I saw this plugin mentioned on Mastodon today and thought I would give it a try on ClassicPress and see if it worked. Install in ClassicPress went easily, like most WordPress plugins do. There were no warnings and ClassicPress says it is compatible. The only hard part was finding the plugin. I had to search by the plugin authors name to find it. I have to say the authors name, L1am0, does not inspire confidence, but their website looks legit enough.
Once installed and activated I found the settings for the plugin under the Settings menu, which is nice. So many plugins think they deserve their own spot the admin menu, nice to see a plugin that picks the right menu place.
To get started you will need to connect your website with your Mastodon account. Simply start typing the name of your Mastodon server and the plugin will start to filter your choices down. Once you have your server selected you can then authorize the plugin as an app on your Mastodon server. After you authorize the plugin you will be redirected back to your website. This is the only error I had. The plugin output some text and cause a PHP bad header. I had to reload the admin and go to the settings page again to continue.
You can then select if it posts when new posts, pages or media are created, and how it looks. I can’t tell you if the plugin really works yet, since this is the first post I have created since I installed it. Once I publish this post I will come back and let you know.
Recently I had a client come to me with a very interesting problem. They have multiple web servers running behind a Cloudflare load balancer and the majority of those requests flow through the load balancer and are directed properly. However, there were still a number of requests that would make it through straight to the origin IP’s. The majority of those requests were often attempts at common WordPress exploits or simply plugin scanning looking for vulnerable plugins. If those requests were properly going through Cloudflare they would be dealt with by the Cloudflare firewall but by using the IP address these bad actors were able to bypass that layer of security.
Thankfully Cloudflare has a way to check to see if the request actually passed through Cloudflare if the website has turned on the Cloudflare IP Geolocation. That service automatically adds the country code value passed along in the CF-IPCountry request header to the origin web server. If you want to know more about the Cloudflare IP Geolocation check out their support document.
The logic is pretty simple, if the request does not have the CF-IPCountry request header then the request did not pass through Cloudflare (and the Cloudflare Firewall) so redirect the request back to the fully qualified domain name.
/**
* Cloudflare Location Check
*
* Checks for the Cloudflare location header. This is only there if the visitor has come through Cloudflare.
* If the request does not have this it is direct access and should be redirected to the host name
*
*/
function lgr_cflocation_check () {
//the country header is added by Cloudflare. If it is not there then this is direct IP access and needs to be redirected.
if( !$_SERVER["HTTP_CF_IPCOUNTRY"] ) {
//send them to the full URL which should add it.
header("Location: ".home_url().$_SERVER['REQUEST_URI']);
die();
}
}
add_action( 'init', 'lgr_cflocation_check' );
If you are having problems with direct access to your website through the IP address this might help you.
I am a big fan of Cloudflare, if you had not known that by my previous posts on them. In Friday October 10 2020, during their Birthday week celebration announcements they released a new feature called Automatic Platform Optimization. This new feature is targeted specifically at WordPress users, which is understandable, WordPress websites account for 30ish% of the worlds Internet websites.
While I am no longer a big fan or user of WordPress, for many reasons, there is good news about this new feature from Cloudflare for ClassicPress users. The Cloudflare WordPress plugin is compatible with ClassicPress and this new feature works perfectly with ClassicPress 1.2.0.
This is not entirely surprising considering that ClassicPress is forked from WordPress 4.9, but it is good news for those of us that use ClassicPress to know that we too can just use this new CloudFlare feature simply by turning it on if you have the CloudFlare plugin installed. If you already have a paid Cloudflare account it will be included in your plan. Free Cloudflare users will need to pay $5.00/month for the new feature.
How well does Automatic Platform Optimization work? It has only been a few days but in my testing I have seen considerable speed increase for my ClassicPress websites on Cloudflare. The time to first byte is considerably faster offering a faster response time for users around the globe.
If you are already a ClassicPress user with a Cloudflare paid plan I highly suggest you give this feature a try. If you are a Cloudflare free user this one new feature from Cloudflare is a good reason to either subscribe to a paid plan or just for the Automatic Platform Optimization feature. Your users will notice a difference very quickly.
