Blogged thoughts, is our web blog. Expect views, opinion, rants and tirades about everything and anything 

I’m up to my eyes programming another adwords API system at the moment so when I discovered that my Wordpress installation had been hacked, I wanted to strangle someone (ideally the person responsible) because I really didn’t have time for this.

Wordpress hidden spam links hack
The hack didn’t shutdown my blog but it might as well have because it made all my posts unfindable on the major search engines for any of their related keywords (and exact string searches). The hack I fell victim to involves some waste of space making secret changes to Wordpress source files and the Wordpress database enabling him to output a tonne of hidden links on all blog pages via a hidden Wordpress plugin. The links were complete keyword stuffed spam with anchor texts such as ‘viagra’, ‘xanax’ and ‘teeth whitening’ common among them so needless to say the search engines don’t like my blog pages anymore.

What makes this hack hard to detect is that fact that the links only get outputted when a major search engine visits a page from an ‘infected’ Wordpress installation so blog readers will likely not notice until a lot of damage is already done to your Google, MSN and Yahoo rankings. I myself only stumbled upon it earlier today when I seen all the links near the bottom of Googles’s text only cache of my last post about converting to PDF from within PHP so it was by pure chance. The links where present on the regular cache too, however they where contained in a hidden div so could not be seen by anything except the search engines… unless you viewed the page source.

Want to see an example? Well right now there a lots of cached examples on Google of what this hack did to my pages, but I’m hoping they will be gone soon so here’s a copy of the text only cache of http://www.akamarketing.com/blog/109-php-to-pdf-conversion-with-tcpdf.html from today (31st July 2008).

How can I tell if my Wordpress blog has been hit with this?
Easiest thing to do is to just visit Googles text only cache page for a couple of your blog posts (and perhaps your main blog page) and keep an eye out for about 50 spam links towards the end of the page. If you have caching by search engines disabled you can use something like Curl and ‘fake’ your user agent string to appear as if your Google (and then check the page source). I’ve done it already for you though with a iamgoogle.php script, visit http://www.akamarketing.com/iamgoogle.php?url=http://www.akamarketing.com/blog/&google=1 while replacing my URL ‘http://www.akamarketing.com/blog/‘ to the URL of one of your blog pages. When the parameter google is equal to 1 the user agent is ‘Googlebot’, when it’s anything else a regular ‘human’ user agent is used. If your checking your blog main page be sure to add the trailing slash after your blog folder as Wordpress implements a redirect from the non slashed URL version to the slashed URL version so you’ll just get a ‘Moved Permanently’ message without the trailing slash. The code of iamgoogle.php is available for those of us that are ‘into’ PHP.

If I’ve been hit with this hidden link hack how to I get rid of it?
After discovering this hack my first port of call was Google to try and search for some good information. I found three particularly good articles about what this hack is and how to get rid of it so I’ll just point you in the direction of a couple of existing posts if you don’t mind (it’s been a long day) rather than go through how to remove this in detail. The posts below all helped me:

Wordpress exploit giving backlinks, redirects and headaches but no visitors

Wordpress exploit: we been hit by hidden spam link injection

Has Your WordPress Been Hacked Recently?

The above links will fill you in on the complete story but in essence fixing this hack for me involved doing a bit of fiddling with the Wordpress database, deleting some files with strange extensions and upgrading Wordpress from version 2.0.2 to 2.6. On that note I must say hats off to the Wordpress development team, it was pretty much the most pain free web application upgrade I’ve ever be done… (although I did backup everything twice just to be safe). If you already have the latest version of Wordpress I’d still recommend replacing your source code with ‘fresh’ code just in case it’s been edited (which is very likely for this hack).

How can I detect something like this in the future?
After I upgraded Wordpress I was pretty certain that my installation was now clean, however I asked myself how can I detect something like this more quickly (I have a hunch that this hack was ‘active’ since April) in the future if it happens again? I came to the conclusion that I needed some sort of file integrity checker similar to Tripwire to alert me when any of my www space files change. 

