Disable the W3 Total Cache Footer Comment

Most of the WordPress/ClassicPress websites I work on use Cloudflare I don’t often have problems with the W3 Total Cache footer comments in the footer. Cloudflare usually just removes them. But recently I was helping a friend with a website that had the W3 Total Cache plugin installed and the footer comments were being inserted. They simply wanted to get rid of them. Thankfully a quick Google search lead me to a WordPress support comment with the solution.

Add the following code to your theme functions file, or a site specific plugin and you can easily turn off the W3 Total Cache footer comments for all visitors to your website.

add_filter( 'w3tc_can_print_comment', function( $w3tc_setting ) { return false; }, 10, 1 );

Cloudflare Location Check

Recently I had a client come to me with a very interesting problem. They have multiple web servers running behind a Cloudflare load balancer and the majority of those requests flow through the load balancer and are directed properly. However, there were still a number of requests that would make it through straight to the origin IP’s. The majority of those requests were often attempts at common WordPress exploits or simply plugin scanning looking for vulnerable plugins. If those requests were properly going through Cloudflare they would be dealt with by the Cloudflare firewall but by using the IP address these bad actors were able to bypass that layer of security.

Thankfully Cloudflare has a way to check to see if the request actually passed through Cloudflare if the website has turned on the Cloudflare IP Geolocation. That service automatically adds the country code value passed along in the CF-IPCountry request header to the origin web server. If you want to know more about the Cloudflare IP Geolocation check out their support document.

The logic is pretty simple, if the request does not have the CF-IPCountry request header then the request did not pass through Cloudflare (and the Cloudflare Firewall) so redirect the request back to the fully qualified domain name.

/**
* Cloudflare Location Check
*
* Checks for the Cloudflare location header. This is only there if the visitor has come through Cloudflare.
* If the request does not have this it is direct access and should be redirected to the host name
*
*/
function lgr_cflocation_check () {
//the country header is added by Cloudflare. If it is not there then this is direct IP access and needs to be redirected.
if( !$_SERVER["HTTP_CF_IPCOUNTRY"] ) {
//send them to the full URL which should add it.
header("Location: ".home_url().$_SERVER['REQUEST_URI']);
die();
}

}
add_action( 'init', 'lgr_cflocation_check' );

If you are having problems with direct access to your website through the IP address this might help you.

How to Migrate from WordPress to ClassicPress

Helping people with their websites over the years has, for the most part, gotten easier. It got a lot easier when I started recommending to clients to use WordPress. It was simple, people could look at the editing screen and easily add/edit their content. That all changed when Automattic and WordPress released WordPress 5 with the new block editor, often referred to as Gutenberg. The few clients I had that tried the new editor before it was released all had one request, how do they keep the old editor? The answer to that was simple, we installed the Classic Editor plugin, I told them not to upgrade to WordPress 5 just in case something might break their websites and we waited, waited to see if Automattic and WordPress would start to realize the mistake they have made to try to keep up with Wix and Squarespace.

It is now January, WordPress 5 has been out for close to two months, and it is clear that Automattic and WordPress have not come to their senses, and after reading plans for Phase Two of Gutenberg it is clear they are bound to follow the Gutenberg path no matter how many of their existing users and agencies they antagonize in the process. Reading Gutenberg reviews it is abundantly clear that Automattic and WordPress have no interest or desire to actually listen to the people that have helped build WordPress into powering roughly 30% of the Internet. It has also become clear that while WordPress likes to talk about the freedoms of using WordPress, the Gutenberg project has made it clear to the WordPress community that WordPress is made and run by Automattic, and specifically Matt Mullenweg and it is their way or the highway. While I am thankful for what WordPress has done, it has helped me earn a living for many years, and helped many of my clients create and manage their websites, that time is now over and it is time to move on from WordPress. For future clients that might mean creating sites in a new content management system, and I am looking forward to discovering the other systems that are available for clients. For current clients that are happy with how WordPress used to work it will mean migrating to ClassicPress.

