How Hackers Can Exploit Your WordPress Site

Being the most popular content management platform, as WordPress is, means that it also is a favorite target for hacker attacks. Also the fact that the core application is open source (i.e. free to download) means that hackers can get their hands on the source code and look for backdoors (i.e. ways or holes in the code to get into the installation on the server). As a website becomes more and more popular, it can easily end up on the radar of a WordPress hack. Some hack into sites for some weird sense of personal accomplishment or notoriety, others do it to insert spam links and affiliate links to adult sites for a quick buck.

The latter is the situation that one of our clients found themselves in. It was hacked with the goal of injecting spam links. Thankfully it was not to crash the site so content was not harmed outside of some posts having links added into the text. Files were also uploaded attempting to create fake headers to redirect the client’s site to porn sites. At TCK Media we went through the site files and database forensically to remove all malicious injections and restore original content while increasing security. This allowed us to see how the hackers tried to exploit the site.

As already mentioned, the hacker installed files such as default.php and others in an attempt to redirect to porn sites. This did not work and only created “headers already sent errors”, fortunately. However, the inserted files also prevented admin from being accessible via http.

A new user was created maliciously with admin permissions in order upload files via media uploader and also insert links into very old posts. The links were inserted within <div> tags and CSS to prevent them from being visible in the visual editor of WordPress admin, only in the text editor (where code is exposed) could they be seen. This would make the links hard to spot by the site owner unless he goes back to revisit old posts and only in editor set to text view. Also the links have ‘nofollow’ tags in order to prevent Google from flagging the sites as dangerous.  All of this explains why hackers target high traffic sites. Obviously, the hacker knew that the old posts would be indexed in Google and was hoping that visitors from search queries would see the spam links and click on them.

Through forensic review of all files and database we were able to isolate the illicit user, files, and injected links. Core WordPress files were re-installed and original content restored with added security.

Even though WordPress is a free open-source application, building a large site with high traffic using this tool requires a lot of different considerations to make it secure and able to withstand hack attacks. Premium themes, plugins, customization, hosting, etc., will make the cost add up. You can also take a look at our Insights feature, Guide to WordPress Security, for more information and practical steps each site owner can take to prevent a WordPress hack.

E-commerce Tips

E-commerce is the business of buying and selling products online. Anytime there is a purchase over the Internet in exchange for goods, whether physical or digital, a website must have e-commerce functionality. This basically entails having a way to accept online payments and take orders that then can be fulfilled either offline, for physical goods, or automatically online, for digital goods usually in the form of downloads.

Over the past number of years e-commerce has been growing incredibly in popularity and even traditionally brick-and-mortar stores have created an e-commerce website where customers can order online and either pick up at the nearest location or have the item(s) delivered via mail.

Today, e-commerce is a multi-billion dollar industry where annual revenue is in the hundreds of billions of dollars. With those high numbers also comes competition and certain standards expected by customers. Also, an e-commerce website must have a higher overall user experience (UX) to be successful. Here are top e-commerce tips to help you succeed.

Don’t Rush the Launch
This is one of the biggest mistakes made by unsuccessful e-commerce entrepreneurs. Make sure that you have all the areas covered of your website, from content & SEO to design and functionality. You only have one chance at a successful launch and to make a first impression. Nothing turns people off a website more than errors in functionality and poor experience. So make sure you have all aspects of your site fully tested before launching.

Focus on User Experience
One of the major shortcomings of an e-commerce website is that the visitor can’t feel, touch or smell the product. You need to compensate by making the site as user-friendly as possible. This means that you should have clear images of all angles of the products along with the ability to enlarge images. Make the check out process as easy as possible. Process the order immediately after payment. And offer a reasonable return policy to put the customer’s mind at ease.

Closely Integrate Social Media
Social media is the life-line of a business. This is where you can interact with your customers and potential customers. Get almost immediate feedback and stay close to your audience. As well as reach out to new prospective customers. Social media management should not be delegated to a third-party. You want to stay close to this part of your e-marketing. If you have a social media manager, make sure that you are involved as well. Also add social media widgets to your website such as Facebook likes, latest tweets, and social media sharing buttons.

