WordPress Premium Plugin: Keyword Counter & Density Calculator

Get Keyword Counter & Density Calculator premium version from HERE!

The Keyword Counter & Density Calculator plugin calculates how many times each keyword is used in a in a post or a page. When you write or edit a post/page, you can see a handy list of the keywords you’ve used — listed in order, starting with the words you use most commonly.

Why use Keyword Counter & Density Calculator?

If you’re writing an article, one important factor to keep in mind is, what are the keywords you’re using? How often do you use them? This is essential for SEO (search engine optimization) reasons. You want to use your keywords a bunch, but not too much.

But when you write, you’re often faced with the problem: how many times did I use this keyword, or that one? Usually, there’s a manual process: control‑F (or command‑F for Mac lovers!) to find and count the number of times you used it, look up the total number of words, do some division — and this gets frustrating before you even start.

The solution

But look no further! The Keyword Counter & Density Calculator is here to help.

Here is how it works. Once installed and activated, when you write a post or a page, above the text editing box, there is a new button called “Count Keywords”. Click it, and a chart will come up. For all keywords, it lists their frequency, so you can see how many times you’ve used it. It also lists their density — both, as compared to the total # of words you wrote, and also as compared to the total number of non-small words you wrote (excluding words like “in”, “of”, and “but”, for example). You also get a red/yellow/green alert as to how on target the density is, so you know what you need to improve.

The Cream on the Cake: The Advanced Features

The best part, however, are all the advanced settings and features — this is where the power is really unlocked. Our advanced features include:

* One of our two favorite features is: you can configure keywords that are more than one word! Lets say, one of your most important keywords is the phrase, “WordPress security” — by default, that would be treated as two separate words. But you could configure it to treat them as one phrase.

* Our other favorite feature is: optional stemming. If you want it to treat “walk”, “walks”, “walking”, “walk’s”, etc, as one word — then just turn on the stemming option! Note that this feature predicts the root based on the conjugation, so you might sometimes get guesses that aren’t exactly on mark; but it’s usually on target, and perfect for our SEO purposes.

* You can turn on/off whether you want the count to include the small words or not.

* You can also add in words to exclude, as well.

* You can limit the # of keywords to review — in case it’s a huge document that’s using up lots of memory!

* You can edit the list of default “small” words that are excluded, in case you want to remove any, or add some more.

Say hi!

But not only is the plugin great — but we’re very dedicated to our users. We’re friendly and supportive — and we love helping everyone out. Email us any questions, or see our support page at: http://www.wpsos.io/plugin-support/.

Get Keyword Counter & Density Calculator premium version from HERE!

Large Number of WordPress Hacks Silently Delivering Ransomware to Visitors

Mysteriously, a large number of sites running on WordPress have been hacked causing them to deliver  crytpo-ransomware and other malicious software, to visitors. Until last week, web security services were unaware of this massive lapse in security.

Three separate security firms have since come forward to report that visitors of a massive number of legitimate WordPress sites are being silently redirected to malicious sites, which host code from the Nuclear exploit kit.

Users with outdated versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer are highly susceptible to getting infected with Teslacrypt ransomware package. The ransomware encrypts files on the computer with a decryption key which can only be availed at a hefty ransom to restore user files.

“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads,” Malwarebytes Senior Security Researcher Jérôme Segura wrote in a blog post published Wednesday. “This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.”

Researchers at Heimdal Security Software wrote in a blog post: “The campaign makes use of several domains to deliver the malicious code, which is why active servers can quickly change depending on which IP as DNS lookup they use.” Hackers are exploiting an unidentified vulnerability with obfuscated JavaScript which redirects traffic to a domain called chrenovuihren. An online ad pops up on the site which forces traffic to the site hosting the Nuclear exploit kit.

“This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files.” Website security firm Sucuri, said in a statement in a blog post, Monday. “This malware uploads multiple backdoors into various locations on the webserver and frequently updates the injected code. This is why many webmasters are experiencing constant reinfections post-cleanup of their .jsfiles.”

Three of the Best WordPress Security Plugins Reviewed

With cyberattacks getting increasingly common, about 30,000 per day, it’s more important than ever to protect your site. You can take steps to safeguard your data without paying external services. Setting a complicated password and keeping your site up-to-date goes a long way, but the extra blanket of security provided by security plugins certainly helps and is worth shelling out a few extra dollars for premium features.

There’s a ton of WordPress security plugins, so we’ve reviewed only three of the most popular ones out there:

  1. WordFence

This plugin is free but for additional features there is a premium version. It routinely scans all your WordPress files for malware infections and notifies you if any is found. Using two factor authentication (with SMS), it stops brute force attack. WordFence gives users the option to block people from certain countries, and has a firewall to block fake traffic. The plugin claims to speed up your website 50 times faster, and can support multiple sites on the same account.

