After that, go to the Webtoffee Import Export (Pro) » Import page and select ‘Product’ as the post type you want to import.
Click on the ‘Step 2: Select import method’ button to continue.
Next, you need to select an import method and upload the exported file you downloaded earlier to your computer.
Click on the ‘Step 3: Map and Import Columns’ button to continue.
On the next screen, you’ll see a list of fields and the matching fields from your import file. If you see an empty field, you can choose a matching field for it in the next column.
If you are using product variations like sizes and colors, then make sure to click on the Attributes tab to match attribute fields.
However, if you are not using any products with variations or custom attributes then you can use the default settings.
Click on the ‘Step 4: Advanced Options / Batch Import’ button to continue.
On the final screen, you’ll see advanced options. For instance, you can choose to match products by ID or SKU, choose what to do if a product already exists, and more.
If you are importing products into an empty WooCommere store, then you can use the default settings.
Finally, click on the ‘Import’ button to run the product import process.
You’ll see the progress of the import on screen. Once finished, you can click on ‘View Products’ to check if everything has been imported correctly.
The plugin also allows you to import and export Product Reviews.
If you want to import or export the product reviews too, then simply choose ‘Product Reviews’ post type on the import or export page.
Improve Your WooCommerce Store with Automations
If you find yourself doing a lot of manual work around your WooCommerce store and want to save time, then we recommend using Uncanny Automator for workflow automation.
Uncanny Automator helps you connect over 100+ plugins and apps with a simple no-code visual builder. You can use it to create automated workflows for things that you normally do without writing any code.
There’s a free version that you can try out, and it’s already used by over 20,000 websites.
Aside from workflow automation, if you’re looking for a marketing automation tool for WooCommerce, then we recommend using FunnelKit Automation. It will help you grow your sales and improve conversions without the high costs.
A sneaky new credit card stealer has been discovered hiding in places that are difficult to scan, and thus managing to steal payment (opens in new tab) information without triggering any alarms.
A report from cybersecurity experts Sucuri notes how it stumbled upon the malware when called in to investigate an “unusual infection” at one of its clients’ payment endpoints.
As it turns out, the malware was hiding in the site’s WooCommerce payment gateway module called Authorize.net, which process payment details on checkout. As this module works after the user submits data at checkout, cybersecurity solutions have a harder time detecting potentially malicious code hiding within.
Usually, threat actors would inject malicious code into the HTML of the store of customer checkout pages. The code would then grab the data being inputted during checkout – giving hackers access to sensitive data such as full credit card numbers, CVV numbers, expiration dates, phone numbers, email addresses, and other important information.
But today’s cybersecurity solutions can scan the HTML code for malware and thus keep the ecommerce sites safe.
That’s why this creative malware developer turned to the Authorize.net payment processing system. Apparently, it is currently being used by more than 400,000 merchants all over the world.
But the WordPress ecommerce plugin WooCommerce, or the Authorize.net payment gateway, are not flawed, and do not carry any vulnerabilities, Sucuri stressed.
“Overall they are both robust and secure payment platforms that are perfectly safe to use. Instead, this article highlights the importance of maintaining good security posture and keeping environments locked down to prevent tampering from threat actors.”
“Just like any other piece of software, if malicious actors compromise an environment they can tamper with existing controls,” they concluded.
To remain secure, businesses are advised to leverage file integrity monitoring, keep a close eye on modified files, and urged to “take every possible avenue to keep the attackers at bay.”
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the ‘Authorize.net’ payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans.
These scripts will then steal inputted customer information on checkout, such as credit card numbers, expiration dates, CVV numbers, addresses, phone numbers, and email addresses.
However, many online merchants now work with security software companies that scan the HTML of public-facing eCommerce sites to find malicious scripts, making it harder for threat actors to stay hidden.
To evade detection, the threat actors are now injecting malicious scripts directly into the site’s payment gateway modules used to process credit card payments on checkout.
As these extensions are usually only called after a user submits their credit card details and checks out at the store, it may be harder to detect by cybersecurity solutions.
The campaign was discovered by website security experts at Sucuri after being called in to investigate an unusual infection on one of their client’s systems.
