugin, and patch it with each
new WordPress version released. WordPress doesn’t require plugin developers
to update their plugins after new releases, so it’s up to the developer to test and
patch their software. If you depend on a plugin, you don’t want to replace it
when the developer no longer supports it.

This doesn’t mean you can’t take a chance on a new developer, but you
shouldn’t base a high volume site on the plugin’s activity. Experiment with new
plugins on small blogs that aren’t updated often.

You can search plugins by phrases or by the plugin name. Type it in the search
text box, choose a plugin, and then click the Install link. You don’t need to do
anything more to install the plugin. WordPress downloads the plugin code,
extracts it on your site, and then applies it to your WordPress software.

Installing a Plugin

Once the WordPress software downloads the plugin, you’re not done yet. You
still need to activate it. WordPress tells you when it’s done installing, and then it
brings you to the plugin section.

Scroll down to the new plugin and click “Activate” to activate it in your blog. At
this point, the plugin is activated and can be used. You should first open a
second browser window and look at your blog through the browser to ensure that
it still functions properly. For instance, if you download a caching plugin, this
type of plugin can have serious side effects on your blog’s performance. After
you install the plugin, you should ensure that it doesn’t negatively impact its
performance and affect your users.

You should also verify that the plugin is working properly after you configure it.
Even if the plugin doesn’t work with caching or performance, poorly coded
plugins that include bugs during deployment can have an impact on your blog.
Some plugins affect others, so you want to be sure that the installation doesn’t
affect another one of your plugins. These technical issues can cause any number
of issues on your site including slowness, layout and textual issues, and server
errors. After any plugin install – even if it’s from a trusted plugin developer –
always perform a test on your site. Open the domain, view some posts, and click
around the site just to ensure that the plugin didn’t affect anything negatively.

There is one other way to install a plugin. You can buy premium plugins from
different sites that sell code. When you buy plugins from these third-party sites,
you don’t find them in the search page. You need to manually install any
premium plugin you buy on third-party sites.

It used to be that you needed to manually upload the files to your web host. You
can still install plugins that way, but WordPress added new functionality to make
installing premium themes much easier.

Notice in the image we included that there is an Upload Plugin button in the top
left corner. Your plugin must be in a zip file. You can name the zip file anything
you want. When you download a premium plugin, normally the plugin developer
includes the files in a zip archive. If you extract those files on a development site
or on your computer, you’ll need to recompress those files and added them to
one zip file.

Click the Upload Plugin button and choose the location of the zip file. After you
choose the file, WordPress begins uploading and extracting the zip file’s content.
Depending on the size of your zip file, the upload process can take several
minutes. You’ll have to be patient if the content is several megabytes. Most
plugins are only a few megabytes, so it shouldn’t take too long.

After the file is finished uploading, you need to activate it just like installing
from the WordPress official site. Activate the plugin, test your site, and you’re
finished with the manual installation.

Choosing a Plugin

With so many plugins to choose from, you might have a hard time deciding
which one to choose. We can’t tell you exactly what plugin to choose, but we
can help you decide on what plugin is best for your blog. There are some basic
plugins that most site owners install on their site to maintain it, write blog posts
more easily, and review analytics regarding site traffic and user engagement.

For the most part, you want to find plugins for the following blog tasks:

1. Analytics such as Google Analytics
2. Traffic analyzer
3. Security such as Sucuri or WordFence
4. Rich snippets if you have a recipe or sales blog
5. Plugin for Google Search Console
6. Caching plugin
7. A plugin to handle image minimizing
8. An SEO plugin
9. Image categorization for organization

These are just a few suggestions, but you might find that other plugins will help
you better get started with your site.

Once again, it’s important to only download plugins from trusted developers,
and download plugins that have good reviews from other users. WordPress
includes ratings and user comments with each plugin, so you can better
understand the viability of the plugin. If you see that a plugin is buggy and the
developer hasn’t updated it for several WordPress versions, it’s best to find
another plugin for the task.

The plugin setup is probably the most time consuming in your WordPress setup,
but they are invaluable tools that help you properly manage your site. They help
you with layouts, keeping track of statistics, and even protect your site from
hackers. Choose your plugins carefully, because you’ll need to upgrade them
when new versions of WordPress are released.

Lab Questions

1. If you can’t install a plugin from the main Plugin page, what is your other
option?

a. upload the plugin using FTP and click the install button
b. use the Upload File button on the main Plugin page c. you can’t use a plugin if
it can’t be downloaded from WordPress
d. upload the plugin to your root directory on your site’s host account

Explanation: You can FTP the plugin to your host account, but you don’t install
it using an install button. The best way to install a third-party plugin is to use the
Upload File button in the WordPress plugin page.

2. What is one thing you should review before installing a plugin from a
developer?

a. ensure the code is well written
b. ensure the coder is well known
c. ensure the coder keeps the plugin up to date d. ensure the plugin has the
proper signature within the code

Explanation: The plugin you use should be maintained and kept up to date to
ensure that it will work with future versions of WordPress.

3. What is one task that can be made easier using a plugin?

a. SEO
b. writing posts
c. editing posts
d. creating pages

Explanation: Several SEO plugins help you identify SEO efficiency on your site.
Yoast and All in One SEO are two such plugins.
Chapter 5: Creating Pages and Posts

Objective: Managing content is what WordPress was made for. This chapter
explains the process of creating pages and posts in WordPress.

We briefly mentioned posts and pages in Chapter 3. Posts and pages are where
you spend most of your creative time. It’s the next step after setting up the
technical details for your blog. Posts and pages are used very differently,
although they are confusing to some new WordPress users. The look and feel of
a page and a post are the same, but they have distinct differences in how they
function. We’ll go over both sections in this chapter and explain how you can
post content to your site using pages and posts.

The Main Differences between Pages and Posts

Before we explain how to create pages and posts, you should first know the main
differences between the two.

A page is meant to be a static page on your site. The content doesn’t change
much, but you do have the ability to change them from the main WordPress
dashboard. For instance, when you post an About Us page, you probably have
static content that describes your service and brand. You don’t need to change
this consistently, and you don’t want it to show up in an RSS feed as something
that changes often. You also don’t want your users to get this page when they
search for posts on your site. Any page that you want to remain as a standalone
content section on your site should be created as a page.

Posts are the meat of your WordPress blog. They are the new content you should
be publishing regularly. Most bloggers post something new each week, but
others focus on making a new post each day. The more quality content you
create, the more attention you’ll get from search engines. More search engine
visibility means you gain more traffic and possible followers each month. This is
how you grow your blog, and posts are the meat of the site that draw in users and
gain consistent readership.

Creating Pages

Now that you know the difference between a post and a page, you can get started
with your pages. When you set up a new WordPress blog, you usually start with
the pages. The pages are a part of the blog layout, because they are the static
pages that provide users with content about your site. The Contact page, the
About Us page, and any terms of services should be created using pages.

To view a list of pages, click the Pages menu item in the main WordPress
dashboard.

In the image above, you can see that we have the Sample Page listed. Any pages
you created in your blog will show up in this list. You can click the page and
open an editor. Within this editor, you can change the page content. You can
also delete a page or unpublished it if you don’t want to completely delete it but
want to make it inaccessible to users.

Let’s take a look at creating a new page. Click the Add Page link in the Pages
section of the main menu. The following window opens.

The above image is a screenshot of the new page window. There are several
options on this screen, so we’ll cover the main ones to get you started with a new
page.

The first text box is the page title. This is the title that shows up in the web
browser, and it’s a critical part of your SEO. Choose a title that captures visitor
attention including search engine users.

The next text box is the main content box. This text box allows you to mark up
your content. Notice the toolbar at the top of the text box. This is the formatting
toolbar. It helps you format your content with different markup. You can
download several plugins that add components to this toolbar. They offer
additional formatting for your text. Do a search for text or content formatting in
the WordPress plugin search feature.

Notice that the main formatting options are available in the WordPress content
text box. You can set text to bold and italics, and you can format the indent. You
can also create bullet point lists.

You don’t need to type your page content in the content text box. You can type
the content in a processor such as Word and then copy and paste the content to
the WordPress page. Any of the formatting will transfer, so you won’t need to
reformat most of the content.

Once you create a page, you can choose to either save it as a draft or publish it.
The Publish panel in the top-right corner is where you choose to publish or save
the content as a draft. You’ll also see a Preview button. This button is used to
preview your page on the site before you publish it. You should definitely
preview any post before you publish to ensure that formatting transfers properly
across the platform.

If you’re not finished with the post, click the Draft button and WordPress stores
it until you’re ready to come back to it. Once you click Publish, the page is
visible to your blog users, so make sure you’ve checked it for any errors.
WordPress lets you unpublished a page if you change your mind, so it’s not a
critical error if you publish it and need to revoke it.

The sections below the page content are used by plugins. For instance, if you
install Yoast, you’ll see several Yoast options in this section.

Creating Posts

The post section in WordPress is similar to the pages section, except you publish
to a different part of your blog. Posts are sent to the RSS feed as well, so any of
your followers will immediately see these posts. For this reason, you should be
more careful when publishing posts. Ensure that the posts are edited and proofed
before you publish it to the live feed.

To get started, click the Posts menu item in the main dashboard menu on the left
side of the window. The default window is the All Posts section, which shows all
of your posts including the ones you published and the ones you’ve saved as a
draft.

Just like the page window, the above post window shows you a list of your
posts. You can click a post to edit it, but lets’ create a brand new post. Click the
“Add New” menu item in the Posts panel on the left side of the screen.

You’ll see a window that looks similarly to the page creation window. A
screenshot of it is below.

The title for a post is the same as a page. The first text box should be filled with
a title that grabs your readers especially from search engines.

The next section is the content creation section. Notice that the toolbar is the
same for this page. You can format your text in the editor, but just like the new
page creation, you can create a post in an editor such as Word and copy and
paste the content to this window. The formatting will copy over.

The Post window has a Publish panel in the top-right corner. You can save the
content as a draft, preview the content on your blog, and publish the content. Just
like a page, you should always preview the content on your blog before you
publish it. If you haven’t finished the blog post, just click the Draft button to
save it for later.

When you preview the post, it lets you find out if any formatting issues are
present before you display them to your visitors. Make sure you edit and proof
any of your content before you publish it. Since posts are immediately available
to your visitors including the blog’s front page, you want to ensure that there are
no glaring errors before your visitors see them.

If you’re sure that you’re ready to publish, click the Publish button and open a
new browser window to view your blog. You’ll be able to review the content
and formatting. At this point, visitors can read your content and create
comments. Remember that any comments show up in the Comments section of
the dashboard, so check this section regularly to find any comments that could
be accidentally filtered by Akismet.

These two sections of your blog are the most critical for your content creation.
Once you have your blog fully configured and set up, you’ll spend most of your
time in these two sections creating content and reviewing comments on your
posts.