For those that don’t know what ClassicPress is, it is a fork or copy of WordPress based off of the WordPress 4.9.8 version of WordPress. It is everything people love about WordPress without all the stuff they hate that was added in WordPress 5. ClassicPress is what the WordPress community claims to be. ClassicPress has exercised the freedoms that come with using WordPress and are making it a reality. The ClassicPress version 1 roadmap will give business users the predictable consistent content management system that they enjoy using. The version 2 roadmap has some ambitious plans that will make ClassicPress an even stronger content management system that includes the ability for users to manage their content management system in ways WordPress has actually taken away from users. This is good news for many of my clients since several have unique requirements such as turning off the REST API.

For my clients that manage their own website updates and upgrades and want to move to ClassicPress now, before version 1 of ClassicPress is actually released I have created a video that you can watch to walk you though the process. While ClassicPress is still in beta it is based on WordPress version 4.9.8 and is very stable. You will want to read the ClassicPress migration page before starting. You will also need to download the latest version of the switch-to-classicpress.zip plugin from the ClassicPress Github page. You do not need to unzip the plugin but you will need to upload it to your current WordPress install so remember where you have downloaded the plugin so it is easy to find when you need it.

Steps to Migrate to ClassicPress from WordPress

  1. After you login to your existing WordPress website go to the Add New plugin section in your admin. Click the Upload Plugin button and either click Choose File to find the switch-to-classicpress.zip file you downloaded earlier or like I do in the video you can drag and drop the zip file onto the upload area. Once the plugin file is selected you can click Install Now. The plugin file will upload and install and you will need to activate it. After the plugin is activated you should return to the plugins page where you will probably have to scroll down and click the Switch link to start the migration to ClassicPress.
  2. On the Switch to ClassicPress page you should see a checklist of what is required to run ClassicPress. If there are any issues here you will not be able to migrate to ClassicPress and this time and you will want to contact me so we can resolve those issues. If you see all green checkmarks you can simple click the Switch this site to ClassicPress now! button and the plugin will download the latest version of ClassicPress and migrate your site. Once it is done you will see the Welcome to ClassicPress screen.
  3. Many of my clients have the free version of WordFence plugin installed on their websites to help reduce attacks. At this time ClassicPress is not officially supported by WordFence. Hopefully this will change soon in the future but until then you will need to change a couple of WordFence settings to ensure WordFence does not find false positives on your website. You will need to go to WordFence -> All Options -> Scan Options and uncheck “Scan core files against repository versions for changes” and “Scan wp-admin and wp-includes for files not bundled with WordPress”. Be sure to click Save Changes. This should prevent any problems with WordFence.

The migration to ClassicPress should only take a few minutes, in the video below I perform all the steps above after downloading the switch-to-classicpress.zip plugin file.

If you are having trouble migrating to ClassicPress feel free to drop me a note and I will do my best to help or you can visit the ClassicPress forum for the Migration Plugin and look for help there as well. They are a friendly community and will do there best to help you.

WordPress 5 Gutenberg Editor: Thoughts and GoodBye

I have been testing the WordPress 5 Beta’s since they came out and prior to that I had installed the new Gutenberg plugin on a test website just to get a sense of what is coming in WordPress and I have to say that the future of WordPress is a concern. Many might say that Gutenberg is the future of WordPress and that I should just accept that fact and get over it but I have clients and their websites to worry about and it seems Gutenberg and Automattic have placed their priorities ahead of the many voices that have asked them for a different direction.

Who is Gutenberg for?

There are many different types of WordPress users and I will admit there is a section of WordPress users that Gutenberg is perfect for. It is for small one or two person blogs where the writers are also the designers and editors and every other role there is imaginable. WordPress with Gutenberg is WordPress trying to turn itself into Wix or Squarespace. This makes perfect sense for WordPress.com, since those are a couple of the major competitors for WordPress.com. Gutenberg will give people the ability, whether good or bad, to have more graphical control over their content. Gutenberg is the MySpace for WordPress. Writers will be able to add funky background colors, drop caps on paragraphs and all sorts of special graphical elements.

The following tweet was meant to showcase what can be done in Gutenberg.

