WordPress Premium Plugin: Keyword Counter & Density Calculator

Get Key­word Counter & Den­si­ty Cal­cu­la­tor pre­mi­um ver­sion from HERE!

The Key­word Counter & Den­si­ty Cal­cu­la­tor plu­g­in cal­cu­lates how many times each key­word is used in a in a post or a page. When you write or edit a post/page, you can see a handy list of the key­words you’ve used — list­ed in order, start­ing with the words you use most com­mon­ly.

Why use Keyword Counter & Density Calculator?

If you’re writ­ing an arti­cle, one impor­tant fac­tor to keep in mind is, what are the key­words you’re using? How often do you use them? This is essen­tial for SEO (search engine opti­miza­tion) rea­sons. You want to use your key­words a bunch, but not too much.

But when you write, you’re often faced with the prob­lem: how many times did I use this key­word, or that one? Usu­al­ly, there’s a man­u­al process: control‑F (or command‑F for Mac lovers!) to find and count the num­ber of times you used it, look up the total num­ber of words, do some divi­sion — and this gets frus­trat­ing before you even start.

The solution

But look no fur­ther! The Key­word Counter & Den­si­ty Cal­cu­la­tor is here to help.

Here is how it works. Once installed and acti­vat­ed, when you write a post or a page, above the text edit­ing box, there is a new but­ton called “Count Key­words”. Click it, and a chart will come up. For all key­words, it lists their fre­quen­cy, so you can see how many times you’ve used it. It also lists their den­si­ty — both, as com­pared to the total # of words you wrote, and also as com­pared to the total num­ber of non-small words you wrote (exclud­ing words like “in”, “of”, and “but”, for exam­ple). You also get a red/yellow/green alert as to how on tar­get the den­si­ty is, so you know what you need to improve.

The Cream on the Cake: The Advanced Features

The best part, how­ev­er, are all the advanced set­tings and fea­tures — this is where the pow­er is real­ly unlocked. Our advanced fea­tures include:

* One of our two favorite fea­tures is: you can con­fig­ure key­words that are more than one word! Lets say, one of your most impor­tant key­words is the phrase, “Word­Press secu­ri­ty” — by default, that would be treat­ed as two sep­a­rate words. But you could con­fig­ure it to treat them as one phrase.

* Our oth­er favorite fea­ture is: option­al stem­ming. If you want it to treat “walk”, “walks”, “walk­ing”, “walk’s”, etc, as one word — then just turn on the stem­ming option! Note that this fea­ture pre­dicts the root based on the con­ju­ga­tion, so you might some­times get guess­es that aren’t exact­ly on mark; but it’s usu­al­ly on tar­get, and per­fect for our SEO pur­pos­es.

* You can turn on/off whether you want the count to include the small words or not.

* You can also add in words to exclude, as well.

* You can lim­it the # of key­words to review — in case it’s a huge doc­u­ment that’s using up lots of mem­o­ry!

* You can edit the list of default “small” words that are exclud­ed, in case you want to remove any, or add some more.

Say hi!

But not only is the plu­g­in great — but we’re very ded­i­cat­ed to our users. We’re friend­ly and sup­port­ive — and we love help­ing every­one out. Email us any ques­tions, or see our sup­port page at: http://www.wpsos.io/plugin-support/.

Get Key­word Counter & Den­si­ty Cal­cu­la­tor pre­mi­um ver­sion from HERE!

Large Number of WordPress Hacks Silently Delivering Ransomware to Visitors

Mys­te­ri­ous­ly, a large num­ber of sites run­ning on Word­Press have been hacked caus­ing them to deliv­er  cryt­po-ran­somware and oth­er mali­cious soft­ware, to vis­i­tors. Until last week, web secu­ri­ty ser­vices were unaware of this mas­sive lapse in secu­ri­ty.

Three sep­a­rate secu­ri­ty firms have since come for­ward to report that vis­i­tors of a mas­sive num­ber of legit­i­mate Word­Press sites are being silent­ly redi­rect­ed to mali­cious sites, which host code from the Nuclear exploit kit.

