We all have different plugins that we cannot live without and I certainly have a collection of 5 very important WordPress plugins that I will share with you here. But, what makes them so important to me?

Whenever I install WordPress, either for myself or a customer, there are 5 plugins that I see as must-haves that every blog should use. These 5 are automatically uploaded when I load the rest of the files and then activated as part of my set-up of the new blog. And they are (in alphabetical order!).

Akismet – where would we be without Akismet? No longer is it an option, it is packaged with WordPress. But, you must sign up to WordPress and get yourself an API key. Without Akismet you are leaving your blog open to endless spam comments that you will need to delete.

Login Lockdown – if you have ever had someone attempt to hack your site or even succeed, you will understand my desire for more blog security. This clever little plugin just sits and watches failed login attempts. If too many happen in a short time from 1 IP address, further login attempts are stopped from that address. This prevents anyone using brute force to guess your admin password.

UPDATE: 9-10-10 – following further testing of this plugin, I have decided that Login Lockdown does not do what it says on the tin and am experimenting instead with Limit Login Attempts.

Revision Diet – how often do you write a post, publish it and then never look at it again? Do you save various drafts, publish it and make more amendments? Is your database clogging up with revisions? This plugin helps you there by clearing out all but the most recent revisions. It keeps the database space down and should help keep your page response time up. You choose how many recent versions you keep.

WordPress Database Backup – if the worst came to it, how would you recreate your blog? If it crashed, was deleted (or infected) by a hacker, you wanted to move it to a new server or you accidentally deleted your database tables, what do you do? Well that is where this plugin comes in. You give it an email address and tell it how often you want to receive a backup of the essential tables. All of my blogs email to the same email address, which every month I go onto, check the emails are arriving and delete the older versions of the backups. Simple and secure.

WP Captcha Free – Akismet does a good job, but it is not perfect. It misses some spam and falsely marks good comments. This means that you have to trawl through your spam folder and check all spam is spam. Well this simple plugin stops a lot of the spam at source, without affecting users. It encodes into the comment form a time stamp and checks that. The first time a spammer uses it they will get through, but after that they will keep using the same time stamp and the comment will be deleted. Real visitors get a new time stamp every time they see the comment form and their comments get through.

Five very simple WordPress plugins. But, when I create a new blog they must all be there. If you have any other favourites do leave a comment – I might just make it a list of 6 must-have plugins!

If you want to make some money online, then one of the easiest ways is through Adsense. And the easiest way to setup a website is your own blog. So, what is needed?

Setting up your blog is quite simple. There are free tools and free or paid hosting options. But, the main thing to consider is the subject of your blog.

There are advantages and disadvantages all around. Some topics are earning a lot more per click and have readers that are more prone to clicking on the adverts than other subjects. However, if your specialism is in one of these lower value blogs, you might be able to produce a lot more writing than if you aimed for a higher value blog.

This means that your first decision is what will you blog about? Find something that you can write about a lot – you will be posting a couple of times per week – but out of the list of choices you come up with, work out which is likely to be worth the most.

Now, create your blog. Choose a good looking theme and sign up to Adsense and drop in a few adverts. A lot of people recommend only using 2 advert positions, which prevents the blog looking too much like a commercial. But put the adverts in places where your readers will notice them. Within the block of the main text and main navigation links are good targets, over at the side and the very bottom are bad ideas. You want the adverts to be clear and tempting to encourage readers to see them and click.

Next, start writing and promoting your blog. Write 3 or 4 new posts per week to build a good amount of content and then start to share some of your writing with other sources, such as article directories. This will build the search engine ranking of your site and will be the main source of traffic for your blog.

It is then just a matter of repeating the writing of new posts and link building time and time again. But, a word of warning. Do not make the mistake of making the blog solely built for Adsense. Make sure that it is readable and encourages readers to browse the site.

Whilst this goes against the improving the click rate, because loyal visitors are less likely to click on adverts, it should help to increase general traffic levels. It looks like Google is using traffic statistics in its search engine ranking algorithm so that it sends traffic to only those sites that humans are interested in. So, if you follow the traditional built for Adsense route of get the person onto your site and then straight away clicking on a PPC advert, it is likely that Google will notice and then stop sending you so many visitors.

It seems back to front, but unless your search terms are very weak you need a good amount of traffic viewing a couple of pages each before Google sends you much traffic. So your articles have to be interesting and meaningful. No longer is the basic built for Adsense format working.

But write an interesting blog with plenty of unique content and you can make money with your blog and Adsense!

Does blogging make money? Can you really set up a blog and expect to make an income? We have a look at what you can expect.

A lot of people start blogging with the expectation that very quickly they will be earning a lot of money. Sadly, that is certainly not usually the case.

Take, for example, a newly set up blog on a free blog system that is full of private label rights content. What does this offer for any advertisers? It is not going to have a loyal following of readers and it is too new to have any search engine ranking benefits whilst the duplicate content that many others are sharing will probably prevent the search engines ranking the site.

