The WordPress Toolkit 4.4 Update

WordPress Toolkit 4.4 Update - Plesk

We’ve just released two WordPress Toolkit updates at the same time: v4.3.5 and v4.4.0 – for different Plesk versions. WordPress Toolkit 4.3.5 is a “maintenance only” fork of WordPress Toolkit for Plesk Onyx 17.0 and 17.5. Meanwhile WordPress Toolkit 4.4 is available for Plesk Onyx 17.8 and Obsidian 18.0.

WordPress Toolkit 4.4 is where we’re introducing the most changes to the product. The new functionality helps us spend less time supporting old Plesk versions. Thus allowing us to use newer, better technologies in order to work faster and more efficiently than before.

WordPress Toolkit 4.4 UI and Settings Redesign

We had to make sure WordPress Toolkit GUI is not using any Plesk-specific frontend code, so it can work as a product separate from Plesk (spoiler alert!). Plugins, Themes, and Sets tabs are now using the Plesk UI Library, as well as the WordPress Toolkit Settings screen.

The changes are relatively minor and don’t introduce new features or possibilities. However, they do make our interface faster, more responsive, and more consistent. This gives us a great base for doing the actual redesign of old WordPress Toolkit screens. Which is something we’re planning to do next year.

WordPress Toolkit 4.4 UI and Settings Redesign Plesk

We’ve also modified the presentation of WordPress Toolkit Settings. Previously, they appeared as a form on a separate navigation tab, which was inconsistent with the rest of the interface. To address this, we moved the Settings tab contents to a separate screen, which you open by clicking the Settings button next to the WordPress Toolkit title.

the WordPress Toolkit title - Plesk

Installing Sets on Existing Sites

Plugin/Theme Sets should be addressing new WordPress sites pre-populating with a bunch of out-the-box plugins and themes. However, some time ago hosters have flagged another important case. When a user migrates their existing site, their new hoster wants to enrich it with their own plugins and themes.

Hosters told us that they mostly wanted this ability for the server administrator, because in 80-90% of cases, they are the one doing this. So now Sets addresses this request via the Install Set button on the drop-down for each set on the tab.

existing admin interface for working with sets - Plesk

Clicking the button next to the corresponding set opens a dialog window. There, you can select one or several sites for the set to be installed on. Installing the set takes some time, especially for multiple sites. So the installation task launches in the background asynchronously to avoid blocking admins from doing other stuff in the panel.

doing other stuff in the panel - Plesk

Action Notifications Behavior Change

Remember the floating thingies notifying you of the results of your actions? We decided to change the way these notifications behave if the action was successful. While working in WordPress Toolkit, you don’t want to see these notifications cluttering your screen.

Action notifications behavior change Plesk

So, we decided notifications of successful actions (the “green” ones) should automatically close after three seconds. All other notifications displaying errors or warnings will continue to behave as usual. This is because we believe it’s important that users notice them and explicitly acknowledge them by clicking close.

WordPress Toolkit 4.5 and Other Plans

As Plesk Obsidian marches through servers, we’re planning to create another “maintenance only” fork, this time for Plesk Onyx 17.8, sometime next year. Since this Plesk version still uses an outdated Plesk UI library, it prevents us from providing you with quality interface improvements. This release means only Plesk Obsidian will get all the new WordPress Toolkit features and changes. Both “maintenance only” forks will only receive critical security updates, so you should really update to Plesk Obsidian.

The team has also cleaned up several translations and a number of nagging customer bugs and issues – See our Changelog. Our next major release will be WordPress Toolkit 4.5 – out in January 2020. While it will obviously include customer features and bugfixes, we’re also planning to spend a lot of time on WordPress Toolkit for cPanel, working closely with the cPanel team. Stay tuned for the announcement next year!

There will even be more features our current WordPress Toolkit users should look out for. In the meantime, let’s give a big thanks to the team for all the WordPress Toolkit versions released this year. Six versions since the last major 4.3 release. We hope to stay as productive in 2020, and wish the same to you all!

We’d love to get your feedback on this latest release. Let us know what you like, or if you encounter any frustrations below!

How HostPress Became Leading Managed WordPress Company with Plesk

HostPress Becomes Leading Managed WP Company With Plesk

Finding the right WordPress hosting solution isn’t easy. So Marcus Krämer decided to build his own. To do it, he needed a hosting business management solution that would run fast and function safely. Today he runs HostPress, a managed WordPress company based on Plesk that powers the websites of many leading brands.

WordPress Hosting “Made in Germany”

My name is Marcus Krämer. I am the Managing Director of HostPress.

HostPress started out as a small team in Saarland, Western Germany. Today, the loyal Plesk customer is a managed WordPress hosting company that has grown to become, according to a global market analysis by Cloud Spectator, the number one WordPress hosting company among German providers.

With both its server location and company headquarters in the country, the company proudly bares the “Made in Germany” stamp. This renowned reliability of German engineering plus the over 10 years of web hosting experience of the team no doubt has much to do with its international success.

But as you probably know, the arena of managed WordPress hosting isn’t such a simple nut to crack. Powering over a third of the websites on the web, there’s no shortage of providers offering their specialized solutions, each with supposedly unique features and benefits.

Marcus Krämer, the founder and Managing Director of HostPress, knew a thing or two about the standard of the managed WordPress hosting market. Despite the wide range of solutions on offer, he couldn’t find one that suited the performance he needed:

We were in the meantime on another solution, with another managed hoster, but the performance did not suit us.

And yet, to build his own that did, he would need to first find a web hosting platform that was fit for the job.

Seeking A High Performance Web Hosting Platform

Managing a web server without a control panel is a task that requires a lot of time and expertise. Not only that, but it runs the risk of being unsafe for customers and affecting their performance.

HostPress’s challenge was, therefore, pretty simple: to find a software solution for its server management that was both safe and efficient.

We did not want to program it ourselves, we wanted to have a safe, tested solution.

The good news for HostPress was there are many web based interfaces and control panels for managing servers to choose from. Problem solved. Well, it would be, apart from one small detail. While each control panel offers the same fundamental features — domain management, email, FTP, app installs, etc. — the specific feature set, layout, performance, and level of control offered by each varies widely.

For HostPress, the key was finding a robust control panel that was safe and tested. They also wanted a high level of performance, and ideally something they were already familiar with. This brought the options down from dozens to very few.

Finding A New Solution With a Familiar Platform

We chose Plesk.

Marcus had known Plesk for 14 years, having used it since 2005 with another managed hosting company. So he knew the Plesk control panel was easy to install and set up — not least thanks to nearly two decades of experience and development.

When it came to choosing a solution for his server management, Plesk was the obvious choice:

We noticed OK, we need a base, one platform with which we will for sure be able to deliver hosting.

With his team, Marcus set up cloud infrastructure, installed Plesk on it, and almost instantly began reaping the benefits of the leading WebOps platform.

As a web-based control panel, Plesk allowed Marcus to get his business set up and running immediately.

We performed the migration manually, but it was simple, because Plesk is very easy to install and to set up.

It also allows everything to be managed for the day-to-day operation of a website from one place. His customers particularly like how the interface is clear to do everything from setting up a website and email account to managing databases and backups — no matter how many websites you have.

One particular feature of Plesk that provides a lot of benefit for HostPress is the WordPress Toolkit. With many clients with high performing websites like Mister Spex and FoodSpring, HostPress need to manage multiple WordPress instances easily. From Plesk’s easy-to-use dashboard, Marcus can manage many sites in one click, from making updates for various plugins, seeing which templates are installed, selecting SEO indexing, and activating maintenance mode and debugging.

In Marcus’s words,

You can do everything from the interface!

Becoming The Best in Managed WordPress Hosting

The market analysis by Cloud Spectator analysed 17 specialised WordPress hosting providers based on criteria such as general support and documented experiences to developer features and its own standardized tests.

Among the tested providers, HostPress came out third overall — receiving a bronze medal and the title of Germany’s best WordPress hosting provider. 

Going from success to success, HostPress know that with Plesk, they have a platform they can rely on when it matters most. Marcus does admit that Plesk isn’t perfect:

Nothing is annoying with Plesk. There are certainly things one might still improve for the sake of optimizing usability.

Fortunately, Marcus makes full use of the Plesk dev team. Whenever he feels the need for improving a certain feature or optimising usability, he speaks to them, they listen, and they solve the issue often there and then.

This reliable support has no doubt been a lifeline for Marcus in setting up his own managed WordPress hosting company and growing it to such great heights. Marcus has now been running HostPress for over a decade and continues today to offer an impeccable service for his many customers around the world.