Users with out­dat­ed ver­sions of Adobe Flash Play­er, Adobe Read­er, Microsoft Sil­verlight, or Inter­net Explor­er are high­ly sus­cep­ti­ble to get­ting infect­ed with Tes­lacrypt ran­somware pack­age. The ran­somware encrypts files on the com­put­er with a decryp­tion key which can only be availed at a hefty ran­som to restore user files.

“Word­Press sites are inject­ed with huge blurbs of rogue code that per­form a silent redi­rec­tion to domains appear­ing to be host­ing ads,” Mal­ware­bytes Senior Secu­ri­ty Researcher Jérôme Segu­ra wrote in a blog post pub­lished Wednes­day. “This is a dis­trac­tion (and fraud) as the ad is stuffed with more code that sends vis­i­tors to the Nuclear Exploit Kit.”

Researchers at Heim­dal Secu­ri­ty Soft­ware wrote in a blog post: “The cam­paign makes use of sev­er­al domains to deliv­er the mali­cious code, which is why active servers can quick­ly change depend­ing on which IP as DNS lookup they use.” Hack­ers are exploit­ing an uniden­ti­fied vul­ner­a­bil­i­ty with obfus­cat­ed JavaScript which redi­rects traf­fic to a domain called chren­ovuihren. An online ad pops up on the site which forces traf­fic to the site host­ing the Nuclear exploit kit.

“This past week­end we reg­is­tered a spike in Word­Press infec­tions where hack­ers inject­ed encrypt­ed code at the end of all legit­i­mate .js files.” Web­site secu­ri­ty firm Sucuri, said in a state­ment in a blog post, Mon­day. “This mal­ware uploads mul­ti­ple back­doors into var­i­ous loca­tions on the web­serv­er and fre­quent­ly updates the inject­ed code. This is why many web­mas­ters are expe­ri­enc­ing con­stant rein­fec­tions post-cleanup of their .jsfiles.”

Three of the Best WordPress Security Plugins Reviewed

With cyber­at­tacks get­ting increas­ing­ly com­mon, about 30,000 per day, it’s more impor­tant than ever to pro­tect your site. You can take steps to safe­guard your data with­out pay­ing exter­nal ser­vices. Set­ting a com­pli­cat­ed pass­word and keep­ing your site up-to-date goes a long way, but the extra blan­ket of secu­ri­ty pro­vid­ed by secu­ri­ty plu­g­ins cer­tain­ly helps and is worth shelling out a few extra dol­lars for pre­mi­um fea­tures.

There’s a ton of Word­Press secu­ri­ty plu­g­ins, so we’ve reviewed only three of the most pop­u­lar ones out there:

  1. Word­Fence

This plu­g­in is free but for addi­tion­al fea­tures there is a pre­mi­um ver­sion. It rou­tine­ly scans all your Word­Press files for mal­ware infec­tions and noti­fies you if any is found. Using two fac­tor authen­ti­ca­tion (with SMS), it stops brute force attack. Word­Fence gives users the option to block peo­ple from cer­tain coun­tries, and has a fire­wall to block fake traf­fic. The plu­g­in claims to speed up your web­site 50 times faster, and can sup­port mul­ti­ple sites on the same account.

  1. iThemes Secu­ri­ty

For­mer­ly known as ‘Bet­ter WP Secu­ri­ty’, iThemes is a pop­u­lar choice with users. It scans your site to find vul­ner­a­bil­i­ties and fix­es them as quick­ly as it sends you a report. It not only hides sen­si­tive core files, but increas­es the password’s secu­ri­ty lev­el and blocks ‘bad users’. If iThemes is faced with a user with repeat­ed login attempts, it will block and report their IP address­es. Pro users get two-fac­tor authen­ti­ca­tion using a mobile app, pass­word expi­ra­tion, a track log of users’ actions, and a mal­ware scan auto­mat­i­cal­ly every day.

