Get More Traffic

How To Get A NoFollow Wikipedia Backlink Step By Step

Wikipedia - The Highest Authority Website
Wikipedia is the highest authority website. Source: Wikipedia

How effective is a backlink from Wikipedia

Wikipedia is one of the most authoritative websites that exist. They almost always capture the top results for any generic topic.

Cool, so a single backlink from Wikipedia is enough to make your website rock the competitors in any niche.



The sad truth is: they do not link out (DoFollow) to anyone except sister sites like Wiktionary, Wikibooks etc.

So, getting a dofollow backlink from is out of question.

The real question is:

Is a nofollow backlink from Wikipedia worth the pain?

You will certainly get a debate rather than an answer if you ask this question.

On one side stands Google’s official reply explaining very clearly that they treat any NoFollow link equally (i.e. not use it in ranking algorithm) no matter it comes from high authority sites like Wikipedia.

Also here is Matt Cutts explaining the same in variations.

While on the other side there are experts who think that NoFollow links affect your SERP in some minute, alternative ways. And when the source website is Wikipedia (Domain Authority =100) that minute effect is multiplied by a big number.

If you ask me though, I will say, lets trust Google’s official stance. Let’s assume that Google ignores NoFollow backlinks from Wikipedia  altogether.

Even in that scenario a Wikipedia backlink is way better than no Wikipedia backlink. Here is why:

NoFollow tag is not for humans

Wikipedia receives insane amount of traffic. According to, Wikipedia’s English version alone received an average of 254,277,663 daily pageviews in year 2016. That is more than a quarter billion pageviews on daily basis.

And this traffic is real human visitors hungry for more information on the topic. They check out lots of links mentioned in wikipedia including external ones. No human cares about NoFollow tags (or whether it exists).

The bottom line: Websites referenced in Wikipedia articles get tons of high quality highly targeted traffic.

A mention in Wikipedia skyrockets authority

Wikipedia is managed by very strict editors called administrators. They supervise and approve/disapprove edits made by other contributors. Thus all content and all links published on Wikipedia are tested and vetted.

This moderation results into only relevant and high authority websites linked from Wikipedia. From a visitors point of view, any link published in Wikipedia has to be high authority. So your website immediately becomes an authority when featured in Wikipedia.

You get eyeballs of high authority websites

Most of the people surfing Wikipedia have a research intent. And researchers need to quote their source when they publish. Thus getting the eyeballs of Wikipedia readers is always a potential natural link opportunity.

So, even if the Wikipedia backlink you get be NoFollow, it opens the doors of numerous natural, high authority, relevant, DoFollow backlinks.


Now focus on the original

Few easy ways to get a Wikipedia backlink

Even though Wikipedia is open to all to edit (more on this later in this article). you can not simply edit it and link to yourself. The moderators are always watching. There should be a sense and good faith in each edit. Neither can you replace a link to a website with your own just because “your content is better than his”.

There are a few good strategies though which pass the test of good faith and sense.

Step 1: Find the link opportunities

The broken link method of link building is no doubt the easiest way to find high authority link prospects in any niche. Wikipedia can fit in too. But, it is very different. In fact, it is even more cool:

A. (Easiest) : Wikipedia itself highlights its broken (dead) links:

So, in case of Wikipedia, “Step 1: find the broken links” part is already done for you. Wikipedia is immensely large. And this means a lot of old, outdated or even removed pages are still linked to from Wikipedia.

Wikipedia contributors and editors keep on curating the links and whenever they find a broken link, they put a tag [dead link] next the to link. So that fellow contributors may fix or update it in future.

For example when I checked the James Bond page on Wikipedia. I found so many dead links:

Example of dead link tags in Wikipedia
Example of dead link tags in Wikipedia

So, How to find dead links in Wikipedia? Make a google search: “Your Keyword” + “dead link”

It should return several pages of Wikipedia website containing the phrase “Your Keyword” and “dead link”. Do not forget to replace the “your keyword” with any keyword of your choice.

Now go to any of those Wikipedia pages, whichever closely resembles your niche, and find the phrase “dead link” using CTRL+F search. Make a list of dead link which you will replace with your own in next steps.

B. (Easier) : Find many more broken links using tools:

Do not feel delighted with the spoon fed dead links offered. Looking at the size of Wikipedia, not all links can be marked by moderators at a time. In fact when I checked the Skyfall (film) article on Wikipedia, I found several dead links while none of them was tagged with “dead link” tag.

Skyfall Wikipedia page broken links
Skyfall Wikipedia page. Broken links are highlighted in red with error code.

Use free (but powerful) chrome extension Check My Links to check all links of any relevant Wikipedia page in few minutes. With one click of mouse it highlights all invalid links in red color along with the error code.

The bottom line is: there are millions of broken links in Wikipedia. But if they are not marked with a “dead link” you will have to find them manually by scanning Wikipedia article related to your niche one by one.

Tip: I recommend to take a note of all links with only 404 (page not found) error as they are most probably dead. 403, 410 etc may be down only temporarily.

Tip: This tool does not differentiate between internal and external links (rightly so). And since number of links in a Wikipedia article may be in thousands, I recommend to add in “exclude list” by right click -> options. This save lots of time and resources.

C. (Easy) : Find even more link opportunities using”Citation Needed”:

Wikipedia loves to mention sources as citation(reference) in support of facts, statements and statistics. But sometimes contributors add content without citations and moderators add a “citation needed” tag against it. It simply means that Wikipedia wants a source of this statement or information.

To find such opportunities, make another search in google: “Keyword phrase” “citation needed”

and you will get even more backlink opportunities. Because these tags are the low hanging fruits. They are asking for a source to link, you can provide them exactly the same.

D. (Note Easy) : Edit with fresh content and then link:

When there is no market to sell, we create a market. This method requires more creativity but comes handy when other methods of finding broken links fail in your niche. Or when there are hardly any broken links on the Wikipedia article you want to get a backlink from.

But some articles on Wikipedia are easier to edit (and pass) than others. For example Wikipedia asks its users to specifically “improve” some articles. Such articles can be found be this search “Keyword phrase” “improve this article”

Your aim should be improve the article with more content following all guidelines and format, and your website as a citation for one of the statements. The more useful your improvement is more likely it will stay.

Step 2: Prepare your content to be linked

Once you have a link opportunity you should choose or create a page on your website to link. Again, this step requires a lot of creativity and common sense. Wikipedia has a strict External links policy. And apart from the rules, your edit should appear natural, in good faith and not self promoting.

Hence selection of right page to link becomes extremely vital. It should exactly fill the hole. And if you have no such page on your website, you have to create a new one, the one which fits exactly the hole.

Understanding the non-existing (dead) page currently linked:

The page that best fits the requirements is of course the now non-existent page which is currently linked. In fact some Wikipedia editors prefer the currently linked source so much that they find and link the cached version of that page from

Before selecting or creating your own content page to link, you should always have a look at what earlier linked page was all about.

Go to and put the URL of the dead external link you want to replace. The wayback machine will show a few cached versions of the dead page. Find the latest one and take a read.

Deciding to take or leave:

After reading the dead page and reading the context in Wikipedia from where it was linked to, you should be able to decide that whether any of your existing content can fill this information gap? Or whether this type of content will even fit your website if you go to create one.

If the answer is no, skip this link opportunity and grab the next one until you find a much more relevant one.

Changing your existing content to fit in:

Once you finalize to replace a dead link with yours you should choose which page of your own website can replace it. In most cases there won’t be any.

But do not jump to create a new one yet. Prefer to link a page you would like everyone to read. Prefer to link an existing important (but non commercial) page of your website.

One you choose the closest page to replace the dead one. Edit it to fulfill all the requirements of citation/reference.

Creating new content page:

If you happen to find no existing page on your website that can replace the dead page. You have no choice but to create a new page.

You should take help of cached version of dead page to find what your page should be about. Just make sure you do not copy paste the content from the dead page. The page may be dead but you may be still infringing some copyrights.

Also keep in mind that the sole purpose of your newly created page should not be just exist. Remember you will receive visits from Wikipedia. So this page should also fit your website’s content strategy. It should be able to engage and convert the visitors to your goals.

In case dead page is not available to read:

If has no cached version of the dead page. Or in case when there is no dead link (case C and D above) you have no reference page to copy from. In this case you have to be a bit more creative preparing your page to link.