In encouraging others who are just entering the market, Marcus has a few words of advice to offer. As you may expect, this advice is chiefly practical: use the support of Plesk, don’t install all the extensions right away, only those you need.

But perhaps the biggest lesson to takeaway from Marcus and HostPress is that, when you notice something lacking in the market or a product/service you can improve, take the leap and find the right ones to collaborate with. The risk will pay off.

And now over to you! Have you had trouble finding the right WordPress hosting solution, and been inspired by the HostPress story? Let us know in the comments below.

Track SEO KPIs, Measure SEO Success with SEO Toolkit & Yoast

Measure SEO Success from these SEO KPIs

We’ve already seen how you can use Yoast SEO and Plesk’s SEO Toolkit to optimize your website’s content. Now we’re going to go one step further, and see how you can measure SEO success and ensure your efforts gain traction exactly the way you want.

You can never stop doing SEO because the online world is evolving quickly and your competition is constantly trying to steal your traffic. To successfully sell products or services online, you need to constantly ask yourself these questions:

  • How are we doing in the search engines?
  • Which keywords are doing well, and which aren’t?
  • Which keywords should we be optimizing?
  • What are our competition doing?
  • Can the Googlebot still crawl my site?

This is where SEO Toolkit steps in as your guide.

Why Do Keywords Matter?

Potential customers search for products and services using specific search queries. A lot of users phrase queries as questions like, ‘How to manage my WordPress website?’ or ‘Which control panel is the best?’

Search engines extract keywords from user queries, then match them against their database. Websites that match query keywords better have stronger SEO. And show up higher in search results. So your goal is to not only reach top keyword rankings on Google, but also to measure SEO success and maintain that status.

How to Track Your Keyword Rankings

The SEO Toolkit can help you find the right keywords and track how your site ranks for each important keyword. To monitor your website’s ranking and measure SEO success, first add keywords related to your product/service to Rank Tracker:

  1. Navigate to the SEO Toolkit main page
  2. Open the tab for the website you want to analyze
  3. Click on the plus icon next to the Rank Tracker link
Track Keyword Rankings
  1. Add the keyword(s) you want to track.
  2. Select the search engine(s) you want to check for your keywords.
  3. Add the domains of as many competitors as you want to see how your keywords rank against them.
  4. Click Add keywords.

The rank tracker will calculate the current rankings for your keywords.

Keywords Ranking

What this in-depth analysis shows you for each keyword is:

  • The keyword’s position per each search engine.
  • For which URL(s) the keywords rank, per each search engine
  • The list of rankings for you and your competitor’s selected keywords (only if you added competitors)

This helps you identify successful keywords easily, as well as find replacements to improve your visibility. To measure SEO success and SEO efforts, you can also see a quick summary of ranking information combined into meaningful categories, like this:

combined into meaningful categories Plesk

The Keywords indicator tells you how many times your website shows up in the first 100 results. Specifically for the monitored keywords in XOVI’s extensive database of common search queries.

Improve Keywords by Using Recommendations

SEO Toolkit bases its keyword intelligence on the XOVI database with over 25 million keywords. You can tap into this power and measure SEO success by requesting keyword recommendations. This will help you improve each piece of your content:

  1. Click Wizard on the main page of SEO Toolkit and select your website
  2. Click Next when you see the quick check results
  3. Add one or more keywords to the keyword field and select the search engine(s) you want to check against
  4. SEO Toolkit now lists suggestions for alternative keywords. You can add them to your list by clicking on the suggested item.
  5. Depending on your content, the tool will also suggest additional competitors you might want to watch.

By clicking Add keywords, you’ll see the keyword(s) you selected in your watchlist.

Keywords in your watchlist

Keep an Eye on the Competition

Rank Tracker lets you compare your website’s search ranking with that of your competition. You can then track that performance over time. Why should I care about my competitors? Your competitors are doing what you do. Which is why they’re competing for search engine rankings with your website, as well as for potential traffic from the search engines.

To become – and stay – SEO-successful, you have to keep track of your competitors and how you’re doing in comparison. With SEO Toolkit’s Rank Tracking, you can respond to ranking changes quickly. Moreover, using the SEO Toolkit, you can always measure SEO success by having an overview of: 

  • Your main competitors
  • How your competitors and your website are ranking
  • If the ranking position of a keyword is improving or decreasing
  • The position history, as well as the position trend per keyword
  • Which competitor page is ranking best for the keyword. An opportunity to examine the page and analyze the SEO strategies your competitor uses
SEO competitors analysis

Additionally, you can drill into each competitor, checking their ranking and non-ranking keywords and associated trends.

Non-ranking keywords

Eliminate Errors by Analyzing Crawling Events

A crucial aspect of SEO optimization is making sure your website is accessible to indexing robots – aka crawlers – of search engines. If a crawler can’t index a page, it won’t be able to add your page to the search index.

Crawling failures can have many causes: the robot could be prohibited to crawl your site by your robots.txt or the hide-setting in WordPress. It could encounter an error, whether due to a typo in a link, web server overload or server failure.

To help you keep an eye on any issues with crawlability, SEO Toolkit analyzes the website’s log files daily looking for possible problems. You can see which search engines crawled the website, how many URLs they indexed, and how many errors they encountered.

Crawl Errors Analysis

The logfile analyzer provides meaningful reports on your web traffic. You can access your reports from the SEO Toolkit dashboard by clicking on the Log File Analyzer link, or from the bottom of the Site Audit overview.

Site Audit overview

First you should look out for any errors that have been reported. These can be web server errors where the HTTP status code begins with a 4 or a 5. In the example above, Google unsuccessfully tried to access the robots.txt file. Because it was missing, a 404 error was reported.

The Log File Analyzer also provides info on the redirects robots follow. This helps you identify outdated or broken redirections. You can use the frequently crawled URLs and directories to match this with your content. The Last Seen data lets you check if the search engine index is being kept fresh for your site’s pages.

Yoast SEO vs. Plesk SEO Toolkit Comparison Chart

In this article series we’ve given you an in-depth look at SEO Toolkit and Yoast SEO functionality. This chart offers a quick summary of all the features we’ve mentioned.

Yoast SEO Plesk SEO Toolkit
XML Sitemap Generate Check
Metadata Generate Check
Schema.org Support Generate Check
Content Analysis Yes Yes
Readability Analysis Yes No
Open Graph Yes No
Multiple Keywords Premium Yes
Internal Linking Suggestions Premium Yes
Canonical URLs Generate Check
Logfile Analysis No Yes
Competition Tracking for Keywords No Yes
Tasks No Yes
Report Duplicate Content No Yes
Report Crawling Issues No Yes
Support Premium Premium

If you want to take your SEO seriously, then you need both Yoast SEO and Plesk SEO Toolkit. These two tools complement each other brilliantly. While Yoast SEO focuses on helping you correctly set up WordPress and optimize content, SEO Toolkit takes a broader approach. Continuously checking the numerous different SEO factors across all your websites. Combined, these two essential tools put you on the road to SEO success.

How do you find working with SEO Toolkit and Yoast SEO? Are they reducing your SEO stress? Let us know in the comments.

Jumpstart Your WordPress SEO with Yoast & Plesk SEO Toolkit

WordPress SEO - Yoast and SEO Toolkit

Now we’ve established that, if you want your website to succeed, you need to understand WordPress SEO and implement best practices. If you’re a WordPress admin, you might think SEO has all been taken care of. But while WordPress does cater for SEO to an extent, there’s still more you can do to improve your website’s performance.

To keep up, you’ll need tools that’ll help you audit your website, and monitor its performance continuously. For this, we recommend the Yoast SEO WordPress plugin and Plesk SEO Toolkit. So let’s dive into how to use these tools so they can get your SEO started right.

Yoast SEO WordPress Plugin

Yoast SEO WordPress Plugin

With more than five million installations and counting, Yoast SEO rightly claims to be the #1 WordPress SEO plugin. Since 2010, Yoast SEO has been helping WordPress site masters improve their search engine rankings. Yoast SEO is among the top four downloaded WordPress plugins, and is likely to be already installed on your WordPress.

Plesk SEO Toolkit

SEO Toolkit is a Plesk extension which uses the power of XOVI SEO engine. This tool helps website owners improve their website’s SEO, and track their performance. Plesk SEO Toolkit offers insights into website rankings in search engines, as well as social media reach. You can also compare your websites to main competitors, plus receive advice on how to best optimize your website to attract more visitors.

