Wordpress

Blog posts about WordPress, the blogging tool used to power this site.

Pressidium Cookie Consent plugin review

by
Screenshot of the home page for the Pressidium WordPress cookie consent plugin

Someone anonymously emailed me recently to advise that my cookie consent banner was not compliant with current privacy regulations, and so I’ve swapped it for the Pressidium Cookie Consent WordPress plugin.

To date, I’ve been using the cookie consent banner component of the Toolbelt plugin (my review). As much as I like Toolbelt, it’s getting a bit old and it’s been almost five years since its cookie consent module was updated. As such, it basically says that ‘this site uses cookies, deal with it’, rather than giving users a choice to opt-out.

I’m a relatively privacy conscious person, to the extent that I tend to browse the web in Firefox with Enhanced Tracking Protection enabled alongside Privacy Badger. This extends to this web site – where possible, I avoid using third-party services. Indeed, the only cookies that you should experience are session cookies whilst browsing, that are deleted when you close your web browser, and Pressidium’s own cookie to remember your consent. For analytics, I use Koko Analytics (my review), which doesn’t need to set any third-party cookies.

Setting up Pressidium Cookie Consent

I deliberately went for this cookie consent plugin because it’s lightweight, and doesn’t need to use a third party web application. I’ve previously tried the CookieYes WordPress plugin, which is much more powerful and will auto-detect cookies to add to its consent forms. But it’s a big plugin designed for big sites that use lots of third-party tracking scripts. And as mentioned, I don’t.

Once installed, Pressidium Cookie Consent is relatively easy to set up and configure. You get a moderate amount of control over how the pop-up appears, and in turn the Cookie Settings box that users can view if needed. I like that it defaults to ‘accept all’ and ‘accept necessary’ – it annoys me when sites make you go through settings to reject all cookies and have you ‘object to legitimate interests’. In terms of its appearance, you can have it appear as a box or a strip, and control the colours.

In terms of specifying the cookies that users can consent to, this is where you’ll need to spend some time browsing your site in Private Browsing with Developer Tools open. Unlike the aforementioned CookieYes plugin, there isn’t a way of automatically detecting the cookies your site uses. Cookies can fit into four categories: necessary, analytics, targeting and preferences. Unfortunately, you can’t hide these categories, even if your site doesn’t use targeting cookies, for example.

If you use Google Tag Manager, then you can integrate this – I don’t. You can also include translations of the cookie consent popup and settings, and if you have API keys for OpenAI or Google Gemini, then it can use AI to generate these for you.

Free and open source

As it runs locally on your own WordPress instance, Pressidium Cookie Consent is free with no premium tier. The source code is on GitHub under the GPL 2.0 licence, and it’s in active development with a recent release for compatibility with the latest WordPress 6.9 release. Whilst it might not be as powerful as some WordPress cookie plugins, it should at least make your site compliant with GDPR and the like.

WordPress Wayback Link Fixer plugin

by
Screenshot of the Internet Archive Wayback Machine Link Fixer

Link rot is a major problem for long-established web sites that link to other sites. It’s a particular problem for blogs – the word ‘blog’ is, after all, a shortened form of ‘web log’ and the original blogs were links to interesting things the blogger writing it had found.

I’ve been blogging since 2002, and in that almost one quarter century, lots of the things I’ve linked to have gone missing. Companies close, web sites change and decide not to preserve their URLs, or are sold on to new owners. As such, many older sites are full of links that no longer point to anywhere useful.

This is where the Internet Archive Wayback Machine Link Fixer plugin for WordPress comes in. Once installed, it pro-actively scans outgoing links from your blog posts on a regular basis. If any no longer work, then, where possible, the plugin will amend that link to point a cached version of that link on the Internet Archive’s Wayback Machine. That way, people following the link will still get to see something, rather than a dead link. It’s an official plugin from the Internet Archive that has been developed with support from Automattic.

Backup to the Wayback Machine

But that’s not all! Once installed, you can opt-in to have all of your blog posts automatically backed up to the Wayback Machine. So, if your WordPress blog ever goes dark, all of your posts and pages should be available there for others to find.

Normally, the Wayback Machine uses a crawler which usually scoops up most web pages in time. But it can miss those that may only be online for a short time, or not linked from a web site’s home page. This is a problem I’ve faced myself; I lost all my blog posts in 2018, and over the past three years I’ve been slowly reinstating old posts. Alas, some are missing from the Wayback Machine and are therefore (probably) gone forever. Whilst making sure that the Wayback Machine has copies of your blog posts is a good thing, you should also have your own backups and I now use UpdraftPlus for this.

So, if you’re a WordPress user, and care about preventing link rot and the sharing of information, go and install the plugin. Thanks to Matt for the head’s up, and maybe consider donating to the Internet Archive as well?