Remember that there are a few types of content which are more likely to be linked from Wikipedia:

  • Comprehensive lists of things (not random listicles). Eg. List of all movies shot in Denver, Colorado.
  • News article about a major event. E.g. Director reveals that Logan will be the last X-men movie.
  • Official page of the referenced product (e.g. book)
  • Original results of experiments or research.
  • Complete statistics or profile of the entity described in Wikipedia.
  • Copyrighted content that can’t be completely shared on Wikipedia.

Step 3: Edit Wikipedia, Update content and link

Now it is time to the most awaited step: create the backlink. As I have mentioned earlier, editing content in Wikipedia is free and open to all. But doing so irresponsibly will result into rejection of change. And in multiple violations your account will be deleted.

So follow a few basics.

Create your Wikipedia account and edit

Create a Wikipedia account is you have not done so yet. Verify email, login and go to the page you want to edit. Though you can edit without creating an account there are more benefits of creating one.

Here is a simple guide to editing Wikipedia. In general your edits should reflect good faith and should improve the article. All edits have to pass the moderators’ eyes. So put some efforts in this step and think neutral.

Edit and improve the content without removing the part which needed the citation for the dead link. Then fulfill the need of citation by adding the appropriate link to your own website.

If you are not comfortable with the formatting of Wikipedia, you can use the new Visual Editor.

Edit the wikipedia easily using visual editor
Edit the wikipedia easily using visual editor

Proceed to improve the article by adding more useful information.

Adding content to wikipedia
Adding content to wikipedia

Whenever the need of citation is created use the add citation button and add the reference URL.


Adding citation to wikipedia edit
Adding citation to wikipedia edit

Wikipedia will automatically create citation in correct format. You can also edit the External links section directly and add your link there. But those links are less likely to stick because they have to undergo more scrutiny.

Once you have finished making all the changes. Do not forget to save your edits.


Saving changes with a summary of edit
Saving changes with a summary of edit

Once you have hit the save button, your edits should be live. In case of some highly sought after pages, changes go live until a review by moderators. in other cases changes can be seen live right after the edit, while moderators (and other contributors) can later review them.


In this article I have described step by step editing wikipedia and creating useful nofollow backlinks. In my next article I will explain how we can use Wikipedia to create very high authority dofollow backlinks.

WordPress Security

10+ Ways To Get Free SSL Certificate : HTTPS Secure Your Blog Today

The more Google (and fellow bloggers) are pushing you to move to HTTPS, the more SSL market is blooming. The first thing that come to your mind is that why not a free SSL certificate. However I believe that free products are not less secure, they have their other limitations.

Almost all free SSL certificate products I have researched or listed below have at least one major drawback (described with each product). So, here we go.

We will discuss:

Totally free SSL certificates For everyone

  • LetsEncrypt
    • ZeroSSL
    • SSL For Free
    • certbot
  • StartCom’s StartSSL (read warning)
  • WoSign (read warning)
  • FreeSSL by Symantec (Coming Soon)
  • AlphaSSL by GlobalSign (working)

Free SSL certificates with condition

Free SSL with their free CDN service

  • Amazon’s AWS Certificate Manager
  • Cloudflare

Free with domain name registration

  • Gandi
  • EuroDNS
  • NameCheap

Free for startups or open source projects

  • Godaddy
  • GlobalSign

Free Trials of Popular SSL products

  • Comodo InstantSSL Free Trial
  • Geotrust RapidSSL Free Trial
  • Geotrust QuickSSL Free Trial
  • Symantec Secure Site Free Trial

A few very cheap options

  • Comodo InstantSSL ($4.99)
  • Geotrust RapidSSL ($6.66)

Totally free SSL certificates For everyone

Let’s Encrypt

Key features:
Certificate Authority : Let’s Encrypt/Various.
Cost : Free (see limits page).
Validity : 90 days.
Free unlimited renewals (see limits page).
Supports automatic renewals.
Supports multiple domains in single certificate.
Very good browser compatibility.

Let’s Encrypt is a free, automated, and open Certificate Authority (CA). It is free because it is a nonprofit project supported by technology giants like facebook, Mozilla, Google Chrome, Cisco and several others. Let’s Encrypt is getting popularity very fast in the recent months with rise in demand of SSL security among webmasters. If your webhost features free SSL certificates, there are good chances that they have integrated with Let’s Encrypt.

Customers of compatible webhosts can quickly generate+install SSL certificates to any of their websites from within their cPanel in a few clicks. Other WordPress users can generate a certificate from within their WP dashboard using a plugin WP Encrypt. Which they can then install from their cPanel.

WP Encrypt plugin generates the certificate for you, without any effort. It also stores all the generated files in your server. From there you will need to retrieve these files (.pem) and install them from your cPanel. There is a good guide for here. If your cPanel does not features the TLS/SSL option, you will have to ask your hosting support to install it manually.

Note: Technically speaking, the below providers are not Certificate Authorities themselves. They integrate with Let’s Encrypt and make it easier for you to get a certificate from let’s Encrypt. So all features of Let’s Encrypt apply.

StartCom‘s StartSSL (read warning)

Key features:
Certificate Authority : StartCom Ltd.
Cost : Free.
Validity : 3 Years.
Restriction : For personal (non commercial) use.
Renewal process is questionable.
Certificate revocation is not free.
Supports 10 domains in single certificate.
Browser compatibility is questionable. (read warning)

StartCom is a Certificate Authority based in Israel. StartCom ‘s Free StartSSL certificates used to be cool before letsencrypt. They issue a multidomain Class 1 certificate which is valid for 3 years within minutes. However the free SSL is restricted for personal or non profit use only. For commercial use you have to get a class 2 or above which is not free. But there has been no report of any action against this policy. Here is a guide for getting your StartSSL certificate for free.

WoSign (read warning)

Key features:
Certificate Authority : WoSign CA Ltd.
Cost : Free.
Validity : 1/2/3 Years.
Renewal process is questionable.
Supports 100 domains in single certificate.
Browser compatibility is questionable. (read warning)

Chinese company Wosign has also been issuing free SSL certificates for years. It has recently made its website friendly for english users too. They issue multidomain SSL certificates valid for upto 3 years within 15 minutes. Here is a tutorial for downloading and installing your free certificate.

Warning: It has emerged that StartSSL is acquired by WoSign in 2015 and the deal has been intentionally concealed. Wosign has itself involved in violations of guidelines of major browsers in past. So, as on today SSL certificates issued by StartCom and Wosign have recently been distrusted by Google Chrome, Mozilla Firefox and Apple Safari browsers. The decision has been taken after repeated violations of baseline requirements by StartCom and Wosign .

The top browser companies have announced staged removal of CA trust for these companies. Which means that they will stop trusting all SSL certificates issued by these 2 CAs in staged manner, starting with distrusting all the certificates issued after 21st of Oct, 2016, giving their customers an opportunity to only to move to other CAs in the period of transition.

It is highly unlikely that a negotiation will be arrived. Hence it is not recommended to get an SSL certificate from these 2 CAs either paid or free.

FreeSSL by Symantec (Coming Soon)

Symantec has in March 2016 announced a Free SSL certificate for everyone under their Encryption Everywhere program. . However they have partnered with a few web hosting companies like for their free SSL product. Their official portal is since then showing no progress. There is a coming soon tag on that page and an option to join the waiting list.

Note: For startups and open source projects they do have a free SSL product which is covered later in this article.

AlphaSSL by GlobalSign

Key features:
Certificate Authority : GlobalSign
Cost : Free.
Validity : 1 Year.
Renewal questionable.
Very good browser compatibility.

Globalsign is another trusted CA based in Belgium. GlobalSSL’s AlphaSSL was available for free on their website but later the free offer was officially removed from their website. But AlphaSSL is still provided for free with EuroDNS domain name registrar (described later in this article). And this forum talks about availability of free certificate through a script a user has created. I have not tested it myself, but even as on today the script seems to be working.

Free SSL certificates with condition

Free SSL with their free CDN service

Amazon’s AWS Certificate Manager

Key features:
Certificate Authority : Amazon.
Cost : Free upto 100 certificates.
Validity : 13 months.
Free unlimited and automated renewals.
Supports 10 domains in single certificate.
Supports wildcard domains.
Very good browser compatibility.

This option is reserved to Amazon Web Services (AWS) users. AWS is a suite of cloud services from Amazon. And one of the latest addition to their services is AWS Certificate Manager. You can create and deploy SSL certificates for use with AWS services such as Elastic Load Balancers or Amazon CloudFront distributions. Not only the certificates are issued for year long, they are also automatically renewed by AWS Certificate Manager. Only restrictions are that they are meant for inhouse use only.