Lab Questions

1. When you decide to create an About Us page on your site, what should you
create?

a. a page
b. a post
c. an HTML file
d. add it to your .htaccess file

Explanation: A page is for static content, so you want to create a page for an
About Us section since its content doesn’t change often.

2. Before you publish content on your site, what button should you press?

a. publish
b. draft
c. preview
d. edit

Explanation: The preview button opens the post as a live preview on your site,
so you can see what it looks like before you let your users see the content.

3. What button in the Publish panel lets you save content before publishing it?

a. publish
b. draft
c. preview
d. edit

Explanation: A draft is a saved version of your post or page that isn’t available
to the public.

Objective: This chapter explains themes and what they can do for the layout and
styles of your site.

When you install WordPress, the default theme is installed. The WordPress code
performs all of the actions on your site, but the theme is what makes it pretty.
The theme determines the color coding, the CSS layout, the content
management, and any designs you want to display on the site. WordPress has
numerous free themes, but most site owners opt for a paid theme either from a
site that sells templates or from a third-party designer and developer.

Choosing a Theme

Since the theme of your site is the user interface and experience in WordPress,
you want to make a careful decision when choosing a theme. There are
thousands of themes to choose from. You can decide on a theme that follows a
certain color coding standard, or you could use a theme that has a certain layout
for sales and revenue.

Before you decide on a theme, you should determine what you’re trying to
accomplish. A theme can have a great impact on your visitors especially when
you’re trying to sell a service or product. Services WordPress blogs are usually
set up differently than a product ecommerce site. Even the colors can affect
visitor moods and association with certain industries. For instance, green is often
associated with money and finances. Yellow is attributed to something happy
and fun. Red is attributed to danger, and blue is calming. This might seem like
an unusual experience, but these colors and layouts affect the way users perceive
your site.

When you determine your website focus, you can then move on to a theme.
There are thousands of themes available, and you have two choices: free or
premium. Both of them have different advantages and disadvantages.

Free themes are great for people with little or no budgets. They help you get
started without the costly budget of a premium theme. However, free themes are
usually poorly coded and rarely updated. Your theme developer should always
update code to support the latest WordPress version. With free themes, the
developer submits the theme and then creates more for a portfolio. The goal is
not to support users, because there is no incentive for the coder to keep the
theme updated.

Beware of downloading free themes from third-party sites other than the official
WordPress store. Many developers inject links into their theme footers, or
purposely create backdoors into the code. This means that the developer can
access your site and use it for spamming purposes. The final plain, simple truth
is that most free themes are not well designed, even if they aren’t filled with
malicious code.

If you have at least $50 for a theme budget, it’s worth it. You can spend
anywhere between $50 and $200 for a theme template. Upload it to your site,
and you just need to install it. WordPress has an easy theme installation just like
the plugin install wizards. There are plenty of premium theme sites where you
can download layouts. Make sure you download a theme from a reputable site.
You don’t want to download from a site that does not have strict rules for code
and content. Themeforest.net is one such site that offers high quality themes at a
reasonable price. They have a code review and strict rules before allowing
designers to upload and sell content.

Your final option for a theme is to hire a developer. A developer is the most
costly, but you get a completely unique theme that’s customized to exactly your
own specifications. With free or premium templates, you have to compromise. A
developer will help you create and design a theme, and most of them will install
it for you. A developer also offers support with a theme that you won’t find from
anonymous theme developers.

Installing a Theme

Once you determine the theme that you want, it’s time to install it. You can also
search the themes available on the official WordPress store.

To get started with a theme, click the Appearance menu item in the left
navigation panel from the main dashboard.

Notice that the window defaults to the list of themes available on your site. The
Twenty Thirteen theme is the default installed on your site when you upload and
configure WordPress. Any other themes that you’ve downloaded either through
the official WordPress store or a premium website show in this window. In the
image above, 5 themes have been uploaded.

Not that although a theme is available and installed on the WordPress site, it
doesn’t mean that it’s active. You have 100 themes installed on the site, but you
have the option to only use one. One great benefit of WordPress is that you can
activate and deactivate themes on the fly, so you can change your layout with
just a few clicks of the mouse.

If you want to know more about a theme, click the theme in the list. A windows
opens with information about the theme such as if there are any updates
available. There is also a button to customize the theme, so you can change the
way it displays information to your users. You can also change the widgets and
edit them to pick and choose which ones you want to use.

You can add a new theme and search the WordPress store by clicking the Add
New button. You can search the WordPress store for any number of themes.
Although these are free, they are safer than downloading free themes from third-
party sites. They aren’t guaranteed to be free from backdoors and coding issues
that allow exploits. Since free theme developers don’t normally keep their theme
updated with the latest security patches and updates, you can have malware
issues with the wrong theme provider.

Once you install a theme, it’s the same process as a plugin. Even though the
theme is installed, it’s not activated. Click the Activate button to publish and
activate the theme on your site. Once you create a new theme on your site, the
first step is to open the domain in your browser to verify that it works properly.
You don’t want to publish a buggy theme to your site.

After you install a theme and activate it, always check this section to find out if
any updates are available. It’s important to continue to update your theme with
the latest patches and updates to avoid leaving vulnerabilities on your site.

Installing a Custom Theme

When you hire a developer to create a theme or you decide to download a theme
from a template site, you must upload the files to the WordPress theme
directory. The WordPress theme directory is located at wp-contentthemes
directory. When you unzip the theme, it should make its own directory. This
directory then contains all of the files for that particular theme.

Make sure you extract contents of your theme to the right folder, and create a
folder within the themes directory that matches the name of your theme. This
name is what shows in the Appearance section of the WordPress dashboard.

To upload a theme to your hosting account, you’ll need an FTP client. You can
also use the host provider’s cPanel interface to upload the files. Once you upload
the files, open your WordPress main dashboard.

Click the Appearance menu item, and you’ll see that there is a new theme listed.
Click the theme to review any information to ensure that the files installed
properly.

Once you verify that the theme was properly installed, click the Activate button
to activate it and set it as the main theme for your site. As you can see, activating
themes only takes a few minutes, so you can change your layout quickly and
frequently without many hassles.

Even if you bought a custom theme and tested it in a development environment,
you should still take a quick look at your site after you activate them. Open your
site and review your new theme. Make sure you click through links and review
blog posts and pages to ensure that the layout doesn’t have any bugs or design
issues.

Installing a theme is the easy part. Finding the right theme takes time, and it’s
especially time consuming when you have a developer create one from scratch.
However, the right theme can greatly increase your sales and income for your
site, and it keeps readers coming back for more.

Lab Questions

1. What section of the WordPress main dashboard contains the themes section
where you configure and activate them?

a. plugins
b. settings
c. appearance
d. tools

Explanation: The Appearance menu item contains all themes that you’ve
installed.

2. After you install a theme, what is the next step?

a. open the theme’s files
b. move the theme to the content folder
c. save it as a draft
d. activate it

Explanation: Even though the theme is installed, it’s not activated on your
WordPress blog until you click the Activate button.

3. What is one disadvantage of a free theme?

a. they don’t easily upload
b. they aren’t updated often, if at all c. there are hidden charges
d. WordPress doesn’t support them

Explanation: Free theme developers don’t normally update themes, which makes
them vulnerable to possible exploits.

Objective: Understand the way WordPress lays out your site, and the different
customizations you can do to make it user and search engine friendly.

WordPress code does all of the work behind the scenes. You don’t need to do
anything to site architecture to keep it functioning, but you might want to learn
how to customize your site and review its architecture. WordPress also has a
standard content structure that you can customize. When you change the internal
architecture, you should primarily use the tools and plugins available through
plugin. Changing site architecture can give you unforeseen bugs in the system,
so edit it carefully. However, it’s still good to understand how the system works.

Understanding WordPress File Structure

WordPress is template driven, which means the same pages are used throughout
the entire site. There are four main files that are always used in every WordPress
page.

Index.php
Header.php
Sidebar.php
Footer.php

These pages can be edited and changed during your customizations. WordPress
has an editor that you can use. Click the Appearance tab again. This is the same
tab you used in the last chapter regarding themes. Notice in this section you’ll
see an Editor link. Click this link to open the editor.

You’ll see an editor such as the one shown below.

Notice in the right panel is a list of pages. These are the customizable pages you
can change in the editor. WordPress is written in PHP, so you’ll need to
understand PHP to edit these pages. You’ll also need to know CSS, and
understanding the way WordPress API hooks work within the code.

Remember that any changes you make within this window are static. Unless you
understand how to write dynamic code that hooks into the WordPress API, you
should let a developer make these changes. You can, however, use a test blog
with this editor to practice making customizations to the blog.

Robots.txt

The robots.txt file is actually a separate file from the main WordPress system.
You can use robots.txt on any site whether it’s WordPress or not. The robots.txt
file is meant to control the way search engine crawlers interact with your site.

When you first installed WordPress and Chapter 2, we covered that there was a
check box that asked you if you wanted to allow search engines to crawl and
index your site. If you checked the box, search engines would crawl and access
it. If you removed access, your site would no longer show up in search engines
including any new or old pages. If search engines can’t crawl your site, then they
can’t index your site.

Using the robots.txt file lets you control if you want search engines to crawl
certain pages. This isn’t specific to WordPress, but the file is used often with
WordPress sites to block certain pages such as search pages. Since WordPress
search pages are typically low quality pages, site owners use the robots.txt file to
block access from crawlers, which then limits indexing that content.

Let’s take a look at an example WordPress robots.txt file.

User-agent: *
Allow: /
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content
Disallow: /e/
Disallow: /show-error-*
Disallow: /xmlrpc.php
Disallow: /trackback/
Disallow: /comment-page—
Allow: /wp-content/uploads/

The above is an example robots.txt specifically designed for WordPress. You
can specify a user agent, but we use the asterisk to just specify that we want to
give the crawl directive to any robot. Note that not all crawlers honor the
robots.txt directive, so it isn’t a guarantee that nothing will get crawled.
However, the major search engines honor it.

The robots.txt file, as you can see, is a directive that tells crawlers what to crawl
and what not to crawl. The Allow directives tell the crawlers what can be
crawled. When you specify one slash, it means crawl everything in the root of
the site.

Then, the crawler gets to the disallow directories. The directories shown are
main core WordPress files that you don’t want indexed in search engines.
However, you see that the last line is an Allow directive. This directive
overwrites the one Disallow one that specifies not to crawl anything in the wp-
content directory. Since we upload images to wp-content/uploads/, we want
crawlers to find the images and videos that we upload. This Allow tells the bots
to crawl the uploads directory in the wp-content directory, but all other
directories are still disallowed.

You don’t need to use any special tools to update the robots.txt file. You can use
even a plain text editor such as Notepad to edit it.