Recent sidebar additions

by
Screenshot of the additional sidebar widgets

I’ve added a couple of extra WordPress widgets to the sidebar, which appears on the right of blog posts if your screen is wide enough. For smaller screens, it’ll be at the bottom.

The first is a list of the five most read posts over the past 30 days. This is provided by the Koko Analytics plugin, which I use for analysing visitor statistics. Generally speaking, these will be the posts that seem to rank highest when people use search engines. My post about a free-standing CarPlay unit is perennially popular.

The second is a list of posts written on this day in the past. When I was a Movable Type user, I used Brad Choate’s OnThisDay plugin to achieve something similar. On WordPress, I’m using the Posts On The Day plugin instead.

Both plugins make a widget available to insert wherever widgets can go in your WordPress theme. They’re classed as ‘legacy widgets’ but are customisable in the WordPress user interface.

This does mean that, on shorter posts like this one, the sidebar is now significantly longer than the content. Oh well.

Koko Analytics – a stats plugin for WordPress

by
A screenshot of the Koko Analytics dashboard running on WordPress. There's a bar chart showing daily visitors and page views, the most popular pages and referrers.

Back in March, I stopped using the Jetpack WordPress plugin, and replaced it with Toolbelt, which replicates many of Jetpack’s features. I’ve been concerned about the direction Automattic, and especially its founder Matt Mullenweg, have been taking, and so I’ve wanted to stick to self-hosted alternatives. Whilst Toolbelt does a lot, it doesn’t offer stats, and so I’ve recently starting using Koko Analytics.

Compared to Jetpack Stats, Koko Analytics, at least in the free version, is a little more basic. You’ll get to see how many visits and page views there have been, and also how many page views within the last hour. You can also see your most popular pages and blog posts, and which web sites have referred visitors to you. And you can import and export your data too.

For me, the main benefit of Koko Analytics is that all the data is hosted locally. With Jetpack Stats, you are uploading data to Automattic’s servers, which needs to be mentioned in your site’s privacy policy. Koko Analytics is therefore more respectful of the privacy of your visitors, by not sharing their data.

Koko Analytics Pro

There is also a paid-for upgrade, which costs €49 per year per site (about £40 at present). This also allows you to track what links people click on whilst browsing your site, receive weekly reports, and export data in CSV format. The cheapest Jetpack Stats plan is currently £50 for the first year, rising to £84 in subsequent years, and only for sites with 10,000 page views per month or less. Whilst, as an individual, I can use the free version of Jetpack Stats, I’m currently on around 8000 page views per month. Overall, Koko Analytics is significantly cheaper than Jetpack Stats.

I found out about Koko Analytics through this blog post from Terence Eden, where he has a guide to importing data from Jetpack Stats using some Python scripts. Thankfully, since that was written, the Koko Analytics plugin now includes a Jetpack Stats import tool which is much easier to use.

Whilst it’s basic, the fact that Koko Analytics is lightweight, and that it keeps all its data on your server, makes it a strong recommendation from me, if you need a stats plugin for WordPress.

WordPress, and conflicts of interest

by

There’s been quite the to-do in the world of WordPress in recent weeks. Matt Mullenweg, one of the two people who forked b2/Cafelog to create WordPress in 2003, has had a public spat with WP Engine, a WordPress host.

Matt’s arguments are that WP Engine should be paying to use the WordPress trademark (or offer development time to the WordPress project in kind), and that it disables features in WordPress such as post revisions (which allow you to revert a blog post or page back to an earlier version). He’s used his platform to publicly call out WP Engine, including at a recent WordCamp event where he was the keynote speaker – an event supported by WP Engine.

Before I go into much more detail, please take 5-10 minutes to read If WordPress is to survive, Matt Mullenweg must be removed by Josh Collinsworth, which sets the scene pretty well. You can then come back here to continue reading.

Matt is basically the same age as me – he turned 40 a few months before I did. But in the 21 years since WordPress became a project in its own right, he has accumulated a huge amount of power and responsibility. He’s the founder and CEO of Automattic, the commercial enterprise that runs WordPress.com – which is a WordPress host and direct competitor of WP Engine. But he’s also one of only three board members of the WordPress Foundation, which looks after the WordPress open source project (aka WordPress.org), and, seemingly the only active board member.

To me, this is a massive conflict of interest, and means that a massive amount of control over WordPress is held by one person. Don’t get me wrong, I believe Matt deserves to be on the board of the WordPress Foundation, but not as the only active member. And we’re seeing the impact of this control, with WP Engine’s access to the WordPress plugin and theme directory cut off.

Though there’s been a temporary reprieve, this is an abuse of power. As Josh Collinworth says in the piece linked above:

Matt’s actions have ensured his hosting companies are now the only WordPress hosts that can guarantee something like this will never happen to their users.