Tripwire and many other similiar systems are not usually available on shared hosts but they all essentially take a sha1 (or md5) hash of all watched files, store the hashes and then periodically compare the stored hashes against regenerated ones to check if any files have been edited so writing something custom specific to my needs wouldn’t be that hard to do.

OK that’s enough rambling for today, here’s hoping you have a had a better day than me.

You may have noticed that I’ve recently been making use of this blogs XML feed to a) display links/descriptions to my three most recent posts on the akamarketing.com homepage and b) display links to my ten most recent posts in the left navigation bar of most of my sites pages. This was done to try and funnel more site visitors to the blog because that’s where I’m doing most of my updates and although it’s early days it seems to be working.

It’s actually quite easy to do, I basically just parsed the standard Wordpress XML feed with DOMXML and then outputted the specific information I needed. The code for generating links to my last ten posts I used on the left nav bar is available at: http://www.akamarketing.com/wordpress-links.php.txt with the running version at http://www.akamarketing.com/wordpress-links.php

By examining the structure of a Wordpress feed (mine is located at http://www.akamarketing.com/blog/feed) you’ll see that the details of each post is stored in the item element. By getting and looping through all the item elements it is possible to access specific information such as post link, title and description. In this case I’ve used the description information for the title attribute of the link meaning that when someone mouses over a certain link a snippet from the corresponding post will appear on screen.  

Feel free to use my code, check if you have DOMXML support first of course.

Just installed a neat little plugin for Wordpress called Sociable which outputs image based social bookmarking links on various Wordpress pages to allow my blog readers (all two of them :-)) to quickly bookmark and share interesting posts. A tonne of social bookmarking sites are supported as shown by the following partial screenshot of the options interface, click the image to view a full size version.

You’ll see that at the moment I’m outputting links to about 20 social bookmarking sites (out of a total of about 60) which is more than enough really. I’m really conscious of not having excess flair on my blog by having too many widgets and icons cluttering up the place. Jeff Atwood on his excellent Coding Horror blog lists excess flair as #4 on his list of thirteen blog clichés so I certainly want to avoid that, in saying that though I want to make sure I’m linking to all the most popular social bookmarking sites. Since I’m a complete social bookmarking notice perhaps you guys could tell me if I missed any of the big players in the SB market.

As usual with Wordpress plugins the install is a piece of cake which everyone should be able to handle, anyhow if your in the market for a social bookmarking plugin for Wordpress I definitely recommend you check Sociable out.

I’ve shed many tears over the years (I’m a poet, I just don’t know it) when trying to insert code samples into my Wordpress blog posts. Wordpress users who cover technical topics will have shared in my pain and will know exactly what I mean. I therefore feel obliged to let people know about a Wordpress plugin called Code Snippet which I recently discovered and installed. Code Snippet which is available for download at http://wordpress.org/extend/plugins/codesnippet-20/ enables bloggers to post color highlighted code (with optional line numbering) in their posts without fear of it being mangled or hidden by Wordpress. It runs off the GeSHi engine which is generic syntax highlighter which supports a tonne of programming and markup languages.

The installation of Code Snippet is extremely easy. You basically just need to upzip the archive to your desktop, upload it to the wp-content/plugins folder of your overall Wordpress installation folder and then activate it from the ‘Plugins’ tab from within Site Admin. To actually use the plugin you wrap code in code blocks illustrated by the below image.

You replace the value of the lang attribute with the language your code is written in such as HTML or c#. Below is an example of some PHP code displayed via Code Snippet.

In the last post I talked about the various things which you could do to optimize Wordpress for the search engines without actually changing any code, so it was all simple stuff really and kind of general. In this, the promised followup post (I’ve changed the title around for SEO purposes) I will get a little bit more technical and make use of what’s known as Wordpress conditionals. Wordpress conditionals are tags which can be used to tell Wordpress what content should be outputted on its various pages. The idea with Wordpress conditionals is exactly the same idea as conditionals in standard programming logic, for example ‘if something is true do this, else do this’ or conversely ‘if something is not true so this, else do this’.