The Sitemap

The sitemap is another file that isn’t specific to WordPress, but it’s used by
WordPress site owners heavily. The sitemap contains the URLs to your site. This
file isn’t required by WordPress, but it helps crawlers find URLs to your site.
Crawlers will find URLs by just crawling your pages and finding internal links,
but a sitemap helps crawlers find internal pages that you might not have links to
within internal pages.

When you use WordPress, you can download plugins that will automatically
create a sitemap for you. You can even use your RSS feed as a temporary
sitemap until you create one. There are also several sites on the Internet that will
crawl your site, find URLs and then create a sitemap for you.

Sitemaps must in XML format. You can’t use HTML files for sitemaps, so keep
that in mind when you customize your own. RSS feeds are XML files, which is
why they can act as a sitemap until you find the right plugin for your blog.

Once you make a sitemap, you should submit it to Google. Google Search
Console lets you upload a sitemap to your account after you verify ownership of
the site. Once you upload a sitemap, Google finds it on your site URL and
crawls it. It finds each URL, crawls it, and then indexes it if the URL is
crawlable in the robots.txt file. The URL must also work properly, and you can’t
have errors on your site to properly index the content. As long as you have a
clean install of WordPress and download only plugins that are from trusted
sources, you should not have any problems getting search engines to crawl your
sitemap and index the URLs.

Using Friendly URLs

User friendly URLs help your users access your site directly. Instead of having a
URL such as mydomain.com/?a=12423, you would have a URL such as
mydomain.com/?my-friendly-article-title.

The friendly URL is easier for users to remember, so it’s a preferred method for
WordPress URL structures. The raw URL is still the original, but WordPress
translates the friendly URL to the raw URL, so the system can find the
appropriate page and display it to your users.

WordPress refers to user friendly URLs as permalinks. Permalinks can be set up
in the WordPress dashboard without any coding on your part. Any coding and
settings added to the backend code are done automatically by WordPress, so all
you need to do is decide how you want your permalinks to display. Permalinks
are also search engine friendly, so they help your site rank well in search
engines.

To open the section in WordPress that lets you change permalinks, click the
Settings menu item in the main dashboard. Then scroll down to the permalink
section where you’ll see several options. You’ll see the following options in the
panel.

Notice that you have several options. The first option is the default. This link
structure is what you’ll see when you first install WordPress and if you have no
permalink structure at all.

If you have several posts each week, you should choose the day and name option
to keep all of your posts well organized. If you plan to post only a few posts a
month, then the month and name option would be the better selection. The
numeric option is not recommended, because it still does not use the article title
in your permalink structure.

You can also create a custom structure, but this is usually for very highly
customized sites that can’t use the other options. For the most bloggers, name
and month or day and name are the two best options.

Understanding your blog structure will greatly improve the way you understand
how WordPress works in general. If you are new to customizations, you should
install a test WordPress instance to customize code in the editor. You don’t want
to create any major changes on a live, active site. For the sitemap and robots file,
find the right plugin to help you work with these files if you are unsure how to
work with their syntax.

Lab Questions

1. Which file lets you control the way search engines crawl your WordPress
blog?

a. sitemap
b. robots
c. permalink
d. editor

Explanation: The robots.txt file tells crawlers what URLs should be crawled and
which ones should be disallowed.

2. What WordPress tool lets you edit the PHP code in your WordPress files?

a. sitemap
b. robots
c. permalink
d. editor

Explanation: WordPress has an internal editor that lets you review site
architecture and edit file content.

3. What should you submit to Google to help its crawler find your live URLs?

a. sitemap
b. robots
c. permalink
d. editor

Explanation: The sitemap is an XML file that contains a list of URLs that exist
on your WordPress site.
Chapter 8: Backups

Objective: Without backups, you run the risk of losing everything in your blog –
even years of content. This chapter shows you what you can do to ensure that
your data can be recovered.

Most people don’t realize the importance of backups until they actually need
them. You can spend hundreds of hours on your site, and just one crash can
destroy all of your hard work. Some site owners think that they are safe by
relying on the host to perform backups. This couldn’t be more incorrect. A host
might back up some of your files and even your database, but not always. If you
have managed WordPress hosting, then the host likely creates backups.
However, if you purchase shared hosting or unmanaged hosting, there is a
chance that the host does not back up your files and database at all.

To avoid the possibility of losing all of your hard work, the answer is to perform
your own backups. There are two parts of the WordPress system. The first part is
the files. You downloaded the files from the WordPress site, but any of your
customizations, plugins and theme files must be backed up.

The second part of the WordPress system is the database. You can’t obtain the
database files themselves, but you can back up the data. Most hosts have an
interface that lets you dump the database data to a text file that you can then use
to upload to another location including a recovery option.

You need to find a place to store your backups. You can store them locally on
your hard drive, or you can upload them to the cloud such as Google Drive.
Wherever you store them, it should be a safe and secured area. You don’t want
anyone obtaining the backups to your site, because they are able to view your
password and private information. They would be able to access your database
and therefore all of your content.

A safe and secured storage place also ensures that you have access to your
backups even if your own computer crashes. You don’t want to store the files on
the host server, because if it crashes then you lose your backup files as well.
Backups should always be stored offsite. The advantage of storing backups in
the cloud is that you can restore your files from anywhere in the world. Suppose
your site crashes and you’re traveling. You can recover your site from a laptop
and an Internet connection instead of waiting to go on location to recover the
files.

Backing Up Files with WordPress Plugins

Most site owners don’t back up files manually. You can manually create a
database backup and take a snapshot of your WordPress files, but it’s not
necessary. You can download several plugins that will do the entire backup
process for you. You can choose the best one you want that works for you, but
we’re going to use BackupBuddy as an example. It’s a common backup plugin
in the WordPress plugin store.

Use Chapter 4 to search the WordPress store for the plugin and install it on your
site.

Once you install the plugin, it’s time to configure BackupBuddy for security and
automating your backup process. You’ll notice after you activate the plugin that
BackupBuddy now has a link in the main WordPress dashboard menu. Click this
link to open the BackupBudy configuration settings window.

When you open the window, you’ll see the following list of options.

The first two text boxes are important for your security. These text boxes are
where you enter your password for the two main features in WordPress –
ImportBuddy and RepairBuddy. Make sure you choose a good password that
isn’t the same as your main admin dashboard password.

The next text box asks you for the location of where you want to store your
backups. Most people store their backups on the local disk. If you decide to store
files on your WordPress site’s local disk, make sure that the directory you
choose is secure. Remember that an insecure directory gives anyone access to
your backup files. If they are able to download these files, then you can gain
access to the configuration file that contains your user name and password for
your database, which then gives you access to all of your data. These files should
always be a priority for your security efforts.

The next text box is the user permissions used to create the backups. The plugin
recommends the Administrator account. In most cases, this is the right account
to use. You need administrative rights for many of the tasks that are required for
a backup. You probably store your backups to a directory that has strict
permissions set. This means that you’ll need the administrator account to store
the files. You want to ensure that the backup process is able to complete. If it
doesn’t, then you could go to recover your site and have an unfortunate surprise
that the files are corrupted or a complete backup didn’t complete. This is
something to consider when you set up a backup strategy.

The next option is the logging and debugging options. It’s important that you log
any errors, so you know what to fix in case the backup fails. It also gives you an
alert if the backup fails one day, and your other backups normally work
properly. It’s especially important when you first set up your backup strategy.
You might miss a setting, or there could be something specific with the host that
stops you from properly configuring your backup tasks. The debugging and
logging process will tell you when the process failed, when it failed, what part of
the process failed, and any clues on what you can do to fix the problem.

The maximum storage configuration tells the plugin how much it should cap the
backup storage capacity. The default is 10MB. WordPress files aren’t very large,
but as your database ages, these files grow. Database files and data backups can
get very large. Make sure you cap the amount to a value that lets you keep files
for several days before BackupBuddy begins to delete them. You want to have at
least a week of retention before you start overwriting and deleting old backups.

The log file check box indicates the maximum amount for the debugging and
logging file. This file can grow to several megabytes in capacity, so you want to
ensure that you allow for enough logged events, but you don’t want to eat away
at all of your storage space from a long log file. After about a month, you can
delete log files. You can probably delete them sooner if you take several
successful backups without any issues. The goal for a log file is to allow you to
go back several days to see any events that affect your ability to create a backup,
but delete older events that take up too much storage space.

The final checkbox asks you if you want to allow backup reminders and alerts.
This option reminds you if you accidentally forget a backup or any errors occur.
Notice that the section underneath the main configuration panel asks you to enter
an email for alerts. This is important if a backup fails.

The final configuration is to setup the actual backup schedule. You have the
option to backup the database, files, or both. It’s best to do a complete backup
after you’ve made changes, but you only need the database if you’ve only added
content.

You should back up your information as much as you update the site. If you only
update once a week, then you only need once a week backups. If you update
several times a day, you should backup your database at least once a day.

BackupBuddy isn’t the only backup plugin you can choose from. They all have
similar settings and procedures, and they all back up to the local host server. You
can still download the backups to your local hard drive and upload them to your
Google Drive. Some premium plugins will automate the upload to your cloud
drive, so you don’t need to do anything to perform the full backup activity. Just
make sure that you always keep the backups secure, and don’t upload them to
any insecure third parties that don’t guarantee their protection.

Lab Questions

1. What are the two pieces of WordPress that you need to back up during your
backup procedure?

a. the database and host information
b. the WordPress files and host information
c. the database and WordPress files
d. host account information and the wp-admin directory

Explanation: The database contains your posts and pages, and the WordPress
files and directories contain your themes and customized content.

2. What account should you use to back up the files?

a. power user
b. visitor
c. administrator
d. author

Explanation: The administrator account has full permissions to back up the files
and database and store it to a secure directory.

3. What do you use to ensure that the backup process completed successfully?

a. .htaccess file
b. log files
c. robots.txt
d. wp-admin

Explanation: Most backup plugins have an option to debug and log any backup
events, so you can review any issues and get alerts when the backup process
failed.
Chapter 9: Optimizing WordPress

Objective: WordPress speed is important for a good user experience and search
engine crawling. This chapter explains has to optimize your WordPress blog for
performance.

WordPress is well coded, so you don’t have to worry about poor code being an
issue with site speed. Poorly coded plugins and themes are an issue, but you
should stick with plugins created by well-known creators to avoid installing any
poorly functional code on your site. Site speed is import for users and search
engine bots. Search engines use speed as a quality factor, and users bounce from
your site more quickly when it’s too slow. This chapter will review optimization
tips for your WordPress site, which can be done mostly with plugins.

Caching

Caching is a common way to speed up a WordPress site. It’s actually a method
for any site to speed up the process of rendering static content to website
viewers. Caching involves storing the common elements on your site in a way
that the server doesn’t need to dynamically display content when it’s not
necessary.