Make Your Site Mobile-Friendly
More and more people access e-commerce websites using mobile devices such as tablets and smartphones. The amount of purchases online using mobile devices is growing exponentially each year. If your website is not mobile-friendly then you are losing a lot of business and may become irrelevant in a few years.

Make SEO a Priority
There is no question about it, when it comes to succeeding only in any type of business, SEO is critical. If you are not getting sales from people coming to your site via organic, or natural, search engine results then you are struggling and will continue to struggle. In order to succeed in e-commerce, prospective customers must be able to find you on the search engines using keywords related to your products. A professional SEO company can help you in this area.

Build a Customer Database
Customers that have purchased from you and are happy with their purchase are more than likely to buy from you again. Build a database of email addresses. Put up a subscription form on your website so that visitors can subscribe to receive special discounts, new product info, and more. Sending out periodic email flyers will keep people coming back to your site and encourage them to buy. The best part is that it the benefits far outweigh the cost of email marketing.

Take Full Advantage of Testimonials and Reviews
If you have positive comments from customers who were happy with their experience on your site, make sure you post those comments for others to see. It will help build confidence in your e-commerce site. Also, integrate reviews and ratings for your products. Not only will good reviews and ratings promote more sales, but also even if you get bad reviews, it can help you gauge what products to continue to sell and which to discontinue. As such you keep only the best products that customers buy more often and return less often.

Provide as Much Information as Possible
Have a detailed FAQ page on your site. There should also be a Company Info page as well as clearly outlined policies and easy to find contact information. The more details you provide and more questions you answer, the likelihood of misunderstandings are much lower which leads to more customer confidence.

Integrate Strong Analytics Program
You want to be able to track your visitors that come to your site. Where are they coming from? Search engines, direct navigation, or links from other sites. This can help you to see if your SEO program is working and if it needs improvement. What are they doing on your site? You want to know what pages are visitors spend time on and how much time. What the landing and exit pages are. What the bounce rate is. If your visitors come to only one page and then leave after a brief time then it is a bounce. You want to keep the bounce rate as low as possible. Analytics will also show you how many visitors are completing important goals on your site such as making a purchase or signing up to your email newsletter.

By incorporating these e-commerce tips into your site, you are greatly increasing your chances of success.

Guide to WordPress Security

WordPress security is a growing concern as the popularity of this software continues to grow. The great thing about open source software such as WordPress is that it is available to everyone for free. The worst thing about open source software is that it is available to everyone for free. Although this great piece of software has many developers working on improving it and creating new plugins all the time, it is also extremely vulnerable to hacker attacks because everyone has open access to the source code. For this reason Open Source software such as WordPress receives a lot of security updates for each new version release. However, this is not enough and WordPress site owners can do a lot to increase the WordPress security of their sites.

The WordPress team has made the installation and launch of a new website very easy and fast. Some hosting companies even offer one-click installation. This simplified installation process can make one easily overlook the security steps needed to make their WordPress site very secure, which can take some effort. Whether you are using an open source CMS such as WordPress or custom built CMS, security is always a serious concern.

Here are the top tips for protecting your WordPress site:

Basic WordPress Security Tips

1. Use a good Web hosting company with proven track record. A good hosting provider will ensure their servers have the latest security patches, PHP/MySQL updates, firewall, brute force attack prevention, and other security features. One that specializes in WordPress business hosting is ideal.

2. Install your WordPress core admin files in some other directory than the root one.

3. Change the table prefix from wp_ to something else.

4. Use a very strong password for the database user.

5. Also use a strong password for your WP login and choose a username much less obvious than ‘admin’. WordPress now comes with a password strength indicator. Make sure that it shows that your chosen password is strong.

6. Delete the pre-installed pages, posts, and plugins.

7. Use only premium themes and plugins. Make sure that the plugin you install has good reviews and a good number of active installs. If the plugin is a security risk it likely will not have many installs and if it does, it will have a low star rating. Poor plugins have lazy or buggy code that can be easily exploited by hackers.