  1. Sucuri Secu­ri­ty

This plu­g­in is a prod­uct of Sucuri Inc., a web secu­ri­ty com­pa­ny focused on detect­ing and reme­di­at­ing com­pro­mised web­sites. Its secu­ri­ty activ­i­ty mon­i­tor­ing fea­ture tracks all changes to help secu­ri­ty experts under­stand how it is being com­pro­mised. Sucuri Secu­ri­ty also Secu­ri­ty Activ­i­ty Audit­ing has File Integri­ty Mon­i­tor­ing, Remote Mal­ware Scan­ning, Black­list Mon­i­tor­ing, Effec­tive Secu­ri­ty Hard­en­ing, Post-Hack Secu­ri­ty Actions, Secu­ri­ty Noti­fi­ca­tions and a Web­site Fire­wall.

WordPress 4.4.2 Update Released to Patch Vulnerabilities

Word­Press 4.4.2 has been released as an update to all ver­sions to pro­vide patch­es for two secu­ri­ty vul­ner­a­bil­i­ties. To improve func­tion­al­i­ty, 17 bugs from the pre­vi­ous ver­sion are also addressed. The update is now avail­able to down­load and Word­Press rec­om­mends that every­body update imme­di­ate­ly.

One of the two secu­ri­ty fix­es in 4.4.2 is a pos­si­ble Serv­er-Side Request Forgery (SSRF) vul­ner­a­bil­i­ty. It impacts local address­es and allows hack­ers to bypass access con­trols, like Fire­wall, to crash infect­ed sys­tems. The actu­al Word­Press code com­mit that fix­es the SSRF issue states that “0.1.2.3 is not a valid IP.”

This is not the first time Word­Press has pushed a fix for SSRF. In June 2013, Word­Press 3.5.2 was released with a patch-up for a SSRF vul­ner­a­bil­i­ty.

The Mitre Com­mon Weak­ness Enu­mer­a­tion (CWE) states in its def­i­n­i­tion of SSRF as,“By pro­vid­ing URLs to unex­pect­ed hosts or ports, attack­ers can make it appear that the serv­er is send­ing the request, pos­si­bly bypass­ing access con­trols such as fire­walls that pre­vent the attack­ers from access­ing the URLs direct­ly.”

Open redi­rec­tion attack is the sec­ond issue tack­led in the new update. An open redi­rec­tion attack links to exter­nal sites — phish­ing sites or oth­er kinds of mali­cious sites — by abus­ing web func­tion­al­i­ty. “A web appli­ca­tion accepts a user-con­trolled input that spec­i­fies a link to an exter­nal site, and uses that link in a Redi­rect,” Mitre’s Open Redi­rect def­i­n­i­tion states. “This sim­pli­fies phish­ing attacks.”

A new block of code which will bring about bet­ter val­i­da­tion of the Web address­es used in HTTP redi­rects, is Word­Press’s solu­tion for the open redi­rec­tion attack inse­cu­ri­ty.

After the Jan 6th update of Word­Press 4.4.1, this is the sec­ond update of the year for Word­Press. Like last time, auto­mat­ic updates are being rolled out to sites that sup­port auto­mat­ic back­ground updates. To down­load man­u­al­ly, you can either head over to Dash­board > Updates in Word­Press and click on the “Update Now” but­ton, or down­load Word­Press 4.4.2 from Word­Press direct­ly.

 

WordPress Premium Plugin: .htaccess Site Access Control

Get .htac­cess Site Access Con­trol pre­mi­um ver­sion from HERE!

.htac­cess Site Access Con­trol plu­g­in allows you to pass­word pro­tect your site: WP login page, admin pages, and/or the whole site. The plu­g­in adds in this func­tion­al­i­ty on top of Word­Press, using the .htac­cess pass­word pro­tec­tion func­tion­al­i­ty.