Normally, when you open a website in your browser, you contact the web server
to request the page. Most pages on the web are dynamic, which means that the
content displayed in the page is rendered from user input. For instance, when
you open a page for a red product, the red product is queried from the server and
then the content is displayed in the browser. Your WordPress blog posts work
the same. The user lands on your page and requests a specific post by number.
The post number is used to query the database server and find the post you want
to view. All of these methods are dynamic.

Even though most content is dynamic, there are parts of your page that rarely
change. The header and logo area rarely change. The footer hardly ever changes.
Even side panel navigation and sales ad areas rarely change. These sections
should be cached for faster performance for your users.

There are two types of caching: server side and client side. Server side caching
keeps pages in memory that are commonly used on the site. For instance, the
header.php page is often used in WordPress, because it displays the header
section of your site. Since the header hardly changes, you can cache this section
of the site. You can set your server to cache these pages. The difficult part of this
option is that you need control of the server. You need to be able to set your
server caching options. Luckily, you can cache options server side using caching
plugins freely available in the WordPress plugin store.

The other option is browser caching or client side caching. This option uses the
caching done on the user’s browser. When a user opens a page, the browser
stores the page in cache. You can tell the browser to store the cached content for
a specified amount of time. The next time the user requests content from your
site, it firsts requests if any changes have been made to the page. If no changes
were made, the browser uses the currently cached page. This means that the
request for any content is done locally, which greatly speeds up the performance
of your site. The only issue you could have with this option is if the user
regularly clears cache, and if any issues occur with updated content. The user
would still see your old content in the latter case.

There are several plugins in the WordPress store that let you cache content.
When you choose an option, be sure to check your site for any issues. One
common crawling issue is when the caching plugin doesn’t work well with bots.
It can actually cache old content and show bots the wrong content.

Content Delivery Networks (CDNs)

CDNs take caching one step further. CDNs allow you to cache content, but the
speed performance upgrade is mainly from the way a CDN works.

A CDN is located in data centers across the globe. When a user accesses a page,
the CDN identifies the visitor’s location and does a lookup for the closest data
center within the user’s geolocation. The data center closest to the user is then
used to render the content. It might seem like a trivial difference since Internet
traffic works at the speed of light, but accessing servers within your own local
area is much faster than accessing servers from a different side of the globe.

You can check it out for yourself. Search Google on one of its country code
domains that contains sites located across the globe from your current location.
Notice how much slower the site renders content than when you work with sites
within your local country.

Another benefit of a CDN is its DDoS protection. One of the most common
CDNs on the market is CloudFlare. CloudFlare has several benefits including
cache capabilities and data centers around the globe. They also have firewall and
DDoS detection that stops malicious attacks on your site.

A DDoS (Distributed Denial of Service) is a malicious way to bring down sites
and interrupt web service. A DDoS attack is more than just one person sending
malicious content to your website. It’s several computers – sometimes thousands
– sending malicious traffic to your site. These computer owners don’t usually
know that they are a part of a DDoS attack. A DDoS attack is usually from one
malicious hacker who has a virus installed on several thousands of computers.
The hacker gets the malicious program on each computer using various
techniques such as phishing or taking advantage of an older browser with no
security patches. The result is that the hacker now has control of these thousands
of computers running a trojan. The computers are then called zombie bots.

When the hacker decides to send thousands of traffic connections to the site, the
server resources and bandwidth are exhausted, and sometimes the server crashes.
It’s a frustrating event for a site owner, but it can be mitigated using a CDN such
as CloudFlare.

You can choose from several CDN options. Note that they aren’t free, so they
will add to the cost of your WordPress site setup.

Using Gzip Compression

The biggest component of most WordPress sites is usually the images. Images
can be several megabytes in size depending on the image format. You should do
everything you can to reduce the size of an image without compromising on its
quality. Small, quality images are key for a fast performing site.

Gzip compression is done on the server and the client’s browser. Gzip is a
natural part of PHP and Apache servers, so you don’t need to install anything to
make it work. You will need to either edit the .htaccess file on your host account,
or you need to install a plugin. Most WordPress site owners opt for installing a
plugin, because it’s easier to manage and no site configurations must be
changed.

Gzip compresses the images on your site. You want to especially use this
process when you have large images that describe a product. Ecommerce sites or
any WordPress blog that relies heavily on image content should be using Gzip.

When you upload an image to your site, the Gzip utility or plugin compresses it
to a much smaller size. The result is that you have a much smaller image to send
to the user’s browser. Remember that when a user requests a page on your site,
all elements are sent to the user’s local computer including images. When the
image is compressed to a smaller size, you’re using less bandwidth to send
content to the user’s local computer, which speeds up the time it takes to render
the content in the user’s browser. When the zipped file is completely
downloaded, the user’s browser then decompresses the file and extracts the
image’s true size on the user’s local hard drive. The result is that the user still
sees your high quality image, but it takes much less time to download it to the
browser.

Perform a search in the WordPress plugin store for “gzip,” and you’ll find
several available plugins that work with this feature for you.

These three options can be used at once on a WordPress site. The three
combined techniques greatly improve the performance of your site, which means
you’ll have better search engine visibility and user experience.

Lab Questions

1. What service lets you serve WordPress content from the user’s local data
center?

a. CDN
b. Caching
c. Gzip
d. DDoS

Explanation: A content delivery network (CDN) identifies the user’s location
and sends content from the closest data center.

2. What feature can you use that stores common, unchanged content on the
user’s local hard drive?

a. CDN
b. Caching
c. Gzip
d. DDoS

Explanation: Caching loads content from the browser when the server’s content
remains unchanged.

3. What feature compresses images, so you use less bandwidth when transferring
files?

a. CDN
b. Caching
c. Gzip
d. DDoS

Explanation: The Gzip feature compresses files, and then the user’s browser
extracts the full size image after it’s downloaded.
Chapter 10: SEO

Objective: Search engine optimization is the technique used to improve your
site’s visibility in search engines. This chapter focuses on helping you perform
SEO through plugins and basic knowledge.

You can’t have a website that relies on search engine traffic without hearing the
term SEO. Google is the dominating force for search engine traffic, so most
people focus on Google traffic when the target SEO research. While Google
remains the biggest search engine on the web, what you do for SEO will also
help you with other search engines such as Bing. This chapter will focus on the
basics, and we’ll cover the two main SEO plugins – Yoast and All in One.

Titles and Meta Descriptions

The first major point for SEO is titles and meta descriptions. You can see these
in action when you open a website in your browser. The title is the web page’s
main title that shows up in search engines and in the browser tab. When you
open a page, you see the title in the browser tab that helps you identify which
page you have opened on the site. This title is very important for search engines,
because it describes the page content.

When you perform a search in Google, the title is what displays as the URL.
You click the title, and the URL brings you to the web page. You have
competitors in search engine results, so you want to make the title stand out
against the others. You can focus on placing search engine query phrases in the
title, but you should still keep the title well written and have it stand out against
the competition.

The snippet of content that shows below the title in search engine results is the
meta description. This lets you describe the page content in one or two
sentences. You don’t want to make this snippet too long, because it doesn’t show
in search engine results, and descriptions are not used to rank a site. You want to
create one or two sentences that properly describe the content. For instance, if
the title of the page is “Best Red Widgets in Miami,” you would create a meta
description that gave the user a little more information on these widgets.
Remember that these couple of sentences shows in search results pages, so they
help increase your click-through rate (CTR) when users see your URL in results.
CTR is a good indicator for the success of your titles and meta descriptions.

Subheaders

Subheaders are components that describe the page content in a more granular
way. For instance, you could have five paragraphs that describe your red
widgets. Each paragraph could have a subheader that describes the paragraph
topic. It’s still related to the site title since the content should match the title, but
it’s used to bring out more important topics that relate to sections of the content.

You’ll see subheaders referred to as H1, H2, H3 tags. The “H” tags are number
from 1 to 6. As the numbers increase, the size of the font is reduced. This is to
indicate that higher numbers have less importance than lower numbers. For
instance, the H1 tag could be a subheader under the title, and then the H6 tag
could be used to describe paragraphs. You can override the browser defaults and
use font sizes defined in the site’s CSS file. This is done through your
WordPress theme configuration, which we discussed in Chapter 6.

Subheader tags aren’t as easy to create in WordPress as the title. You need to
either manually code the headers in your content, or you can use a plugin.
Luckily, there are numerous plugins that let you insert header tags without the
need to manually code them yourself. We’ll cover two of these plugins in the
last section of this chapter.

When you create your subheaders, you want to organize them from top to
bottom. The H1 tag should be at the top and should describe your content in
further detail. The H1 tag supports the title tag with more information. After you
use the H1 tag, the H2 tag should be used. This tag is usually what’s used for
paragraph subheaders.

When you create the content for these subheaders, don’t just put keywords into
them. Always make them useful to users and focus on them instead of search
engine bots.

Content

Content is the most important part of any web page after good code. Good code
allows a bot to crawl the content on your site, so good content and good code go
hand in hand. Once the bot can crawl your site, it retrieves your content and uses
this content as a way to rank your website.

When you research SEO, you’ll read several different techniques and tricks.
Some of them are beneficial, and the others should be avoided. The best way to
judge which ones are best for your site is to use common sense. Keyword stuffed
or spun content is not useful for users, so it’s not beneficial for your site’s rank.
When you work with content, your goal should be users and not search engines.
Once users like your site, search engines will notice that your site receives
mentions in the form of backlinks. Backlinks are an entirely different topic that
doesn’t focus much on WordPress itself, so we’ll focus on just the local content
of your site.

The header tags we mentioned in the previous section are a part of the site
content. As a matter of fact, your theme, WordPress code, ads, post text, and any
plugin code are all a part of your site’s content. Most people focus on the text
that displays to users, but a page’s code and text in its entirety forms the content
as a whole.

When you create a WordPress blog, the topics you create should be from an
authoritative point of view. You can write news or evergreen content, but a
combination of both help keep your site relevant to new topics while still
explaining older topics that users search for frequently. When you decide on
your content, you should add something new to the topic to stand out against
competitor content.

Content is a controversial topic in SEO, but as long as you focus on quality and
authoritative content, you can do well with your onsite blog SEO.

SEO Plugins

With your content created, you have two options for SEO plugins. There are
several in the WordPress store, but the two main common plugins are Yoast and
All in One SEO. These two plugins dominate the market, and the developers
update and patch them frequently. Each of them has distinct differences, and
some people prefer one over the other.

You can choose another SEO plugin, but this section reviews Yoast and All in
One SEO.

Yoast is probably the more popular of the two. Yoast has an analytics section
that automatically gives each section of your blog post a score. This score can be
used to identify where you can improve the SEO on each page. It even gets
down to several elements and content phrases, so Yoast is a great way to analyze
your site. Yoast also gives you a snippet preview of your title and meta
description, so you can see your site link as if it’s showing to your users in
Google.