However, it is easy to integrate your WordPress blog with Amazon Cloudfront using one of the several free caching plugins. Cloudfront is a Content Delivery Network (CDN) service by Amazon. It is not free completely but you can get upto 50GB of storage and 2 Million request free for first year. After the first year you will only pay for the actual usage. Here is a tutorial on how to use custom domain with HTTPS with Amazon Cloudfront.


Key features:
Certificate Authority : Comodo CA Ltd.
Cost : Free.
Validity : flexible/unlimited.
Free unlimited and automated renewals.
It is a multiuser SSL shared with other users.
Very good browser compatibility.

Cloudflare is the most popular free CDN available out there. As it is free. A lot of people use it already for free CDN and Free SSL. It is the easiest option among all others described here. And provides more than just CDN and SSL. Read more about cloudflare and our step by step installation guide for cloudflare.

Free SSL certificate with domain name registration


Key Features:
Certificate Authority : Gandi.
Cost : Free for first year
Renewal : $16 per year.
Validity : 1 year.
Supports multiple domains in single certificate.
Good browser compatibility.


Key Features:
Certificate Authority : GlobalSign.
Cost : Free for first year
Validity : 1 year.
Renewal : Free until domain is with EuroDNS.
Supports multiple domains in single certificate.
Good browser compatibility.


Key Features:
Certificate Authority : Comodo.
Cost : Free $1.99 with domain registration.
Renewal : $9 per year.
Validity : 1 year.
Supports multiple domains in single certificate.
Good browser compatibility.

Free for startups or open source projects


Key Features:
Certificate Authority : Godaddy.
Cost : Free for first year
Validity : 1 year.
Renewal : Existing prices on Godaddy, currently $69.99.
Very good browser compatibility.

Key Features:
Certificate Authority : Symentec or GeoTrust.
EV certificate available for free.
Cost : Free for first year
Validity : 1 year.
Renewal : Free (?).
Very good browser compatibility.


Key Features:
Certificate Authority : GlobalSign.
Cost : Free for first year.
Validity : 1 year.
Renewal : Free (?).
Very good browser compatibility.

Free full featured trials of popular SSL products

Comodo InstantSSL Free Trial

Key Features:
Certificate Authority : Comodo.
Cost : Free.
Validity : 90 Days.
Very good browser compatibility.

Geotrust RapidSSL Free Trial

Key Features:
Certificate Authority : Geotrust.
Cost : Free.
Validity : 30 Days.
Very good browser compatibility.

Geotrust QuickSSL Free Trial

Key Features:
Certificate Authority : Geotrust.
Cost : Free.
Validity : 30 Days.
Very good browser compatibility.

Symantec Secure Site Free Trial

Key Features:
Certificate Authority : Symentec.
Cost : Free.
Validity : 30 Days.
Very good browser compatibility.


A few trusted very cheap options

Comodo InstantSSL ($4.99 )

Key Features:
Certificate Authority : Comodo.
Validity : 1/2/3 year options available.
Very good browser compatibility.
Buy for $9 on Namecheap $1.99 (1 year) with domain purchase.
Buy for $4.99 on

GeoTrust RapidSSL ($6.66 )

Key Features:
Certificate Authority : Geotrust.
Validity : 1/2/3 year options available.
Very good browser compatibility.
Buy for $6.66 on


This list has been prepared after a lot of research. The irony is that the more I researched, the more I felt uselessness of almost all the available free options. After providing you all the ways you can use to get a free SSL certificate for your blog, I highly recommend to not use a free SSL as none of those products is good/flexible enough (even Letsencrypt and Cloudflare). If you are a website owner you afford a domain name and a hosting account. Do yourself a favor by affording a cheap SSL certificate.

WordPress Security

How To Setup Cloudflare For WordPress Step By Step (Free SSL & CDN)

You might have already heard about Cloudflare. It is a free CDN cum security and optimization suite for your website. Even if you are new to it, this article will guide you through everything you must know. You will also learn in step by step tutorial, how to activate Cloudflare on your WordPress blog effortlessly.

In this article you will learn:

  • What is Cloudflare and how does it work
  • Pro and cons of using Cloudflare
  • What is free SSL certificate all about.
  • How to setup and activate Cloudflare for a WordPress blog
  • Issues & checking the improvement.

 What is Cloudflare

Cloudflare Inc is a San Francisco based company that provides kind of all in one solution to website owners which includes measures to speed up browsing experience and improve security.

The features they provide are:

Faster loading of your website across the globe using a Content Delivery Network (CDN) of more than 100 nodes. Distributed network for fast resolving of Domain Name Servers (DNS). Website Optimization using several advanced and latest technologies including TLS 1.3 and HTTPS/2. Reduce the download time further by compressing the web pages, minifying the code and rendering browser caching and Accelerated Mobile Pages (AMP). Enabling latest version of SSL/TLS to encrypt the communication between server and client. Filtering the traffic for malicious attempts including bot spam and DDos attacks. Web Application Firewall (WAF) for protecting your servers from hacking attempts.

What is included in the free plan

  • DNSSEC and Easy DNS Management including wildcard DNS support.
  • Basic Security Features including limited DDos protection and spam filtering.
  • Fast Website Performance with CDN, compression of files and caching.
  • Always online feature (your website remains available even when your server crashes)
  • Analytics of traffic and performance.
  • Free addon apps with one click integration feature.
  • Free shared SSL certificate (Limited Browsers) for everyone.

A list of all features and pricing is here.

How does it work

Cloudflare is primarily a Content Delivery Network. But you have to give them full control by changing your domain’s nameservers (or at least a CNAME record if you do not want to use their DNS service) to point to their servers. When you do so, each visitor who visits your URL is handled by a Cloudflare server and not your own hosting server (referred to as origin server thereafter) .

So, whenever a visitor clicks your URL:

  1. Your domain name resolves into one of the Cloudflare servers (node), whichever is nearest to the visitor.
  2. Cloudflare tries to filter out and block visitors judging by their geolocation IP, intent etc and matching it with their database.
  3. Once a good visitor is determined Cloudflare decides to present your content to them.
  4. It establishes a secured connection between the visitor and the Cloudflare node.
  5. A copy of the desired page, fetched from your origin server, optimized and stored in advance in the node is presented to the visitor.

Advantages of Cloudflare (free plan)

With Cloudflare you get pretty much everything you need for the best performance of your WordPress blog. Some of the important benefits include:

  • Free forever SSL certificate and green padlock for your blog without any effort. Supports all webhosts.
  • Your blog loads fast despite of the location of your visitor.
  • You are protected from bots attempting to hack or inject malicious code (e.g. SQL injection and cross site scripting)
  • Reduction in spam comments you receive.
  • Protects your blog from scrape/email/image harvester bots.
  • Your blog remains available for visitors even if your server crashes or gives errors.
  • Install several free apps e.g. Viglink, Google Analytics & Pingdom by 1 click.
  • No need to change even a line of code in your original web host.
  • Saves tons of bandwidth and server load of your web host.
  • Easy switch on/off anytime you need to disable one feature or all.
  • Supports all hosts whether shared, vps or dedicated.
  • All these benefits cost as low as FREE.

Disadvantages of Cloudflare (free plan)

  • The free SSL is misleading. Read more below.
  • Your DNS (and hence pretty much everything) is controlled by Cloudflare.
  • If Cloudflare is facing issues your website can be down even if your origin web server is running fine.
  • Some good visitors may be blocked because of their IP especially when security level is set to be medium or high.
  • Some users complain issues in javascripts as Cloudflare injects its own code in your website.
  • Despite all the claimed features our website did not see any improvement in page load time.
  • Cloudbleed issue in Feb 2017 earned a lot of bad name.

 About free SSL from Cloudflare

Most people will switch to Cloudflare for its free of cost, easy to implement SSL certificate. But, it is important to understand how it implements SSL security on your website without installing anything on your server side.

Cloudflare acts as a reverse proxy, a middleman between your server and the visitor. So now your visitors do not interact with your origin server anymore. Instead, your visitors interact with Cloudflare, which in its turn interacts with your origin server.


How cloudflare works as a middleman.
How cloudflare works as a middleman and splits one connection into two separate connections.

In this process, it establishes a secured connection with visitor, using TLS1.3. An SSL/TLS secured connection. The one with green padlock. Nice. But the connection between your origin server and Cloudflare may not be secured depending on the SSL option you have chosen.

SSL Options

Read this short article about SSL options provided by them. In short if you can’t setup SSL on your web hosting, you should use flexible SSL (also called free universal SSL) option. If you can install at least a self signed SSL certificate on your server, you can choose full SSL option. And if you have a valid SSL certificate and you can install it on your server, you can choose either full SSL or full SSL (Strict) option.