As of ver­sion 1.0, the options of the free plu­g­in include:
1. Enabling/disabling the pass­word pro­tec­tion to wp-login.php, Word­Press admin pages. Note that you’ll be asked to re-type the .htac­cess username/password you cre­at­ed before enabling any of the set­tings — to ensure that you would­n’t enable the pass­word pro­tec­tion with­out even know­ing the pass­word your­self!
2. Mod­i­fy­ing the exist­ing users: you can change any .htac­cess user’s pass­word and remove the users.
3. Adding one .htac­cess user.

With pre­mi­um plu­g­in, you can also:
1. Create/modify an unlim­it­ed num­ber of .htac­cess users;
2. Pro­tect your whole site, mak­ing it acces­si­ble to only those who have the .htac­cess user.

Get our pre­mi­um plu­g­in from HERE!

Using the pass­word pro­tec­tion will give you extra secu­ri­ty lay­er of pro­tec­tion from brute force hack­ing attacks. Addi­tion­al­ly, it’s also an easy way to pass­word pro­tect your entire site, with­out need­ing to cre­ate sep­a­rate Word­Press users for each vis­i­tor.

When you enable the pass­word pro­tec­tion, the user won’t be able to see any­thing — not even see the pro­tect­ed page — until he/she inserts the username/password. You can pass­word pro­tect the whole web­site, includ­ing the admin­is­tra­tor pages; you can pass­word pro­tect the admin­is­tra­tor pages; or you can pass­word pro­tect the Word­Press login page.

If you have any sug­ges­tions, please let us know! You can con­tact us via http://wpsos.io/.

WordPress Plugin: Site Language Definition

Site Lan­guage Def­i­n­i­tion is a sim­ple plu­g­in for forc­ing the web brows­er to know what lan­guage your site is in.

Site Lan­guage Def­i­n­i­tion solves a com­mon prob­lem: your web­site is in your cho­sen lan­guage but for some rea­son the brows­er ‘thinks’ it’s in anoth­er lan­guage.

It is par­tic­u­lar­ly com­mon to think that your site is in a dif­fer­ent lan­guage — many Chrome users get mes­sages from Chrome along the lines of, “This site is in Indone­sian. Would you like Chrome to trans­late it?” even when the site does­n’t have a hint of Indone­sian! This has very neg­a­tive SEO ram­i­fi­ca­tions: Google pri­or­i­tizes in its search results sites that it knows are in the user’s lan­guage.

Site Lan­guage Def­i­n­i­tion plu­g­ins adds the nec­es­sary lan­guage attrib­ut­es to your web­site to force the browsers see the web­site as con­fig­ured under the Word­Press Gen­er­al Set­tings. If you need to change the lan­guage, just go to Set­tings -> Gen­er­al, and change the lan­guage of your web­site.

If you have any oth­er sug­ges­tions, please let us know! You can con­tact us via http://wpsos.io/

WordPress Plugin: Remove Feed Links

Remove Feed Links is a sim­ple plu­g­in for remov­ing feed links from the head of your web site.

Word­Press always includes links to the RSS and ATOM feeds by default — but some­times, you just don’t want them.

Maybe your site does­n’t have a feed, such as a sta­t­ic brochure site.
Maybe you don’t want peo­ple using RSS or ATOM to fol­low the site on a read­er, but instead you want them to come direct­ly to the site.
Or maybe you just want to remove every extra char­ac­ter in the code for speed rea­sons.

For us, it was all three of the above! But we could­n’t find a good solu­tion, oth­er than going in and edit­ing direct­ly the tem­plates — which we try to avoid.

The solu­tion? We built the “Remove Feed Links” plu­g­in which does pre­cise­ly what you expect: it removes the links, in the HTML the user sees, to the RSS and ATOM feeds that Word­Press includes by default.

The plu­g­in Remove Feed Links does that by remov­ing post, com­ments, and/or extra (cat­e­go­ry, tags, author) feeds from the head of your site.