8. Use a good captcha plugin for ALL of your forms, including your wp-admin login. You can install a Google Recaptcha integration plugin or another anti-spam plugin keeping in mind point number 7 above.

9. Always update your core WordPress files, themes and plugins to the latest versions as soon as they become available. You may want to install “Advanced Automatic Updates” to help you automate the process.

10. Keep your computer virus-clean by regularly doing a virus scan with anti-virus software that also is regularly updated. Some hackers can get your password and username through malware installed on your computer.

Advanced WordPress Security Tips

1. Install and configure an anti-malware firewall plugin.

2. Activate 2 factor authentication (2FA). This is another step in your login process that gives you an extra peace of mind. You can search for 2 factor authentication plugins through WordPress plugin marketplace or Google. The two most popular currently are “Clef” and “Two-Factor Authentication (Google Authenticator)”. Both use your smartphone (iOS or Android) as the second layer of authentication.

3. Install an SSL on your website hosting account.

4. Ensure that none of you subdirectories can be viewed via http by creating a blank index.html(or php) file in all subdirectories.

These are some of the key ways you can beef up your WordPress security and stay protected from malicious attacks.

Tips for Writing SEO Web Content

Content is one of the most critical aspects of SEO. Without quality content it is near impossible to rank well on the search results pages. This is because the Web is all about content. Content is what pushes up the value of the website and the search engines. Search engines want to present the best content for the search query possible and weed out the garbage. This is a constant battle and search engines change their algorithms to seek to improve search results. For long term SEO, content should be the priority of any website.

First and foremost, when creating content, keep the best interest of your visitors in mind. Creating compelling content for your visitors will have optimum impact in SEO. You want to create content that people will want to bookmark, link to from the blogs, like or plus one on Facebook and Google, and return to the site. This will have a great impact on SEO.

Primary content can be broken down into these aspects: text, images, and video. Try to use the combination of all three as much as possible. Visitors and search engines love all three.

When it comes to text content, be sure to include your most important keywords in headings and subheadings. That means including them in <H1>, <H2>, etc., tags. Use the exact keyword in the text as much as logically is reasonable without overdoing it. The text should make sense when being read by a person and not sound like you are stuffing keywords for the sake of search engines. This would be counterproductive as search engines are become more and more smart to figure out these tactics.

Images should use ALT tags to describe the content of the image and file naming should reflect the content of the images as well. These items should be exact matches for or related to the keywords you are targeting on the page.

Videos are also great sources of content. One way you can optimize them for SEO is by creating a YouTube account and upload videos then imbed them in your pages. On YouTube you can also add title, description, and keywords or tags. Obviously you would want to include your website URL in the description.

Create Fresh Content

There are many ways you can produce fresh content. The chief way is by having a blog and updating it on a regular basis. You can have a blog externally hosted (i.e. at another domain name,, , etc.). However it is recommended that you have a blog at the website you want to build traffic to. This way all content you add will directly benefit your site. You don’t need to write every day, but spending a couple of hours or more on your blog a week can go a long way to improve your traffic and search engine ranking.

Don’t know what to write about? There are many ideas floating out there: write a review, write about an experience, write about a news item (scan websites related to your business for ideas), write about an idea you have the would save time or money for your audience/customers, etc. Your blog post does not need to be long, 300-500 words is enough. Blogging is by far the most popular way of leveraging content for SEO benefits. But it is not the only way.

Can you take photos of anything related to your business? Posting them online in galleries is an excellent way to gain attention to your services and build traffic. How about video? It is easy now to have a page on sites like YouTube, upload videos you take on your camera and embed them in your website. If you can think of a Web-based service you can offer to your visitors, this is an excellent way to offer greater value to them, which in turn increases the ranking of your site on the search engines.

Search Engine Optimization Basics

If you opt to build your own site either using one of the online website builders or software such as Adobe Dreamweaver or similar, learning basic search engine optimization (SEO for short) is something you can pick up quickly. Ranking well, on the other hand, is an art and takes time to master. In this article we discuss the basics of SEO for beginners. There are 3 basic phases to SEO: keyword research, on-site optimization, and off-site optimization.

