Wordpress

Blog posts about WordPress, the blogging tool used to power this site.

New year, new server image

by

Last week, I upgraded the server that this site runs on to Debian 13 (also known as Trixie), and the corresponding version of Sympl. This ended up being a fresh installation of Debian; I tried and in-place upgrade and, well, let’s just say it went badly wrong and the virtual machine wouldn’t boot. Whoops.

A sign that I only partially learn from my mistakes is that this is basically what happened when I lost everything in 2018. However, this time I did have backups, thanks to the UpDraft Plus WordPress plugin. And, whilst I didn’t do a backup immediately before the aborted upgrade like I should have done, I did have one that was only about a week out of date. Furthermore, this included some blog posts that were written but not yet published at the time, so I didn’t even lose those. Phew.

The upgrade to Debian 13 means that I’m running a newer version of PHP. Debian 12 ships with PHP 8.2 and I had added a custom repository to upgrade this to PHP 8.3. Debian 13 includes PHP 8.4, and so I no longer get a warning message in WordPress’ Site Health checker. It’s not the latest version – that’s PHP 8.5 – but it’s newer.

The existing server image had been in place for just over a year, when I moved from Bytemark to Hosting UK, and the last time I upgraded Debian was in 2023. Doing a fresh install every now and again should help to keep things running better, hopefully.

Hopefully, you won’t notice anything different about the blog, apart from some of the sidebar widgets missing. I’ll get these restored in time.

Pressidium Cookie Consent plugin review

by
Screenshot of the home page for the Pressidium WordPress cookie consent plugin

Someone anonymously emailed me recently to advise that my cookie consent banner was not compliant with current privacy regulations, and so I’ve swapped it for the Pressidium Cookie Consent WordPress plugin.

To date, I’ve been using the cookie consent banner component of the Toolbelt plugin (my review). As much as I like Toolbelt, it’s getting a bit old and it’s been almost five years since its cookie consent module was updated. As such, it basically says that ‘this site uses cookies, deal with it’, rather than giving users a choice to opt-out.

I’m a relatively privacy conscious person, to the extent that I tend to browse the web in Firefox with Enhanced Tracking Protection enabled alongside Privacy Badger. This extends to this web site – where possible, I avoid using third-party services. Indeed, the only cookies that you should experience are session cookies whilst browsing, that are deleted when you close your web browser, and Pressidium’s own cookie to remember your consent. For analytics, I use Koko Analytics (my review), which doesn’t need to set any third-party cookies.

Setting up Pressidium Cookie Consent

I deliberately went for this cookie consent plugin because it’s lightweight, and doesn’t need to use a third party web application. I’ve previously tried the CookieYes WordPress plugin, which is much more powerful and will auto-detect cookies to add to its consent forms. But it’s a big plugin designed for big sites that use lots of third-party tracking scripts. And as mentioned, I don’t.

Once installed, Pressidium Cookie Consent is relatively easy to set up and configure. You get a moderate amount of control over how the pop-up appears, and in turn the Cookie Settings box that users can view if needed. I like that it defaults to ‘accept all’ and ‘accept necessary’ – it annoys me when sites make you go through settings to reject all cookies and have you ‘object to legitimate interests’. In terms of its appearance, you can have it appear as a box or a strip, and control the colours.

In terms of specifying the cookies that users can consent to, this is where you’ll need to spend some time browsing your site in Private Browsing with Developer Tools open. Unlike the aforementioned CookieYes plugin, there isn’t a way of automatically detecting the cookies your site uses. Cookies can fit into four categories: necessary, analytics, targeting and preferences. Unfortunately, you can’t hide these categories, even if your site doesn’t use targeting cookies, for example.

If you use Google Tag Manager, then you can integrate this – I don’t. You can also include translations of the cookie consent popup and settings, and if you have API keys for OpenAI or Google Gemini, then it can use AI to generate these for you.

Free and open source

As it runs locally on your own WordPress instance, Pressidium Cookie Consent is free with no premium tier. The source code is on GitHub under the GPL 2.0 licence, and it’s in active development with a recent release for compatibility with the latest WordPress 6.9 release. Whilst it might not be as powerful as some WordPress cookie plugins, it should at least make your site compliant with GDPR and the like.

WordPress Wayback Link Fixer plugin

by
Screenshot of the Internet Archive Wayback Machine Link Fixer

Link rot is a major problem for long-established web sites that link to other sites. It’s a particular problem for blogs – the word ‘blog’ is, after all, a shortened form of ‘web log’ and the original blogs were links to interesting things the blogger writing it had found.