Plesk seo toolkit

Take off with Plesk SEO Toolkit

If you’ve got an existing Plesk installation, you can just login and go to Server Management > Extension. Then Find SEO Toolkit and click Install Now. You’re now ready to start with the free version of the extension. Alternatively, you can buy a license and install it through Server Management > Tools & Settings > License Management > Additional Licenses.

Start with Plesk SEO Toolkit

You can now access the extension at any time through the SEO Toolkit link in the main menu.

If you’re new to Plesk – no problem! If you like, you can Download Plesk free from here. Then install it on your internet host where your WordPress site is located. However, you can also ask your internet hosting provider to install it for you.

The cool thing about the Plesk SEO Toolkit is that it can take care of all your websites hosted on the server where it’s installed. You just need to tell it which website to connect to when you start:

  1. Navigate to SEO Toolkit
  2. Click Wizard
  3. Select the domain of your WordPress website
Domain selection for WordPress website
  1. Click Next. The tool will do a first audit of your website and present the results. You can now follow through the next steps. But, for now, we’ll quit by clicking Skip wizard instead.

Now whenever you open SEO Toolkit, you’ll have direct access to your website(s) with an overview of all important SEO statistics and messages.

SEO statistics

Installation for Yoast SEO

In WordPress – navigate to Plugins > Install new, find Yoast SEO, click Install Now, then Activate. You’ll see a new menu called SEO.

new menu called SEO

Now start the Configuration Wizard found on the Dashboard of the General page. It’ll show you all the relevant basic SEO settings step by step:

  1. Activate site for indexing through search engine spiders
  2. Select the type of site
  3. Enter information about the company represented for use in Google’s Knowledge graph
  4. Select whether pages should be shown in the search results. This controls which content will be included in the sitemaps (see discussion below in the section ‘Creating XML sitemaps’
  5. Select if there will be single or multiple authors
  6. Set up the template for page titles
Set up the template for page titles

Your basic settings are now complete. But you can return to the configuration wizard anytime if you need to change any settings.

Using technical WordPress tuning tools

Once installed, you’re finally ready to get down to the exciting business of SEO.

Connecting to Google Search Console

After adding your website to the search console, Google needs to verify your website belongs to you. Yoast SEO makes this easy:

  1. Choose the verification method HTML tag
  2. Copy the meta tag in the box
  3. In WordPress – open SEO > General > Webmaster tools
  4. Paste the code in the Google field and click Save Changes.
  5. Go back to Google Search Console and click Verify.

Google can run into problems with your site when indexing it. But the Google Search Console tracks and displays these errors, and alerts you whenever something critical happens. It can also guide you through possible solutions.

Creating xml sitemaps

It’s best practice to let Google know about the pages and posts you want indexed by submitting a sitemap.

Yoast SEO takes care of this automatically. You can verify this by:

  1. Navigating to SEO > General > Features
  2. Finding the toggle XML sitemaps and expanding the box
  3. Clicking on See the XML sitemap to view the file that was generated.

Yoast SEO will update your sitemap automatically when you add or remove a page, post or category.

XML Sitemaps

Creating Canonical URLs

Yoast SEO renders the correct canonical URL for almost any page type in a WordPress install automatically.

If you ever need to change it for a specific piece of content – be it a post or a page – you can do so in the content settings.

SEO Auditing with Plesk SEO Toolkit

Plesk SEO Toolkit enables you to keep tabs on everything SEO-related on your website.

The Site Audit feature lets you do a quick SEO check as a first step.

  • To start the site audit:

Click Wizard on the main page of SEO Toolkit, then select the domain you want to check and click Next.

The Site Audit will show you immediately if all of your important settings are correct.

settings are correct - Plesk
  • To do a complete scan:

Open up the domain tab on the main page and click Site Audit. Then click Rescan <domain>.

The scan can take some time to complete, depending on the number of pages your site contains. The results show as a summary of your site’s health.Below that you’ll find a detailed listing divided into Content, SEO and Technology. For each item, the tool displays the state (ok or error), the number of occurrences, and its importance.

The power of Site Audit is in the large number of details it checks automatically. On everything from blocked elements through to problems with indexation, server errors, issues with canonicals, loading time, and content audit. Noone could ever keep all of these in mind, let alone check them manually.

Seo Audit

You can drill down into every issue to find the exact place, setting or page where the issue was found, together with recommendations for solving the problem.

H1 missing - solving the problem

But there’s more! To help you keep track of all fixes, Site Audit creates tasks and task reminders for you.

Seo task reminders

Site Audit rescans your site automatically every 20 minutes. All you have to do is come back regularly to see if any issues need your attention.

SEO Auditing for Yoast SEO

It’s important to make sure that while your site changes and grows over time, you preserve its optimal state. Both Yoast SEO and Plesk SEO Toolkit can help you do this well.

If the Yoast plugin finds any issues with SEO on your site, it’ll show you a message on the dashboard. However, if everything is fine it’ll look like this:

SEO Auditing for Yoast SEO

Otherwise, you’ll see a warning message along with information on how you can resolve the issue:

Problems - resolve the issue

Getting your content right

Are you happy with the results so far? Now that we’ve covered the technical side of things, it’s time to use the power of these two SEO tools to create and optimize content.

1. Audit your Content with Plesk SEO Toolkit

SEO Toolkit’s Site Audit component runs periodic checks on your site, and your content. You’ll find all issues related to content on the Content tab in Site Audit. The Tasks component also helps you work on content issues by creating a list of recommended tasks to help you improve your site’s SEO. Actionable insights cover issues with duplicated content, defective links, missing H1/H2/H3, title tags, and more.

Audit your Content with Plesk SEO Toolkit

To quickly check on recent issues and stats – simply visit the start page of SEO Toolkit where you’ll see the overall health score, as well as the number of open and already completed tasks at a glance.

2. Optimize your content

Yoast SEO supports you with content creation right where you type it. So at the bottom of the page or post editor, you’ll see the Yoast Meta Box. From here, it’ll help you by analyzing your text and document settings on the fly and presenting you with any issues and recommendations it finds.

Optimize your content - Plesk

In the box, you’ll see an instant overall rating of how you’re doing in terms of SEO and Readability –  indicated by the red, orange or green icons.

3. Understanding Yoast’s SEO Analysis

In the section SEO analysis, you’ll find a list of all details checked and issues found, together with clear recommendations on how to fix them. This gives you an idea of which problems to tackle first.

3. Understanding Yoast’s SEO Analysis - plesk

The features in the Yoast meta box can also help you optimize the meta-information for a page or post.

Open the section Snippet Preview to check how your search result will look in Google SERPs. You can also edit and optimize the title and description.

snippet preview plesk

Don’t forget to create a highly-focused meta description – since this is the text Google uses to display a summary of your page in the SERP. Both the title and description have a recommended length, as indicated by the green or red line below the editor box. The SEO analysis tool also automatically checks the readability of your text, taking into account sentence length, use of active vs. passive voice, and the Flesch reading score.

Flesch reading score - plesk

DIY SEO

Hopefully this guide proves that you can confidently tackle SEO yourself – with the help of two SEO tools: Yoast SEO and Plesk SEO Toolkit. Not only do these tools remove the burden of tweaking the technical aspects of SEO, but they also actively support you in creating fully-optimized content.

Next up: How to analyze your on-page SEO success for WordPress.

Gain traction with Google by checking keyword rankings, comparing your site with competitors and ensuring crawlers can do their job properly.

We’d love to hear your experience of working with Plesk SEO Toolkit or Yoast SEO. So let us know how they’ve helped you optimize your WordPress website in the comments below.

Why WordPress Admins Need More Than One SEO Tool

WordPress SEO Tools

Traffic to your website doesn’t come easy. You have to make your site as search-friendly as possible to attract users, promote your brand, and sell your product or service. While WordPress makes publishing content simple, managing SEO is trickier, requiring more time, effort, specialized knowledge, and SEO tools.

The right SEO tools can help you by automating a lot of tasks. So let’s explore why you need SEO for your WP site – and how to do it using a clever combo of SEO tools.

First, Here’s Why You Need SEO Tools

Why SEO

In today’s highly competitive world – first impressions are everything. Regardless of whether you’re a startup, small business owner, blogger, freelance developer, sysadmin, agency or full-blown enterprise. Your online presence needs to resonate with your target audience, so they remain engaged with your website, and ultimately – your brand.

If your website runs on WordPress, you’re in good company because it powers 33.4% of the top 10 million sites. From SMBs to large enterprises, it’s got 60% of the market. Reason being it’s simple and offers a plugin for virtually every need – no developers needed.

However, for your business to succeed, building a great website is not enough. Your audience needs to find you and choose you above a million others. This is where good search engine optimization (SEO) comes in.