  1. iThemes Security

Formerly known as ‘Better WP Security’, iThemes is a popular choice with users. It scans your site to find vulnerabilities and fixes them as quickly as it sends you a report. It not only hides sensitive core files, but increases the password’s security level and blocks ‘bad users’. If iThemes is faced with a user with repeated login attempts, it will block and report their IP addresses. Pro users get two-factor authentication using a mobile app, password expiration, a track log of users’ actions, and a malware scan automatically every day.

  1. Sucuri Security

This plugin is a product of Sucuri Inc., a web security company focused on detecting and remediating compromised websites. Its security activity monitoring feature tracks all changes to help security experts understand how it is being compromised. Sucuri Security also Security Activity Auditing has File Integrity Monitoring, Remote Malware Scanning, Blacklist Monitoring, Effective Security Hardening, Post-Hack Security Actions, Security Notifications and a Website Firewall.

WordPress 4.4.2 Update Released to Patch Vulnerabilities

WordPress 4.4.2 has been released as an update to all versions to provide patches for two security vulnerabilities. To improve functionality, 17 bugs from the previous version are also addressed. The update is now available to download and WordPress recommends that everybody update immediately.

One of the two security fixes in 4.4.2 is a possible Server-Side Request Forgery (SSRF) vulnerability. It impacts local addresses and allows hackers to bypass access controls, like Firewall, to crash infected systems. The actual WordPress code commit that fixes the SSRF issue states that “ is not a valid IP.”

This is not the first time WordPress has pushed a fix for SSRF. In June 2013, WordPress 3.5.2 was released with a patch-up for a SSRF vulnerability.

The Mitre Common Weakness Enumeration (CWE) states in its definition of SSRF as,“By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly.”

Open redirection attack is the second issue tackled in the new update. An open redirection attack links to external sites — phishing sites or other kinds of malicious sites — by abusing web functionality. “A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect,” Mitre’s Open Redirect definition states. “This simplifies phishing attacks.”

A new block of code which will bring about better validation of the Web addresses used in HTTP redirects, is WordPress’s solution for the open redirection attack insecurity.

After the Jan 6th update of WordPress 4.4.1, this is the second update of the year for WordPress. Like last time, automatic updates are being rolled out to sites that support automatic background updates. To download manually, you can either head over to Dashboard > Updates in WordPress and click on the “Update Now” button, or download WordPress 4.4.2 from WordPress directly.


WordPress Premium Plugin: .htaccess Site Access Control

Get .htaccess Site Access Control premium version from HERE!

.htaccess Site Access Control plugin allows you to password protect your site: WP login page, admin pages, and/or the whole site. The plugin adds in this functionality on top of WordPress, using the .htaccess password protection functionality.

As of version 1.0, the options of the free plugin include:
1. Enabling/disabling the password protection to wp-login.php, WordPress admin pages. Note that you’ll be asked to re-type the .htaccess username/password you created before enabling any of the settings — to ensure that you wouldn’t enable the password protection without even knowing the password yourself!
2. Modifying the existing users: you can change any .htaccess user’s password and remove the users.
3. Adding one .htaccess user.

With premium plugin, you can also:
1. Create/modify an unlimited number of .htaccess users;
2. Protect your whole site, making it accessible to only those who have the .htaccess user.

Get our premium plugin from HERE!

Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.

When you enable the password protection, the user won’t be able to see anything — not even see the protected page — until he/she inserts the username/password. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.

If you have any suggestions, please let us know! You can contact us via http://wpsos.io/.

WordPress Plugin: Site Language Definition

Site Language Definition is a simple plugin for forcing the web browser to know what language your site is in.

Site Language Definition solves a common problem: your website is in your chosen language but for some reason the browser ‘thinks’ it’s in another language.

It is particularly common to think that your site is in a different language — many Chrome users get messages from Chrome along the lines of, “This site is in Indonesian. Would you like Chrome to translate it?” even when the site doesn’t have a hint of Indonesian! This has very negative SEO ramifications: Google prioritizes in its search results sites that it knows are in the user’s language.

Site Language Definition plugins adds the necessary language attributes to your website to force the browsers see the website as configured under the WordPress General Settings. If you need to change the language, just go to Settings -> General, and change the language of your website.

If you have any other suggestions, please let us know! You can contact us via http://wpsos.io/

WordPress Plugin: Remove Feed Links

Remove Feed Links is a simple plugin for removing feed links from the head of your web site.

WordPress always includes links to the RSS and ATOM feeds by default — but sometimes, you just don’t want them. 

Maybe your site doesn’t have a feed, such as a static brochure site.
Maybe you don’t want people using RSS or ATOM to follow the site on a reader, but instead you want them to come directly to the site.
Or maybe you just want to remove every extra character in the code for speed reasons.

For us, it was all three of the above! But we couldn’t find a good solution, other than going in and editing directly the templates — which we try to avoid.

The solution? We built the “Remove Feed Links” plugin which does precisely what you expect: it removes the links, in the HTML the user sees, to the RSS and ATOM feeds that WordPress includes by default.

The plugin Remove Feed Links does that by removing post, comments, and/or extra (category, tags, author) feeds from the head of your site.