Keyword Research

Before you set to do any SEO, you need to perform keyword research. As an expert in your field you may feel that you know what keywords your site should be optimized for. But you must resist this temptation. Keyword research will tell you what keywords your prospects are actually using in Web searches to find your information, products or services. If you optimize for the wrong keywords it will be a waste of time and/or money that will not bring any results.

Keyword research is a critical aspect of your SEO. It will tell you what keywords are being used to search for information, products, and services you are offering. Since Google is the biggest search engine out there we will use its data to help us understand what search phrases or keywords are most popular.

The first and easiest way you can identify popular search terms is by starting to type into the Google search field. Google will then display search suggestions based on your entry. This will tell you the most popular search queries based on your text string.

Another free method is using Google’s keyword tool, part to their Adwords service, located at

The aforementioned keyword research will tell you what search terms are being commonly used on Google. If you want to go expand your keyword research to other search engines and even find out what keywords are being used by your competitors, then you will need to go the paid service route. To find out who offers what, just do a search for “keyword research” on your favorite search engine.

Do this step right and you’re on your way to making your SEO efforts pay off.

On-site Search Engine Optimization

This has to do with and Web page content for the keywords from your keyword research phase. SEO must impact the meta tags, alt tags, and link structure in your HTML code. This phase also involves the regular creation of new and original content. Additionally, you must pay special attention to correct and logical placement of keywords in your on-page content.

Optimizing your HTML code is part of the big puzzle that will help rank your site better. The goal of this process is to help the search engine bot (a program that crawls and reads Web pages, aka spider) to help make sense of your site and let it know clearly what your site is about.

This includes properly setting your TITLE, META, and ALT tags.

The TITLE and META tags go into HEAD section of the Web page:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Title of the page</title>
<meta name="description" content="Description goes here." />
<meta name="keywords" content="Keywords go here." />

Think of your website as a book that is placed in a huge bookstore or library. The TITLE identifies the theme of your site or Web page. DESCRIPTION tells someone in brief what the site or Web page is about. And KEYWORDS help to find more specific info on the Web page that a person may be searching for.

Be careful not to put too much info into these sections as this will make your Web page less relevant for anything and confusing to the search engine bot and, ultimately, human visitors. If the search engine bot finds your site confusing, it will not rank well at all on the search engine results.

You should have a separate TITLE, DESCRIPTION, and KEYWORDS for each Web page and be as specific and to the point as possible.

The ALT Tag

The other tag that is very important is your ALT tag. This tag is used for images. An image in of itself is something arbitrary to the search engine bot. It doesn’t mean much until you add an ALT tag. This tag tells the bot what the image is of and this information can now be indexed.

<img src="image.jpg" alt="Skyline of Toronto" />

Another way to even further improve the relevance of your Web page is to give keyword-specific names to your images, along with ALT tags:

<img src="skyline_of_toronto.jpg" alt="Skyline of Toronto" />

You notice that the actual filename of the image includes the keyword. That, along with the ALT tag, will add more weight to the keyword.

Bear in mind that this process will only aid in the correct indexing of your site and is only a small part of the big picture of getting ranked on the first page of search engine results pages.

Off-site Search Engine Optimization

This is by far the longest and most difficult phase of SEO since it is continuous and never really should end. It involves incoming link building which is a time consuming and tedious ongoing process. So much so that many SEO companies try to take short-cuts by buying links on sites and networks of sites. This may work for a while but eventually leads to being banned on search engines. Google is the most zealous of search engines to weed out this type of practice. Just take a look at this example of Google banning an agency for link buying.

Top 10 Internet Marketing Mistakes Made by Businesses

Many small business owners don’t realize that they can do much to contribute to the online marketing of their websites with little effort or money, or do a lot of damage. Here is a list of the top 10 Internet marketing mistakes made by businesses and how to avoid them.