Understanding the SEO Basics

SEO is about tracking, monitoring and improving your website’s position in search engine results. Ideally you want to rank as high as possible, since a good ranking means more traffic to your site. More specifically – traffic to your website that you don’t have to pay for via advertising.

SEO Basics

Being found on Google means ranking at the top of page one for a certain keyword. Check out these numbers: Position one receives about 31% of the traffic, position two is at around 15%, whereas position ten draws a meager 1.1 % to your website. Needless to say, website links found on page two or later are hardly visible at all and attract below 6% of all website clicks.

How to Get Google to Rank You Highly

How to Rank You High On Google

Google makes this decision by evaluating over 200 factors from your website. Considering everything from credibility to content relevancy for the user, technical aspects, content quality, user experience, and more. Sounds daunting? Don’t panic! You can start getting your SEO right by simply focusing on these top three critical factors.

1. Creating relevant content for your website.

You’ve probably heard the saying, “Content is king!”. Mainly because it’s the most crucial part of SEO. Search engines honor sites that serve relevant content, giving visitors the best possible answer to their search intent. To create optimal content, you need to understand your visitor’s needs, choose the right keywords, and use the correct format.

2. Optimizing your website using on-page SEO

On-page SEO refers to the ongoing ways in which you can optimize your content, technology, and other aspects of the user experience to rank better and attract more traffic from search engines. For example, to rank highly, all links between pages must work, and all resources (images, CSS, and JavaScript) must load smoothly and fast.

3. Promoting your content with off-page SEO

After optimizing on-page SEO, you can think about off-page SEO by building links and engaging in social media marketing. This is important as how many other websites and social media posts link back to the website has a big impact on the website’s search ranking. Moreover, websites that link to other websites based on similar topics usually rank higher.

Don’t Rely on WordPress Alone

Don’t Rely on Just On WordPress

Now that we know how important SEO is, let’s check out how search engine friendly WordPress is. WordPress claims to be ‘search engine friendly’ out of the box. But while WordPress allows you to publish content and have it crawled by search engines – the support for SEO success stops here. WordPress code, however, does follow SEO best practices.

While these are two really important factors that have an impact on your rankings, Google uses over 200 different factors to calculate search result rankings. So we know we have a long list of other aspects to work on and improve.

This is a great first step to help you improve your SEO, as Yoast SEO will help you with a lot of important SEO tasks. But please keep in mind, no tool will do what is your foremost job – create brilliant content. What Yoast SEO does do is help you optimize your content from a technical standpoint.

So while WordPress takes care of some of the basic SEO best practices out of the box, it still leaves room for improvement.

Quick SEO Tips for WordPress

Make sure all the critical aspects of your WordPress site are configured correctly from the get-go. For this, you’ll need to tweak some WordPress settings.

1. Check visibility settings

First check the search engine visibility box isn’t marked, as this can hide your site from search engines. You can check it in Settings > Reading.

Check visibility settings plesk

2. Use a search engine friendly URL structure

Search engines consider yoursite.com and www.yoursite.com to be two different websites. So you need to decide which one you’ll use when you set up your WordPress website. You can set your preferred URL under Settings > General for both WordPress Address and Site Address.

Use a search engine friendly URL structure Plesk

Make sure your website’s URL is human-readable and contains the keywords of your content. You can change the selection under Settings > Permalinks. Add /%category%/%postname%/ in Custom Structure. You also need to leave the Category base field empty, so that the title of your post or page is included in your URL automatically.

included in your URL automatically Plesk

3. Exclude pages from search engines

Search engines honor a clean information structure. To ensure crawlers exclude irrelevant pages (eg. login pages), simply add a robots meta tag with a noindex and/or nofollow attribute to the HTML code of a page.

Example:

<meta name="robots" content="noindex,nofollow"/>

Unfortunately, WordPress doesn’t make this easy. So you’ll either have to edit code or use a plugin.

4. Add schema.org for rich snippets

Google can add additional information, like review stars or images, to your page summary in the search result to make it more eye-catching. But you have to provide this information in a standardized schema.org format first.

Add schema.org for rich snippets Plesk

Some WordPress themes or specialized plugins provide the necessary markup you need to create a rich snippet. If not, you’ll need to edit the code yourself.

Assessing content quality and relevance

Once you configure the technical foundations correctly, you’re ready to create and publish content. Remember: Google honors content that answers a user’s question in the most relevant and complete way first. So,

  • Choose a keyword that’s relevant to your users, matches your content, and has enough search traffic. You can find lots of techniques and tools to support your research.
  • Create a good title and use it as a headline following best practices.
  • Create a readable text – paying attention to critical SEO signals: length, internal linking, use of headlines, use of keywords in headlines, and overall readability.
  • Use keywords in image captions, as well as title tags and alt tags for images.
Assessing content quality and relevance Plesk

You should also regularly assess the quality of your existing content. You can do this by updating content on a particular page, improving internal linking, or adding external backlinks.

Add XML Sitemaps

Google recommends you provide an XML sitemap for your website, containing links to all of the pages you want indexed. WordPress doesn’t come with XML sitemap support. So you’ll have to use a plugin, or create and update it manually. Don’t forget to submit it to Google via the Google Search Console.

Auditing the site

Because things can break or go wrong with your site, you should regularly check for common SEO issues, like:

  • Crawlability: Can the search engine spiders crawl every page you want to be indexed, or are they getting rejected?
  • Orphaned pages: Is every page linked to correctly, and do you provide enough links?
  • 404 errors: Are there any broken links in your site causing a ‘page not found’ error, or code 404?

Every site owner should register their website in the Google Search Console, as it checks everything from indexing and broken links to mobile problems. It also gives you visibility into the traffic you receive from the search engine.

Auditing the site plesk

Rank tracking

To track how your site is doing in terms of attracting traffic and converting users:

  • Keep an eye on your website’s ranking for all important keywords and pages.
  • Follow trends for critical KPIs (key performance indicators): eg. ranking in search engines, ranking for keywords, etc.
  • Compare your site’s performance with selected competitors, and see where your rankings for keywords are doing well.

By continuously analyzing meaningful indicators, you’ll get actionable insight into necessary site optimizations. You’ll also notice immediately if any trends develop on- or off-page. So you can act before something affects the success of your website.

SEO Tools and Best Practices

ongoing seo best practices plesk

You need SEO. Period. Although it can be tedious, you don’t actually need to be an expert to master SEO. If you configure your WordPress website correctly, craft your content well, and use essential SEO tools like Yoast and Plesk SEO Toolkit. Then you’re well equipped to manage SEO successfully for your website.

WordPress Migration to a New Web Hosting

WordPress migration to a new web hosting

WordPress migration can be a challenge. You may want to change web hosting providers for various reasons, for example, increasing costs or poor service provision. Hosting frustrations can build up over time. Maybe due to hosting costs or a gap in service delivery, like constant downtime.

Either way, the reason is simple: moving hosts is a daunting prospect. So many website owners simply put off this decision, worried that moving hosts will make their existing problems even worse. But by properly understanding WordPress hosting migration, you can go through the process of changing hosting providers quite smoothly.

Expert or DIY WordPress migration?

expert or DIY WordPress migration? plesk

One thing you can do to manage WordPress Migration better is get expert help. Experts can help you find a new, suitable host. In fact, some hosts can even help you make the transition. But it’s still entirely feasible to transfer a WordPress site on your own. You just need to be aware of some of the following basic principles.

The key lies in preparation. If you follow the right preparatory steps, moving your website is simple. If you approach it in the right way, WordPress hosting migration is simple. The right steps also help you reverse migration without adverse consequences. So that you can go back if you realize you’ve made a mistake.

Want to try migrating your WordPress site on your own? Then here are the five steps you need to follow.

1. Backup and export before WordPress migration

Backup and export before WordPress migration plesk

When you migrate a website, you want to know that you can always go back to your starting point – should something go wrong. This is why backing up is, without a doubt, your first step. A backup is a requirement when shifting a WordPress installation across to another server. You will also need to export your WordPress database.

Backing up a WordPress instance to transfer WordPress site

You can backup your WordPress site files ( plugins, themes, core files and uploaded content ) by:

  1. using any backup plugins
  2. accessing your host via ssh, archiving everything using tar/zip and passing it to another host via scp connection
  3. archiving and downloading the files by utilizing the file managing functionalities of hosting platforms like Plesk Obsidian or cPanel
  4. using dedicated WordPress management solutions like Plesk WordPress Toolkit ( if your current host is using Plesk Obsidian )
  5. using an FTP app ( such as Filezilla, WinSCP or CuteFTP ) to connect to your web host and download all the files on your host’s machine to your desktop PC. Note that some important files are hidden, including .htaccess, but you can view these if you set the right options inside your FTP client. Also note that downloading these files can take a long time depending on how expansive your WordPress instance is, and how many media files you use in your website.