The instal­la­tion and use is very straight­for­ward. You should:

1. Upload the fold­er ‘remove-feed-links‘ to the ‘/wp-con­tent/­plu­g­in­s/‘ direc­to­ry
2. Acti­vate the plu­g­in through the ‘Plu­g­ins’ menu in Word­Press

As of ver­sion 1.0, you can choose between 3 options which feed links do you want to remove. You can remove:
1. Com­ments feed links;
2. Posts feed links;
3. Extra Feed links: cat­e­go­ry, tag, search page, author page feed.

If you have any sug­ges­tions, please let us know! You can con­tact us via http://wpsos.io/.

WordPress Plugin: Keyword Landing Page Generator

Get Key­word Land­ing Page Gen­er­a­tor pre­mi­um ver­sion from HERE!

Key­word Land­ing Page Gen­er­a­tor allows you to have one land­ing page, with dif­fer­ent ver­sions (at dif­fer­ent URLs) depend­ing on the key­word — so you can show each vis­i­tor a cus­tomized ver­sion of the land­ing page!

It’s a com­mon prob­lem of mar­keters that you’d like to show dif­fer­ent ver­sions of a land­ing page to a user accord­ing to what they are look­ing for — one for peo­ple look­ing for a “cheap” prod­uct, one for peo­ple look­ing for the prod­uct deliv­ered “fast,” and one for peo­ple look­ing for a “high qual­i­ty” ver­sion of the prod­uct, for exam­ple. Or if you want to have sep­a­rate pages for peo­ple search­ing for red, green, or blue ver­sions of your prod­uct. The pos­si­bil­i­ties are end­less!

Until now, the only solu­tion was to cre­ate hun­dreds of dif­fer­ent land­ing pages — not only is this very time-con­sum­ing but, if you want to update them, it turns into a night­mare!

The solu­tion? The Key­word Land­ing Page Gen­er­a­tor. This pre­mi­um plu­g­in lets you have one land­ing page, but actu­al­ly have three (or three-thou­sand!) unique pages on Word­Press to dri­ve traf­fic to, each one cus­tomized for that tar­get mar­ket.

Each page has a unique URL that is SEO friend­ly and very easy to mod­i­fy, indi­vid­u­al­ly or all at once. You could have Google-friend­ly URLs such as: /intro/cheap/ and /intro/fast/ and /in­tro/high-qual­i­ty/ in the above exam­ple — and an unlim­it­ed num­ber. The pages dis­played would be the same to all — except at the points in which you define, where the head­line text or image or any oth­er com­po­nent or com­po­nents (as few or as many as you like) would change accord­ing to the rules, def­i­n­i­tions, and text you’ve defined in the easy-to-use plu­g­in con­fig­u­ra­tion.

Get Key­word Land­ing Page Gen­er­a­tor from Enva­to!

WordPress Update 4.4.1 Released

Last week, Word­Press announced the release of an update to address secu­ri­ty and main­te­nance issues. The pub­lish­ing plat­form urged users to update their sys­tems imme­di­ate­ly, pro­tect­ing them from a cross-site script­ing (XSS) vul­ner­a­bil­i­ty.

Aaron  Jorbin, a Word­Press con­trib­u­tor who pub­lished news of the update’s release on the com­pa­ny’s offi­cial blog, warned that Word­Press ver­sions 4.4 and ear­li­er could allow sites to be com­pro­mised due to the cross-site script­ing vul­ner­a­bil­i­ty.  The loop­hole was dis­cov­ered and report­ed by Crtc4L.

The bug allows remote attack­ers to gain access and com­pro­mise sites. Hack­ers are able to pass mali­cious con­tent between sites through the cross-site script­ing vul­ner­a­bil­i­ty. The kind of code injec­tion bypass­es the same-ori­gin pol­i­cy, which is an impor­tant con­cept in web secu­ri­ty appli­ca­tions. Wikipedia says under the pol­i­cy, “a web brows­er per­mits scripts con­tained in a first web page to access data in a sec­ond web page, but only if both web pages have the same ori­gin.” 

