WordPress has a built-in revision system that stores each saved draft or post update. This is super handy but also flawed at the same time. Over time, these WordPress revisions can really add up to a lot of space in your database. I recommend you delete WordPress revisions on a regular basis to keep your database clutter free.

Let’s say you started writing a new post, previewed it, made seven more draft saves, then published. Even though each revision may have only been a word or two, you’ve just added 10 full-length copies of your post in the database (one of which is an autosave).

How to limit the number of post revisions in your WordPress database with a plugin

I recommend downloading the Better Delete Revision plugin for WordPress to clean up old post revisions. It’s as simple as clicking a button! This plugin also has an additional feature of optimizing your database (which you should do after deleting WordPress post revisions). See below for an example WordPress blog which has never deleted any revisions.. ouch!

Why You Need to Delete WordPress Revisions

How to automatically limit the number of post revisions in your WordPress database

WordPress has set up a handy little line of code that limits the number of post revisions store for any given post. Edit your wp-config.php file and add the following line:

define( 'WP_POST_REVISIONS', 3 );

This will tell WordPress to store a maximum of three revisions per post (which is actually four, counting the autosave). If you want more than three, just change to a number you’re comfortable with.

Alternatively, if you don’t want WordPress to store any revisions, add this line instead:

define('WP_POST_REVISIONS', false);

I hope that helps! If you installed the Better Delete Revision WordPress plugin, how many revisions did you delete?

I run a few WordPress blogs, one of which is this fine one you’re reading now, but I also author another blog which deals with multiple advertising networks. Today, one of those networks was affected with malware. Thankfully my site was not affected but several of my friends’ sites were. This post will serve as an information gateway for you to learn how to remove a Google malware warning.

izea-media-malwareToday’s impact was huge. As an example, I have 10 blogging friends that I absolutely adore. Of those 10, five were affected – that’s 50%! The Google malware warning removal process is not quick by any means, in fact, it’s slow as crap. They take their sweet time, even when it’s Google’s fault or a “fake” malware warning. And there’s nothing you can do about it except follow the steps below to speed up the process.

  1. You’ve been affected and you’re getting the big nasty red Google malware warning shown above. Bummer… I’ve totally been there. The first thing you need to do is figure out what is causing the warning and remove anything related it. For example, today’s malware warning was from and is affecting all WordPress widgets, iframes, and images hosted by
  2. Request a Malware Review with Google Webmaster Tools. The process is as follows:
    • Log in to Google Webmaster Tools.
    • From the Tool’s home page click on the link to the site that is being flagged to go to the site’s Dashboard.
    • There should be a large red banner across the top of the dashboard that says “This site may be distributing malware.” Clicking on the link that says “More Details” expands the dashboard to reveal a list of pages on the site that were found to be malicious. (You can also check Health -> Malware.)
    • Below this list is a link that says “Request a review.” Fill out this form and click the “Request a review” button to initiate the review process.
    • NOTE: It may take 24-48 hours just for the warning to show up in Google Webmasters Tools. This is the most frustrating and time-consuming part of the entire process.
  3. Sit back and wait. Normally, after you’ve completed step 2, things go pretty quickly from here. Try not to get too irritated while you wait.
  4. Periodically check Google Webmaster Tools to see if the error is gone. You can also use this link to see if your site is currently clean (according to Google), just replace YOURURLHERE with your URL:
  5. Once your site no longer shows a Google malware warning, you need to request reconsideration of your site by Google. Rumor says they stop indexing your site when you have malware so you’ll want to make sure they start checking it again.

Four helpful links to check your site’s health and speed up the malware removal process:

I hope this post provides you with a step-by-step process for getting rid of a Google malware warning. If you’ve found this useful, please share it with a friend. 🙂 Good luck against the Google giant!

PS. Want to read my Google malware horror story? You can find it here.

SEOLearn how to optimize wordpress images for SEO. It is so insanely simple yet people just skip it. If you’re one of those people, don’t do that. Ever again. This valuable SEO tactic can bring in hundreds, if not thousands, of new search engine visitors each month. WordPress has built-in tools for image SEO; you don’t even need to install a plugin!

Search Engines “See” Differently

Search engine visitors (such as you and I) can see what an image is about just by looking at our monitors but search engines don’t have that luxury. The only thing a search engine “sees” is the title and file name. These two things are the key to the SEO of your images.