Copy your WordPress database

Next, make a copy of your WordPress database. You can do this while you’re downloading the site files with FTP. You can copy your database in many ways. Let’s focus on the one which utilizes the power of the PhpMyAdmin tool.

WordPress database export is straightforward. But you have to consider a couple of things. First, you need to log into your web server’s hosting control panel (example, Plesk Obsidian or cPanel ) and open the phpMyAdmin web interface. This shows a list of databases on the left. You need to select the database that matches your WordPress installation here. Next, click on the Export tab to access the Export page.

Thankfully phpMyAdmin offers a default setting, called “Quick”. Tap Quick and then Go to start the database export process. The file then downloads to your PC.

2. Configure database on new WordPress hosting server

Configure database on new WordPress hosting server plesk

Before you upload your WordPress site files. First you need to set up the WordPress database on your new server. To do this, you need to log in to the control panel on your new host. Since MySQL is the most commonly used database, we’ll use it in this example. But your host may be using a different database app. If that’s the case, you need to contact their support team to find out how to create a new database.

Let’s focus on two situations, when your host has Plesk Obsidian or cPanel.

a) Plesk: choose “Databases” and click “Add new database”. Add the name of the databases leaving unchanged name’s prefix, select the website your new database will be related to, add user and its password and submit this data.

b) cPanel: first, open MySQL Databases and create a new database with a name that is appropriate for your website. Next, add a MySQL user and include a secure password too. Finally, make sure this account has the right privileges by granting it “All Privileges” rights.

Copy down the database password, and the database name. You’ll need these for the WordPress configuration file.

3. Change WP config file for WordPress migration

Every WordPress instance has a configuration file. This file contains the details for WordPress to connect to the site’s database. Find this file in the content you’ve previously backed up. It should be in the root folder in the location where you stored the files. It’s called wp-config.php.

Back up this file in another folder on your computer. So that you can restore the changes you made in case something goes wrong later. Now, open the original version with a text editor and make the following modifications:

Edit the database name

Find the line that says

define('DB_NAME', 'database_name');

and change ‘database_name into the name of the new WordPress database that you just created. Currently ‘database_name’ will be the name of your existing database’s name.

Add the new database username and password

Changing the database credentials is just as easy. For the username, find the line

define('DB_USER', 'database_user');

Here you need to update ‘database_user’ so that it contains the username for your new database.

Next, find the line that says:

define('DB_PASSWORD', 'database_password');

Likewise, simply change ‘database_password’ to be your new database password. Once you’re done save the wp-config.php file and close it.

4. Upload WordPress database and files

Change WP config file for WordPress migration plesk

You can now start to import your WordPress site, firing it up with your new hosting provider.

Importing the database

First launch phpMyAdmin from your control panel and select the new database from the options on the left. Next, open the Import tab from the nav bar.

You now need to import the actual database file. Select Choose File in the section that says File to Import and open the file that you previously exported to your desktop PC. Make sure that Partial Import is not selected. And ensure that you’ve set the database type to SQL. That’s it, now click Go.

Note that some larger databases can take a very long time to import successfully. But you’ll get a confirmation message telling you when the database import is complete.

Upload your site files

After you prep the database and have your wp-config.php ready, you can then upload the files on your site. You now need to connect your FTP program with your new web host. Once ready, you simply locate your files on your PC. You need to select the right remote directory: this may be the root public_html folder, or it may be another folder. Check with your host.

Once you pick the right remote directory, you can start to upload the files. These will include the wp-config.php file that you modified to reflect the login details for the database at your new host. Depending on your connection, uploading can take longer than downloading. You may need to leave some time for this to complete before moving on with your WordPress migration.

Transfer your domain and link to the new URL

WordPress migration also often involves moving to a new domain. If that’s the case, you need to read this step. If, however, you’re keeping your domain, you can skip this step. Changing your domain can cause various issues, unless you try to mitigate them.

First, you can struggle moving a site to a new domain when you add a lot of links to internal site posts using a full URL. Likewise, if you refer to images on your site using a full URL, you’ll break the image link once you change the domain that’s included at the start of every URL.

However, you can automatically search for these links and replace them. You can do this by using Search Replace DB, which is a script that you can download from GitHub. Once you’re done with this tool, make sure you delete it. It presents a security risk if it stays around without being used. Also note that you shouldn’t install this tool in the root of your domain. Instead, create a temporary folder with a completely random name that’s not likely to be guessed.

Changing your WordPress site’s address

Your site URL is also altered during the search and replace process. In other words, your home URL and site URL values are up-to-date so they represent the new domain. This means that when you try and log in to your new site, you immediately go to the right location. And not the old one.

5. Finish up your WordPress migration

Finish up your WordPress migration plesk

You’re nearly done with your WordPress migration. But you have a few more steps that you need to complete first. You may have to wait a few days between these steps too.

Your website’s domain will still be pointing to your old host. So you need to redirect your DNS (domain name server) settings to ensure requests direct to your new hosting provider. The process varies depending on where your domain is registered and hosted.

It’s not possible to give full instructions here as the number of different routes are simply too varied. However, your domain registrar can assist you. Note that it can take some time before a change in domain details is fully effective, up to 48 hours. This process is known as domain propagation and is, unfortunately, unavoidable.

Importantly, you shouldn’t make any changes to your site during this period. You may end up changing the site on your original website host, and not your new site instance. After 48 hours you should be fine to make changes, and to delete the contents of your old site at your old hosting provider. Always keep your backup files on your local PC. And keep your old wp-config.php file just in case you need to refer to it.

The process of WordPress site migration isn’t complicated. But you should be careful every step of the way. Always ensure you store your original site on your PC. So that you can go back if there’s any problem.

How To Manage Multiple WordPress Sites

Manage Multiple Wordpress Sites

Trying to manage multiple WordPress sites can become a tall order pretty quick. First, you need to log into one site after another. Then, go through plugin updates and make sure they’re compatible with your chosen theme. Configuring plugins or customizing settings of active themes can be another routine challenge. Doing this over and over again can end up sucking all your time – an asset you can’t buy.

One Dashboard for Multiple WordPress Sites

The thought behind single-interface solutions is that they’d overcome this time-wasting process by allowing you to manage multiple WordPress sites from just one location / dashboard ( you may also read about WordPress multisite environment ). That’s why they provide the convenience of a single login. And one interface in one central location, letting you get in all your WordPress sites’ dashboards, without the big run-around.

Moreover, having a single login point helps you update plug-ins and themes. And this can be really useful if you’re managing clients’ WordPress websites. They aren’t always diligent about this kind of thing. So having overall control like this wins you back lots of precious hours.

Features of a Good WordPress Management Solution

Features of a good WordPress management solution - Plesk Multi Server Management

A good interface should be able to handle core updates as well as plug-ins – so always look for that. And you also want to be able to do offsite backups. Because hackers and malware scum are always keen to compromise your systems. Therefore, having the ability to safely back up offsite can be a lifesaver. Uptime monitoring is another useful feature because it’s a great way of showing whether your host is doing what they say they’re doing. And that your clients are getting their value for money.

Some WordPress platforms even include SEO monitoring & analysis ( read more about SEO Toolkit ) giving you access to analytics without the need to go hunting through Google Analytics. These are just a few of the essentials and extras on offer with the platforms listed below to manage multiple WordPress sites.

Reviews of Multiple WordPress Site Management Solutions

Reviews of Multiple WordPress Site Management Solutions - Plesk

1. Calypso

Calypso is Jetpack’s own offering to help you manage multiple WordPress sites. It’s for WordPress.com users, but self-hosted sites running Jetpack can also be looked after using the same dashboard.

But even more, Calypso is perfectly capable of editing a large number of WordPress.com websites from one central point. And with .com sites being such a sprawl of disparate applications, this platform offers a great way to keep them all under control. In the end, JS and the WP Rest API make it very quick – quick enough that you can watch changes you make in real-time.

Calypso Pros

  • Pages load straight away
  • Desktop UI
  • Real time working
  • Manage multiple WordPress sites
  • Take care of self-hosted and .com sites
  • Easy-to-use dashboard (some prefer it to the wp-admin panel)

Calypso Cons

  • Not yet fully-integrated with self-hosted websites
  • Not great for theme developers who build bulky panels

2. InfiniteWP

InfiniteWP has a lot to offer, which is perhaps why it’s so popular amongst those who manage multiple WordPress sites. The upgraded version gives users access to Utilities, Analytics, Maintenance, Managing, Reporting, and Security. There’s a risk-free 14-day moneyback policy. So it’s well worth taking for a test drive – no obligation to buy.