1. Not having a regularly updated blog.

Content is king when it comes to online marketing. A blog is a standalone website or an area within another website where you can easily make quick posts or lengthy commentaries. You can send posts to your blog even with a smartphone. Once you learn how to run a blog, it really is an easy way to build content on your site and also promote yourself as an expert in your field. A business is missing out on a lot marketing potential without running a blog on their site. If you have a blog you should update it on a regular basis, once a week, 2 or 3 times a month at very least. But nothing turns off visitors and search engine more than blogs with posts that are months or even years old.

2. Ignoring Bing & Yahoo search engines for PPC advertising.

Most businesses focus on Google results. It’s no wonder since it is by far the most popular search engine. Businesses vehemently compete for top positions on Google’s results pages and Pay-Per-Click (PPC) advertising, known as Adwords. However, being the most popular comes also with a price. If you are not careful, you can blow a lot of money on low quality traffic. Bing and Yahoo, on the other hand, are more affordable for advertising and although search traffic is much lower than Google’s, the traffic is generally of high quality. So even if you use Adwords, you should not overlook the marketing potential of Bing and Yahoo. There may be a good percentage of your target audience using those search engines.

3. Not utilizing social media to the full.

Social media is a strong signal for search engines to rank sites, not to mention a great way to connect with new potential customers and stay connected with existing ones. At the very least, you should have a matching Twitter, Facebook, and Linkedin accounts for your business and promote them on your website. Once set up, social media pages are very easy to update. Additionally, search engine rank social media pages well for searches for your company. You should also have social media share buttons on your website so that visitors that like your pages can quickly share your link with their contacts on social media as well as like your pages on Facebook.

4. Not syncing offline and online marketing efforts.

Once you have a website and social media pages, you should use them prominently on all offline marketing material. This includes business cards, brochures, print ads, labels on vehicles and clothes, etc.

5. Poor email skills.

Email is a great way to build and establish relationships. When you write an email to someone, put yourself in the shoes of the reader and ask yourself: How does the email sound to me as the recipient? Is it cold? Does it sound like I am upset? Does it sound professional? Does it sound like an email I would like to receive? It’s true that many times an email must be to the point and at times express displeasure. However, there is no place in business to use curt or vulgar remarks. Additionally, there is no excuse for not having a closing signature such as: “Best Regards”, “Thank you”, “Sincerely”, or similar. Additionally, you should have a link to your website in the signature of all outgoing emails.

6. Sloppy writing.

I remember having bosses that almost thrived on sloppy writing, misspelled words, missing words, incomplete sentences, etc. It was like they were trying to say “I’m so busy that I don’t have time to write correctly.” However, in an online world your writing says a lot about you and your attention to details. Additionally, Google’s algorithm gives priority to pages that have text with correct grammar. So sloppy writing will hurt you online.

7. Plagiarizing content.

This is a definite no-no. Not only can this get you in some hot water, legally speaking, but also search engines like Google will either remove your site from the search results or keep you way way down so no one will ever see your site.

8. Missing happy customer opportunities.

Happy customers can help your business in many ways. One of the best ways is by leaving positive feedback on Google, Yelp, and other review services. So if you have a happy customer, ask them to leave a positive review for your business. Better still, ask to do a case study that you can add to your company site.

9. Failure to maintain cool.

If you get a complaint, whether via email or on social media, the worst you can do is lose your cool and fire back. Anything you write can be used to hurt your reputation by propagating across the Internet. The best way to deal with irate customers is quickly to respond in a tactful way. Find out the problem and offer a solution. At the very least you will encourage the person to calm down and just move on. Responding in kind will only backfire.

10. Impatience

This is one of the biggest errors made by small business. They get a new domain name and new website and if they don’t see results in the first few months, throw in the towel and start over or not. The problem is that all the investment goes to waste before it even has a chance to work. Google takes a long time to rank sites that are a year old or less. Instead of throwing in the towel, i.e. quitting, it is best to do a complete site audit (if results are not as expected within a reasonable time) and build on the investment by making the necessary changes. The Web is updated and grows at an organic rate and progress naturally is over a period of time.