Targeting payment gateways
WooCommerce is a popular eCommerce platform for WordPress used by roughly 40% of all online stores.
To accept credit cards on the site, stores utilize a payment processing system, such as Authorize.net, a popular processor used by 440,000 merchants worldwide.
On the compromised site, Sucuri discovered that threat actors modified the “class-wc-authorize-net-cim.php” file, one of Authorize.net’s files supporting the payment gateway’s integration to WooCommerce environments.
The code injected at the bottom of the file checks if the HTTP request body contains the “wc-authorize-net-cim-credit-card-account-number” string, which means it carries payment data after a user checks out their cart on the store.
If it does, the code generates a random password, encrypts the victim’s payment details with AES-128-CBC, and stores it in an image file that the attackers later retrieve.
A second injection performed by the attackers is on “wc-authorize-net-cim.min.js,” also an Authorize.net file.
The injected code captures additional payment details from input form elements on the infected website, aiming to intercept the victim’s name, shipping address, phone number, and zip/postal code.
Another notable aspect of this campaign is the stealthiness of the skimmer and its functions, which make it particularly hard to discover and uproot, leading to extended periods of data exfiltration.
First, the malicious code was injected in legitimate payment gateway files, so regular inspections that scan websites’ public HTML or look for suspicious file additions wouldn’t yield any results.
Secondly, saving stolen credit card details on an image file isn’t a new tactic, but strong encryption is a novel element that helps attackers evade detection. In past cases, threat actors stored stolen data in plaintext form, used weak, base64 encoding, or simply transferred the stolen information to the attackers during checkout.
Thirdly, the threat actors abuse WordPress’s Heartbeat API to emulate regular traffic and mix it with the victims’ payment data during exfiltration, which helps them evade detection from security tools monitoring for unauthorized data exfiltration.
As MageCart actors evolve their tactics and increasingly target WooCommerce and WordPress sites, it is essential for website owners and administrators to stay vigilant and enforce robust security measures.
This recent campaign discovered by Sukuri highlights the growing sophistication of credit card skimming attacks and the attackers’ ingenuity in bypassing security.
Are you looking for the best practices to maximize the SEO benefits of internal links?
Internal links play an important role in search engine optimization (SEO). They help search engines discover your content and rank them higher in search results.
In this article, we’ll list the best practices to use for internal linking for SEO.
How Does Internal Linking Improve SEO in WordPress?
Internal links are links between posts on your own website. Having internal links is important for your WordPress SEO. They help search engines like Google crawl your website and discover new content to index and rank.
Generally, the more links a page has pointing to it, the more likely it is to rank higher in search results. That means that you can use internal links to point to important pages on your site as a way to increase their traffic.
That being said, let’s take a look at the best practices for improving SEO by adding internal links in WordPress. Since this is a comprehensive guide, we have included a table of contents for easier navigation.
You can also edit your older articles to add links to your newer content whenever you publish. Many successful bloggers dedicate time to adding internal links that point to new articles on a weekly or monthly basis.
This will help you boost your pageviews, increase the time users spend on your site, and ultimately will improve the SEO score of your individual blog posts and pages.
WordPress makes it easy to search for your old posts right inside the post editor. Simply select the text you want to link and click on the link button in the toolbar that appears.
A text pop-up will appear below your highlighted words. Then, you can start typing to search for the older articles you want to link to.
2. Monitor Your Internal Link Performance in WordPress
It’s helpful to see your website’s SEO performance in terms of links by using a tool such as the Links Report in Google Search Console. This is a helpful starting point for working out how to improve internal linking on your site.
The Links Report will show you how many pages are linking to this page. You can compare it with other pages and see whether pages with more internal links are ranking higher than posts with many internal links.
Just make sure you are only linking to the article when it makes sense. Adding links where they don’t make sense creates a bad user experience.
Another way to monitor the impact of internal linking is to see which keywords are gaining or losing position. All in One SEO makes this extremely easy with the Search Statistics feature.
Once you connect the plugin with Google Search Console, All in One SEO will fetch your Google Search Console data and present it under All in One SEO » Search Statistics.
