The Speculative Loading plugin for WordPress is a plugin you should probably try out on your site, especially if you use WP Super Cache or Jetpack Boost to cache things. It uses the new speculation API that Chrome/Edge supports to load pages in the background if you even hover over a link.
It will dynamically prefetch or prerender pages before they’re requested by the visitor on your site, which means that the page will show instantly when the visitor actually clicks the link.
It doesn’t work in Firefox yet, but it won’t hurt either, as the browser will just ignore the extra bits and pieces added to the page.
The default “moderate” eagerness works fine for me. The “eager” setting appeared to load links if the cursor got anywhere near them, which was a little too aggressive.
You won’t notice your browser loading the page in the Network tab of the webdev tools, but if you tail your access_log, you’ll see the requests go through when you hover over the links.
Browse around this site, or take a look at my photoblog for a feel of what it does.
There’s more info in the make blog post about it, and this insightful comment about the wastefulness of loading pages that might not be used, especially for visitors on limited data plans, or low powered devices. That’s definitely something to think about before using this plugin. I may yet remove it later, and I’ll update this post if I do.
Today saw the release of updates to two plugins I work on. The first, unsurprisingly, is WP Super Cache, and it’s a bug fix release. It fixed a PHP8.2 warning, adjusted some labels on the settings page, solved a problem with “late init” and POST requests, and some other changes, but the major news I want to share is not about that plugin at all.
I’m on the Jetpack Boost team in Automattic, and for the last month or so, we’ve been working on adding a full-page cache to the plugin!
Jetpack Boost is already a pretty remarkable plugin, with what it does to CSS, JavaScript and images, so a page cache was an obvious next step.
If you’re already using WP Super Cache, but you’re not using any of the advanced features, I think you should give Jetpack Boost a go. It works really well at serving cached pages fast. Jetpack Boost will be a drop-in replacement if you have these features enabled in WP Super Cache:
Simple caching
Caching Disabled for logged in visitors
Garbage collection set to one hour.
You’ll have to disable WP Super Cache first before trying Boost Cache, as they both rely on the same mechanism to load. Disable Jetpack Boost to go back to WP Super Cache. You can enable Boost again, without using the Cache module, and the two plugins will happily co-exist.
I’ve been using it here for the last two weeks, and it has worked flawlessly. I post images daily on my photoblog, and they get shared to Mastodon, where the expected deluge of requests from hundreds of servers happens each time. Between Jetpack Boost and WP Rest Cache, my server barely noticed. Just like with WP Super Cache.
“If it performs just like WP Super Cache, why should I use Boost?” I hear you asking. For some, you’ll need the extra features of WP Super Cache, but otherwise, Boost may be just what you need. Apart from the cache, it also has remarkable features that will squash your CSS and JavaScript in various ways that load super quick. Give it a go, and let WP Super Cache handle the cache if you need to.
If you’re still here, read on, and I’ll give you a whirlwind tour.
Boost supports an exception list like WP Super Cache does, and logging of activities in a similar, but easier to use way.
To simplify caching, only requests by logged out visitors are cached now, but that’s the recommended way of using WP Super Cache too.
Developers: like WP Super Cache, it also supports the “DONOTCACHEPAGE” constant. If you define that while a page is being created, then Jetpack Boost won’t cache it. If you can enable it before the page loads, then the plugin won’t serve a cached page either, but that will be difficult since the cache system loads so early.
To learn more, there’s a fine manual to read. It explains in detail how to enable the cache and how to use it. Yes, I’m biased, but I think you should give Jetpack Boost a go! Caching helps a lot, but the extra CSS and JavaScript features help render the page quickly once loaded.
What does that even mean, though? WordPress is the community of people who have built it and contributed to it over the last two decades, and before that, when it was a little known blogging package called b2. So, thank you so much to everyone who has contributed to WordPress over the years.
WordPress has given me, and countless others, many opportunities we couldn’t have dreamed of. Just over two years after WordPress was first released, I joined Automattic. Working on two machines, Matt and I started work on the first WordPress.com. Here I am, almost 18 years later, and still working on WordPress related software. What a journey. Matt marked the occasion by announcing a generous scholarship programme. Matt was also on stage in London with Mike Little and Dries Buytaert last week in a conversation I must listen to yet, but I’ve heard some good things about it WRT Gutenberg.
Anyway, it’s almost midnight here, but I wanted to get some words down on this blogging platform we all love. May we all be here for the next twenty years.
Oh, and before I go, you can hear me say a few words about meetups at Automattic in the latest episode of the Distributed podcast. It’s edited well, that’s all I’ll say!