Cloudfare also issues free SSL certificate for origin server for free plan users acting as a Certification Authority (CA). If you can install it on your server, you can choose full SSL options. But, if you do not want to go with the complexity, choose flexible option.

Flexible option is the simplest one to configure. No need to make any changes on your hosting/cpanel. But in this case there will always be an unsecured connection between your web server and Cloudflare. So with this option your website looks SSL secured, but actually it is not. Moreover if you opt to switch away from Cloudflare at any time, you will earn yourself more issues because now SSL version of your website which is indexed by default by Google, will give errors.

If you want to use your own certificate while using Cloudflare, you will need to upgrade to a paid plan.

How to setup and activate Cloudflare

Step 1: Creating Account

Go to cloudflare signup page. Put your email address and choose a password. Remember to use a hard and unique password (why) while registering. Tick “I agree” and then “Create Account”. You will be logged in immediately. Verify email address, if a verification email arrives.

Step 1 - Register on Cloudflare
Registering a free account on Cloudflare

Step 2 : Add a website

If you have not added any website to your Cloudflare account before, an add website screen will appear. Put your wordpress blog domain name here and click on “Scan DNS Records” button.

Adding a website to Cloudflare
Adding a website to Cloudflare

DNS records of your domain will be scanned. it takes some time, generally less than a minute. Wait for the scan to finish before proceeding.

DNS records being scanned
DNS records being scanned

Once the scanning is complete, click “Continue” to proceed.

Step 3: Checking/Modifying your DNS records

On the next page all your DNS records for this domain name will be shown. Since you are going to give your DNS control to them (in next step) from now on Cloudflare will be your new DNS manager. And you will need to visit this page whenever you need to view/delete/modify any DNS records.

DNS records as shown in Cloudflare Easy DNS Management screen
DNS records as shown in Cloudflare Easy DNS Management screen

In most cases there is no need to change anything here. By default all your DNS records (except few) are followed by a grey cloud icon. It means that these records will not be affected by Cloudflare. These records will keep on pointing to wherever they are pointing now even after activating Cloudflare. It is necessary to not change these records to keep services like mail, ftp, webdisk etc active as they are handled by your origin server not Cloudflare.

On the other hand records followed by an orange cloud icon will be changed by Cloudflare and will start pointing to Cloudflare after you change nameservers in next step. It is essential for functioning of Cloudflare service to keep them remain orange.

Do not activate all icons to orange.

Orange cloud icons mean these records will point to cloudflare servers.
orange cloud icons mean these records will point to cloudflare servers.

The above two records (highlighted) ensure that both www and non www versions of my root domain will be pointing to Cloudflare once I activate their service. Nothing else. Note that “is an alias of” here means “same as”

When you need to change?

If your blog URL is a subdomain. Or your website uses a few subdomains for sections like blog, forums, directory or shopping cart etc. And you want to activate cloudflare on those sections of your websites (subdomain) too. You need to change the color of grey cloud icon to orange by simply clicking on them for respective subdomains.

Also note that records saying “is an alias of” indirectly point to Cloudflare because they are an alias of record as shown below. So, even if the cloud icon is grey, these records will be pointing to Cloudflare servers because will be doing so.

Remember to change these records
Remember to change these records

We can easily change this dependency by clicking the value part of the record and entering a new value there. In my case I will change the CNAME records namesly cpanel, ftp, and webmail as shown above from “is an alias of” to “points to”. If I do not do change them, once I activate Cloudflare, these subdomains will also point to Cloudflare which I do not desire.

Once you have ensured that all your DNS records are good to go click on “Continue” button. Do not worry much because you can manage your DNS records anytime you desire later by logging into your Cloudflare account.

Once you finish checking DNS records click "continue"
Once you finish checking DNS records click “continue”

Step 4: Select your plan

Select your Cloudflare plan
Select your Cloudflare plan

In this step you will select your Cloudflare plan. No brainer, you can choose the free plan. And I recommend too that you should first try the free plan and get used to their service. Then you can upgrade your plan anytime later by logging into your account if you need to do so.

This step is also an opportunity to browse, understand and compare the services you will get in your selected plan.

Click “continue” for the next step.

Step 5: Modify your Name Server (NS) records

In this step you will give Cloudflare full control over your DNS (and hence your website) by pointing your Name Server (NS) records to them.

Cloudflare instructs you to change your Name Server records
Cloudflare instructs you to change your Name Server records

On the next page Cloudflare will instruct you to change your Name Server records of your domain. It will also show you your current name servers which belong to your existing (origin) web host.

Note that the instructed name servers are in a format These can be different for different users, no issue in that. Just follow what nameservers are are instructed by them to use.

The procedure of changing the NS records varies vastly from registrar to registrar. So I can not cover all registrars in this blog post. But a tutorial for the most common registrars can be helpful for you. Just remember to use correct nameservers. Even if your registrar is not listed in the said article, you are search in Google “How to change Name Servers in xyzregistrar”. Replace xyzregistrar with the name of your domain registrar. You can also ask your registrars support for help in change of nameservers.

Once you have completed the change. Click “continue” to proceed.

Layover 1

The effect of change in name servers is the slowest thing remaining on the internet today. It may take from a few minutes to several hours for your nameserver change to fully propagate around the world. In this period your domain may resolve to your old nameservers in some parts of the world and new ones in the rest. But since content your visitors see will be same on both servers. Your website will not be down. The only problem you will face is that you will have to wait before proceeding to the next step. The median waiting time is less than one hour.

Status pending before verification of ns records
Status pending before verification of ns records

In the meanwhile you can retry to check the latest status of verification of nameservers by clicking on “Recheck Nameservers” button. You can only click it once in an hour though. Once the propagation is completed (good to their server location) you will see the new status as follows.

Once verification is complete, status changes to Active
Once verification is complete, status changes to Active

You will observe all options and features are now active. Youwill also observe that your website is now served to visitors though Cloudflare servers. All their services activate immediately except SSL which takes some time.

Step 6: Configuring Cloudflare plugin in WordPress

In this step you will need to install a plugin in your WordPress blog. This step is however totally optional for working of Cloudflare on your WordPress website, I highly recommend it because of its features:

Features of official Cloudflare plugin

  1. This plugin automatically changes the required settings in your Cloudflare account for best compatibility with WordPress. Saves you manual hardwork.
  2. Gives you an option to purge cache from within your WordPress dashboard. No need to login to Cloudflare.
  3. Automatically purges cache whenever you make changes in your blog or publish a new post.
  4. Since all comments in your blog will now come from a single IP, The cloudflare IP. Your spam fileters/plugins may act funnily. This plugin communicates between your blog and Cloudflare accounts and provides your blog the true IP of the blog comments.
  5. It also shares the comments spam data of your blog with Cloudflare to help them improve their database.
  6. Change security level, Always Online, and image optimization settings from WordPress dashboard.
  7. View analytics like total visitors, bandwidth saved, and threats blocked from your dashboard.
  8. Creates a ruleset in Cloudflare automatically to exclude your /Wp-Admin/ are from optimization.
  9. Enable I’am under attack mode if your websit is attacked by DDos attacks.

Getting your API key

Here is get your API key link
Here is get your API key link

In your Cloudflare dashboard, there is a link saying “Get your API key”. On clicking it a new page will open. Scroll down a bit to find API keys section.

Where to find API key
Where to find API key

Click on “View API key” button in first row “Global API key”. You will see a popup box containing your API key.

This is your API key. Copy it.
This is your API key. Copy it.

Copy your API key and save it temporarily in a notepad. You will need to copy paste this key only in your WordPress dashboard while activating the official Cloudflare plugin. Remember API key is like password, use it very carefully.

Installing the recommended plugin(s)

Now login to your WordPress dashboard and go to Plugins => Add New. Type “cloudflare” and search.

You will need to install the two highlighted plugins.
You will need to install the two highlighted plugins.

You will find the official plugin of Cloudflare (the left one, highlighted). Install it by clicking “Install Now” and then activate.

P.S. I highly recommend to also install another plugin called CloudFlare Flexible SSL (the right one, highlighted) by iControlWP at this stage, if you have chosen flexible SSL option. This plugin fixes the redirect loop issue we may face in WordPress if we choose Flexible SSL option. There is no plugin settings, just activating the plugin is enough. After activating Cloudflare I was locked out of WordPress dashboard because of this issue. I could not login because of infinite redirect loop. I had to disable Cloudflare for a while, clear the DNS cache and browser cache, login to WordPress dashboard and then install this plugin.