I’ve been blogging since 2002, and in that almost one quarter century, lots of the things I’ve linked to have gone missing. Companies close, web sites change and decide not to preserve their URLs, or are sold on to new owners. As such, many older sites are full of links that no longer point to anywhere useful.

This is where the Internet Archive Wayback Machine Link Fixer plugin for WordPress comes in. Once installed, it pro-actively scans outgoing links from your blog posts on a regular basis. If any no longer work, then, where possible, the plugin will amend that link to point a cached version of that link on the Internet Archive’s Wayback Machine. That way, people following the link will still get to see something, rather than a dead link. It’s an official plugin from the Internet Archive that has been developed with support from Automattic.

Backup to the Wayback Machine

But that’s not all! Once installed, you can opt-in to have all of your blog posts automatically backed up to the Wayback Machine. So, if your WordPress blog ever goes dark, all of your posts and pages should be available there for others to find.

Normally, the Wayback Machine uses a crawler which usually scoops up most web pages in time. But it can miss those that may only be online for a short time, or not linked from a web site’s home page. This is a problem I’ve faced myself; I lost all my blog posts in 2018, and over the past three years I’ve been slowly reinstating old posts. Alas, some are missing from the Wayback Machine and are therefore (probably) gone forever. Whilst making sure that the Wayback Machine has copies of your blog posts is a good thing, you should also have your own backups and I now use UpdraftPlus for this.

So, if you’re a WordPress user, and care about preventing link rot and the sharing of information, go and install the plugin. Thanks to Matt for the head’s up, and maybe consider donating to the Internet Archive as well?

Recent sidebar additions

by
Screenshot of the additional sidebar widgets

I’ve added a couple of extra WordPress widgets to the sidebar, which appears on the right of blog posts if your screen is wide enough. For smaller screens, it’ll be at the bottom.

The first is a list of the five most read posts over the past 30 days. This is provided by the Koko Analytics plugin, which I use for analysing visitor statistics. Generally speaking, these will be the posts that seem to rank highest when people use search engines. My post about a free-standing CarPlay unit is perennially popular.

The second is a list of posts written on this day in the past. When I was a Movable Type user, I used Brad Choate’s OnThisDay plugin to achieve something similar. On WordPress, I’m using the Posts On The Day plugin instead.

Both plugins make a widget available to insert wherever widgets can go in your WordPress theme. They’re classed as ‘legacy widgets’ but are customisable in the WordPress user interface.

This does mean that, on shorter posts like this one, the sidebar is now significantly longer than the content. Oh well.

Koko Analytics – a stats plugin for WordPress

by
A screenshot of the Koko Analytics dashboard running on WordPress. There's a bar chart showing daily visitors and page views, the most popular pages and referrers.

Back in March, I stopped using the Jetpack WordPress plugin, and replaced it with Toolbelt, which replicates many of Jetpack’s features. I’ve been concerned about the direction Automattic, and especially its founder Matt Mullenweg, have been taking, and so I’ve wanted to stick to self-hosted alternatives. Whilst Toolbelt does a lot, it doesn’t offer stats, and so I’ve recently starting using Koko Analytics.

Compared to Jetpack Stats, Koko Analytics, at least in the free version, is a little more basic. You’ll get to see how many visits and page views there have been, and also how many page views within the last hour. You can also see your most popular pages and blog posts, and which web sites have referred visitors to you. And you can import and export your data too.

For me, the main benefit of Koko Analytics is that all the data is hosted locally. With Jetpack Stats, you are uploading data to Automattic’s servers, which needs to be mentioned in your site’s privacy policy. Koko Analytics is therefore more respectful of the privacy of your visitors, by not sharing their data.

Koko Analytics Pro

There is also a paid-for upgrade, which costs €49 per year per site (about £40 at present). This also allows you to track what links people click on whilst browsing your site, receive weekly reports, and export data in CSV format. The cheapest Jetpack Stats plan is currently £50 for the first year, rising to £84 in subsequent years, and only for sites with 10,000 page views per month or less. Whilst, as an individual, I can use the free version of Jetpack Stats, I’m currently on around 8000 page views per month. Overall, Koko Analytics is significantly cheaper than Jetpack Stats.

I found out about Koko Analytics through this blog post from Terence Eden, where he has a guide to importing data from Jetpack Stats using some Python scripts. Thankfully, since that was written, the Koko Analytics plugin now includes a Jetpack Stats import tool which is much easier to use.

