EzSEO Newsletter #319 19

In this issue:

1. Future-Proof SEO – part 3

2. How can you make your WordPress Site Hacker Proof?


Hi Again

In one of the recent newsletters, somebody left a comment asking about making their WordPress site hacker proof. In today's newsletter I want to have a closer look at this and show you how you can make your site “hacker proof”.

Also in the newsletter you can read part 3 of my e-book "Future-Proof SEO". 

Let’s get on with it…

1. Future-Proof SEO – part 3

Site Organization

(a) Silos

The way you structure your site is extremely important not only for the search engines but also human visitors.

From a human point of view, it makes sense that content on a similar topic should all be found in the same place.

For example, if you have a website selling bikes, all of the mountain bikes should be found together in the same section.

If you're using WordPress as a site builder, organising your site like this is extremely easy.  You simply create a category for each topic and assign that category to relevant posts. I tend to only assign one category to every post as this makes a better silo.  If I want to cross link between categories, I rely on tags (more on this later).

In the example above you have a category called mountain bikes, and all content relating to mountain bikes will be found in that category.

This type of "silo" structure works very well for the search engines as well because it helps them categorise your content. Think of the site that has reviews of the following bikes and accessories.

  • Allen Deluxe 4-Bike Hitch Mount Rack
  • GMC Denali Pro Road Bike
  • GMC Denali Women's Road Bike
  • GMC Topkick Dual-Suspension Mountain Bike
  • Hollywood Racks E3 Express 3-Bike Trunk Mount Rack
  • Kawasaki DX226FS 26-Inch Dual Suspension Mountain Bike
  • Mongoose Exile Dual-Suspension Mountain Bike
  • Pacific Stratus Men's Mountain Bike
  • Topeak Explorer Bike Rack
  • Victory Vision Men's Road Bike

If you were to put them into silos, it would look something like this.

Silo 1 – Category = Mountain Bikes

  • GMC Topkick Dual-Suspension Mountain Bike
  • Kawasaki DX226FS 26-Inch Dual Suspension Mountain Bike
  • Mongoose Exile Dual-Suspension Mountain Bike
  • Pacific Stratus Men's Mountain Bike

Silo 2 – Category = Road Bikes

  • GMC Denali Pro Road Bike
  • GMC Denali Women's Road Bike
  • Victory Vision Men's Road Bike

Silo 3 – Category = Car Racks

  • Allen Deluxe 4-Bike Hitch Mount Rack
  • Hollywood Racks E3 Express 3-Bike Trunk Mount Rack
  • Topeak Explorer Bike Rack

So overall than, the structure of our site is as follows:



(b) Internal Links

One of the most overlooked pieces of the SEO jigsaw is internal linking. That is, pages on your site that link to other pages on your site using keyword rich anchor text.

With WordPress, there are plug-ins that can help you automate some of the internal linking on your site. For example “Yet Another Related Posts” plugin, or YARP to its friends, will automatically create a related posts section at the end of every article on your site. You can configure it so that it can only find related posts within the same category if you want and this creates a tighter silo.

Here is an example of a Related Posts section from a post on my Affiliate-Minder.com website:


There are a number of related posts plug-ins that you can use to achieve the same thing.

Another form of internal linking which I think is extremely important is links within the body of your articles. For example, if you are writing an article about the "GMC Topkick Dual-Suspension Mountain Bike", you might like to compare certain features of the bike to the “Mongoose Exile Dual-Suspension Mountain Bike”. When you mention the name of the Mongoose Exile bike, you would link the name of the bike to that particular post on your site.

This type of internal linking helps to increase indexing of your site as well as the rankings of individual pages.

(c) Tags

Tags are another way to categorise content on your WordPress site. When you write a post, you can include a number of keyword tags which help categorise the post.

For example, if you wrote a post about the “Dyson DC 33 Animal” vacuum, you would probably put it in the category “Dyson”. However you could use tags to further categorise this post. For example:

  • Upright
  • Dyson Ball
  • Pet hair
  • HEPA filter
  • Bagless

These tags will help to categorise the post within the Dyson category. 

WordPress actually creates a page for each of these tags and each of these tag pages can actually rank quite well in Google.