The keyword positions chart shows a graph of your site’s keyword positions.
Below this, you’ll see the Keyword Rankings overview box. This shows your top 10 keywords, and if you use them for internal links they are very likely to be clicked.
3. Improve Your WordPress Site’s Internal Linking With a Plugin
If you’re not sure which posts you want to link to, then you will often find it faster to add internal links in WordPress using an internal linking plugin.
We recommend using All in One SEO. It includes a unique Link Assistant feature that lets you add links to your old and new content without having to open up the post. Plus, it provides link recommendations, detailed link reports, and much more.
Link Assistant will crawl every link on your website and then show a comprehensive list report.
The report will show you an overview of the links with total counts for internal, external, and affiliate links. It will also show you the number of orphaned posts that have not yet been linked to from another post or page.
You can switch to the Links Report tab for detailed information on all your links. Here you’ll see a list of all your posts and pages with columns for internal, external, and affiliate links.
It will also show a number of suggestions where you can add links.
For more details, you can click on the right arrow button next to a post or page. This will show all links organized in different tabs. From the suggestions tab, you can quickly view link suggestions and add links without directly editing a post or page.
Link Assistant also helps you discover more internal linking opportunities.
You can switch to the ‘Linking Opportunities’ tab to see suggestions about how to improve the internal linking on your website, and also see the list of orphaned posts so you can add links to them.
4. Display a List of Your Most Popular Posts in WordPress
You can use a WordPress popular posts plugin to point users toward the articles that other users have already found helpful. These plugins automatically create a list of internal links to your most popular content.
Popular posts are usually your most successful content, which means they are more likely to increase user engagement, conversions, and sales. They are also a good opportunity for internal linking to your other less popular articles.
For example, MonsterInsights has a feature that allows you to show your popular articles anywhere on your WordPress site. You can use also use inline popular posts to show articles inside your content.
If you want to show articles in the sidebar or at the end of your content, then you can select the Popular Post Widget. MonsterInsights even lets you display your top-performing products anywhere on your eCommerce store.
5. Create List Posts That Roundup Other Articles in WordPress
Another way to increase the number of internal links on your WordPress blog is to create roundups of your existing content. You do this by creating a new post that mentions your best articles on a certain subject to give a detailed overview of the topic.
In fact, you’re reading a post like that now.
Luckily, there are some plugins that make this job easy. For example, WP Tasty Roundups allows you to quickly repurpose your existing content into beautiful roundup posts that rank in search results.
All you need to do is type one or two keywords into the built-in search functionality, and the plugin will automatically pull images, titles, descriptions, and links from relevant posts into your roundup list.
6. Get Google Sitelinks for Your WordPress Site
Sitelinks are a feature on Google search engine results pages (SERPs) where additional sub-pages appear under a website in the search results.
These are often internal links to the most popular pages of that website.
The top 3 spots on Google get the most clicks. When sitelinks are shown for a website, it takes up the same amount of space as three regular search listings.
Having this much screen space dedicated to your site significantly increases your overall click-through rate. Simply put, more visitors will visit your website from the keyword.
While there is no guaranteed way to get Google to show sitelinks for your website, it certainly helps to create lots of internal links to your most important posts and pages.
10. Use MediaWiki Syntax to Quickly Add Internal Links to WordPress
If you want to make internal linking a habit, then it helps to use the most efficient method. Since WordPress 6.0, WordPress has supported standard MediaWiki syntax to quickly add internal links when creating or editing a post.
You can now quickly add links by adding two square brackets followed by the post title. The animated gif below shows you how easy this feature is to use inside WordPress.
The link will automatically add the correct URL to the post, and use the post title as an anchor link.
If you know the title of a post (or even just part of it), then using the double square bracket method is the fastest way of creating an internal link.
11. Track Which Internal Links Are Clicked in WordPress
One of the best ways to uncover how users interact with your website is to track which internal links your visitors are clicking. Tools such as MonsterInsights can help you see which internal links your visitors are the most interested in.
You can then use these insights to improve the way you add internal links to your posts and pages.