InfiniteWP Pros

  • One dashboard covers multiple WordPress sites
  • Simple staging and cloning
  • Site cloning using FTP authorizations
  • Plug-ins and core updates and management
  • Check broken links

InfiniteWP Con

It’s “freemium” so you have to pay extra for the good stuff.

3. ManageWP

When ManageWP first opened up shop in 2010 there weren’t many WordPress management tools out there, so it was quite new and exciting to have one tool that let you manage lots of different sites. By the end of their first month that tool was managing 100,000 websites, which is a pretty incredible achievement for a brand-new business. But how does it fare today? Let’s take a look.

ManageWP Pros

Reliability:

No ManageWP review is complete without considering reliability. And luckily, it remains at the top of the list of reliable multisite WordPress management tools. The free version backs up all your sites automatically once a month, but if for some weird reason you want to disable it, you can. ManageWP also lets you run performance and security checks.

The ManageWP dashboard shows you info that might help you optimize certain things. So you can see how many spam comments and site revisions you have (keeping your database manageable) and your database size. You can fix all these with one click.ManageWP also organizes your analytics, and can adequately count page views. However, you can also get more via your Google analytics account. All in all it’s pretty good, but it’s worth noting the few tantrums it’s thrown every now and then. Like breaking same demos, among other things.

Ease of use:

ManageWP is easy to use and the interfaces easy to navigate. It provides useful tooltips as you go, so every section you visit can provide explanations. In fact, everything is thoroughly documented, and we think that it’s enough to get any regular WordPress user up to speed on ManageWP pretty quickly.

Plugin management:

If a plugin needs to be updated you’ll see it on your ManageWP dashboard. If you want to tweak them individually, just head into the settings on each of your sites. This will let you activate, deactivate, and delete any plugin you choose.

A menu here lets you add new ones. It includes the WordPress.org repository, cloud storage, and ordinary URLs or ZIP files. As comprehensive as it is, ManageWP won’t let you alter each plug-in’s unique settings. But you still have your WordPress dashboard to take care of that.

Update management:

When you log in to your manage WP dashboard, you’ll receive WordPress core updates. And, you can see if your sites are running different versions on your Overview bar (left side of the screen).

ManageWP Cons

  • Add-ons: premium add-ons can get expensive (especially for enhanced backup features)
  • Not self-hosted: (some users prefer self-hosting for added security)
  • Lack of extension: not as many premium extensions as with MainWP

ManageWP gives you a lot of features considering its a freemium tool, and there’s no limit to the number of WordPress sites you can use. You’ll miss a few premium add-ons with the free version, but there’s nothing you can’t do without.

This ManageWP review commends the suite for its simplicity. Users still love the fact that its WordPress management tools are fairly easy to get to grips with.

4. MainWP

MainWP is a self-hosted solution lets you manage lots of WordPress sites. We’d recommend it because it’s easy to use and has really good support.

MainWP Pros

Comprehensive features:

As with ManageWP, MainWP gives you one-click updates, backups, cloning, uptime monitoring, SEO analysis, white labeling, and more. But, MainWP also has extensions that let you spin content across your sites – Useful if you’re looking after sites dealing with similar subjects. Plus, using and storing code snippets, and Piwik stats integration. New extensions appear all the time and MainWP also offers API hooks for developers who want to make their own extensions.

Control:

Because MainWP is installed on your server, you have full access to logs for troubleshooting any issues that might occur. You can also access MainWP on Github if you want to customize the plugins for your own use. MainWP’s clarity lets developers make the service better, which is great to know.

Costs:

This MainWP review finds that it’s great value, because you only pay for extensions that make it more functional. So say you were to buy 3 extensions at $18.99, that would still come to less than cost of running ManageWP for one month. You still get lifetime support and updates.

White labeling:

The entire WP dashboard can be white labelled, so you can easily rebrand a clients’ entire experience if you need to. The child plugin you install on client sites will retain that branding during updates. This is something that ManageWP has struggled with at times.

All in all, this part of MainWP has been great. Auto updates. With MainWP, you can configure “trusted” theme and plugin updates working across your client sites automatically. But it’s wise to do so with caution. If you just use this with the plugins you know, it won’t cause you problems. You can set it and forget it.

MainWP Cons

Installation process:

You can expect to install MainWP and a few purchased extensions in around 1 hour. And it does require some effort and some head scratching. The uptime monitoring extension was particularly tricky.

Server load:
At the moment you can’t specify a backup time, and the server load increases a lot when you do, slowing down your sites. This can be resolved by setting up separate backups for each site instead of specifying backup of every site every day, such a time-consuming job defeats the purpose.

No shared hosting: Please note that MainWP won’t work with shared hosting, or at least we haven’t found a shared host that will allow it to.

5. WordPress Toolkit by Plesk

Wordpress Toolkit

Then there’s the WordPress Toolkit, an alternative way on how to manage multiple WordPress sites.

It makes it easy to install, configure and manage multiple WordPress installations.

We must admit here that WordPress Toolkit is more suitable for experienced system administrators and developers who are passionate about having top-notch flexibility.

As well as absolute control over the infrastructure that they own.

WP Toolkit Pros

  • Easy Installation: The 1-click installer of WordPress Toolkit does all the job – WP download, database creation with a dedicated user, creation of admin account in WordPress and initializes WordPress so that it’s 100% ready for use out of the box.
  • Staging Environment: With WP Toolkit you may clone your site, create a staging environment for any experiments. As soon as all experiments are over – sync to production as soon as you polished everything.
  • Theme/Plugin Management: You may install/activate/deactivate a plugin/theme on one or several WordPress instances at the same time. Bulk removal of plugins and themes is also possible.
  • 1-Click security: It’s possible to scan multiple WordPress sites to identify and protect your core installations. Almost full absence of manual work. WP Toolkit security solution takes into consideration all latest WP Codex and WP security recommendations and practices.
  • Backup: If something goes wrong on your site because of any reason – restore points and backup will help you to restore your WordPress website(s) to previous stable state.
  • Debug Management: WP Toolkit gives ability to manage all important debug options on per-instance basis from a single interface.
  • Indexing for SEO: It is possible to control indexation of your website. Allow or disallow indexation on a per-instance basis.
  • Maintenance Mode: activate WordPress maintenance mode when updating WordPress, plugins, or themes with a single click.
  • Command Line Interface: WordPress Command line interface is easily accessible for all WordPress instances you have on board. Import a database, create a new user, update themes and plugins in a flash using WP-CLI.
  • Smart Updates: This feature for WordPress Toolkit analyzes updates and performs them without breaking the site. It also notifies you if the update is dangerous.

WP Toolkit Cons

  • Current and upcoming versions of WordPress Toolkit are fully dependent on Plesk.

WordPress Edition – a Multiple WordPress Sites Management Platform

Use Plesk WordPress Edition

Recently Plesk presented WordPress Edition, a bundle which includes all you need to run and manage WordPress-based hosting business – Plesk Onyx hosting platform, WordPress Toolkit and some other important extensions like Backup to Cloud Pro, Sucuri Security Scanner, Speed Kit , Uptime Robot and SEO Toolkit.

The Time for Multiple WordPress Site Management

The process of management multiple WordPress sites is not necessarily sophisticated, however time-consuming and requires a lot of time resources. As soon as you realize that taking care of your WordPress sites occupies significant part of your working time – it is the right moment to start using one of the solutions described above.

Every solution reviewed previously let you manage multiple WordPress sites using one central location. Each of them comes with list of extra tools that can simplify and improve your workflow. Before making a choice you need to remember that it is not only about functionality, but also about usage experience and other factors related to certain solution’s performance in perspective of  defined technical environment.

WordPress User Roles Explained

WordPress User Roles

If you have a website where lots of people need to have access, so they can contribute, make edits and so on, then you can’t escape the need to give each one of them their own role. By “role” we’re not talking about what they do as such, we’re talking about the kinds of permissions that they have. WordPress features 5 pre-defined roles, which at least gives you some templates that mean you don’t have to start from scratch. Hopefully one of them will roughly correspond to the level of permissions that you want your users to have, so they’ll only be able to make the kinds of changes that you have in mind and won’t be allowed to change things that are best left to you.