Earlier this month I noticed that a particular bot that likes to visit my website, “MJ12bot/v1.4.8” seems to be particularly attracted to the “reply to comment” links generated by my blog. Those are links that bots see, but we see the “Reply” button that uses JavaScript to reply to a comment.
To be honest, it’s pretty annoying to see a bot constantly fetching those URLs from my website. Earlier this month, it was on a roll and grabbing several dozen at a time. While my server can handle the traffic without any issues, who wants a bot trampling over their server?
I decided to stop them in two ways:
Redirect them back to the post in a mod_rewrite rule.
Block them in robots.txt and hopefully the bots will go away.
Coming up with a mod_rewrite rule was surprisingly hard, but after mentioning this on Mastodon I received a reply from Jos Klever who figured out I needed the QSD flag. So, to spare you the hassle of researching it, here are the mod_rewrite rules that worked for me. It causes a 301 permanent redirect to the anchor tag of the comment. Add this to your .htaccess file.
Blocking requests like this in the robots.txt is much simpler. WordPress can generate the robots.txt file for you using the robots_txt filter. Add the following to a mu-plugin PHP script.
I haven’t received many comments on my posts lately. However, I stumbled upon some interesting posts by clicking the RANDOM link above, which I decided to examine as part of my research. During my search, I delved deep into the blogosphere of the past, almost like being an archaeologist, because some links were no longer available, and I had to search for them on archive.org. I was also pleasantly surprised to find that a link to a GIF from 2005 was still alive!
You might not be on Mastodon yet, but your blog could get a torrent of traffic from Mastodon, or other Fediverse network if it’s shared there.
If your website is mentioned there, it might be the “victim” of an inadvertent denial of service attack, as hundreds or thousands of servers request the URL in the 60 seconds or so afterwards. That is precisely what JWZ blogged about last month when his site was taken down by Mastodon servers.
Every time I do a new blog post, within a second I have over a thousand simultaneous hits of that URL on my web server from unique IPs. Load goes over 100, and mariadb stops responding.
JWZ has over 8,000 followers. Every time he shares a post on Mastodon, the instances (servers) where those followers live will send a request to his blog to generate a preview. Actually, two requests will be sent:
A request for the wp-json embed for the page.
A request for the page that was shared.
Eventually, he blocked the Mastodon user agent. That stops previews of his website showing up on Mastodon posts, but resolves the problem for his website.
Yesterday morning, I decided to see what effect sharing a link on my Mastodon account would have on my server. My Mastodon account has 1.8K followers. A far cry from the number of followers JWZ has, but still enough to test my server.
I wanted to test several scenarios:
Caching the post before sharing.
Changing Apache configuration.
Sharing without caching on my server.
My server is at Linode. I pay an average of $24/month to run this site and my photoblog is on it too where I share a daily photo + link on Mastodon. It’s not a heavy-duty server that can withstand a huge amount of traffic.
If you’d like to skip the details, my server coped fine with sharing a URL from here to Mastodon. The load average went up for about 20 seconds, topping out at the max for about 5 seconds before things calmed down. It was responsive the whole time. Install a full-page caching plugin like WP Super Cache, Jetpack Boost and WP Rest Cache and your site will probably be fine. Jetpack Boost and the Jetpack Image Accelerator will help when human visitors arrive.
1 minute load average topped out at 1.34 for 5 seconds.
The page was cached by WP Super Cache, but I had set the garbage collection TTL to 60 seconds and I believe it expired halfway through the test, so it had to generate the cache again. Once I adjusted that, and set the TTL to 600 seconds, the second test performed better. The page remained cached throughout:
273 requests for the page embed.
289 requests for the page itself.
1 minute load average topped out at 0.71 for 5 seconds.
The main points of my Apache configuration:
Keep alives are disabled.
5 start servers
Minimum 10 spare servers
When I reduced the start and minimum spare servers to 1, the next test took longer to complete, and the load average rose to 1.24, even on a fully cached page. This was expected as the server didn’t have the spare capacity to deal with the sudden traffic.
After reverting the changes to Apache, I disabled caching on my blog and shared another URL. The load average only rose to 1.12 for a very short time. I was pleased with that. While caching does help, my server could cope with that traffic.
A sample of the user agents used by Mastodon instances hitting my blog for previews
I suspected that there was one hit per Mastodon instance on my site. I checked my logs and was proved right. For all the accounts that follow me on mastodon.social, only one request was made. That does mean the onslaught of requests isn’t as bad as it might be. Instead of 1,800 requests for a page, there were far fewer. I did notice that a Friendica instance requested one of my test URLs several times.