All in One SEO is for experienced users. Yoast is best for beginners, but most
experienced SEOs prefer All in One. If you already understand SEO and don’t
feel the need for analytics help, you can choose All in One SEO as your plugin
option. This plugin is more simplified and doesn’t have quite as many options as
Yoast, but that’s because it assumes that the blog owner already knows what’s
needed for optimization.

SEO is a complex topic that can greatly impact the success of your blog if you
rely on search engines. When you first start your blog, you shouldn’t worry too
much about ranking. Focus on your blog, its architecture and structure, gaining
visitors through social media, and then you can deal with more complex
functionality. Even though it’s something you shouldn’t worry about, SEO
plugins can help you add the right components to your site from the beginning.

Lab Questions

1. What is the first important aspect of your site besides its content?

a. title
b. subheaders
c. meta description
d. keyword phrases

Explanation: The title is shown in the user’s browser tab, and it’s the text shown
in search engine results.

2. What content snippet is supportive, detailed information for the page title?

a. title
b. subheaders
c. meta description
d. keyword phrases

Explanation: Subheaders are the H1 to H6 tags that support the title information
and offer a way for you to identify important parts in your site content.

3. The title is one element shown in Google’s search engine result pages. What is
the other part of your site code that shows in results?

a. title
b. subheaders
c. meta description
d. keyword phrases

Explanation: The meta description is one or two sentences that describes the
content, and it is a factor in your click-through rate (CTR).

4. What do search engine users use when they search for content, which should
also be included in this content?

a. title
b. subheaders
c. meta description
d. keyword phrases

Explanation: Keywords help you focus on topics, and they one component in
search engine optimization.
Chapter 11: Comments

Objective: After you create a post, users can create comments on it. This
chapter explains comments, managing those comments, and filtering out spam.

Part of a successful blog is user interaction. You don’t want to post content
without allowing users to make comments. WordPress includes a comment
section on the blog that allows users to make comments. You can use the default
comment section provided by WordPress, or you can integrate social media. You
will need either code customizations from a developer or a plugin to use an
alternative to the default WordPress comments functionality. Luckily, there are
numerous third-party plugins available for the comments section. This chapter
will help you understand how they work and what you can do to better organize
and manage them.

Managing Comments

We showed you how to review all of your posts and pages in Chapter 5. We also
noted that WordPress automatically creates a test page and post. For the sake of
this chapter, open the Posts page and click the sample Hello World page. Click
the Preview button to see this page in your WordPress blog. Scroll to the bottom
of this post, and you’ll see the sample comments section. It’s set up to
automatically allow any new comments in this section.

You can test the comment system and add a new comment to your post. You
need to enter a name and a comment to the post. Once you do, it’s time to review
the comment.

Close the preview window and click the Comments link in the WordPress main
dashboard menu. This page shows you a list of comments on your site. The page
looks like the following image.

Notice in the image above that the Comments page has different tabs. These tabs
are used to organize each comment into its different state.

The default tab is labeled as All. This tab displays all comments regardless of the
state that they’re in.

The next tab is the Pending section. Whenever a new user posts a comment, a
comment is set for moderation first. When a user’s comment is in moderation, it
goes to the Pending tab for your review. You can delegate comment approval to
the author of a post, so the author can moderate comments, or you can keep
control of any of them on your site. This option is a personal preference for the
site owner. Once user comments are approved, they no longer need to go
through the approval process.

The next tab is the Approved section. This section is a list of the approved
comments on your blog. You can review these approved comments and remove
them again if you feel that you accidentally approved a spam blog comment.
You can also delete blog comments from this section. Any blog comment that
displays in this tab is shown on your site, so make sure you want certain
comments to display to visitors before you approve them.

The Spam tab is where any flagged comments are held until you determine that
they are legitimate. WordPress uses a number of triggers to identify blog
spammers. You’ll be amazed at the number of spam blog posts you receive when
your blog goes live. You don’t want to disable spam filtering, because you will
get hundreds a day even for small WordPress sites. For more popular sites, they
get thousands of spam posts.

The last tab is the Trash section. When you delete a comment, WordPress still
keeps a copy of the comments for several days to ensure that you really wanted
to delete it. You can recover any of your deleted comments from this tab. If you
don’t recover them, they are slowly removed and permanently deleted.

Spam Comments and Akismet

We’ve mentioned before that Akismet is automatically installed when you install
the WordPress software. It’s important to keep this plugin activated, because it
immediately stops blog comment spammers. If you decide to deactivate it,
always have an alternative installed and configured. As soon as a blog is picked
up by spammers, hundreds and even thousands of comment spam flood your
blog. Too much of it can ruin your user experience and search engine ranking.

Akismet has several triggers it uses to detect spam. Most comment spammers
send the same comment to numerous websites, and Akismet picks up on the
pattern. It also uses IP addresses and even email addresses used by spammers to
block comments. Akismet doesn’t automatically delete comments. It first puts
them in the Spam tab to let you review them. For the most part, any comment
that gets sent to the Spam tab is likely spam. However, Akismet does have some
false positives, and this is why all spam comments go to a tab where you can
review them instead of automatically deleting them.

Since Akismet is automatically installed with WordPress, you’re ready to use it
provided you register an account. When you open Akismet, the following screen
appears.

Click the button labeled Say Goodbye to Comment Spam. When you click this
button, the following window is shown.

When you enter some information, Akismet gives you a key. Akismet is free for
one of your blogs. If you plan to use an enterprise solution, Akismet has a
monthly fee. The enterprise version is worth it if you need a robust system for a
high-volume blog.

Once you activate your Akismet registration, you’re given a key in a screen that
looks like the following.

This is the key for your Akismet registration. Once you submit this key using the
Akismet form in the WordPress dashboard, it’s fully activated and can work
with your blog.

If you recall from the previous section of this chapter, the Pending section of the
blog comments window holds blog comments until you approve them. The
Spam tab holds any comments that Akismet believes are spam. You’ll use these
two tabs heavily to approve valid blog posts and delete spam comments.

Once you have the spam comments under control, you should approve valid
comments and reply to them. It’s important to keep user interaction active.
Replying to user comments lets people know that you are active on your blog,
and you haven’t abandoned it. Abandoned blogs often lose user interest, and
they don’t have any comments or replies. This activity is not only good for user
trust, it’s also good for search engine ranking. When Google sees that the blog is
active, you have a better chance of ranking higher in the search engine.

If you have pages where interaction is unneeded, you can disable blog comments
in the page or post configurations. For instance, you don’t want comments in an
About Us or Contact Us page. You should disable these pages to avoid
unnecessary comment administration on the blog.

Pingbacks

Pingbacks let you know that other blog users are discussing your content. They
help you identify popular pages on your blog. When another blog owner links
back to your blog, a pingback sends a message to the author. You can disable
this feature in the Discussions section of the main WordPress dashboard.

You have a few options for pingback comments. You must enable pingbacks to
allow them to create comments on your blog posts. Of course, since pingbacks
are comments on your blog posts, you need to enable comments on the page or
post.

What’s great about pingbacks is that you can see who is reading your content
and any comments they have on your blog. The pingback links directly to the
blog and the post URL. It also shows you the number of people who have
viewed the post. These metrics are beneficial when you want to identify who is
linking to you and the number of comments that are made regarding your posts.

You can see the pingbacks on the post itself, or you can review pingbacks from
the Discussion section of the main WordPress dashboard. It’s also nice to send a
response to the blog owner for the mention. A natural backlink is great for
search engine visibility.

Comments are a great way to interact with your users, and they tell you that
people are actually reading your content. It tells you that more than just bots are
accessing your posts, and that readers were so moved by your content that they
were compelled to comment.

Lab Questions

1. What spam filtering tool is automatically installed in WordPress to filter out
comment spam?

a. Yoast
b. Akismet
c. All in One
d. BackupBuddy

Explanation: The Akismet plugin is free for small bloggers, and it automatically
starts filtering spam comments when you install WordPress.

2. When a new user makes a blog comment, where is this comment initially
listed in the dashboard?

a. Pending
b. Spam
c. Approved
d. Filtered

Explanation: Any new blog comments are moderated and placed in the Pending
section unless they are triggered as spam.
Chapter 12: Monetizing

Objective: Blogs cost money, and this chapter discusses some of the common
monetization techniques to help you pay for your time and hosting.

Most blog owners love to write, but you can’t live on the love of writing. You
need to make money for the blog if even to pay for its hosting and technical
support. The bigger your blog grows, the more resources it uses. You might need
to upgrade your hosting account to manage the blog traffic. You might need to
hire a developer to customize some of your theme or plugins. For any one of
these reasons, you need money to pay for services. You can even make a full
time living off of your blog with enough traffic. You can sell services, digital
products, or just ads on your blog. This chapter reviews several monetization
options.

What are the Different Monetization Options?

Most people opt for ads on a WordPress blogs. This option is the easiest, but you
still must be accepted into the ad network. This usually means that the blog must
be reviewed and accepted into the network before you can sell ads.

Ads work by allowing you to make money two ways: either for each click from
an interested user or for each visitor to your pages. Most advertisers prefer to
pay for the click, because paying for traffic can be abused. The cost for each
click can be anywhere from a few pennies to several dollars. Even if you only
make pennies for each click, it adds up when you have millions of visitors to
your site.

The next option is by making money through affiliate sales. Amazon is a popular
affiliate network, because you can sell almost anything through Amazon. You
can create a site that focuses on any number of products, and there is a good
chance that Amazon has the product for sale.

With affiliate sales, you get a percentage each time a visitor buys product or
services. Produce and services owners love affiliates, because it’s a very low
cost of advertisement for the owner. They give you anywhere between 1% to
10% of the affiliate sales depending on the market. Some higher end markets
such as finance and real estate give their affiliates thousands of dollars in
acquisition percentages.

Banner ads are another way to make money on your blog. Some banner ads are
similar to the ads we mentioned earlier. They give the blog owner a percentage
each time a click is made on the banner. However, you can also rent the banner
ad space and make a monthly amount. You can lease the space for a few dollars
a month, but popular blog owners make thousands each month for banner ads.
Some blog owners make a full time income selling ads on their blogs, but these
sites bring in millions of visitors a month. With a flat rate monthly cost, the
person buying banner ad traffic will want your blog to have a high volume of
visitors for it to be worth the advertisement costs.

If you have a subscriber list, it can be valuable to the right buyer. Selling leads is
common for bloggers as well as other site owners. You can create a signup form
and send the results to a buyer. Insurance uses this method as a common way to
pay affiliates.

The final way to make money on your blog is through CPA or cost per
acquisition. This method is usually the highest income but the hardest to make.
CPA is similar to when a car salesman makes a car. He only gets a commission
if he actually sells the car. CPA offers are common in software installation offers
and high end products such as mortgages. If you send a lead to a mortgage
broker, you can make thousands if a sale is made.