In terms of search engine optimization Wordpress isn’t bad ’out of the box’ and therefore no use of code conditionals is actually required however like many other web systems there is always room for improvements here and there, often it is these little improvements which make the difference between 1st page and 2nd page listings for your posts in the Google, Yahoo and MSN SERPS (search engine results pages) so I definitely do recommend implementing these changes in the fullest manner possible.

You should know that all the following code modifications for SEO purposes are done to the file header.php (which is in the themes folder), if you are planning to implement any of my suggested changes I strongly recommend you make a backup copy of this file first.

To begin then lets have a look at how we can improve the keyword density of the main blog page and the main category pages by using the is_home() and the is_category() conditionals. By default on the main page Wordpress will simply start outputting your posts one after another, however if you have a look at this blogs main page you will see I have an introductionary paragraph which not only allows me to improve keyword density itself but also allows me to have my keywords closer to the top of the page than otherwise would have been possible. To do this I added code similar to the following at the very end of my header.php file:

if(is_home()) { echo “keyword rich blog description here“; }

The above line basically means that if the current page is the blog homepage then output the text in bold. Next up is the category pages, what I propose doing is writing a keyword rich introductionary paragraph for each category on the blog. The idea is the same as the one on the homepage except rather than an overall description these descriptions will be specific to the category page being viewed. As of yet I haven’t implemented these changes myself but am planning to get around to it depending on what my rankings are like in a month or two (after the redesigned site is fully spidered).

To continue then if you have a look at the official conditional tags page you will see that the is_category() tag can be used in a number of ways depending on what condition you want to check. I suggest using the is_category() tag parameterized by an ID corresponding to a certain category on your blog. To view the IDs of your categories go to the ‘Manage’ page in your admin interface and then go to the ‘Categories’ page, you should see all your categories listed out one after another with their corresponding IDs on the left.  Armed with your all your category IDs you can now make use of the is_category() tag by using code similiar to the following:

if(is_category(’3‘)) { echo “keyword rich category description here“; }

This code should be placed at the very end of the header.php file (well actually placing it above the is_home() tag is OK too, but make sure it appears after all of header.php’s original content) and will check if the archive page for the category with an ID of ‘3′ is currently being viewed and if so will output the text in bold. In the case of this blog, the category with an ID of ‘3′ is the SEO category so the bolded text above would probably read something like ‘Search engine optimisation related blog postings. Learn how to improve your rankings on Google, Yahoo and MSN, learn about the Google Sandbox, learn all about Wordpress search engine optimization……‘. The idea is to provide a fairly specific description of what’s actually on that page, that means mentioning the titles or a rewording of your titles. Google and the other search engines like to see keywords spread out over the page, older posts would of course be nearer to the bottom of the category archive page and thus their related keywords would be concentrated in that area so by having your post titles or rewordings of your post titles in the category archive description you should improve your chances of ranking well. Obviously you can’t cater for all posts in a category so I’d suggest that you give your older ones priority.

Next I’ll move onto optimizing the title tags of the various Wordpress pages. As you most likely know what’s contained within the title tag of a page has a major influence on how Google and the other search engines see that page so it’s quite important that Wordpress is optimised to the max in this respect. I’ll be making use of the is_home() and is_category() conditional tags again but I will also be using the is_single() tag too.

I have already implemented these changes which I’m about to recommend and thus I can’t exactly show you before and after examples on this blog, so that is why I will make reference to another Wordpress blog which is unoptimized (but which still ranks well due to large numbers of incoming links). The blog is a very high profile blog run by Google employee Matt Cutts blog and is located at http://www.mattcutts.com/blog/.

In terms of the actual blog posts themselves by default Wordpress places the name of the blog first then a ‘»’ and only then will it output the actual title of the post currently being viewed, for an example of this see Matt’s post entitled ‘Review: Winning Results with Google AdWords‘. Notice how the title of the post only comes after the name of the blog ‘Matt Cutts: Gadgets, Google, and SEO’. It is well known that words which occur near the start of the title tag have more weight with the search engines so obviously this default set up must be changed for maximum optimzation, this is done by having the title of the blog post appear first in the title tag, this can then by followed (if desired) by the name of the blog. The is_single() conditional tag can be used for this, this tag checks if any single post page is currently being displayed.