Mastodon and other Fediverse servers will start requesting a preview within a second of you sharing your post on the network. It helps if your server is running some sort of caching.
If you have many Mastodon followers or if you’re worried about a DDoS from Mastodon, the following will help:
Make sure Apache/Nginx has the spare capacity to grow quickly and respond to a sudden torrent of requests.
Use “expert caching” in WP Super Cache which serves the cached page using mod_rewrite. That will mean your blog post is served almost as fast as requesting a text file from the server. No PHP is executed at all.
Install WP Rest Cache as it will soon cache the embed page request.
Install Jetpack and enable the Image Accelerator and Jetpack Boost for human visitors who come later.
This problem has existed for a long time. Popular blogs had the same issue when they published new content and people following their blogs (through RSS feed readers, remember them?) hit the server looking for the new post. At least with Mastodon, you can load the post in a private browser window and cache it before sharing it. I want to write a WP Super Cache add-on plugin that allows the site owner to preload a new post as it’s published. That will ensure the new content is ready for sharing. I haven’t started work on that yet, so don’t ask when it’ll be done. Maybe someone else will beat me to it and claim all the credit!
Before we start, do you know what Mastodon is? It’s sort of like email, where you can send an email from gmail.com to a yahoo.com account, except it looks very like Twitter. This pcmag article is a good introduction to it. Jeff Jarvis wrote a good post too, and Time Magazine interviewed Eugen Rochko, the founder of Mastodon that you should read.
This weekend, a probably sizeable chunk of #IrishTwitter migrated to Mastodon. We’re not the only ones. Twitter has been getting more hateful and acting as an echo chamber for lots of horrible people over the years. The sale of Twitter to Elon Musk, the firing of half the staff, his pronouncements of “free speech” all point towards the site being less regulated, less maintained and less moderated. You can’t deal with complaints if there’s nobody there listening to complaints of harassment or hate.
(No we didn’t)
I don’t doubt that many of us will continue to visit and contribute to whatever Twitter becomes. Over the last few years, most of my interactions there have been publicising my blog posts. All I could see on there was angry tweets from different people, or people who were broadcasting their top ten ways of doing X, Y or Z. Hardly any actual conversation.
So, Mastodon. I woke up early on Saturday morning and discovered there was a #TwitterMigraton to Mastodon. I already had an account on mastodon.social but Irish Twitter was moving to mastodon.ie, and that’s where I went too, creating @donncha@mastodon.ie.
Judging from what I’ve read elsewhere, all mastodon instances are experiencing a HUGE surge in user registrations as people look for an alternative to the stinking sinking ship that is Twitter.
On Saturday, the admins of mastodon.ie ran into performance difficulties as they dealt with the influx of new users. The site slowed down and people couldn’t upload images. Over 6,000 people are on that instance now.
Remember the early days of Twitter?
The admins increased their hosting plan, eventually maxing out at the top tier. To pay for hosting they asked for donations. Right now they have raised over €4100!
How do I add my WordPress blog to Mastodon?
It’s mostly straight forward. Install these two plugins:
The installation instructions are unfortunately not great. After you install both plugins, go to your Profile page (Users->Profile) and scroll right to the end. Down there you will find your profile identifier. It will look like @author@hostname.tld. For this blog that is @donncha, and I have my photoblog at @donncha. Search for those on Mastodon and you will find my two blogs. Please feel free to follow!
When a post is made and shared on Mastodon, it allows others to reply. Those replies to the toot on Mastodon will be sent to your WordPress blog as a comment! That blew my mind when I discovered that!
Troubleshooting
I discovered that running the plugins on a multi-site WordPress install will cause problems. Instead of activating it on the root install, you need to activate it on each one. I presume that’s maybe because the rewrite rules are added on plugin activation, but that’s just a guess.
If you have caching you might want to turn it off, or at the very least disable caching in /.well-known/ as that’s where Mastodon and other services will query your server for updated information.
It can take 10 to 15 minutes before a new post is seen. Be patient!
Why not?
There’s one reason you might not want to do this. Your blog will be on a Fediverse instance by itself. Your blog posts will only show if someone is following it, or you boost the toots on Mastodon, or in the Federated feed. They won’t show in the Local Feed of your Mastodon instance. The best way around this is by careful use of relevant hashtags, but please don’t spam them, or you’ll be blocked.
Alternatives
You can hook your WordPress blog to your account too. I haven’t used them, but I saw two people use these plugins. Those posts will appear in the Local Feed of your Mastodon instance, which is a plus for discoverability.
You can also use IFTTT if your site can’t run plugins, and you have an RSS feed. Some details in this blog post. Thanks Sandy for that link!