After activating the Cloudflare plugin, you will see a new menu option appear in your settings menu.

Where to find cloudflare settings menu
Where to find cloudflare settings in WP dashboard

As soon as you open the plugin settings you will be prompted for your email address and API key.

Paste your API key here.
Paste your API key here.

You need to enter your email address associated with your Cloudflare account and API key here. Kindly note that if you have more than one domains in your Cloudflare account put key belonging to correct domain in this plugin. For each domain added in your account (called zone in CDN’s teminology) there will a different API key.

After copy pasting the API key (which you saved in your notepad) click on “Save API Credentials” button to proceed.

You will see very few options in this plugin settings area. i will walk you through them.

Cloudflare WordPress plugin options
Cloudflare WordPress plugin options

Plugin Settings

Click on the “Apply” button to apply recommended settings to your Cloudflare account. This single click saves you a lot of hardwork of setting up things manually. It will also change your SSL option to flexible. If you want to use full SSL option you need to change it again. This button has only to be used once.

The “Purge Cache” button immediately purges cache of all cloudflare nodes around the world. It means they delete the cached copy and grab a new copy of your website in their cache. It is useful whenever you change a thing in your website layout or content or add new.

But, third option, Automatic Cache Management makes it even easier. Just enable it and Cloudflare cache will be automatically purged when you update your website.

In setting option you can set security level. My recommendation is Medium or Low. Other options are meant only for paid plans.

In analytics option you can see your website analytics and how much server bandwidth is Cloudflare saving for you.

Step 7: Redirecting HTTP URLs to HTTPS

It is always a good idea to keep only one version of your website i.e. either HTTP or HTTPS and either WWW or without WWW. Because it raises duplicate content issue. Out of the two the WWW issue is handled good by default by WordPress. Redirection of  http URLS to https now needs action.

This can be done by either modifying the .htaccess file (huge care needed) or by installing a plugin. But Cloudflare gives you an even simpler way to do that known as pagerules.

Pagerules Icon in Cloudflare dashboard
Pagerules Icon in Cloudflare dashboard

In your cloudflare dashboard. Click on the “Page Rules” icon.

Click on Create Page Rule Button
Click on Create Page Rule Button

On this page you will see one page rule already created. Don’t be alarmed. It has been created by the Cloudflare plugin you just installed.

Click on “Create Page Rule” button.

Creating a new pagerule
Creating a new pagerule

In the opened window, you will need to type a URL pattern and at least one settings for that URL pattern. For our desired result. We will simply type:


in the URL box. This pattern simply covers all possible URLs of this domain starting with http. Do not forget to use your own domain name instead of

Then in “Pick a Setting” dropdown box choose “Always Use HTTPS”.

Click on “Save and Deploy” button.

Layover 2

This is all you need to do. Your website is already using Cloudflare servers ever since you changed the DN records. But generation of your free SSL certificate takes some time. It may take between 1 hour to upto 24 hours before your SSL certificate is ready. You can always check the status of your SSL ceritificate in the Crypto tab of your dashboard. Simply click on the “Crypto” icon.

Status of your SSL Certificate
Status of your SSL Certificate

Once your SSL certificate is ready the status will change from “Initializing Certificate” to “Active Certificate”. In this tab you can also change the option of SSL to chose. You upgrade to “full SSL” or downgrade to “Off”.

Thats it! You’re live.

Your WordPress blog must be live, secured, optimized and accelerated by now. And the green padlock be the biggest eye candy.

Before SSL:

Before SSL
Before SSL as in Google chrome browser

Here are examples of how your URL looks like in chrome browser without SSL.

  1. The normal case. An exclaimation mark appers clicking on which chrome warns that this website is not secured.
  2. When you try to type in https URL without any implementation. Chrome clearly marks it is not a secured page. Moreover a 404 error occurs.
  3. A normal http URL requiring asking for users personal information. e.g. WordPress login page. A black colored soft warning appears.

After SSL:

After SSL
After SSL as in Google chrome browser

You should get not only a green padlock (second one) of trust. But also text “Secure” in green and emphasized https: in green before each of your URLS including the ones which require submission of personal information.

But in case you are not getting the green padlock, but your URLS are showing https:// though in grey, you have a mixed content issue. We have already installed a plugin (in step 6) which deals with this issue quite well. If for some reason this plugin is not working for you, there are other plugins for the same function, few examples are SSL Insecure Content Fixer and WordPress HTTPS (SSL)

There may be reasons beyond the scope of these plugins. e.g. if you have embedded an image or video or javascript hosted on another website which uses non secured http URLs, you have a mixed content on that page which plugins can not fix. To be certain check several URLs and see if all URLs have this issue.

More reasons are listed in this Cloudflare support article.


Configuring Cloudflare was easy. It takes only ten minutes of your time (excluding some waiting time) and gives you optimized, secure, spam free and accelerated website. That too with a free SSL certificate. My SSL certificate got activated without issues.

My WordPress blog with SSL
My WordPress blog with SSL

But in terms of page speed I was disappointed. Look at the results I get from Google Pagespeed tool without and with cloudflare.

Before using cloudflare:

Before using cloudflare
My Google Pagespeed test score before using cloudflare

After using Cloudflare:

My Google Pagespeed test result after using Cloudflare
My Google Pagespeed test result after using Cloudflare

I can see no improvement at all. The same results were confirmed using another tool as well. But I will say that it is OK to sacrifice a bit of speed for the sake of security. Moreover it is utmost important to mention that my blog already use a caching plugin so there is probably no room for improvement.

Get More Traffic

6 Ways Your WHOIS Info Affect Your SEO

In this post I will be covering how domain WHOIS information is attached to SEO. But first, I strongly suggest that all these are weak factors if they even contribute in SEO. You certainly should check your whois data once a year to ensure everything is all right. But you should do that mainly because it is a good practice and has several other advantages than SEO. Remember nothing here will give you some kind of boost in your SERP rankings. Moreover there are not sufficient evidence from Google that it uses and rely on whois data for ranking signals.

Do you know that Google became a domain registrar (Reg #895) back in 2005 but had no plans to sell domain registration services to public until 2014. According to their spokesperson the reason they pioneered into domain registration was it:

want to get a better understanding of the domain name system [and so] increase the quality of our search results

Well, one thing is sure. Google among all search engines want to be the big daddy of the internet. If wants every possible information about a website to make a hyper profile. The whois data it gets as a privilege for accredited registrars is a goldmine. Who will believe it when they say they do not want to use these factors in their algorithm. What are these factors I am talking about? Lets see.

1. Private whois vs public whois

Can availability of your personal data in your domain’s whois information affect your SEO? Well, here are few experts who confirm it. Matt Cutts (former head of antispam team) has once mentioned that:

Having whois privacy turned on isn’t automatically bad, but once you get several of these factors all together, you’re often talking about a very different type of webmaster than the fellow who just has a single site or so. – Matt Cutts

We should however put our eye on the wider view. Publicly available contact information encourages transparency. It shows that you have nothing to hide. Makes you more trustworthy in eyes of interested people. And it opens the path for communications if your blog/website has issues in opening.

On the other hand private whois may be looked upon with suspicion. And you will loose opportunities by missing out being contacted. What more, it is bad because apparently the registrar or protection service provider in a way becomes the owner of your domain (and charges you for this service)

I am sure that such a factor should affect the trustrank of your domain. That google should count public whois registration as good and private whois as bad. That whois information is a Google trust factor. And there are cases which claim that protected whois data can negatively affect the SEO.

In one case study Keller Tiemann claimed that his website got penalty for turning on domain privacy and it got reversed once he fixed the whois issue.

Penalty for whois protection
Graph showing daily traffic after penalty and its reversal.

Though the main issue was that his proxy whois information was showing wrong country name. Now that matters a lot for a local business like Keller’s. More on this later in this article.

Action needed

Use a public whois option if you can.

If you still want to be protected from spammers by making your whois data private, its fine. You will not be penalized for just that reason. It will get suspicious only when you whoisguard your websites just to hide your association with them. But generally it is good to appear more open and available. I recommend to use public whois option with full and correct contact information.

Moreover if one or more of your websites are indeed dodgy, private whois will not shield you completely from the search engines eyes. Your domain registrar and webhost have your real contact information which they may share with other registrars including Google. There can be even more ways to crack on identity of the owner of a dubious website by using adwords or adsense data or data from any such services.

2. Age of the domain

The age of a domain is the time which has passed since it was last registered. If the domain was dropped by its previous owner its age resets.