Using Google Adsense

Cost per click (CPC) networks are the most commonly used monetization
options for site owners. They are especially popular for bloggers, because these
sites tend to get massive amounts of traffic when they rank well and have several
followers.

CPC networks give you money each time the user clicks a link. The advertiser
pays the ad network a specific amount for each click, and you get a portion of
that amount. The clicks add up to thousands, and some site owners make five
figures (even six figures) a month in CPC ad revenue.
With several options available to you, Adsense is still the most popular. It’s also
the most difficult to break into. You need good content with at least six months
of history to get approved into Adsense. Google Adsense pays the best and it has
the most popular network. Using Google Adsense as the monetization option
automatically gets you into an advertising network where several high end
brands buy ads.

Another benefit of Adsense is that several plugin developers provide plugins that
help you place the ads on your site. Make sure you fully read the rules for
Adsense and keep track of the traffic and ad clicks on your site. Adsense is very
strict with its publishers. If advertisers complain that you send fraudulent traffic
to their site, Adsense will review your site and ads and possibly suspend your
account.

Affiliate Links

Affiliate links are the second most popular way to monetize your blog. You can
use affiliate links and CPC ads on your site. Just make sure you read the rules for
both networks to ensure that they are allowed to mingle together on the site.

With affiliate links, you must also be approved. It’s easier to get into an affiliate
network than it is to get into Adsense. Affiliate networks such as Commission
Junction are very strict with advertisers and affiliates. Commission Junction
(also called CJ) asks advertisers to submit paperwork to prove their validity.
Publishers must be admitted by CJ and the advertiser.

With affiliate networks, you place a link with your affiliate ID included in the
URL. This affiliate ID is how the advertiser knows that you’re sending traffic to
their site. You don’t get a commission until a sale is made. Some affiliate
networks pay for the traffic, but this is a rare option. Paying for traffic can be
abused, so affiliate advertisers prefer to pay when a sale is made.

For it to be beneficial to you, you should check out the affiliate sales landing
page. If the website has poor content, user experience, or doesn’t sell a product
that you think will sell, then you should not sign up to the network. Pick affiliate
products or services that you know well and can write about from an
authoritative standpoint to help drive sales to that product.

If you decide to work with affiliate links, check out the WordPress store for
affiliate network plugins to help you manage them. These plugins will help you
determine clicks and views to estimate how much you should make each month
from these affiliate sales.

CPA Offers

CPA offers are similar to affiliate network offers, but they are usually associated
with higher income and sales. You still get money only when a sale is made, but
CPA offers can be thousands from one commission check. Affiliate links usually
bring in a few dollars a sale, but CPA offers can give you thousands from one
sale. Of course, this also means that the sale is more difficult to make.

Most blog owners who use CPA offers as a way to monetize their traffic don’t
use other methods. Since CPA offers make the most money, ads distract the user
from clicking the CPA affiliate link. When you work with ad networks such as
Adsense, you run the risk of advertising for your competitor. This means that
you could send your hot lead over to another site where the user signs up from
your competitor’s site. This is, of course, not what you want, so CPA blog
owners keep the page clean from all other ads.

Some bloggers use other means of income. Selling eBooks or custom digital
products are two other options. You can set your own price when you use these
methods, so the revenue you make is dependent on the number of sales and your
price point.

If you want to at least make money to pay for hosting – even cheap shared
hosting – you can use one of these methods or even one where you find your
monetization. As long as you find the right way to make money for your site,
you can even make a full time income with blog monetization.

Lab Questions

1. What is the most popular CPC network for ad monetization?

a. Flipkart
b. Adsense
c. Infolinks
d. Commission Junction

Explanation: Google Adsense is the best paying and best converting ad network
for bloggers.

2. What is the most popular network for affiliates and high-end advertisers?

a. Flipkart
b. Adsense
c. Infolinks
d. Commission Junction

Explanation: Commission Junction has high-end affiliate clients and advertisers
that they are considered a premium option for blog advertising.

3. What is the highest paying monetization method in terms of commission for
each sale?
a. CPC
b. CPA
c. CPI
d. CPM

Explanation: Cost per acquisition (CPA) offers are usually high end offers such
as mortgage and insurance sales, and they can make an affiliate thousands for
each sale.
Chapter 13: Maintenance

Objective: After the WordPress site is set up, you need to maintain it. This
chapter covers maintenance steps needed to keep the site current.

You can’t just create a site and then never maintain it. You need to ensure that
you check the site each day or at least once a week. Plugins need maintenance,
the actual WordPress software needs updates, you need to delete unneeded files,
and you should review logs and performance issues. Maintenance also helps you
avoid any cyber threats common for WordPress sites.

Backups

We covered the importance of backups in Chapter 8. Backups are critical for
your site recovery in case your site gets hacked or the server crashes. The right
backups can get your site up and running quickly without much downtime. If the
site gets hacked, however, you should always determine the root cause to ensure
that it does not happen again. Even with a site backup, if a third party has access
to your site files, you can be hacked again.

When you accumulate backups, you use up much of the free hard drive space on
your hosting account. Most hosts limit the amount of space you can use on their
servers, so you need to delete old backups and even ensure that current ones are
not corrupted. If the plugin you installed to create the backups doesn’t
automatically delete them, you’ll need to delete the backups manually.

To delete your backups, you need to go into your WordPress dashboard where
the plugin configurations are set. Within the configurations window, you should
find the location of where the backup plugin is storing your files. Use cPanel or
FTP to go into this directory and delete old backups.

Make sure you don’t delete all of them. You still need to maintain about a
week’s worth of backups. If you back up weekly, keep about a month’s worth of
files.

Part of your maintenance should also be to ensure that the backups aren’t
corrupted. You don’t need to do this task every day, but you should verify
backups at least once every couple of months. It will ensure that there isn’t a
common bug in the backup procedure. If you don’t verify your backup files, you
run the risk of possibly creating corrupted backups that are unusable should you
need to recover your data. The best way to verify a backup is to restore your
WordPress site to another location. You can do it on your local computer or a
test section of your site. If your host creates backups for you, then you don’t
need verify backups since they will keep them for you.

You should also check any logs for your backup plugin. Ensure that no errors
occur during the backup process, so you know that all of your data is
consistently stored without any issues.

Updating WordPress and Plugins

Updating WordPress and installed plugins is a daily task. It’s something you
should check every day on your site. Plugin developers update their code when
they find security holes and bugs. When they release an update, you should
install the latest patch on your site.

WordPress itself also has updates. The older your WordPress installation, the
greater the risk for possible cyber threats that target your site. Hackers
specifically target old WordPress blogs, because they are the most insecure.
Each time WordPress has an update, they also patch for any security holes and
backdoors from possible cyber threats.

You can find any patch update alerts in your WordPress main dashboard. If
WordPress needs an update, you can find an alert at the top of the dashboard.
WordPress also recommends that you take a backup before you actually perform
the update. This is a good idea since it limits the downtime on your site should
the upgrade fail. When you update WordPress, critical files get overwritten
during the update. Should any of these files become corrupted, you should have
a backup to roll back the changes.

When you perform your backup, it’s best to perform a full backup. That means
take a snapshot of all files including anything in the wp-content directory. This
directory contains the files for all of your plugins.

You also want to back up any database files. Just like we mentioned in Chapter
8, you won’t be able to back up the exact files. You can, however, back up the
database data. Most hosting companies provide you with an interface that lets
you send SQL commands to your database tables. Another option is taking a
snapshot of your data. When you take a backup, make sure you take a full
backup of all data and table structure. The host SQL interface should include this
option in the online tool. When the backup is created, you’ll have a script file
that you can use to recreate all tables and insert your WordPress data.

After you create the backup, click the link in the WordPress dashboard to
upgrade the software. It only takes a few minutes to update WordPress, so you
don’t need to wait long. You should perform an update during off-peak hours, so
you don’t interrupt your user’s experience while they access your blog.

You can update your plugins in the Plugins section of the WordPress dashboard.
Scroll down the list of plugins and find the ones with a red highlight over them.
This notifies you that the plugin needs patching. Just click Upgrade under the
plugin name, and it only takes a few minutes for WordPress to patch it.

If you have several plugins, you probably need to perform an update on at least
one patch every couple of days. WordPress doesn’t update as much, so you’ll
find when you need to update the main software as you continue maintenance on
your plugins.

Reviewing Site Speed

Site speed affects several analytical statistics for your blog. Google has
announced that site speed is a factor in search engine ranking. Slow sites provide
a poor user experience, so it harms your search engine rank as well as your user
interactivity. It’s said that you have 3 seconds to grab a user for engagement, and
slow sites take several seconds to load in a browser.

You also need to remember that mobile traffic is a big part of your visitor
statistics. Using Google Analytics, you can identify the devices used to access
your site. You should notice that several of your visitors use mobile devices.
Clunky, poorly written code can greatly impact the way your mobile users view
your site. When you set up your theme, make sure it’s a responsive theme that
accounts for smartphones and tablets.

After you review your site for mobile and on desktops, you can run statistics on
your site using Google Insights Pagespeed. This tool tells you where the content
and images could use improvements. Note that site speed is only small part of
search engine ranking, so it’s not a magic bullet to get your site to rank.
However, it can improve the technical onsite SEO of your site and provide slight
improvements in overall visibility.

When you run the site speed tool, you might see several improvement
suggestions. Some of them you can do yourself. Others will require the help of a
developer. If your theme is poorly written, then you might need to ask the
developer to help optimize the code for the theme.

We mentioned caching and Gzip options in chapter 9. Using these options, you
can improve the speed of your site. Caching lets you load content from the user’s
browser cache, so any unchanged content loads almost immediately. Gzip
reduces the size of images stored on your site, so the user’s browser extracts and
loads the full image. This too improves the speed of your site.

Checking your site performance, updating and patching plugins and WordPress
itself, and deleting unused files are all just examples of critical maintenance
requirements. You might have other maintenances tasks that you want to do on
the site. For instance, if you have a security plugin, you might want to review
security logs and block possible attackers attempting to log in to your WordPress
dashboard.

If you don’t perform updates and upgrades at least once a week, you run the risk
of having your WordPress site hacked. It’s incredibly tedious and time
consuming to fix a hack, so take some time each week to review your WordPress
installation.

Lab Questions

1. What utility can be used to reduce image size, so the user’s browser extracts
the full image and loads it locally?

a. CloudFlare
b. Gzip
c. Caching
d. Updates

Explanation: The Gzip functionality on most servers compresses images to a
small size and lets the user’s browser extract and load them locally.

2. Where can you update any of your WordPress plugins?

a. The main WordPress dashboard
b. The main Plugin page
c. The Settings section
d. The tools sections

Explanation: The Plugin page in the main WordPress dashboard lists all plugins
and notifies you of any that need updating.