Whilst it’s basic, the fact that Koko Analytics is lightweight, and that it keeps all its data on your server, makes it a strong recommendation from me, if you need a stats plugin for WordPress.

WordPress, and conflicts of interest

by

There’s been quite the to-do in the world of WordPress in recent weeks. Matt Mullenweg, one of the two people who forked b2/Cafelog to create WordPress in 2003, has had a public spat with WP Engine, a WordPress host.

Matt’s arguments are that WP Engine should be paying to use the WordPress trademark (or offer development time to the WordPress project in kind), and that it disables features in WordPress such as post revisions (which allow you to revert a blog post or page back to an earlier version). He’s used his platform to publicly call out WP Engine, including at a recent WordCamp event where he was the keynote speaker – an event supported by WP Engine.

Before I go into much more detail, please take 5-10 minutes to read If WordPress is to survive, Matt Mullenweg must be removed by Josh Collinsworth, which sets the scene pretty well. You can then come back here to continue reading.

Matt is basically the same age as me – he turned 40 a few months before I did. But in the 21 years since WordPress became a project in its own right, he has accumulated a huge amount of power and responsibility. He’s the founder and CEO of Automattic, the commercial enterprise that runs WordPress.com – which is a WordPress host and direct competitor of WP Engine. But he’s also one of only three board members of the WordPress Foundation, which looks after the WordPress open source project (aka WordPress.org), and, seemingly the only active board member.

To me, this is a massive conflict of interest, and means that a massive amount of control over WordPress is held by one person. Don’t get me wrong, I believe Matt deserves to be on the board of the WordPress Foundation, but not as the only active member. And we’re seeing the impact of this control, with WP Engine’s access to the WordPress plugin and theme directory cut off.

Though there’s been a temporary reprieve, this is an abuse of power. As Josh Collinworth says in the piece linked above:

Matt’s actions have ensured his hosting companies are now the only WordPress hosts that can guarantee something like this will never happen to their users.

Whilst I don’t use a dedicated WordPress host, should Matt have a beef with my host for whatever reason, this could cut off my access to security updates for plugins. I mean, there would be ways of downloading updates manually, but this would also require regular manual checks. Not really feasible considering I have 28 plugins installed.

I hope Matt backs down, and comes up with some kind of agreement with WP Engine so that their users won’t lose out. But I also think that some change needs to happen at the WordPress Foundation, to stop a single board member to act unilaterally like this again. And Matt needs to take a long hard, look at his actions from this year; first there was the transphobia, and more recently selling out content on WordPress.com to train AI models. This is why I no longer use the Jetpack plugin on here.

To recluse oneself from making decisions where a conflict of interest may occur is a core principle of most professional membership organisations, and good leadership. I’ve taken a step back more than once at work, where I’ve had a conflict of interest regarding a decision for someone that I know outside of work. Matt needs to do the same.

Modern Image Formats plugin

by
A screenshot of the Modern Images Format plugin in the WordPress plugin directory

I’ve recently started using the Modern Image Formats plugin for WordPress, which automatically converts any images you upload to the WordPress Media Library to the new WebP and AVIF image formats.

Both formats offer better image compression than GIF, JPEG or PNG, and AVIF is particularly good. Mozilla reckons it’s the ‘next big thing’ for images on web pages. All modern web browsers support it, and have done so for a couple of years; it was added to Firefox in version 93 in October 2021.

I’m old enough to remember when PNG images were the next big thing, and were expected to overtake the GIF format which was limited to 256 colours and encumbered by patents. Suffice to say that GIFs are still alive and well in their animated format.

If you have a WordPress blog, consider giving the Modern Image Formats a try. It works in the background, and should make your images smaller. That way, they’ll take up less disk space, and download quicker – especially for users on slower connections. It won’t convert every image – sometimes, the original JPEG or PNG may be smaller, and so it’ll leave these alone.

I’ve been using it for some time now and no-one seems to have complained that the images aren’t working yet.

Blocking AI crawlers

by
An AI generated image of a robot ant and a stop sign

I’ve recently updated my robots.txt file to block crawler bots used to train AI systems. It uses a master list from here, which I found thanks to Kevin. The idea is that I am asking for my content not to be used to train large language models such as ChatGPT.

I don’t mind my content being re-used – all of my blog posts carry a Creative Commons license, after all. But it’s the Attribution, Share Alike license, and this is important to note. If an AI was to generate a derivative work based on one of my blog posts, then to comply with the license, it must:

  1. Include an attribution or citation, stating that I wrote it.
  2. Ensure that the derivative work is also made available under the same license.