The vul­ner­a­bil­i­ty was spot­ted by Crtc4L, who is an inde­pen­dent secu­ri­ty researcher based in the Philip­pines. They were award­ed a boun­ty through HackerOne for their dis­cov­ery.

In addi­tion, the update also con­tains sev­er­al bug fix­es unre­lat­ed to secu­ri­ty. Among them are sup­port for all the new emo­ji char­ac­ters late­ly added to the emo­ji col­lec­tion, includ­ing the diverse hand ges­tures and faces. Fans of emo­jis on iOS will rejoice at the long-await­ed news.

Word­Press 4.4.1 fix­es 52 bugs from the last ver­sion. Fix­es to solu­tions includ­ed: “Some sites with old­er ver­sions of OpenSSL installed were unable to com­mu­ni­cate with oth­er ser­vices pro­vid­ed through some plu­g­ins,” and “if a post URL was ever re-used, the site could redi­rect to the wrong post.”

Auto­mat­ic updates are being rolled out to sites that sup­port auto­mat­ic back­ground updates. To down­load man­u­al­ly, you can either head over to Dash­board > Updates in Word­Press and click on the “Update Now” but­ton, or down­load Word­Press 4.4.1 from Word­Press direct­ly.

Recap 2015 — A Year of Security Vulnerabilities

HAPPY NEW YEAR WPSOS READERS!

The time to make new year res­o­lu­tions is here. The time to wave good­bye to 2015. The time of fresh begin­nings. The time to look back on the good and bad of the past year. And the time to review all that hap­pened and move on as a bet­ter ver­sion of your­self.

Con­trary to pop­u­lar opin­ion, it’s not always exter­nal hack attacks that do the most harm. Some­times it is inher­ent flaws in the sys­tem unno­ticed by users until the minute they are exploit­ed. Tech­world did a great piece on secu­ri­ty flaws of the year 2016 detail­ing acci­den­tal flaws in ser­vices lead­ing to attacks in 2015.

Google Android Flaws

Google’s Android plat­form for smart­phones has spread far and wide. Stretch­ing across sev­er­al man­u­fac­tur­ers has made it dif­fi­cult to push updates to all devices at the same time, lead­ing to mul­ti­ple secu­ri­ty issues. In the sum­mer of 2015, many secu­ri­ty flaws were made pub­lic, of which Stage­fright was the most dev­as­tat­ing. Fol­lowed by Stage­fright 2.0, it had a way of beat­ing Android 5.0 lockscreen’s secu­ri­ty code.

Anti-virus Flaws

Of all the anti-virus­es, the most flawed (yet pop­u­lar) AVG was first sin­gled out by an Israeli secu­ri­ty firm enSi­lo which dis­cov­ered a soft­ware flaw. It was patched in two days. How­ev­er, lat­er on a Google engi­neer found anoth­er flaw in AVG’s Chrome brows­er Web Tune-Up plug-in which allowed attack­ers to scour through entire brows­ing his­to­ries.

Juniper VPN ‘Back Door’ Flaw

Appar­ent­ly the VPN part of Juniper’s NetScreen fire­wall kit has had a back­door since 2012. A weak­ness in a piece of encryp­tion fur­ni­ture called Dual_EC_DRBG ran­dom num­ber gen­er­a­tor con­tained a soft­ware flaw that allowed the inser­tion of a back door.

 

Talk­Talk attacked thrice

The telecom­mu­ni­ca­tions com­pa­ny was attacked not just once, but thrice! Accord­ing to the com­pa­ny, ‘only’ 159,959 accounts were com­pro­mised, of which 15, 656 had their bank account details com­pro­mised.

Inde­pen­den­t’s ran­somware

Inde­pen­dent news blog was caught serv­ing Tes­laCrypt ran­somware by Trend Micro. The site was attacked sev­er­al weeks before Trend informed them.