I have to admit it does show what is possible with Gutenberg, except is that what people need? Are we going to get WordPress websites full of shaky sketches, constantly changing blocks with different background and foreground colors? If this is the future of WordPress then WordPress needs a new vision. Ultimately the mixing of content and presentation is a bad idea, and Gutenberg is making that mistake. If someone can show me an example when mixing content and presentation ever worked out well in the long term I would love to see it.

Who is Gutenberg NOT for?

Any organization that wants to maintain some semblance of design consistency and control over the final product. Any organization that uses WordPress to write, publish and manage their content knows how difficult it can be to maintain a consistent style and presentation. Multiple writers and editors producing content and publishing offers more to manage and maintain. Call them enterprise uses if you like, but if you have a team of more than two or three writers Gutenberg presents a major challenge not an opportunity. Editors already have enough work to do managing the content from writers, the last thing they need to do is spend time and money removing graphical flourishes writers might add using Gutenberg. To be blunt, giving graphic control to writers, who are not graphic artists, is a bad idea!

The other bigger issue is if you have any kind of custom work that was done and plugged into the old editor then Gutenberg is not for you. For example, I have several clients that have custom shortcodes that were created for them to manage specific elements on the page. The shortcode is inserted using a button that is added to the editor, and before some Gutenberg fan comes along and says you can do that in Gutenberg, the answer is yes, it could be done in Gutenberg. But who is going to pay for it? The client is already happy with how it functions and does not need it updated. The bloat to turn that specific function into a Gutenberg block goes from under 500kb as a simple shortcode to over 12mb as a Gutenberg block and that is before it even has the same functionality. In short if it is not broken there is no need to fix it. The cost and time required to switch to Gutenberg is not worth it.

Gutenberg Requires the JSON API

I like the WordPress JSON API for the most part it is a very useful tool to make WordPress into more of a framework instead of just a plain old CMS, but some clients feel the JSON API exposes to much and we turn it off all together, and make it impossible to access. WordPress 5 with Gutenberg takes that choice away from you. Gutenberg relies on the JSON API to do saves and autosaves, and is simple not usable if you have disabled or block the JSON API. This is going to become even more of an issue as WordPress moves forward since more of the administration of WordPress will be done through the API. This is more of a concern than even Gutenberg honestly, since it will soon be impossible to run a WordPress installation without the API. For some clients this is simply not acceptable and we are already starting to look at alternatives to WordPress.

Options

It is pretty clear that WordPress and Automattic are going to continue to push Gutenberg not only into core for editing but also further along into managing more of the WordPress admin, so what is a WordPress user to do. For the time being the best thing to do is to install and activate the Classic Editor plugin. This will buy you time so you don’t have to deal with the mess that is Gutenberg for the moment. WordPress has announced that the Classic Editor plugin will be supported until December 31, 2021. There is no word however what happens when Gutenberg starts making its way into other admin sections. The Classic Editor might be expanded to account for these additions or WordPress might have to be abandoned sooner rather than later.

The Classic Editor plugin is not a permanent solution, and there was a call for a Long Term Support (LTS) version of WordPress (More info) but in the end the ticket was closed and marked won’t fix. That means that to have a LTS version of WordPress will mean switching to the new fork of WordPress called ClassicPress. ClassicPress is based on WordPress 4.9.x and will not include Gutenberg. Version 1 of ClassicPress will not be a big change from the current WordPress so things will continue to work as people and clients expect. ClassicPress has also setup a structure for users to participate in the decisions moving forward for ClassicPress. Some of the largest problems with Gutenberg have not been technical problems but problems with people not feeling heard and appreciated, and basically being ignored. ClassicPress is possibly the best option for current WordPress users that just want their websites to keep working like they are after WordPress 5 is released.

My Recommendations

At this time I recommend that WordPress users install the Classic Editor plugin and do not upgrade to WordPress 5. This is especially true if you have any custom work that has been done to your website. In the long term I personally plan on moving to ClassicPress and will be moving the majority of my client installs to ClassicPress when I know that it is stable and will continue to be supported. This has not been an easy decision, I have loved working with WordPress but this new direction has shown how little Automattic seems to care about the community that has helped build up WordPress.