AI models don’t do really this – at least not at present. Any text is just hoovered up and combined with all the billions of other sources. Until such a time that these AI models can respect the terms of the license that my content is published under, they’ll be told to go away in the robots.txt file.

I haven’t yet gone as far as blocking these bots entirely. After all, robots.txt is essentially asking nicely; it’s not enforcement, and many bots ignore it. I used to use a WordPress plugin called Bad Behavior to block such bots, but it seems to have been abandoned.

Incidentally, my robots.txt file isn’t a flat file – I’m using the DB robots.txt WordPress plugin to generate it dynamically. This is why it has many other lines in it, instructing other crawlers about what they can and can’t access.

Cross-posting on socials

by
An AI-generated image using Microsoft Copilot showing a stack with the WordPress logo surrounded by smaller stacks with social media logos on them

I’ve recently updated the Feeds page to list ways other ways that you can follow this blog, besides subscribing to the RSS feed. To summarise:

  • There’s the weekly email
  • Any Fediverse app (e.g. Mastodon, Friendica) can follow the blog directly using ‘@nrturner
  • There’s now a dedicated Facebook page
  • I’m automatically cross-posting links to new blog posts to X/Twitter, Mastodon and Bluesky

The Facebook and X/Twitter integration is being done via Buffer and the WP to Buffer plugin. This is because Buffer is one of the few services that still has write access to the X/Twitter API. It also means that I am using my X/Twitter account again, but only to link to my own blog posts. I’m not logging in to interact with other users or post anything there that isn’t a link out to something I host. At least, not until Elon Musk inevitably gets bored, bankrupt or both and sells X/Twitter to someone better.

I think I used to have a dedicated Facebook page for this blog in the past, but I must’ve deleted it at some point. Anyway, there’s a new one which has been around for a couple of weeks and has had basically zero interactions in that time. If you want to very occasionally see my blog posts on your news feed, when the Facebook algorithm deems me worthy, feel free to give it a ‘Like’. I won’t be incorporating any of Meta’s cookies or adtech into this web site, don’t worry.

To cross-post to Mastodon, I’m using the Share on Mastodon plugin. It’s simple but configurable, and does the job well. For Bluesky, I’m using Neznam Atproto Share, which is also simple but configurable. I quite like relatively simple WordPress plugins that just do one or two things, and don’t try to take over your dashboard.

Whilst I have a Threads account, Meta hasn’t opened an API for it yet, so no auto-posts there. Mastodon remains my primary public social media presence, but I do scroll through Bluesky regularly too.

Sign up to my newsletter

by
An AI generated image of a postal worker delivering an email newsletter into a mailbox.

It seems like everyone has an email newslettter nowadays. I used to have a simple form where you could sign up for posts by email, powered by Jetpack, long ago. Seeing as it’s the in-thing again, I’ve added an email newsletter sign-up box to the sidebar (if you’re viewing on a desktop) and also below each post.

If you sign up, you’ll get a weekly email on a Monday with that week’s new blog posts. It’s automated, and so there won’t be any additional content for newsletter subscribers. Of course, there’s still the good old RSS feed which has been available for over 22 years now. And you can follow this blog on the Fediverse using Mastodon:

Neil Turner
Neil Turner
@nrturner
979 posts
4 followers

Not ‘a Substack’ newsletter

It seems like the word ‘substack’ has already become genericised (as per this toot from @mathowie). To be clear, whilst this is an email newsletter, I will not be touching Substack. Just in case you’re not aware, Substack hosts a lot of nazis, and doesn’t seem to be particularly bothered by this. A few of the worst offenders have subsequently been kicked off, but there are still many horrible people making money there. I actively avoid subscribing to Substack newsletters where possible, and certainly won’t pay for them. As well as self-hosting with WordPress like I do, Buttondown, Medium and Ghost are good alternatives, and many have easy import processes.

MailPoet

I don’t use Jetpack anymore, so instead I’m using the free version of MailPoet. There are lots of email plugins for WordPress, and most seem to offer full customer relations management features and detailed analytics. I don’t want that – I just want something simple where you type in your email address, confirm your subscription, and get a simple automated weekly digest.

MailPoet does have a lot of bells and whistles, even in the free version, but it is possible to just do what I want it to do. You can also manage it entirely within WordPress and don’t need to sign up to a third party service. Whilst it recommends that you use a third party email sending system, I’m sticking with my own. Unless I end up with thousands of subscribers, in which case I’ll re-consider.