The installation and use is very straightforward. You should:

1. Upload the folder ‘remove-feed-links‘ to the ‘/wp-content/plugins/‘ directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress

As of version 1.0, you can choose between 3 options which feed links do you want to remove. You can remove:
1. Comments feed links;
2. Posts feed links;
3. Extra Feed links: category, tag, search page, author page feed.

If you have any suggestions, please let us know! You can contact us via http://wpsos.io/.

WordPress Plugin: Keyword Landing Page Generator

Get Keyword Landing Page Generator premium version from HERE!

Keyword Landing Page Generator allows you to have one landing page, with different versions (at different URLs) depending on the keyword — so you can show each visitor a customized version of the landing page!

It’s a common problem of marketers that you’d like to show different versions of a landing page to a user according to what they are looking for — one for people looking for a “cheap” product, one for people looking for the product delivered “fast,” and one for people looking for a “high quality” version of the product, for example. Or if you want to have separate pages for people searching for red, green, or blue versions of your product. The possibilities are endless!

Until now, the only solution was to create hundreds of different landing pages — not only is this very time-consuming but, if you want to update them, it turns into a nightmare!

The solution? The Keyword Landing Page Generator. This premium plugin lets you have one landing page, but actually have three (or three-thousand!) unique pages on WordPress to drive traffic to, each one customized for that target market.

Each page has a unique URL that is SEO friendly and very easy to modify, individually or all at once. You could have Google-friendly URLs such as: /intro/cheap/ and /intro/fast/ and /intro/high-quality/ in the above example — and an unlimited number. The pages displayed would be the same to all — except at the points in which you define, where the headline text or image or any other component or components (as few or as many as you like) would change according to the rules, definitions, and text you’ve defined in the easy-to-use plugin configuration.

Get Keyword Landing Page Generator from Envato!

WordPress Update 4.4.1 Released

Last week, WordPress announced the release of an update to address security and maintenance issues. The publishing platform urged users to update their systems immediately, protecting them from a cross-site scripting (XSS) vulnerability.

Aaron  Jorbin, a WordPress contributor who published news of the update’s release on the company’s official blog, warned that WordPress versions 4.4 and earlier could allow sites to be compromised due to the cross-site scripting vulnerability.  The loophole was discovered and reported by Crtc4L.

The bug allows remote attackers to gain access and compromise sites. Hackers are able to pass malicious content between sites through the cross-site scripting vulnerability. The kind of code injection bypasses the same-origin policy, which is an important concept in web security applications. Wikipedia says under the policy, “a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin.” 

The vulnerability was spotted by Crtc4L, who is an independent security researcher based in the Philippines. They were awarded a bounty through HackerOne for their discovery.

In addition, the update also contains several bug fixes unrelated to security. Among them are support for all the new emoji characters lately added to the emoji collection, including the diverse hand gestures and faces. Fans of emojis on iOS will rejoice at the long-awaited news.

WordPress 4.4.1 fixes 52 bugs from the last version. Fixes to solutions included: “Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins,” and “if a post URL was ever re-used, the site could redirect to the wrong post.”

Automatic updates are being rolled out to sites that support automatic background updates. To download manually, you can either head over to Dashboard > Updates in WordPress and click on the “Update Now” button, or download WordPress 4.4.1 from WordPress directly.

Recap 2015 — A Year of Security Vulnerabilities


The time to make new year resolutions is here. The time to wave goodbye to 2015. The time of fresh beginnings. The time to look back on the good and bad of the past year. And the time to review all that happened and move on as a better version of yourself.

Contrary to popular opinion, it’s not always external hack attacks that do the most harm. Sometimes it is inherent flaws in the system unnoticed by users until the minute they are exploited. Techworld did a great piece on security flaws of the year 2016 detailing accidental flaws in services leading to attacks in 2015.

Google Android Flaws

Google’s Android platform for smartphones has spread far and wide. Stretching across several manufacturers has made it difficult to push updates to all devices at the same time, leading to multiple security issues. In the summer of 2015, many security flaws were made public, of which Stagefright was the most devastating. Followed by Stagefright 2.0, it had a way of beating Android 5.0 lockscreen’s security code.

Anti-virus Flaws

Of all the anti-viruses, the most flawed (yet popular) AVG was first singled out by an Israeli security firm enSilo which discovered a software flaw. It was patched in two days. However, later on a Google engineer found another flaw in AVG’s Chrome browser Web Tune-Up plug-in which allowed attackers to scour through entire browsing histories.

Juniper VPN ‘Back Door’ Flaw

Apparently the VPN part of Juniper’s NetScreen firewall kit has had a backdoor since 2012. A weakness in a piece of encryption furniture called Dual_EC_DRBG random number generator contained a software flaw that allowed the insertion of a back door.


TalkTalk attacked thrice

The telecommunications company was attacked not just once, but thrice! According to the company, ‘only’ 159,959 accounts were compromised, of which 15, 656 had their bank account details compromised.

Independent’s ransomware

Independent news blog was caught serving TeslaCrypt ransomware by Trend Micro. The site was attacked several weeks before Trend informed them.