P.S. This post proudly not written in Gutenberg.

WordPress GDPR Plugins

GDPR

For the record I am not a lawyer and I will not guarantee that any of the content below will help you in being GDPR compliant.

Normally I don’t pay a lot of attention to laws coming out of the European Union, because frankly I live in Canada and for the most part their laws have no day to day effect on me. That changed when I started reading about the General Data Protection Regulation (GDPR). If you are like me, odds are you probably did not spend anytime thinking that the GDPR applies to you and your website being run and operated in Canada or the United States. Unfortunately it appears that this would be incorrect and anyone that operates a website that can have a European citizen visit it now needs to comply with the GDPR.

Personally I think this law is misguided (downright stupid actually). It is a law that is really aimed at the large Internet companies that have HUGE budgets like Google, Facebook, Twitter etc, that can track users across the Internet and know what people are searching for, what they do and who they see. The only reason this law really applies to my little tiny corner of the Internet is the fact that I have a website that I placed ads on and then allows Google (in this case) to know more about you to show you better ads. The European Union has tried to disguise this law about being about the average person and their data, when really it is about trying to reign in the Google and Facebook companies of the world. Should the Google and Facebook companies and the data they collect be constrained, sure, but making me spend my own time and money to do it for them is not how to go about this. But I digress.

Note, that NONE of these plugins will automatically make your website GDPR compliant. In order to do that you will NEED to modify the code on your website, know how to prevent code from automatically running and setting cookies and how

GDPR

This plugin by Trew Knowledge is my favourite GDPR plugin for a few reasons. Perhaps the best reason to like and use this plugin is for what is not directly in the plugin but the excellent knowledge base that they have about how to use the plugin and integrate it into your WordPress website. The plugin also has an active Github repository where you can browse code, look through issues and get help if you need it. The plugin has several PHP and Javascript functions that will help you in blocking cookies from being set and makes it pretty easy to set the information people need to have agree to your cookie settings. The Javascript functions come in handy if you use a caching plugin to be able to still block cookies while still being able to serve cached pages. I have had some issues with the CloudFlare Rocketscript settings and the Javascript functions not being defined if jQuery is loaded using Rocketscript, but it might mean you have to make sure the jQuery Javascript file is not served through Rocketscript.

The GDPR Framework

This plugin by Codelight has great potential and probably is more useful for WordPress users that are in the European Union. It allows you to track consent and gives people some good tools to view, export and delete their personal data, but it is missing the tools to offer cookie management and consent. Without the cookie solution it is only have a GDPR plugin. The plugin does create a nice Privacy tools page to allow visitors to manage their data. Until this plugin gets a cookie management system it feels like only half GDPR plugin.

WP GDPR Compliance

This plugin by Van Ons does offer some nice integration with popular contact form plugins like Contact Form 7 and Gravity Forms for example. It can also add a nice acceptance check box on the comments form. It takes a different approach to preventing cookies and scripts from running prior to acceptance. It allows you to enter in the Javascript you want to run and if you want to Javascript to run in the header or the footer. When people accept the script it will load it. It is a more user friendly approach to preventing scripts from automatically running before approval. Inserting ad code could be more difficult but it might be possible to prevent ads running using this method. It is certainly the most user friendly plugin but website owners will still need to have an understanding of what scripts they can control and it will certainly not fix all the scripts that might be present in other plugins and even themes. In my testing I had a problem with the Jetpack sharing buttons showing up in the footer alert and the privacy settings modal. I could not find a quick way to turn it off but something to be aware of.

GDPR Cookie Consent

This plugin by webtoffee was previously called the Cookie Law Info plugin. The plugin might have been very good for the previous cookie law but it feels a little hastily thrown together for the GDPR. Granted most of us in North America are probably all scrambling thanks to the GDPR and the fact that it applies to us, but you would think that a plugin made for the previous Cookie law in Europe would be and feel more prepared. What I do like about the plugin is the nice custom post type to add information about cookies and the ability to use a shortcode to display that information on a page. There does not seem to be a way for people to select cookie categories to allow or reject though. It is all or nothing and while I like the idea of all or nothing I think (in my reading about GDPR) that is not good enough. You need to give people the option to accept some cookies and deny others.