3. How long should you keep backup files if you back up WordPress once a
week?

a. a week
b. 2 weeks
c. a month
d. 2 months

Explanation: If you back up your WordPress blog once a week, you should at
least keep 4 backups or a month’s worth in case of an emergency.
Chapter 14: Organizing Content

Objective: Once you have several posts, categories and topics, you need to
organize your content. This chapter explains ways you can keep content
organized.

We covered how to create posts and pages in Chapter 5. Part of creating either a
post or a page is adding it to a category. You can also place tags on content to
organize them into phrases that are common to the text. Categories and tags help
you organize your content, so users can more easily find related content after
reading a specific blog post. In this chapter, we’ll cover ways to organize content
for searches and for your users.

Tags

Tags and categories seem similar, but they are different concepts. A tag links a
phrase to your content. For instance, if your content is about red widgets and you
mention their characteristics, you can tag the post with the phrase red widgets
but also the characteristics you mention.

Tags are useful ways for your users to find similar content throughout your blog.
Users can click any tag and find other content that you’ve tagged with the same
phrases. They aren’t as specific as categories, but they can provide users with
dozens of other posts to read.

Some blog owners overstuff their tag content. When you add a tag to a post, be
honest about what the post contains in the content. When you overstuff the tags,
users get frustrated when they search for related content and the search results
aren’t related at all. Most site owners stuff tags for search engines. These tags
might have a minor effect on your blog posts, but they don’t have a major effect
on search engine rank.

Too many tags on a post can also be seen as keyword stuffing. Keyword stuffing
can have a negative effect on your blog’s search engine ranking, so you want to
avoid sending this type of negative signal to search engine algorithms.

As long as you use tags responsibly, they can improve your blog’s engagement
with users including search engine traffic. They add value to related post
sections and help users find other content that might interest them.

Categories

Categories are similar to tags, but they are more direct. You can have several
categories linked to a post or page, but most blog owners stick to one or two.
You could have a dozen tags linked to a post, but you will generally only have
one or two categories linked to a post.

Categories are a main organization feature that let you put your content into
specific buckets. Just like organizing paperwork in files, WordPress categories
keep your content filed into sections on your site. WordPress automatically
creates URLs for your category pages, so you can even point users to search
pages that contain all posts filed in a specific category.

Before you can add a post to a category, you first need to create the category.
You can create a category on the fly in the main post creation page. The right
panel contains the list of categories you’ve created. Click Add New when you
want to create a new one.

WordPress automatically creates an Uncategorized category. You normally want
to exclude posts from this category, but it’s useful in some instances. When you
create a post, WordPress defaults to this category, so you always want to check
another category when you create a post or it automatically gets categorized into
this bucket.

Categories are similar to tags for both search engine ranking and user
experience. Categories can help organize the content, so search engines can
more easily find any new content the next time it crawls the site. Since you have
a category page for each one you make, Google crawls the category URLs and
can more easily find your new posts. The category content will have an effect on
your site’s ranking provided the content is quality and useful for your users.

For users, categories help users find related content. When you get a visitor from
search engines, you want users to read more of the blog’s pages. User
engagement helps with gaining new followers for your blog, and it can lead to
sales if you monetize your blog. For instance, the more page views you have
from a visitor, the better chance that they will find a related ad that could mean
extra income for your blog.

Just like tags, make sure you don’t keyword stuff your content from adding a
post to dozens of categories. Keep your blog well organized and consider users
before search engines.

Archives

Archives are similar to category URLs, except archives are a list of posts that
you’ve created on your site. Every time you create a WordPress post, it’s added
to a category URL that you choose, the home page or main content feed, and the
archive section of your blog. The archives are a place for you to review all of
your content in chronological order. It’s also a place for a user to view all of
your blog posts from any specific date.

If you recall, you can choose permalinks that have a post’s month and day added
to the URL. When you categorize your blog posts and organize them by date,
your users can review blog posts you’ve created for a certain month. They can
even review blog posts created for a certain date.

Archives can help or harm a WordPress blog. It’s useful for users, so you don’t
need to remove it from your blog architecture, but it does create duplication
across all of your content. When Google indexes your pages, it wants to index
unique content. Since WordPress makes a copy of your posts in three places, you
have two duplicate copies. Most WordPress site owners choose to remove
archives from search engine indexes. You can do this using the robots.txt file.
We covered the robots.txt file and its syntax in Chapter 7.

With the archived posts removed from Google search, you have a better chance
of having your main posts indexed instead of the archives. When working with
search engine indexing, you want to optimize your pages to only index unique
content. When you index duplicate content, you water down your original
content rank.

Archives can still be available to users even though the content is removed from
search engines. Keep your blog optimized while still keeping any content
available for your users.

Cleaning Up Old Content

When you’re new to blogging, you don’t normally know what to write or what
users are looking for. It’s difficult for a new blog owner to understand user
habits, and what makes a good user experience. It’s trial and error for most new
blog owners. Therefore, you probably have poor content to begin with until you
start understanding what works on your blog.

Each year, it’s a good idea to do a review of your site. You want to review the
site for any low quality content that doesn’t have much visibility or attract much
user engagement. This probably takes some analytics review as well. Hopefully,
you’ve installed an analytics tool on your WordPress dashboard. You can also
use Google Analytics and Search Console to review your WordPress blog traffic
and engagement. These two tools can help you find the content that could be low
quality.

You’ll need your own judgment to find low quality content. Tools can help you
find the content that doesn’t have much user engagement, but you’ll need to
evaluate the content yourself to figure out if it’s not quality. If the posts are short
and don’t offer much information, then you might consider removing it from the
blog.

Before you delete a blog post, you should also consider if the post is ranking
well in Google. Deleting posts can reduce your traffic especially if these posts
are driving traffic to your site. Also consider the images that are in the posts.
Sometimes images are the main traffic driver to the site. Images from your blog
posts are crawled and indexed, and then users can find these images and read
your blog posts.

Content organization doesn’t seem important when you first start, because you
only have a few posts to consider. However, content organization becomes a
major factor in your blog’s success once you have dozens and even thousands of
blog posts.

Lab Questions

1. When you have several phrases in your posts that could be important for your
user interests, what should you link to them?

a. tags
b. categories
c. archives
d. content files

Explanation: Tags are a way to highlight important phrases that could be useful
for users to find other related content.

2. When you want to organize your content, what do you link to your posts?

a. tags
b. categories
c. archives
d. content files

Explanation: Categories let you file your blog content into specific buckets and
keep your blog organized.

3. What is the default category created by WordPress when you install the
software?

a. main
b. sub
c. uncategorized
d. home

Explanation: The Uncategorized category is automatically added by WordPress
and can be removed by the blog owner.

4. New blog posts are added to the main blog feed, categories, and what other
section of your blog?

a. tags
b. categories
c. archives
d. content files

Explanation: The archive section keeps a list of all your blog posts each time you
post them.
Chapter 15: Working with Contributors

Objective: Contributors are third-party authors and editors who help with
content creation and organization. This chapter discusses working with other
contributors to your blog.

Contributors are great additions to a successful blog. They can help you add
more content to your blog, edit any blog posts, help you administrate any
changes and maintain any daily tasks, and they can keep your blog up to date.
You shouldn’t let just anyone have access to your blog, but you can give people
partial access to create drafts that you can then edit and review for quality. You
must keep strict editorial control over your content to ensure that you always get
quality and don’t post spun or spam content. When you don’t keep editorial
control, you run the risk of allowing your blog to lose its quality. It then loses its
rank and your visitors. You can eve lose some of your loyal followers. This
chapter covers users in the dashboard and how you can manage them.

Setting Up Accounts

Before you can allow users to log in to your WordPress site, you need to give
them a user name and password. You can do this in the main WordPress
dashboard. You don’t ever want to give a random user your own user name and
password since you’re the administrator of the blog. As the administrator of the
blog, you can perform any task on the blog including adding and deleting posts
and pages, removing user access, activating and deleting plugins, and any
number of high end control tasks.

If you trust the user to have administrator access and log in with your account,
then you can give them your user name and password. Normally, you give a
developer access to your site because they need administrator rights to edit your
code, which requires full access to the WordPress dashboard and code.

The option of giving someone your credentials isn’t usually the best choice, so
your other option is to give them an account on the blog.

You can find the Users section on the main WordPress dashboard. Click the
Users link in the left panel and you’ll see the following page view.

Notice that WordPress keeps the dashboard very uniform. This page looks the
same as all the other dashboard pages including the pages and post window,
comments, and settings. The default screen shows all users configured on your
site. Remember when you installed WordPress on your site, the installation
wizard asked you for an administrator password. This is because WordPress
automatically adds the account to your site.

In the screen above, there is one user listed, but you’ll see several users listed
when you’ve added them. Another thing to note is that you should review the
list of users installed on your blog periodically. Hackers who gain access to your
blog add rogue accounts to this list so that they can access your account without
your knowledge. With an account in the list, the hacker can access your site and
inject malicious content the next time you log in. Remember to review this list
periodically as part of your daily maintenance tasks.

To create a new user, click the Add New button next to the page title. This opens
the page that asks you for the user’s detail. When you create a new user, you’ll
see the following page.

The username text box is where you enter the user’s name. This can be an email
address or a unique ID that allows the user to log in.

The email is the user’s email. When you create the user, an email is sent
verifying that the user account was made and asks the user to log in. This email
should be accurate. First and last name are optional, but these can be used to
identify the contributor. This gives them a byline on their posts, which makes the
blog more credible.

You can allow them to have a website listed in their profile by typing it into the
website text box. The next two text boxes are where you enter a password for the
user. This password can be a standard new password that you typically use for
new users, and then the user can change the password the next time the account
logs in. This is the best way to handle account password. WordPress includes a
strength indicator, which helps you create a stronger password. Remember that
hackers send password attempts at the WordPress dashboard to guess your
password and gain access to your dashboard. You can avoid their success by
adding security plugins on your site and creating strong passwords for your
users.

You can check the box to send the user the password you created, or you can
give the user the password you created and have them log in later.

The Role dropdown is important when you want to give your users access. When
your users automatically sign up to create a common on your blog, they are
given the role of subscriber. They can only manage their profile. However, you
can give other roles to your users when you set them up on your blog.

If you want a user to only create posts, then you should give them the contributor
role. This role only allows users to create posts, but they can’t publish them.
This is a good role for a new author or when you want all authors to have their
posts edited before posting them.

The author role also lets your users create posts, but this role allows them to
publish them. If you trust your users to post quality content and don’t need to
edit them, then this is the role you would choose for your writers.

The editor role lets your authors and contributors create posts that are then edited
by this user. Editors have the ability to edit their own posts as well as other
contributor posts. They can edit them and then publish them on the blog. They
should be added when you start adding contributors and authors to ensure that
the only content that gets posted to your blog is only high quality.