The title tag section of unoptimized Wordpress blogs should look something like this:

<title><?php bloginfo(’name’); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title>

To reorder the title tag to make it more appealing in terms of SEO, the above code needs to be changed to the following (now is the perfect time to make that backup if you haven’t already done so):

if ( is_single() )
{
?>
<title>
<?php wp_title(’ ‘); ?>
<?php if(wp_title(’ ‘, false)) { echo ‘ » ‘; } ?>
<?php bloginfo(’name’); ?>
</title>
<?php
}

The code first checks if any single page is being currently being displayed and if so enters the inner code section. In this section the wp_title() tag outputs the title of the current page and then sets the separator (which gets prepended to the bloginfo(’name’) variable) before outputting the name of the blog. Since the above code only deals with single pages it is of course part of a set of ‘if’ and ‘else’ conditional checks but that’s the actual post pages themselves taken care of, lets look briefly at the code to display the homepage title then (to be pasted below the above code):

else
{
if(is_home())
{ ?> <title><?php bloginfo(’name’); ?> SEO Blog | Irish / Ireland Technology Blog | Search Engine Optimisation blog<?php wp_title(); ?></title>
<? }

The text in bold is the only real change from the default homepage title here, I have added these words because the name/title of my blog (blogged thoughts) is not keyword rich so these should help in the SERPS. As for category page titles Wordpress is not the best it could be as it once again places the name of the blog before the name of the category which hampers search engine optimisation. In this case though I recommend more than a simple reversal of blog name and category name, I recommend ditching the blog name altogether and simply describing the current category in keyword rich terms (for your most important categories anyhow). In the code below I ditch the category name too, this might effect usability and thus whether you do this or not is up to you.

elseif (is_category(’3′))
{ ?> <title>SEO Blog | search engine optimisation | Google optimization blog</title> <?}
elseif (is_category(’8′))
{ ?> <title>Irish technology Blog | Ireland IT news | General Irish blog</title> <?}

At this stage the code should be kind of self-explanatory but if not, the code checks if the current page being displayed is the category page corresponding to an ID of either ‘3′ or ‘8′ and displays the appropriate keyword rich title. Click into the archive pages for either the ‘SEO‘ or ‘Ireland‘ categories on this blog and you will see the above titles, however the code so far only deals with single post pages, homepage and two specific categories, finally I need to provide some default code which will cover all other pages including category pages which I have not explicitly handled in the above code. This code goes below the above code and is as follows:

else 
{ ?> <title><?php bloginfo(’name’); ?> <?php wp_title(); ?></title> <? } } ?>

It outputs the name of the blog followed by the title of the currently being viewed page. Well there you have it, by using the above code you should be able to increase the rankings of your blog and its posts on the major search engines. Remember though as I mentioned in an earlier post that onpage optimization is only really a small part of what can be and has to be done to improve your rankings so be sure to also apply offpage optimisation methods to your blog and its posts also. As usual I appreciate your thoughts and comments on this post. I think I’ll cover some non SEO stuff for the next few posts.

Blogs can bring in a lot of visitors to your website via the big search engines such as Google, Yahoo and MSN if they are updated regularly and of course are properly optimized for these search engines. Although I haven’t been using Wordpress for that long I’m pretty sure that I’ve maximised the various settings and features available in terms of search engine optimization. Now when I say settings and features I basically mean standard options which are available within the various Wordpress interfaces by default, I’m not talking about editing the code in your blogs theme files, I will talk about that in a follow up post. You might have guessed then but this post (the first of two on Wordpress optimisation) will provide you with some tips for optimizing your blog and its posts in a non code modifying way.

Some of this stuff will be fairly basic but for the sake of completeness I will cover it anyhow. To begin then, the title/name of your blog is most likely not up for change as perhaps you already have an established blog which is known throughout your community but if it’s at all possible to include some keywords in your blog title be sure to do so. If for example your blog is about gardening then call your blog ‘Joe’s Gardening Blog’ or ‘The Gardening Guide Blog’ as opposed to something like ‘The Gnomes View’ this will help your blogs SEO chances by having occurrences of your blogs main keyword(s) in practically all your wordpress page titles and it should also help you due the keyword rich links which you will get (hopefully) from other bloggers and webmasters who link to your blog using its ‘official’ title/name. I suppose I could have followed this advice with my own title and called it something other than ‘Blogged Thoughts’, the reason I didn’t though is because my situation is a bit different as my blog is not only about SEO, it’s also about the Internet, technology and certain Irish issues which catch my fancy so I didn’t feel comfortable with anything too specific.