The List of WordPress User Roles

Here’s a rundown describing each of the WordPress user roles:

So, as we said, you need to know what each of them allows the user to do to your precious site before you go dishing them out.

Administrator

The omnipotent administrator has the run of the site, with the ability to change anything and everything. If you own the site, then you’re given this role as standard. Administrators can delete plugins and install new ones, change themes, and wield the knife with any and all posts and pages.

They can upload new images, video, and so on, add and remove users, alter names and passwords. They can also remove other administrators.

So, it should be obvious that such a powerful role should not just be handed to anyone. Only people you trust absolutely should be given administrator access.

Editor

The editor has total control of content, including posts, pages, media, and comments. The Editor label means that this person can add, edit, publish, and delete their own posts along with other people’s. They can also do the same for comments and images.

So, the editor can do most of what the admin can do, but they can’t fiddle with site settings, plugins, themes and users. For security reasons it’s considered good practice to set your new users as editors, even if you’re the only person publishing any content.

Usually, hackers as well as site visitors can see a username under each and every post on your site. They can then use that knowledge to try what’s called a brute force attack to get access to the site. Clearly, if they gain unauthorized access as an editor then they won’t be able to do anything more than superficial damage, changing and removing content, but not changing settings

Author

The next step down the ladder is the author role. Authors can write, delete, edit, and publish their own posts only. They have no control over other people’s material. They can’t create new categories or tags, but they can assign existing ones. They can also add media files.

They don’t have permission to moderate comments and can’t change settings, plugins, themes, or user profiles, apart from their own.

Contributor

Contributors can add posts and edit them, but they can’t publish or delete them. Equally, they aren’t allowed to create new categories and tags and they don’t get to upload media files. This can be pretty annoying if you use certain contributors on a regular basis, as you’re reliant on editors or authors to add their work to the site on their behalf.

They can assign existing categories and tags to their posts, and while they can look at comments, they don’t get to moderate them.

Contributors aren’t allowed to manage the settings page, so they can’t change, upload, edit, activate or deactivate themes and plugins.

Subscriber

This is the role that each user gets by default if site registrations are enabled. It sits on the bottom rung of the permissions ladder. It only lets users access their own user profile, read content and post comments.

Subscribers can’t create posts, look at comments, manage other users or change any settings.

Special WordPress User Role – Super Admin

This is an additional role unique to site owners on the WordPress Multisite Network. The Super Admin role is like an admin role in all respects, with the addition of the ability to add and remove sites on the network.

Closing Thoughts

You can help your site’s security a lot by getting to grips with the various permissions associated with these default user roles. It helps you to keep your users organized and your sites safe. If you need extra control or want to define your own user roles with bespoke permissions that fit the requirements of your website better, you might want to try the Capability Manager Enhanced plugin. It lets you handle your current WordPress roles, edit all role permissions, add new roles, and more besides.

WordPress File Permissions

WordPress File Permissions

Different files and directories in Linux-based file system use permissions to indicate who and what can read, write, modify and access them. WordPress file permissions matter because it might want access to write to files in your wp-content directory.

Permission Modes

7 5 5
user group others
r+w+x r+x r+x

4+2+1  4+0+1  4+0+1 = 755

WordPress file permissions modes are computed by adding up the following values for the user, the file group, and for everyone else. The diagram illustrates this.

  • Read 4 – Allowed to read files
  • Write 2 – Allowed to write/modify files
  • eXecute 1 – Read/write/delete/modify/directory
7 4 4
user group others
r+w+x r r

4+2+1  4+0+0 4+0+0  = 744

Example Permission Modes

Mode Str Perms Explanation
0477 -r–rwxrwx owner has read only (4), other and group has rwx (7)
0677 -rw-rwxrwx owner has rw only(6), other and group has rwx (7)
0444 -r–r–r– all have read only (4)
0666 -rw-rw-rw- all have rw only (6)
0400 -r——– owner has read only(4), group and others have no permission(0)
0600 -rw——- owner has rw only, group and others have no permission
0470 -r–rwx— owner has read only, group has rwx, others have no permission
0407 -r—–rwx owner has read only, other has rwx, group has no permission
0670 -rw-rwx— owner has rw only, group has rwx, others have no permission
0607 -rw—-rwx owner has rw only, group has no permission and others have rwx

Permission Scheme for WordPress

WordPress file permissions will vary between hosts, so we can only outline general principles here and can’t cover all scenarios. This guide is relevant to servers that run a standard setup (note, for shared hosting using “suexec” methods, see below).

Usually, all files should be owned by your user (ftp) account on your web server and should be writable by that account. On shared hosts, files shouldn’t ever be owned by the webserver process itself (sometimes this is www, or apache, or nobody user).

A file that needs write access from WordPress should be owned or group-owned by the user account used by WordPress (which may be different from server account). For instance, you might have a user account that lets you send files to your server via FTP, but the server itself may run under a separate user, in a separate usergroup, like dhapache or nobody. If WordPress is running as the FTP account, that account must have write access, meaning it must be the owner of the files, or be in a group that has write access. If that’s the case, it would mean permissions are set more permissively than default (for example, 775 rather than 755 for folders, and 664 instead of 644).

The file and folder permissions for WordPress will probably be the same for most users, depending on how you installed it and the umask settings of your system environment at the time of installation.

You probably won’t need to be changing file permissions if someone with experience installed WordPress for you. It’s best not to alter his unless you’re having problems with permission errors, or you know what you’re doing. If you installed WordPress yourself, you probably WILL need to change WordPress file permissions permissions. Some files and directories should be “hardened” with more strict permissions, in particular, the wp-config.php file. To start with, this file is created with 644 permissions, but it isn’t safe to leave it like that.

In most instances, all essential WordPress files should only be writable by your user account (or the httpd account, if it’s different). ( Sometimes though, numerous ftp accounts may be used to manage an installation, and if all ftp users are known and trusted, meaning not shared hosts, it may be okay to assign group writable. Ask your server admin about this. ) However, if you make use of mod_rewrite Permalinks or other .htaccess features you should ensure that WordPress can also write to your /.htaccess file.

If you’re going to use the built-in theme editor, all files need to be group writable. It’s best to use it before you go changing file permissions. (This may hold true if different users uploaded the WordPress package and the Plugin or Theme. This wouldn’t be a problem for Plugin and Themes installed using the admin panel. When you upload files with different ftp users, group writable will be needed. On shared hosting, ensure the group is exclusive to users who you trust… an apache user shouldn’t be in the group and shouldn’t own files.)

Some plugins need the /wp-content/ folder to be made writeable, but in cases like this, you will be informed about it during installation. In some instances, you may need to assign 755 permissions. This is also true for /wp-content/cache/ and possibly /wp-content/uploads/ (if you’re using MultiSite setup you may also have to do this for /wp-content/blogs.dir/)

Additional directories under /wp-content/need to be documented by whichever plugin / theme requires them. Permissions will vary.

/
|- index.php
|- wp-admin
|   `- wp-admin.css
|- wp-blog-header.php
|- wp-comments-post.php
|- wp-commentsrss2.php
|- wp-config.php
|- wp-content
|   |- cache
|   |- plugins
|   |- themes
|   `- uploads
|- wp-cron.php
|- wp-includes
`- xmlrpc.php

Shared Hosting with suexec

This may not apply to shared hosting systems that use the “suexec” approach for running PHP binaries. This is a popular approach which many web hosts use. With these systems, the php process runs as the owner of the php files themselves, which simplifies configuration and provides a more secure environment for shared hosting.

Do not use suexec methods on a single-site server configuration. They are only the most effective option for shared hosting.

With suexec configuration, the correct WordPress file permissions scheme is easy to understand.

  • All files should be owned by the actual user’s account, not the user account used for the httpd process.
  • Group ownership is not relevant unless there are particular group requirements for the web-server process permissions checking. This doesn’t usually happen.
  • All directories should be 755 or 750.
  • All files should be 644 or 640. Exception: wp-config.php should be 440 or 400 to stop other users on the server from reading it.
  • Directories should never be given 777, not even upload directories. As the php process is running as the files’ owner, it gets the owners permissions and can even write to a 755 directory.

With this particular type of setup, WordPress detects that it can directly create files with the proper ownership, and so it will not need to request FTP credentials when it has to install or upgrade plugins.

sysadmins use these popular methods are set up:

  • suPHP: runs through php-cgi, currently unmaintained since 2013.
  • mod_ruid2: apache module, currently unmaintained since 2013.
  • mpm_itk: apache module.
  • mod_fcgid: an Apache module and FastCGI server with more extensive configuration.

PHP-FPM, an alternative FastCGI server with shared OPCode, for use with Apache and Nginx.