Helping people with their websites over the years has, for the most part, gotten easier. It got a lot easier when I started recommending to clients to use WordPress. It was simple, people could look at the editing screen and easily add/edit their content. That all changed when Automattic and WordPress released WordPress 5 with the new block editor, often referred to as Gutenberg. The few clients I had that tried the new editor before it was released all had one request, how do they keep the old editor? The answer to that was simple, we installed the Classic Editor plugin, I told them not to upgrade to WordPress 5 just in case something might break their websites and we waited, waited to see if Automattic and WordPress would start to realize the mistake they have made to try to keep up with Wix and Squarespace.
It is now January, WordPress 5 has been out for close to two months, and it is clear that Automattic and WordPress have not come to their senses, and after reading plans for Phase Two of Gutenberg it is clear they are bound to follow the Gutenberg path no matter how many of their existing users and agencies they antagonize in the process. Reading Gutenberg reviews it is abundantly clear that Automattic and WordPress have no interest or desire to actually listen to the people that have helped build WordPress into powering roughly 30% of the Internet. It has also become clear that while WordPress likes to talk about the freedoms of using WordPress, the Gutenberg project has made it clear to the WordPress community that WordPress is made and run by Automattic, and specifically Matt Mullenweg and it is their way or the highway. While I am thankful for what WordPress has done, it has helped me earn a living for many years, and helped many of my clients create and manage their websites, that time is now over and it is time to move on from WordPress. For future clients that might mean creating sites in a new content management system, and I am looking forward to discovering the other systems that are available for clients. For current clients that are happy with how WordPress used to work it will mean migrating to ClassicPress.
For those that don’t know what ClassicPress is, it is a fork or copy of WordPress based off of the WordPress 4.9.8 version of WordPress. It is everything people love about WordPress without all the stuff they hate that was added in WordPress 5. ClassicPress is what the WordPress community claims to be. ClassicPress has exercised the freedoms that come with using WordPress and are making it a reality. The ClassicPress version 1 roadmap will give business users the predictable consistent content management system that they enjoy using. The version 2 roadmap has some ambitious plans that will make ClassicPress an even stronger content management system that includes the ability for users to manage their content management system in ways WordPress has actually taken away from users. This is good news for many of my clients since several have unique requirements such as turning off the REST API.
For my clients that manage their own website updates and upgrades and want to move to ClassicPress now, before version 1 of ClassicPress is actually released I have created a video that you can watch to walk you though the process. While ClassicPress is still in beta it is based on WordPress version 4.9.8 and is very stable. You will want to read the ClassicPress migration page before starting. You will also need to download the latest version of the switch-to-classicpress.zip plugin from the ClassicPress Github page. You do not need to unzip the plugin but you will need to upload it to your current WordPress install so remember where you have downloaded the plugin so it is easy to find when you need it.
Steps to Migrate to ClassicPress from WordPress
After you login to your existing WordPress website go to the Add New plugin section in your admin. Click the Upload Plugin button and either click Choose File to find the switch-to-classicpress.zip file you downloaded earlier or like I do in the video you can drag and drop the zip file onto the upload area. Once the plugin file is selected you can click Install Now. The plugin file will upload and install and you will need to activate it. After the plugin is activated you should return to the plugins page where you will probably have to scroll down and click the Switch link to start the migration to ClassicPress.
On the Switch to ClassicPress page you should see a checklist of what is required to run ClassicPress. If there are any issues here you will not be able to migrate to ClassicPress and this time and you will want to contact me so we can resolve those issues. If you see all green checkmarks you can simple click the Switch this site to ClassicPress now! button and the plugin will download the latest version of ClassicPress and migrate your site. Once it is done you will see the Welcome to ClassicPress screen.
Many of my clients have the free version of WordFence plugin installed on their websites to help reduce attacks. At this time ClassicPress is not officially supported by WordFence. Hopefully this will change soon in the future but until then you will need to change a couple of WordFence settings to ensure WordFence does not find false positives on your website. You will need to go to WordFence -> All Options -> Scan Options and uncheck “Scan core files against repository versions for changes” and “Scan wp-admin and wp-includes for files not bundled with WordPress”. Be sure to click Save Changes. This should prevent any problems with WordFence.
The migration to ClassicPress should only take a few minutes, in the video below I perform all the steps above after downloading the switch-to-classicpress.zip plugin file.
If you are having trouble migrating to ClassicPress feel free to drop me a note and I will do my best to help or you can visit the ClassicPress forum for the Migration Plugin and look for help there as well. They are a friendly community and will do there best to help you.