The next item refers to customizing permalinks. Permalinks are direct URL references to your blog posts. Wordpress allows you to customize these URL’s to make them static looking and keyword rich thus making them more appealing to the search engines, Google and MSN in particular though. The permalinks interface is available from the options menu in Wordpress and I suggest you make use of it. I have chosen the custom structure option and my syntax is “/%post_id%-%postname%.html” which produces URLs for each of my blog posts with the id of the blog post and the name of the post in them. You of course can use any structure you like and an excellent reference page is available at http://codex.wordpress.org/Using_Permalinks. After saving your structure Wordpress attempts to write Apache mod_rewrite code to your .htaccess file (if none exists a new one will be created) to allow your URLs to be rewritten according to your chosen structure, this of course means that permissions of 666 or greater will have to be applied to your .htaccess file and the directory it exists in (the main wordpress directory).

Next a paragraph about Wordpress categories. It should be no surprise to you that I recommend naming each of your categories in the most descriptive way possible, if you have space try and use more than one word I know though this is not always easy to do. Also in relation to categories be sure that you make use of the description field available when editing or creating a category as these are inserted into the title attributes of all category links and many search engines provide relevancy points for keywords in title attributes nowadays. Make your description keyword rich of course but don’t go overboard, remember the real intended purpose of the title attribute is to improve accessibility.

In terms of boosting the rankings of your actual posts, well the permalinks option which I discussed above will certainly help, this works best though if you have chosen the title of your post wisely. A common concept of search engine optimisation applies here again, be descriptive as possible and be vauge and general as little as possible. This means that when your entering your blog titles you should try and avoid fancy journalistic type ploys like alliteration, puns or metaphors as much as possible and simply tell it as it is. If your post is about emmm lets say…. Wordpress search engine optimization well then be pretty darn sure you include ‘Wordpress search engine optimization’ somewhere in the title of your blog post, preferabely near the beginning. Being descriptive as possible when titling your posts will mean that your main keywords will be included, this in turn will provide for keyword rich URLs (via permalinks), keyword rich heading tags and keyword rich title attributes on your blogs main page, relevant category and archive pages and the page of the blog post itself of course.

When choosing the category of a new post try and place it in as many relevant categories as possible (within reason of course). Often many posts will overlap two or more topics and could/should be placed in multiple categories because of this. Imagine a post about the Google sandbox… this post could go into categories called ‘Google’ and ‘SEO’, next imagine a post about hosting in Ireland… this post could go into categories called ‘Hosting’ and ‘Ireland’, well you get the idea. The advantage of placing posts in all relevant categories include the fact that the end post itself is linked to from more places on your blog and thus gets found easier by Google, Yahoo and MSN. In addition to this, if your posts get picked up by any syndication sites such as www.irishblogs.ie they will often archive your post snippet (and link back to the original blog post) in all the categories which it was placed in on your blog. To get a clearer idea of what I mean simply visit www.irishblogs.ie and notice how many of the posts are listed ‘in’ multiple categories, click into at least two of these categories and notice how the post snippet (and the link back to the original blog post) is present in all of them, this means that again your posts are easier to find but also that Pagerank (perhaps only a small amount though) will be passed to them. Irishblogs.ie is of course only applicable to certain blogs but I have noticed that most syndication sites work in the same way, so the advantages of multiple categories are there to be had no matter what your blog is about.

Well that’s really all the optimisation which can be done with Wordpress without getting your hands dirty with actual code modification. I mentioned above that this post was the first of two on wordpress optimisation and folks I don’t lie so check back on Wednesday or Thursday for the second part in which I will cover (or at least try to) the use of Wordpress code conditionals to optimise eh… Wordpress.