How to Use the Command Line

If you have shell/SSH access to your hosting account, you can use chmod for changing file permissions, which is the preferred method for experienced users. Before you start using chmod it’s recommended that you go through some tutorials to ensure you understand how it works. If you set the wrong WordPress file permissions you could end up taking your site off-line, so it’s best to be safe rather than sorry.

You can make all the files in your wp-content directory writable in two steps, but before you do, consider safer options like modifying just the directory first. Give each of these commands try first, and if they don’t work then go recursive. This will even make the image files of your themes writable. Replace DIR with the folder you want to write to

chmod -v 746 DIR

chmod -v 747 DIR

chmod -v 756 DIR

chmod -v 757 DIR

chmod -v 764 DIR

chmod -v 765 DIR

chmod -v 766 DIR

chmod -v 767 DIR

If those don’t let you write, try each of them again in order, only this time put-R instead of-v, which will recursively modify each file that’s in the folder. If that still doesn’t work then try 777.

About Chmod

chmod is a Unix command which means “change mode” on a file. The -R flag tells it to apply the change to every file and directory inside wp-content. 766 is the mode we are changing the directory to, and it makes the directory readable and writable by WordPress and any and all other users on your system. At last, we have the name of the directory we are going to modify, wp-content. If 766 doesn’t work, then try 777, which makes every file and folder readable, writable, and executable by all users, groups, and processes.

If you use Permalinks then remember to change WordPress file permissions of .htaccess to ensure that WordPress can update it when you change settings, like when you a new page, redirect, category, etc. which requires updating the .htaccess file when mod_rewrite Permalinks are being used.

  1. Go to the main directory of WordPress
  2. Enter chmod -v 666 .htaccess

From a WordPress security point of view, even a little protection is better than a directory that’s wide open to anybody to rewrite. Start with low permissive settings like 744 and work your way up until your successful. Only use 777 if you have to, and hopefully then only for a short while.

The dangers of 777

The root cause of this permission situation is the manner of your server configuration. The username you use to FTP or SSH into your server is probably not the username that the server application itself uses to serve pages.

7 7 7
user group others

4+2+1  4+2+1  4+2+1  = 777

The Apache server is frequently ‘owned’ by the www-datadhapache or nobody user accounts. These accounts have limited access to files on the server, and with good reason. If you set your personal files and folders owned by your user account to be World-Writable, that’s exactly what you are doing. It means that the www-data, dhapache and nobody users that run your server, serve pages, execute php interpreters, and so on, can get at all of your user account files, and they can do this using any process on the server.

That’s why it’s best to only change WordPress file permissions when you are forced to, and even then with great care. We’ve never come across a situation what warranted more than 767, so it’s hard to imagine why 777 would be required.

If you do use 777 permissions, what’s the worst that could happen? Well, a nefarious individual could upload a harmful file, or inject malicious code to gain total control of your blog, its database and password info.

You can easily get the enhanced features that WordPress plugins can provide without exposing yourself to risk. The Plugin author or your server support should be able to give you a workaround.

Finding Secure File Permissions

The .htaccess file is one that’s accessed by the owner of the process that runs the server. So, if your WordPress file permissions are set too low, your server will be denied access to the file and return an error. It shows you the way to find your best settings. Start with greater restriction and then relax it until it works.

The example below has a custom compiled php-cgi binary and a custom php.ini file located in the cgi-bin directory for executing php scripts. To stop a web browser directly accessing the interpreter and php.ini file they are protected by a .htaccess file.

Default Permissions (umask 022)

  • 644 -rw-r–r–  /home/user/wp-config.php
  • 644 -rw-r–r–  /home/user/cgi-bin/.htaccess
  • 644 -rw-r–r–  /home/user/cgi-bin/php.ini
  • 755 -rwxr-xr-x  /home/user/cgi-bin/php.cgi
  • 755 -rwxr-xr-x  /home/user/cgi-bin/php5.cgi

Secured Permissions

  • 600 -rw——-  /home/user/wp-config.php
  • 604 -rw—-r–  /home/user/cgi-bin/.htaccess
  • 600 -rw——-  /home/user/cgi-bin/php.ini
  • 711 -rwx–x–x  /home/user/cgi-bin/php.cgi
  • 100 —x——  /home/user/cgi-bin/php5.cgi

.htaccess permissions

644 > 604 – The bit giving the group owner of the .htaccess file read permission was got rid of. 644 is normally recommended and needed for .htaccess files.

php.ini permissions

644 > 600 – Before, all groups and all users with access to the server could access the php.ini, even just by requesting it from the site. The difficulty is that because the php.ini file is only used by the php.cgi, we only needed to ensure the php.cgi process had access. The php.cgi runs as the same user which owns both files, so that single user is now the only user which can access this file.

php.cgi permissions

755 > 711 This file is a compiled php-cgi binary used in place of mod_php or the default vanilla php which the hosting company provides. The default permissions for this file are 755.

Why WordPress?

Why WordPress?

Is a WordPress site really going to be that much better than the one you’ve been using happily for so long? Well, we think it will. We think that a WordPress CMS is going to be one of those things that you switch to and then later wonder how you ever did without it. We’ll show you why we think that and show you examples of some great sites that rely on WordPress too, so you can decide for yourself.

If you’re like most people, then any time you hear the name ‘WordPress’ you immediately think that it’s going to be about someone’s blog. Well, it’s true that WordPress was mostly used for blogging in the beginning, but it’s evolved into something that’s a lot more sophisticated than just a home for an online diary.

The clue to its power now is in the letters CMS, or content management system. It’s going into something quite versatile, and that versatility is what accounts for its popularity. It’s been estimated that a little over 32 per cent of all the websites in existence use WordPress. Bloomberg, Sony, The New Yorker, Disney, Target, BBC America, Plesk, cPanel and many more have come to depend on its long list of features, robustness, and excellent scalability. High recommendation indeed!

WordPress costs you nothing

That’s right. You don’t pay one solitary nickel for WordPress. And you can install it, alter it, bend it to whatever shape you need too, and nobody will take exception to your behavior. Of course, there are still costs. you still have to pay for a domain name and the usual hosting service, but then so does everyone. That’s the kind of thing you expect to have to do if you want to make a home on the web. When someone types www. followed by the name of your site then they’re directed to the place all your stuff is held. So, it’s not surprising that somebody has to provide the “warehouse” for all your files and that you have to pay to rent that space. But WordPress, the bit that tells the server how all of that stuff should be organized, is free

WordPress is infinitely adaptable

If you want to design a website for yourself from the ground up, then WordPress will let you do just that. But if you don’t, then you can choose from literally thousands of pre-made designs that serve a whole host of different functions. These vary from free to modestly priced, and the beauty of all of them is that you don’t need to be a techie to get your site up and running and looking good. A lot of the WordPress features are designed to be very intuitive, so you are just dragging and dropping items to get the look and functionality that you want.

As well as themes you can also pick up plugins to add even more functionality to your site. You can add analytics, contact forms, membership areas, galleries… the list goes on. Some of these are free, and some you have to pay for.

WordPress is SEO friendly

We could explain SEO, but to avoid losing you in a fog of technobabble, let’s just say that WordPress has been written in such a way that makes Google and other search engines really appreciate it. Which means that WordPress sites has all the chances to rank high in Google and Bing search results. But if that natural search engine friendliness isn’t enough for you, you can also pick up SEO plugins that help to boost your site even more.

Managing WordPress is simple

WordPress has an admin dashboard that makes installing updates for plugins and themes nice and easy. It will tell you any time a new version of WordPress is released, and you just need to click a button to have it installed. Keeping all your stuff safe from hackers and backed up is easy if you install any of WordPress backup plugins. This will let you download your site for safekeeping or save it to the cloud, whatever you prefer. WordPress mobile apps are available to help you manage your site or sites when you’re out and about.

WordPress was designed with safety in mind

Part of the reason why so many of those big corporations (that we mentioned earlier) use the WordPress CMS is that it was designed to be safe and secure. The big players can’t afford to have security breaches or unstable systems, so they’re only going to trust a platform that’s solid. So, we have to conclude that if it’s solid enough for them, then it’s solid enough for you!

That said, there’s always more that you can (and should) do to keep safe. For extra security, you could use something like Sucuri. It’s good for defending against brute force attacks and keeping malware at bay.

WordPress is happy to handle a variety of Media Types

WordPress has a media uploader built into the system so it’s easy to upload pictures, video, and audio. And you can also embed YouTube videos, Tweets, Soundcloud audio and insert Instagram images thanks to the platform support for oEmbed.