Whilst I don’t use a dedicated WordPress host, should Matt have a beef with my host for whatever reason, this could cut off my access to security updates for plugins. I mean, there would be ways of downloading updates manually, but this would also require regular manual checks. Not really feasible considering I have 28 plugins installed.

I hope Matt backs down, and comes up with some kind of agreement with WP Engine so that their users won’t lose out. But I also think that some change needs to happen at the WordPress Foundation, to stop a single board member to act unilaterally like this again. And Matt needs to take a long hard, look at his actions from this year; first there was the transphobia, and more recently selling out content on WordPress.com to train AI models. This is why I no longer use the Jetpack plugin on here.

To recluse oneself from making decisions where a conflict of interest may occur is a core principle of most professional membership organisations, and good leadership. I’ve taken a step back more than once at work, where I’ve had a conflict of interest regarding a decision for someone that I know outside of work. Matt needs to do the same.

Modern Image Formats plugin

by
A screenshot of the Modern Images Format plugin in the WordPress plugin directory

I’ve recently started using the Modern Image Formats plugin for WordPress, which automatically converts any images you upload to the WordPress Media Library to the new WebP and AVIF image formats.

Both formats offer better image compression than GIF, JPEG or PNG, and AVIF is particularly good. Mozilla reckons it’s the ‘next big thing’ for images on web pages. All modern web browsers support it, and have done so for a couple of years; it was added to Firefox in version 93 in October 2021.

I’m old enough to remember when PNG images were the next big thing, and were expected to overtake the GIF format which was limited to 256 colours and encumbered by patents. Suffice to say that GIFs are still alive and well in their animated format.

If you have a WordPress blog, consider giving the Modern Image Formats a try. It works in the background, and should make your images smaller. That way, they’ll take up less disk space, and download quicker – especially for users on slower connections. It won’t convert every image – sometimes, the original JPEG or PNG may be smaller, and so it’ll leave these alone.

I’ve been using it for some time now and no-one seems to have complained that the images aren’t working yet.

Blocking AI crawlers

by
An AI generated image of a robot ant and a stop sign

I’ve recently updated my robots.txt file to block crawler bots used to train AI systems. It uses a master list from here, which I found thanks to Kevin. The idea is that I am asking for my content not to be used to train large language models such as ChatGPT.

I don’t mind my content being re-used – all of my blog posts carry a Creative Commons license, after all. But it’s the Attribution, Share Alike license, and this is important to note. If an AI was to generate a derivative work based on one of my blog posts, then to comply with the license, it must:

  1. Include an attribution or citation, stating that I wrote it.
  2. Ensure that the derivative work is also made available under the same license.

AI models don’t do really this – at least not at present. Any text is just hoovered up and combined with all the billions of other sources. Until such a time that these AI models can respect the terms of the license that my content is published under, they’ll be told to go away in the robots.txt file.

I haven’t yet gone as far as blocking these bots entirely. After all, robots.txt is essentially asking nicely; it’s not enforcement, and many bots ignore it. I used to use a WordPress plugin called Bad Behavior to block such bots, but it seems to have been abandoned.

Incidentally, my robots.txt file isn’t a flat file – I’m using the DB robots.txt WordPress plugin to generate it dynamically. This is why it has many other lines in it, instructing other crawlers about what they can and can’t access.

Cross-posting on socials

by
An AI-generated image using Microsoft Copilot showing a stack with the WordPress logo surrounded by smaller stacks with social media logos on them

I’ve recently updated the Feeds page to list ways other ways that you can follow this blog, besides subscribing to the RSS feed. To summarise:

  • There’s the weekly email
  • Any Fediverse app (e.g. Mastodon, Friendica) can follow the blog directly using ‘@nrturner
  • There’s now a dedicated Facebook page
  • I’m automatically cross-posting links to new blog posts to X/Twitter, Mastodon and Bluesky

The Facebook and X/Twitter integration is being done via Buffer and the WP to Buffer plugin. This is because Buffer is one of the few services that still has write access to the X/Twitter API. It also means that I am using my X/Twitter account again, but only to link to my own blog posts. I’m not logging in to interact with other users or post anything there that isn’t a link out to something I host. At least, not until Elon Musk inevitably gets bored, bankrupt or both and sells X/Twitter to someone better.

I think I used to have a dedicated Facebook page for this blog in the past, but I must’ve deleted it at some point. Anyway, there’s a new one which has been around for a couple of weeks and has had basically zero interactions in that time. If you want to very occasionally see my blog posts on your news feed, when the Facebook algorithm deems me worthy, feel free to give it a ‘Like’. I won’t be incorporating any of Meta’s cookies or adtech into this web site, don’t worry.

To cross-post to Mastodon, I’m using the Share on Mastodon plugin. It’s simple but configurable, and does the job well. For Bluesky, I’m using Neznam Atproto Share, which is also simple but configurable. I quite like relatively simple WordPress plugins that just do one or two things, and don’t try to take over your dashboard.