Let's use the example tag “HEPA filter”. Every vacuum review that you write on your site that you tag with “HEPA Filter” will appear on the HEPA filter tag page. As you write more content on your site, tag pages get longer and longer as new vacuums are added according to their tags to the tag pages.

When someone comes to your site, they can view vacuums by Manufacturer (using categories of the site, e.g. Dyson), or by the functionality of the vacuum, e.g. see all vacuum with a HEPA filter (on the tag page).

I advise you to use tags wisely. Don't tag every post with hundreds of tags. Think about your tags and only include the most relevant ones for each post. 

I have written an article called " WordPress Tags – Uses and Abuses” if you want to read more about tags and how to use them properly.

2. How can you make your WordPress Site Hacker Proof?

Almost every Internet Marketing Forum has cases of people complaining that their WordPress site was hacked. Unfortunately Hackers seem to enjoy hurting other people. They break into your site and ruin all of your hard work.

What they do while they're in their can be something as simple as putting a big banner across the top of every page of your site saying "Hacked" (often with the name of the hacking group responsible).

Other things they might do include adding links to their own sites or to porn sites (this can quickly get your site penalised in Google).

When one of my sites was hacked a few years ago, they replaced my Google Adsense with their Google Adsense.

Sometimes the hackers will just mess up your site and delete your data.

In this newsletter I like to tell you how to make your site hacker proof…. Well sort of…  If you think about some of the government agencies and big corporations that have been hacked over the years (with their high tech security) you should know that there is no such thing as hacker proof security.

OK, so hacker proof does not exist but there are ways to minimise the risks and there are ways to make sure that if a hacker does delete your data you can be back up and running within minutes.

The first thing I recommend is a script called WP Secure. This is the script that I use on my own sites, and to date, none of been hacked.  I bought resell rights to the script a few years ago so if you want to get a copy you can buy WP Secure for just $12.

The way this works is as follows:

You setup an "entrance page" to your blog giving it an obscure name that no one will guess.  Instead of going into your blog through the WP admin URL, you go to your blog through this entrance page. As you do, your IP address will be written to the WP admin folder in an .htaccess file.  If your IP address changes, then the new IP address will be written to .htaccess file.  If you don’t understand all of that, don’t worry. Fill instructions come with the script.

If anybody tries to access your website through the WP admin URL, even if they know your username and password, they wont get in unless their IP address is the same as the IP address that was written to the WP admin folder.

That's part 1 of my anti-hacker strategy.

Is this method hacker proof?  Of course not, but it will stop most hackers. 

Part 2 of my strategy is to take backups.  I actually take backups in two ways:

1. Using WP-DBManager plugin

This plug-in can be set up to automatically take backups at predefined intervals and then e-mail you a zip file containing the backup. I tend to get backups sent once a week. The backup that this plug-in creates only contains the database. However, the database is the most important information as it contains your posts, comments, and other stuff that is stored in the database. With this backup, it is possible to restore your site, however, plugins and any other files on your site that are not specifically stored in the database won't be restored.

2. WP Twin script

This script is mainly being marketed as a site cloning tool for people who want to setup new WordPress sites quickly – ie, you setup one WordPress installation with all of your customisations and can then quickly get other sites up and running with identical setup simply by cloning the first site.

However, this script is probably as close as you can get to the perfect backup solution for WordPress sites.

WPTwin makes restoring sites so easy that you can literally be up and running in minutes if your site and data is deleted by hackers.  This script will backup EVERYTHING in the sites directory if you want it to, so any extra files you may have will also be saved – e.g. you may have a folder that contains downloads like an eBook.  This will also be backed up with WP Twin.

Here is a video I recorded showing you the power of WP Twin.


Read more about WP Twin.

WP Twin is $97, but its worth far more than that for peace of mind that your sites are essentially hacker proof, since you can restore your sites so easily.  If you are on a tight budget, there is an alternative WordPress plug-in that you can see here. 

NOTE: I haven't used this alternative, so cannot comment on how effective it is.  My only concern is putting all my faith in a new product like this.

Don’t wait until you wake up in the morning to find your site has been violated.  Backup regularly with WP-DBManager & WP Twin.


OK, that's it for this newsletter. 

Until next time.  Have a great week!

