Author: Vineetha

Improve your content and fully optimize your WordPress Site

 

wordpress-589121_1280

WordPress itself is a very efficient platform for SEO technically but this doesn’t really mean that there is no scope for improvement!

The WordPress SEO plugin by Yoast makes the SEO of your site better on all required and important aspects. All the technical optimiazation is taken care of by this plugin which persuades you to choose a focus keyword and makes sure that the focus keyword is used everywhere when you’re writing your articles.

Improved content with WordPress SEO

The snippet preview enables you to see how your page or post will appear in the search results. It will help you find out if the length of the title is good or not – if it is too long or too short. The WordPress SEO plugin by Yoast will also guide you to find out if your meta description is making any sense from point of view of search results. Thus, it will lead to increased rankings and also a boost in click through when it comes to organic search results.

Page Analysis

There are many simple things that you may forget but the Page Analysis of The WordPress SEO plugin by Yoast makes sure you do not. For example, it checks the following:

  • If there are images in the content.
  • If you have an alt tag that contains the focus keyword for the content.
  • If the content is long enough.
  • If the meta description has been written.
  • If the focus keyword is included in the meta description.
  • If there are subheadings within the content.
  • And more…

 

In addition to this, the plugin helps you to write descriptions and meta titles for each of your category, custom taxonomy archives and tag which enables you to optimize these pages further. In short, the plugin will make sure that your post has the content that will be loved by the search engines.

Technical SEO

WordPress itself is very good for SEO. It just needs some minor tweaks. The WordPress SEO plugin will guide through some important settings such as it will remind to enable pretty permalinks. Through automatic optimization and insertion of Google and other search engines friendly meta tags and links, the pliugin even goes beyond that.

Meta & Link Elements

The WordPress SEO plugin enables you to control the pages shown and not shown by Google in the search results. The default setting lets all your pages indexed by the search engines, which includes category and tag, archives but display only the first pages in the results. Is it useful for a visitor to land on the 3rd page of the personal category? The answer is obviously ‘No’.

WordPress by itself displays canonical link elements on only single pages while the canonical link elements are made everywhere by WordPress SEO. In a recent announcement Google said that the link elements rel=”next” and rel=”prev” will also be used in the head section of the paginated archives. The WordPress SEO plugin by Yoast adds these automatically.

XML Sitemaps

When compared to other WordPress plugin, the plugin by Yoast is most advanced when it comes to Sitemaps functions. Once the box is checked, XML sitemaps are automatically created and Google and Bing are notified of the sitemaps existence. The XML sitemaps also include the images in your content and pages enabling them to be found by and show up in search results. You don’t have to worry about the size of your sites as these XML Sitemaps are created to work on sites that are large too. They will also automatically work with custom taxanomies and custom content while providing you the freedom to remove them from the XML sitemap if you desire. The XML sitemaps can be easily read by human eyes too as they use XSL stylesheets, so you can find things that should not be there.

Optimizing RSS

Are scrapers outranking you? Don’t curse them instead use them for your benefit! The WordPress SEO plugin by Yoast automatically adds a link to your RSS feed that points back to the original post and the search engines thus know where to look for the original post. This helps you get rid of the scrapers instantly and boost your chance to rank for your chosen keywords.

Breadcrumbs

If you have a compatible theme such as those based on Genesis or those by Woo Themes, you can make use of the Breadcrumb function that is built-in. This helps to provide easy navigation to visitors and also to the search engines. This supports the search engine to understand the structure your site has.

Social Integration

SEO and Social Media have a great connection, so this plugin also implements a Facebook OpenGraph and it will soon be supporting Google+ sharing tags too.

Compatibility to Multi-Site

Unlike some other plugins, the SEO plugin by Yoast has Multi-Site compatibility. The XML Sitemaps works properly in all type of setups and in the Network settings, you even have the option that enables you to copy settings from one post to another or use the settings of a particular blog as default for other blog

Import & Export

If you run more than one blog, setting plugins for all of them is very time consuming and tiring but this plugin makes things simple. You just need setting up the plugin once and then you can simply export them. After this, you can import the settings on your other sites.

Import for other plugins

If you were previously using another plugin like HeadSpace2 or All In One SEO Pack, you might wish to import your descriptions and tiles that are old. The plugin makes this easy with its import functionality that is built-in. Even for older plugins by Yoast like RSS footer and Robots meta, there is an import functionality.

WordPress SEO By Yoast Vulnerability Puts Websites At High Risk

A perilous vulnerability has been found in the very popular plugin of the WordPress content management platform (CMS) putting about tens of Millions of websites at very high risks of hacking by the attackers.

The vulnerability is in almost all versions of a WordPress plugin which is called ‘WordPress SEO by Yoast’ As per Yoast Website, this plugin has more than fourteen million downloads which makes it one of the most famous plugins of WordPress to optimize websites for various search engines (Search engine optimization or SEO).

The person who discovered this vulnerability in WordPress SEO by Yoast is the developer of ‘WPScan’ (WordPress vulnerability scanner).

According to a published advisory the versions of WordPress SEO by Yoast before 1.7.3.3 are vulnerable to a web application flaw and this is known as ‘Blind SQL Injection’.

The SQLi (SQL injections) are known to be critical vulnerabilities they can lead to database breach and also to leakage of information that is confidential. Usually, in these attacks, a SQL query that is malformed is inserted into an application through client-side input.

How Does The Yoast Vulnerability Work?

However, in this case, the outside hacker cannot trigger the vulnerability itself because the flaw in actuality is located in a file that needs authorization for access and can be accessed only by Admin, Author or Editor and privileged users of WordPress. The file is ‘admin/class-bulk-editor-list-table.php

Thus, a trigger from authorized users is required for successful exploitation of this vulnerability. The attacker can make use of social engineering to trap the authorized users and make them click on a special URL that is payload exploitable.

As explained by Ryan to Graham Cluely (security blogger), if an authorized user of WordPress falls into the trap, the exploit will be allowed to carry execution of arbitrary SQL queries on the WordPress website of the victim.

A proof-of-concept payload was also released by Ryan for Blind SQLi vulnerability in the WordPress SEO by Yoast. This is as below:

http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&
type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&
order=asc

Patch for the Yoast SQL injection Vulnerability
If reports are to be believed, in the latest version 1.7.4 of WordPress SEO by Yoast, the vulnerability has been patched. The developers of WordPress plugin have done this and this is also mentioned in the changed log. It reads that latest version 1.7.4 has fixed “possible CSRF and blind SQL injection vulnerabilities in bulk editor.”

Normally, it is believed that your website is not seriously complete, if you don’t have the WordPress SEO by Yoast installed. The website owners aim at increasing the traffic of their website using this plugin and this vulnerability is really serious for them.

Thus, the administrators of WordPress that do not have an auto-update feature are highly recommended to upgrade their plugin (WordPress SEO by Yoast) manually as soon as possible. They should visit the WordPress plugin repository to manually download the latest version. If you have the WordPress version 3.7 or above, it is wise to enable the fully automated update of your plugins and themes. You can do this from the tab – Manage – Plugin and Themes – Auto Updates.