So, is an old aged domain good or bad for SEO? There are tremendous debate on this topic in SEO community. Some of the valid points to wonder are:

  • If this domain/website was intended to be used in spamming it would have been used early already. Spammers are not patient.
  • Well established sites have old domain names, so its reverse should be logical.
  • Old domains that don’t do well are less likely to be around.
  • Old domains have had time to do well and pick up real quality signals such as authoritative links.

There are equal advocates who do not support these theories and suggest the domain age in itself is not any good. Ann smarty explained that it is the website age which should me a more reliable factor than the domain age.

It is a ranking factor

Matt Cutts stated that they give much more weight to date of first discovery of the current form of website to determine the sites age rather than whois data. Moreover he reavealed that Google keeps an eye for at least 2-3 months of registration of the domain. It means it is a confirmed negative factor for first few months. He also said that there “a small” difference in 6 month old and 1 year old domain SEO wise. But he remained silent about really old domains, say 5+ years aged ones.

But there are more things that come free with aged domains. A history of earlier website which should be looked out for. When you intend to buy an old domain to start a new website. Make sure earlier website(s) were not involved in questionable practices and do not have spammy backlinks. But if the earlier websites were just fine. The attached pre-existing backlinks, social signals and mentions are huge bonus. However algorithm will try its best to reset the value of pre-existing backlinks and social attention, it can not be ever zeroed. The only problem involved is handling the 404 errors users click on those backlinks to come to your website.

Moreover a new freshly registered domain is not guaranteed to be history-less. Make sure that if it was registered earlier, it was not blacklisted or involved in spamming.

Action needed

Well, existing owners need not and do anything at all. You will feel some pain ranking in first few months of registration of your domain.

However if you are planning to start a new blog/website buying an existing domain, you should keep domain age in mind among other factors. Buy an old name if it is really good name and have other trust factors like quality backlinks attached to it. If you plan to start a blog/website do it as early as possible becuase the website age matters more than the domain age.

3. Length of registration/expiry

Does the length of registration of your domain affects SEO?

Whenever a question such simple is asked to an official, like Matt Cutts, the answer has always been vague:

They always keep secrets. As you can see in the above video, he has not denied it. He just said it is not that important.

John Mueller has tweeted that most registrars do not provide accurate registration length, so it cant be a reliable ranking factor.

I believe it must be a ranking factor, though acute. A lot of SEO experts do. The only proof that supports the theory is that Google has a patent which basically proves that domain registration period can be used as ranking factor, if they want:

“Valuable (legitimate) domains are often paid for several years in advance, while doorway (illegitimate) domains rarely are used for more than a year. Therefore, the date when a domain expires in the future can be used as a factor in predicting the legitimacy of a domain”.

Action needed

Register/renew your domain for long duration (say 2+ years) if you can.

But it does not mean that you should pay your domain registrar for 10 years in advance and expect a boost in your traffic. If you think that you are going to have this blog/business for several years, then you should buy/renew your domain for several years. Not for SEO. If you are getting a discount for multiple years renewal, you should avail it. But make sure your registrar reflect correct expiry date once you pay for multiple years renewal fees. If not you may want to contact them or prefer another more reputable registrar.

4. Inaccurate or fake contact information

It is even more evident using fake registrant info in whois (than using protected whois) that something is fishy in your business.

Who would use false contact information in his whois data?

  1. Amateurs who do not know that they are doing.
  2. Private blog network owners who do want to leave a ‘footprint’.
  3. owner of websites involved in fraud, unethical or illegal businesses.

And none of them deserve love from search engines, right? Private blog networks are in fact the single biggest black hat way to build links and get high rankings these days. And search engine giants are after them. One certain reason that makes a website suspicious? Fake whois data. I did not find much discussion about direct SEO effects of fake whois data, but Matt Cutts has mentioned that they hate it. It is also counted as a factor in 2015 report of ranking factors by moz.

Some expects even suggest you to put your real contact information (physical address and phone) on your contact us page (or home page) for transparency. And it should match the one in whois records. Moreover it is a legal obligation to use your correct information while registration of a domain. A domain registration with false or inaccurate details may even be cancelled by registrar.

Action needed

Use real and accurate whois contact information if you can.

Never use fake whois data in your domain’s whois.  Put your correct address and phone number there if you really want to be transparent. But if you are just too concerned use private whois rather than fake whois. Make it a rule to review your whois data once a year. Update the changes if any in whois data along with everywhere else. For security reasons never ignore emails from your registrar about changes in domain info.

5. Geo location of your physical address

This one is exclusively for local SEO. And this one is a strong one too. Remember the case study of SEO penalty above? Well, the main reason for penalty was change in geolocation in whois data rather than the use of privacy protection. If your business is of pretty local nature you can not afford to shift to “panama” and wish that it will not affect your business.

Providing a false business address is a certified negative factor for SEO. If your business is local and you depend on local SEO for its success, you want to have a local address and phone as well. Having a foriegn address while targetting local clients doesnt help. And that contact information should be correct and consistent at all sources.

Action needed

If your blog/website is not targeting local clients, all is good. Using your correct whois data should be sufficient for you.

However if you target a specific geo location, say a specific country, make sure you have a valid address and valid phone number in that country. And make sure that the same local address and phone is reflected in your whois contacts. And it should match with contact us page, business directories, Google My Business listing and everywhere else.

6. Track record of domain owner

Cyrus Shephard of Moz has detailed that how google determines “administrative relationships” between two domain using various methods. It is only intuitive that they should be using this data to “devaluate” artificial backlinks made by the same person from his other websites. But there are more applications of it. So track record of the whois registrant can possibly link his good or bad works on his other domains with this domain. A past penalty may be forwarded to new domain belonging to same person. Or owner of a good popular brand maybe rewarded when he is working on a new project.

Google will never publicly accept that it uses whois or any other data for detecting administrative relationships because its success lies in the secrecy of the method.

Action needed

It would be best if you don’t own shady websites/domains at all.

But if you do, dont associate it with your own name. Preferably get rid of it as soon as possible especially if you have another good quality website getting nice results. And dont unnaturally linkback to your websites from your own websites.

If you own a good website, do not try spamming or blackhat things to the other website you own as both websites are linked through you.


I will not suggest you to make any effort at all on tricks or things which require more efforts than the impact they make. But this one is easy. And it has more good reasons than SEO alone. Just once a year you should see your whois data and make sure your contact information is correct, valid and visible. And if you have not done it already you should do it right now. It just takes few minutes.

Get More Traffic

Are Forum Links Still Effective For SEO in 2017?

History of forum links?

Forums or discussion boards are online communities for like minded people to hang out and discuss various topics and issues about a common interest. Forums are generally free and open for everyone to join. And every member can jump into an existing discussion (or start one) to speak his voice. One useful feature of most forums is that members can quote a link in their posts. And this ability to link to any website gives them opportunity to build a backlink to their own website/blog. There was a time when forum links were easiest and fastest method of link building.

There are three kind of backlinks you can build using forums. When you sign up on a forum/discussion board in related niche and mention your website/blog in profile section. This backlink is called a forum profile link. It takes only few seconds to make a profile and get a forum profile backlink. Then you can join a discussion and along with your response post a relevant link in your post. Let’s call it a forum post link. And then most forums have a feature called signature which appears below each of your post. If your signature is allowed to contain a link then backlink such made is called a forum signature link.

An example of forum profile link
An example of forum profile link

Why forum links were so popular?

Some highest authority brands and organizations (e.g. MySQL, CNET) have forums for customer support. Even .edu and .gov websites have open forums. Since forums are open and free for everyone, you can use those forums to get high authority backlinks even .edu and .gov backlinks.

What happened then?

Automation software like scrapebox and xrumer abused forum links to the extreme. These software can build thousands of forum profiles per hour. And solo purpose of such profiles is link spamming. They can even go steps ahead of spam protection by solving simple captchas, verifying email and even post on discussion threads to activate certain features of forum membership. All major forums are now constantly bombarded with spam profiles using these software.

So search engines had to intervene and with introduction of nofollow attribute most forum links are now devalued. Moreover there is a risk of google penalty for forum spammers after penguin update. Even forums have updated their criteria for users who want to publish links in their posts.

Should you use forums for SEO now?

Those SEOs (and their customers) might still be in deep sleep all this time who are still selling link building services using forum profiles. You can easily get services on fiverr selling tens of thousands of backlinks to your blog for mere $5. One philosophy or rule of thumb I always follow in SEO is that backlinks which are easiest to get are most worthless. No matter are they dofollow or nofollow, high pr, edu, gov, authority, tiered or anything. Never buy such services.