7 Essential WordPress Plugins in 2017

If you are just starting out with WordPress it can be daunting. The huge amount of themes and plugins to choose from is huge, not to mention the learning curve of purchasing a domain name, setting up your hosting, installing WordPress and eventually getting to writing and publishing your website. Adding in more things like plugins can just be too much for some people and lets face it there are plugins out there that are just not worth your time. So if you are just getting started with WordPress or have been using it for awhile and are looking for how to make your day to day use and management of it just a little easier here are my top five WordPress plugins that you should install and use.

Google Analytics for WordPress by MonsterInsights
You want to know how many people are visiting your site and this is still my favorite Google Analytics plugin. It used to be a Yoast plugin I believe but they sold it to MonsterInsights and it has gotten better since then. Two of the things I like best about this plugin is the simple and easy to read dashboard with stats and the fact that you just click a box to have outbound links tracked. Just makes it easy to get Google Analytics up and running on WordPress.

VigLink
We all want to make money and pay the bills from our sites, the problem is creating and managing affiliate relationships and links can be a huge time suck. Especially if you just want to make the odd link to Amazon.com or to the latest product or service that you just bought. VigLink helps take care of all of that for you and helps to monetize all those outbound links that you have on your website. If you are not using CloudFlare(that is a whole other post) then you should sign up with VigLink and install the VigLink plugin.

Redirection
Sooner or later you will need to redirect people from one page or post on your website to the new one that replaced it but messing with htaccess is just not very quick. There are other uses for the Redirection plugin as well. For example the link to VigLink in the paragraph above, did you notice it has /go/viglink.html as the link. I often use Redirection to help manage outgoing affilaite links, not to hide but simple to make it easy to change in the event the merchant closes, or I need to send people to a different page. I like VigLink but if you have long term affiliate relationships or links you want to manage Redirection comes in very handy to help with that as well.

Wordfence Security
Keeping the bad guys out is a full time job but who has time to sit there and monitor your website 24/7 for the bad guys. While there are many different options to prevent brute login attempts, hacking and other types of attacks the free version of Wordfence Security will help you keep your website safe.

All-in-One WP Migration
You might not use this plugin everyday but when you need it, it sure is handy. Although the name of the plugin is about migrating your site from one server to another it is also very handy for making regular backups of your website and then in the off chance that your site is hacked, or you do need to move to a new host you can easily restore it. I regularly use this plugin on sites to make regular backups and download them. It can be automated but that is a post for another day, but even if you manually create your backup and download it you it can save you lots of time. In fact if you do need to move to a new host I would guess you can restore your whole WordPress website between 15 to 30 minutes and be up and running again.

Contact Form 7
You will want a contact form on your website, and Contact Form 7 is awesome. Easy enough for anyone to setup and use, but for those that want to get in there and tweak things you can do that as well. As a bonus if you want to save contact forms straight to your database and be able to export them as a spreadsheet check out the CFDB plugin as well. It is no longer in the WordPress plugin repository but it is a great plugin to have along with Contact Form 7 so you don’t rely on email alone, because email somehow will just disappear.

Anti-spam
Spam, both the food and unwanted comments, suck! We all know it sucks the anti-spam plugin helps to keep it all at bay. Anti-spam will help keep the spammers away or a least stop the spam from actually making it into your comments. They also offer a pro version but for more people the free version is all you will probably need.

BONUS

3 Plugins to Avoid When Starting out with WordPress

I will start out by saying that I love WordPress, it is awesome, but not everything by Automattic is awesome and in fact probably be avoided for several reasons.

Akismet
Now you are probably wondering why would I recommend you use Anti-spam above instead of Akismet, the spam defense by Automattic. The answer is pretty simple actually, Akismet is only free for personal blogs. If you are using WordPress for business, have an ad on your WordPress website, link to any site through an affiliate link then you no longer are a personal blog and you have to pay for Akismet. Pricing in USD starts at $5.00/month/website. If you are just starting out, don’t make a lot of money from your website or are a business you are suppose to purchase Akismet. Is Akismet good at stopping spam, yes, but if you are just starting out or don’t make TONS of money from your website save your money and use Anti-spam. In fact I would say Akismet makes my list of plugins to remove on install.