Visit the subscriber Bonus page for free reports:


If you enjoyed this newsletter, please recommend it to your friends. Also if you have any tips of your own, questions or comments, please leave a comment at the online version of this newsletter: http://ezseonews.com

Any tips or questions & answers I print in this newsletter will also be put up on the web version of the newsletter with a link to your site if you want it. That's extra free traffic for your site as well as an incoming link to your site.

The products reviewed in this newsletter are often affiliate products, and as such, if you buy through my link, I will receive a commission.

The contents of this newsletter is copyright 2011 Andrew Williams.  If you want to republish any of the articles, you must get permission from the author.

This newsletter disclaims all responsibility for the advertising copy or the product advertised. You cannot rely on the fact that the newsletter has examined the product or recommends or endorses the product, unless it clearly says that it has, when you make your decision whether or not to purchase the product or interact with the advertiser. You are advised to do your own investigation before buying.


Leave a comment

Your email address will not be published. Required fields are marked *

19 thoughts on “EzSEO Newsletter #319

  • Marshall

    Andy’s security recommends are good ones. I will try the wpsecure script. Bulletproof security is a pretty good free plugin. Make sure you follow the directions exactly and make backups of your current .htaccess files as step one. And Make sure you have a DB backup that you have ftp access to it.

    The core WP files are generally pretty secure. It is the plugins that offer the most chance for a hacker to get into your site. If you do get hacked, check any file that has rewrite in the title for odd looking code. Generally at the top of the file.
    more info on WP security issues. timthumb.php zero day security risk
    This is a big one as many themes and plugins use the timthumb code for image resizing. Be sure to get the new version here http://timthumb.googlecode.com/svn/trunk/timthumb.php

    A good link from the first article is:

    Some great ways to secure your WordPress site once it is clean:
    Good reading here for hardening your WP site.

    Also use a generic robots.txt file for WP to keep Google and other SE spiders from indexing your wp-login.php page and plugins.
    http://codex.wordpress.org/Search_Engine_Optimization_for_WordPress about 2/3 way down page. Search engine spiders will go whereever there is a link and they are not specifically kept out by robots.txt or the .htaccess file
    Change the password to your cpanel regularly
    setup a special ftp user account for yourself with a unique name and password set to go to the public_html part of your site. Change the password regularly.
    Change the password to your WP login regularly. Use an online password generator and 10 to 12 characters for your password.
    Change the auth codes in your wp-config.php file regularly.
    https://api.wordpress.org/secret-key/1.1/salt/ This page generates the necessary codes for the log-in page. Separate each line with a blank line to make them easier to read.

    Although with Andy’s wpsecure it may not be quite as necessary.

    Once you have been hacked, you need to take immediate action to clean your site. Having a clean WP site backup to reinstall is a good idea. Andy’s two recommends are good ones.

  • Raph

    I was hacked a couple of months ago (my fault as I was using a very old version of WP!). Google listed my site as an “Attack” site and showed an ominous red warning when you try to access. I had to delete every thing which was a sham because the domain is pretty old.

    Ever since I am paranoid about hackers! I am learning anything I can about securing my WP sites and this was a good article. I do have most of the security plugins out there.

    One of the problems with building WP sites that leads to security problems is management. When you start to build a lot of sites on different domains/host it becomes very difficult to mange them so some get ignored and over time they are not updated and there is the opportunity of the hacker.

    I am still looking for a management script that can keep track of all my sites;logins;cpanel info etc AND update my sites from one place. I have see a couple they are all server side and of course they want monthly fees(plus the script lives on someone else server which I don’t like anymore).

    I am looking for a desktop solution so if you know of one please let me know. Excel and Roboform canonly go so far!!

  • Andy

    Security is fundamental for all our work online (the sites we own). I’ve been using WP-Secure for almost 2 years (thanks Dr. Andy) and recently I have started using two other plugins ‘antivirus’ and ‘login lockdown’ for additional protection.

    The other precautions I take are hiding all folder files from browsing, by setting the ‘index manager’ in cpanel to ‘no indexing’, and adding some code to robots.txt file that stops anyone seeing any ‘wp’ file.

    But even before I started using the latter security precautions, I never had a problem using just WP-Secure.

    Thanks Andy, great information as always.