Also do not buy/rent signature link spots of established members or use your own signature to build links. Because signature links are bad anyways. Any automated link is bad for SEO and a signature link is automated because signature appears automatically whenever you post something. Even if you use signature to build a link do not use keyword anchors to avoid penalty.

The effective way to forum link building today

It may or may not be worth the time and efforts depending upon your niche and the forum you are building links on. In some niches forum can be better for link building than other niches. If you are already an established member of a popular and active forum very much related to your niche, it makes much more sense to use that forum even if it is a nofollow forum than to register as a new member on a dofollow forum or high authority or high pr or .edu forum. Do not think about nofollow or dofollow. Because even dofollow links will not bring much link juice. Do not think about keyword anchor either. If fact you will increase your chances of penalty with exact keyword anchors in forum links. And do not think about SEO at all but look from marketing perspective.

Try to help other members with your post to solve a problem. link one of the most valuable post of your blog in and try to attract forum members to your website. If not a valuable dofollow backlink, atleast you will earn new readers/visitors and buyers to your blog. Focus on building relationship with the forum members so that they trust your link, find it useful and be grateful for it. If you are answering to someone thread make that answer authoritative and complete enough. If you are opening your own knowledge sharing thread make it so compelling that everyone wants to post a thank you message.

From SEO point of view you won’t gain much link weight. But you will certainly gain:

  1. Variety in your link profile.
  2. Very relevant new readers to your website/blog.
  3. A recognition in a community of your niche.
Get More Traffic

How Poor CTR Can Spoil All Your SEO Efforts

Optimizing your page title tag for search engines is bad.

The title of a page (or post) is one of the most important on-page factor that Google (and most top search engines) uses to decide what the topic of that page is. SEO gurus always insist to drop your primary focus keyword at the beginning of the title tag. Some experts even suggest  to use a secondary focus keyword in the title itself.

But there is one more important purpose of the title of your blog: To attract the searcher’s eyeballs while competing with nine other high quality results on the search result page. If your blog post appears on the first page of google for a popular search term but no one likes to click on your listing how effective is your SEO?

CTR matters even if you rank all the way to the top

Optify CTR Curve 2
Organic CTR curve shows which rank gets how much traffic. Source

It is natural that in the first page of the search results the search user is more likely to click the first result than the second or subsequent ones. But the fact is that all ten results are right there in front of his eyes trying their best to grab his precious attention. And if they all fail to do so, there are millions of “next” pages to do the job.

If you rank first on page one but a search user likes (say) eighth result, and clicks it, better luck next time. But if it is happening all the time, then either the eighth result is too good to resist or your result snippet sucks (or both). The Click Through Rate (CTR) of each result starts playing a vital role here.

You may loose your rankings just because of low CTR

Joost De Valk of Yoast SEO plugin (the most popular SEO plugin for wordpress) warns in his post about SEO titles that “if you’re ranking but never getting clicks, over time, your rankings might deteriorate”. In other words if your result in the search engine gets more CTR than the ones with better ranking results there are good chances your will get a free ranking upgrade in the next update.

Think of it in this way. The purpose of complex ranking algorithm of a search engine is to provide the search user the result which best suit his needs. If every other user chooses for himself one particular result out of the ten options, isn’t it an indication that this result is the best suited result for that particular search query. If not then what is the purpose of showing the user so many results for a search rather than just one best result.

Your Title CTR matters beyond search engine rankings

Have you though about it in this way. Your blog/page title remains same irrespective of the source of acquisition of the reader. So if it is not able to attract clicks despite appearing in search results. How the same title will attract customers from other platforms? If it ugly in Google, it will be ugly in facebook. And it will be ugly in all those social platforms which use your page title in their snippet.

facebook uses page title and meta decription in its snippet
How facebook uses your page title and meta decription in its snippet. CTR matters the most here.

So your title and meta description should be catchy (not SEO optimized) to attract more clicks each time your page is shared on facebook. In fact several social bookmarking and social media platforms and a number of discussion board software (forums) use your title as their default text when a link to your blog post is shared there.

It is possible to increase CTR without sacrificing SEO

The whole purpose of this blog post is to make you look at your blog titles (and meta description) from a whole new perspective. Next time when you are writing title for your blog post, think beyond SEO. It is OK to put your important keyword(s) in title and meta description. But do not forget that actual real human beings will be reading it each time your blog appears in search results or is shared on social platforms.

You have roughly one second to grab your visitors attention with your wonderful snippet. And if you promise your visitor exactly what he is looking for and if your promise is better than your competitors you will earn that click through.

How to write titles that both humans and bots love

Google is known to play with your title and meta description while generating a snippet. It sometimes dynamically generates a better title for your search result snippet and often dynamically generates a better description taking excerpt of its choice from that blog post to best suit the search query. But it does not mean that you do not to do anything at your own. Great titles are valuable assets for your blog. Learn how to write great click worthy titles.


How To Guides WordPress Security

How To Change Default Table Prefix (wp_) In WordPress

Default table prefix (which is wp_) is something which nobody cares about while installing the WordPress or in the beginning days of his WordPress blog. But when the website grows, security becomes a concern and we look back at the flaws in our existing WordPress installation. But we can not afford a new installation just to repair a couple of loopholes. Good thing is that we can change the table prefix of our WordPress database anytime. Even better thing is that it is pretty easy as well. So read on.

What this table prefix does anyways?

WordPress runs on MySQL databases. Each database has some tables in it. WordPress prefixes each table it creates with a prefix. The default prefix is wp_. What this simple hook does is that each table created by WordPress starts with an identifier. It means:

table users becomes wp_users,
table posts becomes wp_posts and so on…

The advantage is that all tables related to your WordPress installation are marked and grouped. You can now use the same database for another WordPress installation or in fact any other need like other CMS or shopping cart or forum. Though most hosting packages come with unlimited databases, this should not stop WordPress giving you ability to install multiple WordPress instances in a single database. There is no harm in it anyways.

To install another WordPress though you will need to use a different prefix say wp2_ so that thing do not get mixed up. You can find your table prefix in your wp-config.php file.

The problem with default table prefix wp_.

Most manual installations (and many one click auto installations) of WordPress do not care to change the default prefix. And why should they care? They are never going to use this database for another installation.

The problem is, It’s predictable.

Though nobody is going to read your database tables unless he has a database user and password, SQL injections are always threat. It means a hacker can predict what table names your website is using even without knowing your database name, username or password. A list of all tables created by WordPress, (if default prefix is used) is here. By using a prefix other than default you give your hacker some extra hard time because now he has to find the table names first.

How to change default table prefix in existing WordPress website.

Using plugins

There are many plugins for this exact task, but many of them have several issues. This plugin does that for you automatically. Just remember backup your website before and after using this plugin. Also remember to uninstall and delete this plugin after your prefix is changed successfully because you will never need it again.

The manual method


WordPress Security

How These 6 Passwords Make Your WordPress Blog Vunerable

Secured your WordPress blog using a very strong WordPress administrator password? Well, your job is not finished yet. Your beloved blog may still be vulnerable, as there are more passwords you need to secure to prevent hackers an easy entry. Some of them may not be very obvious, but any of them, if hacked can bring chaos, so read on:

1. Your WordPress administrator password(s)

First thing to know is that if there are more than one users, there are more than one passwords. And all those passwords need care. Being the manager of your website team, you need to know the fact that people are predicable, and so are the passwords. As described in this analysis of 10 million passwords by WPEngine, most people tend to use memorable passwords.

No matter how much you encourage your team to use strong credentials someone of them may turn out to be the Trojan. You can however take action now to avoid it.

First thing first, secure your own admin password

If you think your own password, while being simple is impossible to guess, you may be bluntly wrong. This comprehensive article by Dan Goodin tells that cracking software (and hardware) are becoming stronger day by day.

Core WordPress has an inbuilt password generator, so use this tool anytime and change your password to a strong one. Just go to users -> Your Profile -> Account Management -> New Password.

An administrator can also go to other users’ profile and change password for them (without seeing their existing ones).

Downgrade other administrators

Unless you are running a fairly large organization, working 24×7, you do not need more than one administrators. So, it is the time to review the role of all users and downgrade them to their appropriate role. Unless a second administrator is absolutely necessary, downgrade it to either editors or author. If you choose to keep more than one administrators, force them to use very strong passwords.

Force strong passwords to all users

Yes, editors too, not just admins need to use strong credentials because a compromised account of even an editor is a threat. One easy way to do it is this simple plugin. It simply forces all users who have publishing privilege to use strong password next time they login. Further you should periodically review your users and delete the inactive ones.