JetPack
As much as I say I LOVE WordPress, I have the exact opposite feeling for JetPack. In fact I would go far as saying I LOATH JetPack. I dislike JetPack for different reasons that I dislike Akismet. JetPack has some nice features, except for the odd feature that you want to use with JetPack you need to get ALL of JetPack. There are simply other options available. Aside from the fact that I think the user interface for JetPack is horrible, perhaps the biggest reason I dislike JetPack is the fact that is calls home all the time and needs to have access to your site. Sure it makes it easy to administrate your website through WordPress.com, but how often does anyone actually use WordPress.com to administrate their self install version of WordPress? In fact I bet most people never use it.

Yoast SEO
I am going to pick on the Yoast SEO plugin because it is one of the most popular, but any SEO plugin is really not needed anymore. In fact of all the sites I help manage these days there are only a few that still have Yoast SEO or any SEO plugin installed. Has traffic changed on those sites? Nope. In fact if anything traffic has improved, not because the SEO plugin is no longer there but because of other SEO factors improving like better hosting.

CloudGuard

It was not long ago that I was looking for a way to block visitors from some countries on some of my clients websites. The sites really only needed to be accessible from North America and did not need to be exposed to the extra visitors, bandwidth and possible hackers that might just want to hack their websites for fun. Since I setup all my clients with CloudFlare now it is possible to turn on IP Geolocation in CloudFlare to know what country users are from, but unless you are an enterprise customer with CloudFlare you cannot outright block a whole country.

I had been using a simple PHP function on my customers websites to simply look for the CloudFlare IP Geolocation header and if the person was not from the country that was not allowed I was blocking them, but had never gotten around to turning it into a full blown WordPress plugin. Now thanks to CloudGuard I can retire my quick test and use their plugin to only allow visitors from the countries we want to be able to access a website.

Using CloudGuard you can simply whitelist the countries you want to be able to login to the website and know that the rest will be blocked. You even get a nice map showing you the countries that have been blocked.

The plugin has cut down on the number of hacking attempts on WordPress considerably and it is very easy to use if you are a CloudFlare user, even free users are able to use it. Just a matter of turning on the IP Geolocation in CloudFlare so CLoudGuard can read the location header that CloudFlare adds to a visitor when they visit your website. The only feature that might be nice to have on CloudGuard would be the ability to block people not just from the login but from the whole website altogether.

If you want to cut down on the number of hacking attempts and limit access to your WordPress login to a country or two and are a CloudFlare user as well I suggest you give CloudGuard a try. It has been a great help since I installed it on clients websites.

Download it at the WordPress plugin repository.

UTF8 Sanitize

Minnie Mouse

There are times when little problems pop up using WordPress that you just might not expect. Most users don’t know or care about what character encoding their computer and browser are using but when that character encoding is different from what WordPress uses it can lead to some odd problems.

Usually the tell tale sign of a character encoding problem is the appearance of odd characters in a WordPress post. Boxes where there should be characters or quotation marks that look odd. Sometimes there might not be any visible signs of a problem, but certain pages just do not seem to load properly. It can be a frustrating and confusing problem because you just don’t quite know what is going on.

If you have had this kind of problem odds are if you copy the content of your post in text mode over to a plain text editor, my favourite is Bluefish these days, you might be able to actually see the characters that have the problem and fix them. You can then copy and paste the content back to WordPress.

If you don’t want to go through that trouble and you have this problem regularly take a look at UTF8 Sanitize. It is an older plugin but so far it does seem to work still with the new WordPress. It takes the content of your post and tries to remove the non UTF8 characters.

If you do have this problem regularly you might want to check your computer character encoding settings or the editor you usually write in. It can be a hard problem to find the solution to fixing but once you do your WordPress posting will be easy once again.