  • Rita from tipsoncoffee from

    I just purchased backupbuddy. I can use ir for 10 sites. Any comment on backupbuddy plugin. I found it is problematic in a shared hosting cases.

    Pls. cover something on malware protection. it’s a problem for me.

  • Peter Webb


    Re: Your insiders Group.

    Do you have a list of what topics will be covered in the membership site yet?

    Would certainly help to see what’s coming and also allow future members to give feedback on what thet feel is important to them.

    I’m certainly joining and can’t wait,


    • Andy

      I don’t have a final list yet. When I do release it, it will be a little “cryptic” as I don’t want to give details of everything I want to do.

  • Miorcec

    Hello Andy / All,

    I am also using a pretty good back-up plugin with a twist: http://wordpress.org/extend/plugins/wordpress-backup-to-dropbox/ It is free, and allows for an automated regular back-up to a specified dropbox folder (www.dropbox.com – a free online space up to 2GB).

    Super simple to set-up, automated – takes an initial copy of all your files + sql dump. They incremental back-up of changed files 🙂

    Requires WP admin knowledge to re-install if anything goes wrong, but pretty powerful!

    Thanks again for your helpful posts Andy 🙂



  • Dean McNamara

    I like the bulletproof security plugin too. I upgraded to the pro version and despite seeing a constant barrage of attacks in my AWSTATS I have not been hacked since installing (don’t talk about prior experiences).

    I find hackers the most discouraging part of building online businesses. The penalties should be much higher, and sites like Facebook that openly reward them should be hung with them.

    Great article and good tips as always.

  • Aghper Jan

    hi Andy,

    thanks for Silo article.
    this is were all the confusion rest.some people post 10 expert on the main page and make main post sticky some use pages on the main page (home)…what you shared makes sense.

    i have 2 questions:

    1-secure wp.my ip is dynamic will change every time when i reboot my router.will this work?
    2-what tag plugin do you recommend?

    thank you

    • Andy

      1. Yes. You log in through the entrance page every time, and that sets your current IP Address.
      2. I don’t actually use any plugins for tags. I use to use SImple Tags, but it stopped working a while ago with later versions of WordPress. Maybe they have updated that now.

  • Chris

    This was perfect timing; I’ve just started trying to figure out how to use categories, parent/child, etc., which will be necessary on a bigger site.

    In looking at this newsletter site, are you using a widget or plugin or something to get your nested categories the way they are?

    And I notice that you have the folder /seo in between the domain name and the category name. How did you do that, and why can’t I find it anywhere?

    Now learning about tags too, which seem to be almost as useful as keywords. What a great newsletter.

    Hope this isn’t too elementary; haven’t been able to find much explanation on wordpress.org. Thanks.

    • Andy

      Hi Chris
      No question on WordPress is too elementary. It takes a while to know where everything is.

      1. If you add a standard category widget to the sidebar, you can have categories nested by selecting the Show Hierarchy check box in the widget.

      2. In the settings -> permalinks options, you can set the category base. I have it set to SEO so that it shows “seo” instead of “category” (the default) in the URL when viewing a category page. You can also set the tag base which is similar but in URLs of tag pages. Then my permalink ensures the category name is in the URL by using /%category%/%postname%/ as a custom structure.

  • Country M.

    Hey Andy,
    I just got done listening to you on a podcast and heard you talking about how not to use Article writer from Elance. OOPS…..
    Well, I thought the articles were good. This company seemed to know what they were doing. I wanted to know if you could look over a couple of the articles on my site to see what you think. Unfortunately I am not a great writer so I am going to outsource it, so I need to find someone who can write good material.
    I hope it passes.
    Let me know what you think.
    THank you

    • Andy

      Hi Country
      I didnt say don’t use Elance. I was trying to get the point across that if you do, you need to make sure you give your authors enough information to create a quality article. Don’t just give them a keyword phrase and ask them to write about it. Have a look at the articles you have had written and make sure they are:
      1. Factually correct.
      2. Interesting and informative.
      3. Use the niche vocabulary of that topic.

  • Charla


    Thanks for the great internal linking information. You rock!

    Have you ever used or reviewed the plugin “SEO Smart Links”? I’ve seen it recommended elsewhere but would appreciate your input.