I’m very excited about this. Is it too early to say that there’s enough momentum to sustain a #IrishMastodon community? I hope it succeeds.
Edit: George has a guide on his blog explaining how to do the same thing but points out that you need the WebMention plugin to receive replies as comments. I saw replies to my toots appear here as comments, but only if they were direct replies. If I replied to someone who replied to my blog that reply wouldn’t show as a comment, and I just tested that again and WebMention doesn’t change that, unfortunately.
Matthew Thomas has created a remote follow tool called apfollow, with source available. This creates a page where you can follow a Mastodon account by entering your own details in a box and it redirects you to your home server to do the follow. Here’s a link to follow my Mastodon.ie account. It fails for me, but maybe that’s something to do with mastodon.ie settings. I’ll fill out a bug report but it looks promising.
You’re the only one who logs into your WordPress website.
You only do it on your computer at home.
You lock your computer every time you step away, even when there’s nobody at home.
You have a 2FA plugin which adds a new field, and means checking your phone on each login.
You might have become annoyed from time to time when you forget to check the “Remember me” checkbox on the login page. You know that you will have to log in again tomorrow or whenever the login session expires, rather than in 2 weeks time. Just because of an empty checkbox.
There’s very valid reasons for not checking this box. If you use a public computer, or one in an office and don’t lock your computer, then you want to be logged out. For the rest of us, it’s a bonus if you don’t need to login again so soon.
Here’s a tiny little script that will check the “remember me” checkbox. Create a php script called remember-me.php in wp-content/mu-plugin/ with the following:
I’ve been running a photoblog at inphotos.org since 2005 on WordPress. (And thanks to writing this I noticed it’s 15 years old today!)
In that time WordPress has changed dramatically. At first I used Flickr to host my images, but after a short time I hosted the images myself. (Good thing too since Flickr limited free user accounts to 1000 images, so I wrote a script to download the Flickr images I used in posts.)
For quite a long time I used the featured image instead of inserting the image into the post content, but then about two years ago I went back to inserting the photo into the post. Unfortunately that meant the photo was shown twice, once as a featured image, and once in the post content.
The last theme I used supported custom post types, one of which was a photo type that displayed the featured image but hid the post content. It was an ok compromise, but not perfect.
Recently I started using Twenty Twenty, but after 15 years I had a mixture of posts with:
Featured image with no image in the post.
Featured image with the same image in the post.
I knew I needed something more flexible. I wanted to hide the featured image if it also appeared in the post content. I procrastinated and never got around to it until this evening when I discovered it was actually quite easy.
Copy the following code into the function.php of your child theme and you’ll be all set! It relies on you having unique filenames for your images. If you don’t then remove the call to basename(), and that may help.
The post_thumbnail_html filter acts on the html generated to display the featured image. My code above gets the filename of the featured image, checks if it’s in the current post and if it is returns a blank string. Feedback welcome if you have a better way of doing this!
The Crowdsignal team at Automattic have been quietly working on a new poll block for the last few weeks. We finally made it public today on WordPress.org!
We set out with the task of creating a block that would allow the writer to quickly insert a poll in their posts using the block editor. More than that, it had to be simple to use. It also needed to be themed to match the look and feel of the website it would appear on.
We’ve created a block that does that. It also records the votes collected on the Crowdsignal website where you can analyse the results using reports Crowdsignal users have always used.
Search for “Crowdsignal Forms” on your plugins page to install it in the usual way.
A free Crowdsignal account is required to use the block. We made it really easy to connect your site to your Crowdsignal account. If you don’t have one then creating a new account is simple too.
The first 2,500 responses you collect are included in your free account, and further votes are recorded but free users are encouraged to upgrade if they want to do further analysis of all the data they collect.
WP Super Cache is a full page caching plugin for WordPress.
Version 1.6.9 has just been released and is a required upgrade for all users as it resolves a security issue in the debug log. The issue can only be exploited if debugging is enabled in the plugin which will not be the case for almost all users.
The debug log is usually only enabled temporarily if a site owner is debugging a caching problem and isn’t something that should be left on permanently as it will slow down a site.
If there is an existing debug log it will be deleted after updating the plugin.
This release also improves the debug log by hiding sensitive data such as the ABSPATH directory of the WordPress install and login cookies. Unfortunately in the past users have copied the log file data into forum posts. A warning message has been added asking the site owner not to publish the debug log.
Details of the security issue will be added to this post in time to allow sites to update their plugin.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.
uBlock Origin is a free, open source, ad blocker for your browser.
Use pi-hole if you have a spare Raspberry Pi on your network.
Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.