Spam, Spam and More Spam

Some WordPress Spam

As long as there has been the ability to leave comments on websites there has been spam. I recall creating a guestbook for a client once and even though the guestbook used a captcha it did not take long before it started to become overwhelmed with spammy comments. Fighting spam has become so difficult in fact that it can start to distract you from what you need to be focused on with your website in the first place, creating good content, attracting leads and making sales. If spam has become a constant battle with your WordPress website here are some ideas and tools that might help turn the tide on the battle.

Turn Off Comments

Depending on the purpose of your website you might not need or want comments in the first place. By turning comments off altogether your spam problem can be virtually eliminated over night. Even if you run a popular blog you can still turn off comments, much like Copyblogger did last year. I you do turn off comments altogether you might also want to add a redirect on the WordPress wp-comments-post.php file. Many spammers simply post to that WordPress file and never actually visit your website. By redirecting it using .htaccess or some other redirect you can simply send the spammer off to some location where they will do no harm.

Use Another Commenting System

There are several other commenting system that are available that can help cut down on the amount of spam you receive. Services like Disqus, Facebook Comments and IntenseDebate all offer the ability to host comments for you. Depending on your needs they might be just want you are looking for. They certainly can help in reducing the amount of spam your comments receive.

Use an Anti-Spam Plugin

If you do decide to keep comments on your website making sure you use a decent anti-spam plugin is essential. Many people will simply tell you to use Akismet, and while I would say Akismet is certainly a good plugin, if your website uses any ads or is for any kind of commercial use AT ALL then you should honestly stay away from Akismet unless your website has grown to the point of being able to earn enough money to be able to afford the Akismet monthly rates.

Thankfully Akismet is not the only anti-spam plugin available. Some of the more popular plugins include Anti-Spam, WP-SpamShield Anti-Spam and one I have been testing on some sites, Spam Destroyer. There are even some that use Google’s new “No Captcha reCaptcha” like this plugin Google’s No Captcha reCaptcha.

Use Cloudflare

One of the best ways to keep spam off your website it to not let them get to your website in the first place. Some people dislike Cloudflare but it can help a great deal in reducing the automated spam from bots. You can even create a special page rule to protect the wp-comments-post.php file to increase the checks done no the people and bots trying to post a comment. This can make it much easier to keep the bots away and by even just making it a little slower to try and post a comment to your website.

What is your favourite anti-spam technique on your website?

Use WordPress Themes and Functions on Other PHP Pages

Free Favicon

WordPress is a great content management system but there are still times when you either just want to add a page to your website that is not a part of WordPress or when perhaps you just want to give make sure all the pages on your website whether they are in WordPress or not all have the same look and feel. Thankfully WordPress has made it easy to make WordPress functions available on other PHP pages.

I recently wanted to redo Free Favicon and make sure the blog and the website all had a new fresh look. I had a theme in mind for the blog and want to make sure the rest of the pages had the same theme and look.

The first step is to include the WordPress wp-load.php file. This is the key to using WordPress functions, like loading theme files, outside of WordPress. For Free Favicon I simply added the code to load the wp-load.php file in the header template that the site was already using by adding a line similar to the following:

include($_SERVER['DOCUMENT_ROOT'].'/path to your wordpress install/wp-load.php');

Once wp-load.php was included you can access all of the WordPress functions so I could call the header and footer functions from the theme and have the site themed using the same WordPress theme the blog was using.

//call the theme header
get_header();

//call the theme footer
get_footer();

The only problem I ran into after getting the pages themed with the WordPress theme was how to change the title of the PHP pages with the new header. The original PHP pages had a section at the top of each of them that defined the title for the page. I just ran the WordPress filter wp_title and assigned the defined page titles from the PHP pages to be displayed using the WordPress theme.

function assignpagetitle() {
  global $documenttitle;
  return $documenttitle;
}
add_filter('wp_title', 'assignpagetitle');

Overall it was a pretty painless upgrade to Free Favicon, and a very easy way to make sure the whole site had a consistent look and feel. There are still some pages I left without the new theme and eventually I will probably getting around to fixing them as well.