So, if you are offering the advertisers nothing, why would they want to pay you?

Therefore, we need to look at what you can offer to advertisers that will make them want to part with their cash in your direction.

In short, they want more visitors to their websites and that is either through exposure to your visitors or through optimising their website through getting a search engine benefit from your blog.

To get an increase in traffic to their website by exposure to your visitors, you need to have plenty of visitors on your blog that will read adverts that you are displaying and then click on them and visit the advertiser’s website. This can be direct adverts, affiliate links or even pay per click adverts. There are plenty of different ways of turning traffic into cash through adverts.

Getting your blog to this point of a good readership takes time and effort. You need to do your groundwork in establishing plenty of interesting content and then encouraging visitors to your blog. Easy enough if you know how and are experienced, not so easy for the beginner.

So, what about the search engine benefits of being listed on your blog? Again this takes time and effort to build in to your site plenty of incoming links. A lot of the value of your blog will be based on its PageRank. Build a good PageRank and the value goes up.

This means that a lot of the value of your blog is based on how much work you do on your own optimisation and how soon Google updates its PageRank information. If you have a high PageRank, you can demand good amounts per link. But with no PageRank there will be few advertisers and these will not be happy to spend a lot advertising on your blog.

So, for a brand new blog then blogging will probably not make much money. But if you can establish a quality blog with a lot of well written and interesting original content, build your own traffic levels and your blog’s own search engine rankings then there is indeed the opportunity to make a lot of money from that blog.

And, once you have done it once, you know what to do to do it again and again. It becomes a matter of how many blogs can you handle?

I wrote last week that I was trialling a security plug Login Lockdown on many of my blogs.

I have to agree that it is a good idea. If you sign on using an unfamiliar IP address then an email is sent to you and you have to verify the IP address by using the link and then signing on again.

But that is the problem. With my ISP I do not have a static IP address, far from it! It can even change during the day when, as frequently happens, the internet connection is dropped. What this means to me is that I logon, look for the email, use the link to acknowledge by IP address and then sign on again.

And that is each and every time I sign on to one of my many blogs! It is an excellent security feature and very confidence inspiring, but an absolute pain when you want to sign on.

I suppose if the plugin worked before you tried to sign on it would not be as intrusive, but it does look like it is only really suitable for people with static IP addresses, which I am not going to be paying the extra for just so that this plugin works.

I’ll give it a few more days and see if I get used to it, but I expect that in no time I will be deleting the plugin. And that is without trying to access the blogs away from home when I have to usewebmail to receive the confirmation email!

Have you checked your outbound links today? Are they all still active?

If not and a link is broken on a popular post then your credibility can be damaged when your visitors try to visit the site that you have recommended and then found that the site does not exist. Worse still, search engines are thought to punish sites that link out to a lot of sites that no longer exist.

So, it is in your best interests to make sure that all of your outbound links are still working. But on a large site, this can be near impossible. For that reason I have installed Broken Link Checker on to my most important blogs.

Its task is quite simple. If there is a link in your blog it regularly checks that the links work. Whether they are links to websites or links in the forms of images, it checks them.

And it has been very useful! It identified invalid image links when I got them wrong (I’d used relative instead of absolute locations, so the link worked on the home page, but not on the post).

But the main thing is the number of links that it has detected as broken. Either through links in gravatars in comments to links in posts, many different links break and can be detected. And for those of my blogs that are involved in sponsored posting, I am surprised at how many of those links break after a short while. Some times, before I even get paid for the posting!

It is quite easy to have a panel on the dashboard that you see when you logon that says if there are any broken links and then you can review them. From there you can decide whether they are now live once more or whether the link should be removed, with a single click of the mouse.

Have a look at the plugin, it is well worth it.

If you are like me then it is unlikely that most posts go live the way that you type them up the first time. More likely it is that there are several revisions before you are happy and finally allow your work to go live.

And if each of these is saved as a version by WordPress, then you potentiall have quite a few copies of every post and this leads to a full database. Not only could this hit your database limits, but it is making it possible that with too many posts in your posts table, your response time could be affected and pages take a bit longer to load.

Now, I have never actually noticed pages slowing because of huge databases, but I do have to carefully manage my databases to keep them within my hosting limits. So finding and installing Revision Diet was a great step to me!

This excellent little plugin does a simple job – you tell it how many revisions of each post to keep and then ever time you add a new post revision, any extra revisions are deleted. There is also an option when you activate it to trim all extra revisions that currently exist (not something that happens automatically).

The only posts it cannot delete are the WordPress auto saves, but you can either manually delete these or just suffer a few odd extra records. But to me, deleting all of the extra revisions and just keeping a handful of each is a great space saver. Most posts probably don’t get up to 5 revisions, but those that do are cleaned up.

Right, time to save this and then review and create those extras and put the plugin into action!