Whilst I have a Threads account, Meta hasn’t opened an API for it yet, so no auto-posts there. Mastodon remains my primary public social media presence, but I do scroll through Bluesky regularly too.

Sign up to my newsletter

by
An AI generated image of a postal worker delivering an email newsletter into a mailbox.

It seems like everyone has an email newslettter nowadays. I used to have a simple form where you could sign up for posts by email, powered by Jetpack, long ago. Seeing as it’s the in-thing again, I’ve added an email newsletter sign-up box to the sidebar (if you’re viewing on a desktop) and also below each post.

If you sign up, you’ll get a weekly email on a Monday with that week’s new blog posts. It’s automated, and so there won’t be any additional content for newsletter subscribers. Of course, there’s still the good old RSS feed which has been available for over 22 years now. And you can follow this blog on the Fediverse using Mastodon:

Neil Turner
Neil Turner
@nrturner
968 posts
4 followers

Not ‘a Substack’ newsletter

It seems like the word ‘substack’ has already become genericised (as per this toot from @mathowie). To be clear, whilst this is an email newsletter, I will not be touching Substack. Just in case you’re not aware, Substack hosts a lot of nazis, and doesn’t seem to be particularly bothered by this. A few of the worst offenders have subsequently been kicked off, but there are still many horrible people making money there. I actively avoid subscribing to Substack newsletters where possible, and certainly won’t pay for them. As well as self-hosting with WordPress like I do, Buttondown, Medium and Ghost are good alternatives, and many have easy import processes.

MailPoet

I don’t use Jetpack anymore, so instead I’m using the free version of MailPoet. There are lots of email plugins for WordPress, and most seem to offer full customer relations management features and detailed analytics. I don’t want that – I just want something simple where you type in your email address, confirm your subscription, and get a simple automated weekly digest.

MailPoet does have a lot of bells and whistles, even in the free version, but it is possible to just do what I want it to do. You can also manage it entirely within WordPress and don’t need to sign up to a third party service. Whilst it recommends that you use a third party email sending system, I’m sticking with my own. Unless I end up with thousands of subscribers, in which case I’ll re-consider.

Using Toolbelt instead of Jetpack on WordPress

by
A screenshot of the Toolbelt plugin in the WordPress plugin directory

A couple of weeks ago, I stopped using the Jetpack plugin for WordPress, and switched to Toolbelt instead.

Jetpack is one of the most popular WordPress plugins and is developed by Automattic, so ditching it has been a big step. Here’s my thinking behind my decision.

What’s wrong with Jetpack?

Jetpack is a big plugin. This is because it does a lot of things, but it can add some big overheads to your WordPress install. Whilst more recently some features have been made available as individual plugins (such as Jetpack Security), many still use the large monolithic plugin.

It relies on services provided by WordPress.com, so there’s background web traffic going there. That can have an impact on your web site’s privacy policy, especially across international boundaries. And Automattic has been in talks with OpenAI and MidJourney about using content from WordPress.com and Tumblr to train AI models. Whilst there’s an opt-out, this really should have been opt-in. My content is licensed under Creative Commons, and I doubt these models respect licensing.

I’m also not keen on how Jetpack inserts adverts for its premium services into my WordPress install.

More disconcertingly, there’s been a recent incident of transphobia that involved a Tumblr user and Matt Mullenweg, Automattic’s CEO. It’s somewhat reminiscent of the Twitter Joke Trial, where an amusing but poorly thought out post got the user into trouble, and Matt waded in. I’ve generally been a supporter of Matt but this incident made me decidedly uneasy. I’m a member of the LGBTQ+ community and try to be a good ally to my trans friends, and I don’t want to support a company which is hostile to trans people.

What is Toolbelt?

Toolbelt is essentially a replacement for Jetpack. Like Jetpack, it offers a wide range of features in a modular way. By default, they’re all switched off, so you just need to enable the ones you want. There’s some overlap with Jetpack, but Toolbelt offers some additional features that Jetpack doesn’t have.

Toolbelt is much more lightweight; since installing it, my WordPress installation feels faster. I haven’t been able to quantify improvements, but pages should load quicker. Hopefully, WordPress will use less server resources too now. It does mean that some things look a little different, as I’m using Toolbelt’s social sharing icons and related posts, rather than those from Jetpack.

For the time being, this means new posts won’t be automatically shared to my Mastodon profile (and occasionally LinkedIn) until I install a different plugin to enable this. And I am currently still using Akismet for spam protection, although Toolbelt offers a comment spam module.

The only major caveat to Toolbelt is that it’s not currently in active development, although it says it has been tested with current versions of WordPress (at time of writing). Maybe it’ll get renewed attention.