To optimize images for SEO, all images should have:

  • Relevant file names: Naming a photo unicorns.jpg when it is a photo of puppies isn’t the best tactic. Instead, include a relative SEO keyword in your image file name. Also, don’t use spaces in your file names; use dashes ( – ) or underscores ( _ ).
  • TITLE and ALTERNATE TEXT (ALT) definitions: This should be a short sentence or phrase describing the image. Be sure to include relevant SEO keywords. Note: ALT text isn’t really necessary for SEO but ALT text displays should there be a problem loading your image on your blog. ALT text is also useful for accessibility for visually-impaired visitors. ALT text is also what appears when a mouse arrow hovers over an image.

wordpress-image-seoThe other fields are not necessary and have nothing to do with search engine optimization.

And while we’re at it, if you have an image that doesn’t need to be clicked on while in a blog post (like the one at the top), then click the “None” button below the “Link URL”. The only time the Link URL should remain is when you have an image that needs to be viewed larger, such as a photo of food or instructional images (like the one to the right).

Real-Time Image SEO Examples

The SEO image at the top of this post is named seo.jpg and has TITLE and ALT text descriptions of ‘SEO’ for both. It is an image about SEO so that is what I would like people to search for to find it.

The instructional image above is named wordpress-image-seo.jpg and has TITLE and ALT text descriptions of wordpress-image-seo. (Are you seeing a pattern here? Yes, dashes are okay!)

So the next time you need to add an image to a WordPress post or page, do yourself an SEO favor and give the image a relevant file name and keyword-driven TITLE and ALT tags. Your analytics will thank you for it.

wordpress securityI’ve come across several WordPress blogs that have been hacked recently. But this is an unusual hack and you may not even know that your blog has been affected. You see, this hack occurs only when people are visiting your blog when coming from a search engine. When a visitor clicks your blog link from a search engine (i.e. Google), they are redirected to (with XXX varying from blog to blog). But if you simply type the URL of the hacked blog in the browser, the redirection does not occur. Sneaky.

How to Know You’ve Been Hacked

A simple way to find out if you’ve been hacked is to search for your blog on Google and click a link to any of your blog pages. If you have been hacked, here is how to fix it.

  1. View/edit your .htaccess file located in your root WordPress directory. If you don’t know how to find this file or don’t have access to your files, then download and install the plugin WP Htaccess Editor. Warning: You can seriously mess up your blog if you delete or add something incorrectly to your .htaccess file. Please only mess with this file if you know what you’re doing or have explicit instructions on what to do (like I have provided below).
  2. Find and delete the entire hack (shown below) which is usually located at the top of the .htaccess file:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteOptions inherit
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC]
    RewriteRule .* [R,L]
  3. If you’re using the WordPress plugin, save the file. If you’re editing the file on your server, you will need to save and/or upload the file.

Why You Were Hacked

You didn’t do anything wrong; don’t worry! The problem lies with a vulnerability in timthumb.php which is a component of some WordPress themes that is used to generate thumbnails. An unpatched timthumb.php file can allow code to be executed in the timthumb cache directory or can inject code into other WordPress files. If you’re concerned about this, ask your theme developer if your theme uses timthumb.php. If it does, make sure you have the newest version.

How to Prevent Your Blog From Being Hacked Again

If you don’t protect your blog, you will be hacked again. To prevent this, download and install the plugin BulletProof Security. I will walk you through the steps to setup BulletProof Security since this plugin may appear a little overwhelming.

  1. Navigate to BPS Security in your WordPress admin.
  2. Click the Backup & Restore tab, select the radio button next to “Backup .htaccess Files” and click “Backup Files.” (This is a security measure should you need to restore from your original backup.)
  3. Click the Security Modes tab. Click Backup .htaccess Files. Then click Backup .htaccess Files.
  4. Select the radio button next to the first “BulletProof Mode” and click “Activate.” Repeat this process for the other three “BulletProof Mode” radio buttons (one at a time) and click “Activate” after each one.
  5. Click the Backup & Restore tab, click the radio button next to “Backup BPS Master .htaccess Files” and click “Backup BPS Master .htaccess Files.”

If you’d like to check the security status of your blog, click the Security Status tab. All items should be green. If they aren’t green, you should fix them. If you don’t know how, tell me and I’ll try to help you.

Happy blogging!