2. Your hosting account credentials

Just because you purchased your hosting in a hurry or someone else did that for you, you should not leave that gate open. A hosting service itself has several passwords which can be used as a backdoor entry by hackers and give you a nightmare.

Customer portal/dashboard

Most web hosting companies and products (shared, VPS or managed) provide a customer dashboard where they can manage their purchase, add and remove services and ask for support. This dashboard may contain direct access links to cpanel, email accounts, databases, ftp accounts, domains and backups. Here you can also reset your Cpanel/plesk password. So you do not want to compromise with security of this dashboard.

Cpanel/Plesk login

Almost all shared hosting plans, most managed VPS plans  few managed WordPress plans come with a cpanel or plesk login. Cpanel/Plesk is the place to control almost everything about your website, so naturally most attention is required to keep hackers away. This control panel inevitably has its own login credentials which need your care.

Note: Many hosting services have direct access link to cpanel from their dashboard, so you may never need to use cpanel credentials, nevertheless you should change the password to a very strong one.

FTP account(s)

These days, with one click installation of wordpress, use of FTP is quite uncommon. But if you created an FTP account at some point of time, do not leave it unattended. Delete it if no longer required, else at least harden its credentials.

3. Your MySQL user & wp-config.php file.

MySQL database user

If you installed WordPress using one of the latest click installation tools, there is not much to worry about this point. Because these tools create and use strong passwords for MySQL database.

But if you installed WordPress manually, did you used a really strong password (using the in house tool) back then? As the database username and password are required just once, i.e. during the installation of WP, there is no need to make them easy to remember. You may want to check this password again, (which you will find  in wp-config.php file). If it is not alright, you can always change by logging into your cpanel -> Databases -> MySQL databases. Select the appropriate user and reset password, then copy the same into your wp-config file again.

wp-config.php file

Another mistake, though rare, people do is they accidentally save their wp-config.php file as wp-config.txt which is a disaster as shown in this video.

So positively check your file manager for any such file exists.

Another good step will be to deny access to this file completely using this code in your .htaccess file.


# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all


4. Your domain registrar

In case your domain registrar is different from your hosting company, do not forget to secure access to that. Domain hijacking is a worse nightmare than a hacked website because though hacked WordPress installation is possible to be restored, few people have ever successfully recovered their hijacked domains.

I strong recommend to use 2 Factor Authorization or other such security feature which your domain registrar provides.

5. Your backup storage service

If you do not regularly backup your website remotely, you should start doing this today. But you should also ensure that you did not leave a weak access to hackers to your backup/cloud storage service like Dropbox, Amazon S3, Google Drive, Onedrive etc.

6. Your primary email

Do you ever realize that if your primary email is hacked everything in your world is endangered. Because almost all services online use primary email for recovery of forgotten password, which hacker can then use once he has access to your email. Your WP Admin account, hosting account, domain account and what not! Not just from business point of view, but from privacy concerns too you need to ensure maximum security for your primary email.

Use only reputed email service

One good way to ensure your email security is to only use a top email provider for your email needs (like Gmail, Ymail or Live). I recommend that if you are using personalized emails like [email protected] even then use Gsuite(formerly Google Apps) or outlook (Microsoft).

Look out for any forwarders

Go to settings and delete any forwarders which forward your emails to a less secure email service and hence compromise with your email’s security. Even if you are using forwarders to consolidate several email accounts in one, you should choose a reputed service like gmail this service.

Enable 2-Factor Authentication

The best thing you can do to secure your email address is to enable 2FA. It means that a second authentication, other than the password, will always be required to login to your email account. The second factor can be a One Time Password (OTP) sent via SMS or voice call to your mobile phone number or one of the several other options like mobile app or physical key(pendrive).

Note: Good thing is that two factor authentication option is also available in WordPress in the form of this plugin.

Tips to keep your passwords even safer

Do not use the same password everywhere

No matter how strong it is, you should not use your one password anywhere else. Use a different password every time you register for a new online. For example your email password should not be used while buying a WordPress theme. Almost every service provider these days requires you to register while making the purchase, but not all of them are as secure as your email provider (Google/Yahoo/Microsoft) or WordPress. So if their website get hacked your other account with same password immediately becomes vulnerable regardless of the strength of the password.

Use only high reputation password manager.

Once your passwords are too strong to crack, they are also very difficult to memorize. Almost everyone uses software to save all those passwords. Thus your security relies upon the reputation of the software where all your passwords are kept. I only save all my passwords in Google Chrome except a few very important ones which I prefer to write down physically.

Use a good antivirus program for your device.

Once you have saved all your passwords (never save your primary email password as email can be used as a recovery option) security of your computer/device also becomes important. There are always malware, key-loggers and spyware trying to get access of your computers for sensitive data. So purchase a good reputed antivirus program with firewall and keep the 24×7 monitoring on.

How To Guides

How To Use Bookmarks And Jump Links In WordPress Posts

What are jump links?

Jump links (also known as anchor links or a bookmark links and sometimes hash links) are hyperlinks on a web page, which when clicked allow the user to jump to a specific point of a page. The specified point of the target page is called a Bookmark or Internal Anchor. So basically a jump link jumps you directly to a bookmark on a webpage (rather than just opening the webpage).

How bookmarks and jump links are helpful in a wordpress blog?

Bookmarks are great for organizing the content of a really long wordpress post. Long articles are good for SEO. And because you do not want to scare away your readers your blog post should contain sub-headings or sections or topics.

But why stop here? You can go ahead and create a bookmark for all your important sections. And then you can use jump links to point directly to those sections whenever needed. This can be helpful in several ways.

  • You can link directly to a section of a long article having several sections rather than linking to the whole article. In fact a link to the whole article may confuse your reader and will leave him on his own to find the section of reference.
  • You can create a table of contents which not only lists all the topics covered in a long article but also takes your reader directly to any of those topics when clicked. Another jump link then takes him back to the table of contents after reading is finished. All of this without scrolling down or scrolling up relentlessly. Best example of this practice is Wikipedia.
Example of table of contents in wikipedia using jump links
Example of table of contents in Wikipedia using jump links
  • You can make a list of references or definitions at the bottom of the post and a jump link will take the reader directly to the particular reference or definition in no time. Another one takes him back to the point of reading (where the reference was used). Again, the best example of this practice is Wikipedia.

Are jump links and bookmarks good for SEO?

Definitely yes! Anything which enhances your reader’s experience is good for SEO. You can not always link to a full length article as its content may be too broad for the context. But, a precise subtopic of that long post can be always be linked to. Hence ability to link to just a precise subtopic can increase the number of internal links you have.

In fact, google includes jump links in its rich snippets for prominent websites just like regular sitelinks. It also treats the anchor text used for such jump links just like a regular anchor text of an internal link.

Jump links used as sitelinks in Google's rich snippet
Jump links used as sitelinks in Google’s rich snippet

The increased ability to be linked will also attract more external backlinks. In fact a well organized post with a handy table of contents is more likely to attract social bookmarking and backlinks acting as a link bait.

How to create a jump link?

It is much more simpler than you think. You only need to know some most basic HTML (or just follow a simple format)

Firstly, you need to define an anchor (bookmark). It can be done in any of three ways. Just enter the text editing mode of your post editor and use any one of these three codes of your choice.


<h2 id="chapter1">Chapter One: Introduction</h2>




<h2><a id="chapter1">Chapter One: Introduction</a></h2>




<h2><a name="chapter1">Chapter One: Introduction</a></h2>


Remember that <h2> tag here makes your text a sub heading (second level). You can use h3, h4, h5, h6 or h7 if appropriate. You can even not use <h2> tag and just use <a> tag. An <a> tag will be more usable instead of <h2> tags when you are creating a tiny link to jump back to the top of the page.

Now you are ready to link to this bookmark/anchor. All you need to do this is a URL.
If you are linking from the same page you will need to use #nameofthebookmark as the URL. Do not worry about the fact that this does not look like a proper URL. The full code will be like

<a href="#chapter1">Go To The Introduction Section</a>

However, if you are linking from other pages or external website you will need full url or that page and add #nameofthebookmark for example full code will be like this:

<a href="">Go To Introduction</a>

Thats it, you have mastered jumplinks. But the actual job will be to carefully select sections of the page to make them bookmarks, make bookmarks of them and link to them. To go back to the table of contents you need the anchor the text “Table of Contents” at the beginning of the post in a similar way and then create a link to it and copy paste it right after end of each section. Link text for these links may be “Go to top”.

Working Example

Try this simple example.