The other two roles include Administrator and Super Administrator. When you
create an account during the WordPress installation process, you create a Super
Administrator account. This account has access to all settings, and they can even
manage a network of sites if you host several under one umbrella. The
administrator account has full access to only the local blog where you create the
account. You obviously want to give administrator and super administrative
rights to people you trust.

Once you create the account, the user gets notice in their email that the account
was created. If you send the password in the email, make sure you tell the user to
keep the email secure or change the password after the first log in success.

Viewing All Posts

After you’ve added users, you probably want to monitor the content and any
editing that’s done on the blog. As the administrator, you can see all posts and
any editor activity. WordPress tells you who is editing a post and when an author
is working within a draft post.

You can view all of the posts being worked in the Posts section of the main
WordPress dashboard. You can do the same for your Pages except the pages are
located in the Pages section of the main WordPress dashboard.

You’ll see a list of posts just like you would see when we went over the Posts
window in Chapter 5. Click on one of the posts. If the post is being edited or
written by the author, a popup shows up and tells you who is in the blog post.
This is one way to verify that posts are being written and edited.

When you view your posts, you can see who wrote the blog post, but then you
can see who edited it as well. Remember that you want an editor to edit and post
blog posts to ensure that only quality is being published publicly.

Having contributors for your blog is a great way to keep fresh content generating
on your site. It’s good for your readers and it’s good for search engine rank. Just
make sure that all user generated content is edited and watched to ensure that
only quality is posted to your site and no spam or spun content gets published.

Lab Questions

1. What role should you give someone you want to give access to write posts but
not publish them?

a. contributor
b. editor
c. author
d. administrator

Explanation: A contributor can create blog posts and content but they cannot
publish them.

2. What role should you give someone who should review and publish posts for
any author and contributor?

a. contributor
b. editor
c. author
d. administrator

Explanation: An editor can edit his own posts as well as other author and
contributor posts and publish them to the blog.

3. What role should you give writers who should have access to publish their
own posts?

a. contributor
b. editor
c. author
d. administrator

Explanation: An author is able to create post content and then publish it to the
blog, but an author can’t edit or publish other contributor content to the live blog
feed.
Chapter 16: WordPress Security

Objective: Hackers are always targeting WordPress blogs for malicious access.
This chapter explains WordPress security and what you can do to protect your
blog.

Every site is vulnerable to exploits and cyber threats. Your site might not even
be hacked, but denial of service (DoS) attacks can crash your web server.
WordPress blogs are especially vulnerable because they are template sites that
always have the same structure. The WordPress dashboard is always located in
the same place, the functionality is the same across all sites, and even the code is
generally the same. Because hackers know the architecture of your site without
any probing, it makes it easy for them to script attacks against the site.

You don’t even need to be a hacker to run scripts against a site. Several hackers
offer scripts for download, so you just need to download a script and start
sending attacks to a specific domain. That domain could be your own. If you
think your site might be vulnerable, it doesn’t hurt to run scripts that attempt to
guess your password or hack your site. You could find vulnerabilities before
hackers do.

Some small blog owners make the mistake of thinking that their blog is too small
and unvisited to deal with hackers, but hackers look for any blog that isn’t
secured. To understand why hackers would want your site, you should
understand the common hacks that are in the wild.

First, many hackers are hired by companies to place third-party links on other
sites. It’s a totally black hat way of obtaining links, but the goal is to sneak links
on a third party site, even a competitor site. These links then point to the
hacker’s site or the site owner who hired the hacker. This is done through
hacking your site through WordPress scripts.

Most hacks involve SQL injection. SQL injection takes advantage of malicious
input values on the site. SQL injection is usually successful for hackers, because
site owners download plugins that are poorly coded. When a contact form or any
form for that matter isn’t coded well and protects the page from SQL injection, a
hacker can run any number of scripts against your site and gain access to the
database. They then add spam links or malicious content into the database that
renders the content to your site. You don’t know that the site is hacked, because
the links are usually hidden within the content.

Even popular plugins get hacked. All in One and Yoast both had security issues
in 2014. The plugin creators fixed and patch the coding errors, but they are
popular plugins that most people use on their blog. Hackers go after small
plugins with poor code that don’t make the online news when a security issue is
found.

Remember that plugins are open source. A hacker can download a plugin to a
development or test WordPress site and view the code content. Hackers that
know how to read poorly formed SQL code and identify any security issues can
create custom scripts that run against any site that has the plugin installed. Since
there are thousands of plugins available in the WordPress store, this makes your
site vulnerable if you’ve downloaded and installed the poorly coded plugin.

Another common hack is a conditional redirect. Conditional redirects are done in
the site’s .htaccess file. This file sends directives to the server that control the
way a WordPress site responds to browser requests. When a hacker gains access
to this file, a conditional redirect is put in place to only redirect when a user
finds the blog through a Google search. You might wonder why a hacker would
create a redirect like this.

First, the hacker does it to steal Google traffic from the site owner. The site
owner has no idea that users are being redirected to the hacker’s site. Sometimes,
the hacker sets up a phishing page to gain trust from users accessing the main
site. When user gets redirected to the phishing page, they think they are on the
official home page for the site. The hacker then asks the user for information
such as name, phone number, social security and possibly credit card numbers.
The user has no idea that the information entered is into a phishing page unless
they notice the URL in the main browser address bar.

Another reason a hacker uses conditional redirects is to point Google to the third
part site when it crawls. A hacker uses a 301 redirect as the condition. A 301
redirect tells search engine bots that the site has permanently moved. When
Google crawls the site and sees the 301 redirect, it immediately starts crawling
the hacker’s site. Any links pointing to this 301 redirected site also pass PR to
the hacker’s site. This means that if you have any editorial links from high
authority sites, they will pass PR juice to the hacker’s site.

Many site owners don’t realize they are hacked until it’s too late. They get
notifications form Google or they lose rank to a point where it massively affects
sales. Luckily, there are two good security plugins you can use to protect your
site from hackers.

Security Plugins for WordPress

There are two main security plugins that you should always have for your site.
The first is Sucuri. Sucuri adds a layer of protection against DoS attacks and
scans your site for common malware files and code.

The second plugin is WordFence. WordFence works differently than Sucuri.
WordFence protects your site from brute force attacks. Remember that we said
hackers try to guess the password to your WordPress dashboard. WordFence
protects you against these hack attempts.

Sucuri is a paid plugin, so you’ll need a few dollars a month to run it on your
site. It’s a DDoS attack protector, so it acts similarly to a firewall when it
protects your site. You can also add a CDN to your site. A CDN such as
CloudFlare also protects your site from DoS attacks. With these two security
layers added to the site, you can basically protect it from crashing due to
malicious DoS attacks.

Sucuri also scans your site for malware. Suppose your site is hacked and the
hacker is able to inject malicious JavaScript files on the site or even malicious
links as we discussed earlier. Sucuri automatically scans the site and finds this
malicious code. It then sends an email to you so that you can fix it. Google often
picks up on hacked content, so it’s important that you fix your site before
Google catches up to the hack. If Google catches the site as a hacked site, it
displays a warning in the search engine result pages. This can greatly reduce
your web traffic and your users’ trust. Always keep track of your website health
in Google Search Console to ensure that you always have the right health checks
on the site.

WordFence works differently than Sucuri. WordFence works to protect your
blog from brute force password hacks on your WordPress login dashboard
screen. You could have thousands of hack attempts on the dashboard login
screen and you’d never know it unless you keep some kind of log. WordFence
does this logging and prevention for you.

First, WordFence blocks attackers after a certain amount of attempts within a
certain amount of time. For instance, an attacker might use a script that sends
1000 attempts within 5 seconds for each interval. WordFence picks up on this
fast hack attempt and then blocks the attacker’s IP address. It keeps a log of any
attacker it blocks and the amount of attacks that are made on the WordPress
dashboard login screen.

You’re able to log in and review any attacks made on your site, so you can
review who is blocked. Some login attempts are legitimate. For instance, one of
your contributors might have forgotten a password and attempted to log in only
to get blocked from WordFence. You’re able to stop the user from being blocked
and re-enable the account. You can also manually block some IPs that you see as
malicious either through WordPress or even through another means.

These are just two security plugins. They are well trusted and work well with
any WordPress blog. If you decide not to use these security plugins, you should
at least find another security plugin to keep your blog safe. Once you install
these plugins, you’ll be surprised at the number of hack attempts that are sent to
the site. Even a small time blogger can get thousands of attempts every day.
Don’t leave your site vulnerable to hacks. Keep it safe by using security plugins
that block these hack attempts.

Lab Questions

1. What is one type of hack that injects spam links into your WordPress content?

a. SQL injection
b. .htaccess
c. JavaScript
d. redirect

Explanation: SQL injection uses malicious SQL code to gain access to the
database and add spam links to a site’s content.

2. What security plugin blocks brute force attacks on the dashboard login page?

a. WordFence
b. Securi
c. Yoast
d. All in One

Explanation: The WordFence plugin protects from automated hack attempts
against the WordPress dashboard login form.
Conclusion

This book has found you because you have the ultimate potential.

It may be easy to think and feel that you are limited but the truth is you are more
than what you have assumed you are. We have been there. We have been in such
a situation: when giving up or settling with what is comfortable feels like the
best choice. Luckily, the heart which is the dwelling place for passion has told us
otherwise.

It was in 2014 when our team was created. Our compass was this – the dream of
coming up with books that can spread knowledge and education about
programming. The goal was to reach as many people across the world. For them
to learn how to program and in the process, find solutions, perform
mathematical calculations, show graphics and images, process and store data and
much more. Our whole journey to make such dream come true has been very
pivotal in our individual lives. We believe that a dream shared becomes a reality.

We want you to be part of this journey, of this wonderful reality. We want to
make learning programming easy and fun for you. In addition, we want to open
your eyes to the truth that programming can be a start-off point for more
beautiful things in your life.

Programming may have this usual stereotype of being too geeky and too
stressful. We would like to tell you that nowadays, we enjoy this lifestyle: surf-
program-read-write-eat. How amazing is that? If you enjoy this kind of life, we
assure you that nothing is impossible and that like us, you can also make
programming a stepping stone to unlock your potential to solve problems,
maximize solutions, and enjoy the life that you truly deserve.

This book has found you because you are at the brink of everything fantastic!

Thanks for reading!

You can be interested in: “Photoshop: Learn Photoshop In A DAY!”

Here is our full library: http://amzn.to/1HPABQI

To your success,
Acodemy.

Wordpress - Learn Wordpress in A DAY! - The Ultimate Crash Course To Learning The Basics of Wordpress in No Time (PDFDrive)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Wordpress - Learn Wordpress in A DAY! - The Ultimate Crash Course To Learning The Basics of Wordpress in No Time (PDFDrive)

Uploaded by

Copyright:

Available Formats

By

You might also like