I have talked already about important steps such as using a secure password and changing your admin user id, but here is another trick that you can use to protect your blog.

I talked about Login Lockdown a couple of weeks ago and some readers did mention that they use that very same plugin. The idea there is to prevent mass attempts to access your admin. But today I was working on a theory to protect my admin logins in various sites and searching around for a plugin.

My theory was to lock the admin screen down to just specific countries. This sounds very obvious, but does not appear to have been written. The nearest I found was WP Login Security.

What this does instead is every time it detects a new IP address being used to logon, it sends you a one time password to your registered email address. Then, you open the email and can gain access to your admin.

This means that even if someone does guess your userid and password, or gets them through keylogging, as long as they are not using a connection you have used, you will get the email notification and they will not be able to logon.

Where’s the downside? Well, it is great if you are using the same IP address most of the time. But, if like me you get a new IP address every time you connect to the internet (which includes when the connection randomly drops), then there will be a huge list of allowed IP addresses and a lot of confirmation emails to click on before access is allowed.

But, it is the price to pay for added security. I still think my idea will work and has mileage. All of the hacking attempts that I have detected have come from abroad, so by locking out foreign acess to my admins I should prevent at least most direct attempts.

Whether I get fed up going through one time passwords every time I want to log on only time will tell. I expect I will! But, in that time, at least my range of blogs are protected and maybe I can code my own plugin!

Many people ask how to generate more traffic. Well, there are 2 answers. The first is quick, expensive and generates lots of traffic. The second is slow, cheap (free!) and generates a little traffic.

But let’s forget the first method, of PPC, SEO, Article Writing and so on. Let’s today look at the slow, free, low traffic method.

Sounds daft to concentrate on it? Actually, it is not. It might not work very quickly and might not give you thousands of hits, but it gives you something more important – loyal readers.

If you put some of your marketing time and effort into looking after those visitors that are on your website rather than generating new visitors, you will see a slow and steady rise in traffic.

It’s not great, but these loyal visitors will come back time and time again. They will communicate with you and leave comments. They might even tell other people about your writing, bookmark you in their social media and spread the word of your blog.

How do you look after these regular readers? It is actually very simple. Watch your feedburner stats (use it, or something similar for your RSS feeds if you don’t already) and see which posts generate most interest. Concentrate on writing these posts and you should see your regular readers coming back more often.

Look at your traffic stats and see what pages other visitors are reading and again, write more of these.

It is a slow process and it might not seem as though it works as well, but by writing for loyal readers you are building the traffic foundations of a good blog. And best of all, it is free traffic!

Is it always useful to be on the lookout for the signs of your blog being attacked, even if you do not think it has been attacked. These signs might just reveal an attack has taken place.

First, posts could be changed to display strange messages. This is in a way counter productive as it is quite often the first indicator that you have been attacked and why you notice the attack. If the messages weren’t there, you would never know about it. But it seems this is what the attackers want – you think you have cleaned up the attack but there is still something somewhere.

After this, executable files might be left on your server, which can install viruses onto readers’ machines or allow access for the hackers. If you know the date of the attack, look in your downloads directories for any files added since that date.

Another obvious sign is that your permalinks change and suddenly add a bit of code and strange characters. ‘eval’ appearing in your permalinks is a sure sign of an attack and is the attacker leaving a way of running hidden code through the links.

Lastly, you should also keep your eye on new user ids created. WordPress does email you if any new users are created, but it is easy enough for the attacker to change the admin email, add the new id (and receive the email confirmaton) and then revert the admin email. So check in case suddenly new admin ids are appearing.

And if you find any of the above it is not just a case of clearing them out as you will probably leave more parts of the attack elsewhere. If you find you have been attacked, it is down to those backups and reinstall the blog from fresh. Cleaning the damage might not remove it all.

Want to know how to do these or other security considerations? Come back again, or follow the blog security tag.

Why do people want to attack blogs? What are they getting out of it and where is the point?

Well, for many I am sure that they are just doing it for the fun of the attack. If they can invade your blog and leave a message or two they are happy! It is a sad thing to do, but they do try it.

But for most there is a reason to do it and that is to steal the power in your blog. Search engines put a lot of emphasis in blog links, so if they can take over your blog and add loads of links to their own websites, they are getting a huge benefit. It does not matter that in the process they can completely destroy your blog!

For others the purpose is to spread viruses, malware and other software. They can plant files in your blog and hope that readers access them. They might invite your readers to open a file expecting that your readers trust you, see the link and follow it without question, installing bad software onto their computer. Or they can upload scripts an call them as images so that when they open they do the same trick.

In all, there is profit in attacking your blog and if you read accounts of attacks it is common that there are multiple attacks. Attackers suceed and leave a backdoor, which is not closed. They can then come back using that and it can be this second attack in which the actual damage is carried out. That is why a full reinstall of a clean version of your blog is needed after any sucessful attack.

Want to know how to do these or other security considerations? Come back again, or follow the blog security tag.