IndieWebCamp is a 2-day creator camp focused on growing the independent web

WordPress

WordPress is an open source blog software as well as a blog hosting service.

WordPress software

One of many IndieWeb Projects, WordPress is web software you can use to create a beautiful website or blog. Estimates are that Wordpress powers 20% of sites for which the content management server is identifiable.

If you're interested in jumping into the IndieWeb, and you've chosen WordPress as your tool of choice, great! Here are instructions that follow the step by step, ground up approach of IndieMark.

As you complete each step, try plugging your site into indiewebify.me. It will give you instant feedback, confirming that it's working or helping you fix it if not.

Contents

Getting started with Wordpress

We'll assume you already have your own personal-domain. After that, you'll need web-hosting. There are plenty of good options. WPEngine is one of the best for both beginners and advanced hackers. #WordPress.com hosting service is solid and easy to use, but limits you to pre-approved plugins and themes.

Security and Spam Protection

One of the most important things for new users to do is to properly secure their Wordpress installation.

Usernames

Account names like "admin" or "administrator" are popular targets for brute-force login attempts, and should not be used as a username.

Default Settings

Disable registration of new users.

Login Security Plugins

There are many options in this area...

  • WP Fail2Ban logs all login attempts, whether successful or not, to the syslog of the server using LOG_AUTH. If you have server level access, you can act on these logs using Fail2Ban or other software to block IP addresses.
  • IndieAuth for Wordpress allows users to sign in with their domain instead of a username and password. (See more complete details below.)

Spam/Comment Protection

Some individuals may prefer to disable local commenting in favor of only allowing commenting through webmentions. If local commenting is enabled, there should be some form of protection installed.

  • Akismet is a spam protection service by Automattic, the company that runs Wordpress.com and is thus a major contributor/sponsor of the Wordpress open source project. It is free for personal use.
  • Combined together, the webmention and semantic-linkbacks plugins let you accept comments as webmentions from other web sites. They also let you backfeed comments, likes, etc. from social networks by using Bridgy (see further notes below).
    Warning: Don't use the pre 2.0 version indieweb plugin! That is an old, outdated bundle of the webmention and semantic-linkbacks plugins together, nothing more.

Adding Indieweb Support/Elements to a Wordpress Site

Here are steps to add IndieWeb support to a WordPress site.

See also individual articles bloggers have written about setting up their sites with indieweb support:

IndieAuth

Once you have WordPress up and running, you'll want to set up IndieAuth. If you haven't already done so (above) install IndieAuth for Wordpress which allows users to sign in with their domain instead of a username and password. Next, you'll need to add the appropriate rel-me link(s) to your homepage. TheIndieAuth-Links plugin makes this easy, but you can also use Social Media Buttons or a Text Widget to add the needed rel-me link(s). Detail can be found at indieauth.com/setup Once you've done that, head over to indieauth.com and sign in to test that you've set things up appropriately!

  • FIXME: This section conflates adding rel-me links to satisfy indieauth.com (e.g. for logging into the wiki) with the IndieAuth for Wordpress plugin that lets you authenticate on your own site with indieauth. The latter is a much more advanced step and should be moved to another section (and the distinction probably needs to be clarified) Kylewm.com 15:52, 12 September 2014 (PDT)

microformats

Next, you'll want to add microformats support. Try out the SemPress theme, it's the best way to do it. If you don't want to give up your current theme, try the wordpress-uf2 plugin (requires FTP).

POSSE

Along with personal-domains, POSSE is one of the cornerstones of the IndieWeb. In short, instead of posting to social network silos, you post to your own site and then copy to the silos.

You can POSSE manually, but most people automate it. WordPress has many plugins that do this. A few of the most popular are:

Other plugins that can be used to POSSE:

If you POSSE, it's good practice to include rel-syndication links on your WordPress posts. Try the rel-syndication plugin for that(Currently only supports the Social plugin, the GitHub mainline has minimal support of Tumblr, Twitter and Facebook for NextScripts SNAP ).

If you also want to go the other direction and pull your social network posts and data back to WordPress, there are PESOS plugins too. To start, try Lifestream.

backfeed

Once you're POSSEing, you may want to pull comments and likes on the social network posts back to your site. This is called backfeed. Many of the POSSE plugins above can do this; see backfeed#WordPress_Plugins for details.

Another option is Bridgy, a service that automatically sends webmentions for activity on your POSSEd posts inside silos (before starting to use Bridgy, make sure you first install the webmention and semantic-linkbacks plugins described below).

Which brings us to...

webmention

semantic-linkbacks.png

Webmentions are also part of the core IndieWeb building-blocks. They let you send and receive replies, likes, etc. directly from your site.

Try combining the webmention (video available) and semantic-linkbacks plugins, which support comments (including the reply-context), likes, reposts, favorites, RSVPs and classic mentions.

(Warning: Don't use pre 2.0 version of the indieweb plugin! It's an old, outdated bundle of the webmention and semantic-linkbacks plugins together, nothing more.)

For the webmention plugin to work, go to the Settings => Discussion page in your WordPress admin, and check the "Allow link notifications from other blogs (pingbacks and trackbacks)" and "Allow people to post comments on new articles" checkboxes.

Also install the webmentions forms plugin (requires FTP) to receive webmentions directly from the comments section of your blog.

More building blocks

If you've made it this far, congrats! You're a fully functioning member of the IndieWeb! Here are a few more plugins you might want to try. Many require FTP or other more technical setup.

Optional plugins

Past or old tech plugins

Themes

Some themes that support microformats or other semantics.

  • SemPress supports microformats, microformats2 and schema.org (theme)
  • P2 is a microblog theme for WordPress that might be adaptable for indiewebsters.

Rather than a theme uf2 is a plugin that attempts to add microformats2 data to an existing theme though as the author admits it is very limited and recommends using a theme that supports microformats natively.

People using WordPress

People using WordPress on their primary or other sites.

IndieWeb Examples

In particular, (semi-)active IndieWeb community members using WordPress on their own sites, thus you might find them on IRC to ask about their experience (or for help).

Other independents using it on their primary site

Using on one of their sites

People using WordPress on a secondary site.

Past Examples

Independents that used to use WordPress on their own site but have switched away (or site stopped working)

Development

Several projects are actively under development for use in Wordpress. Plugins/themes considered complete enough for widespread use will appear on this page.

For brainstorming on development of Indieweb themes/plugins for Wordpress and discussion of common conventions to ensure interoperability, see WordPress Development.

Criticism

Problems with and criticism of using WordPress software from an IndieWeb perspective.

Security Issues

WordPress (and often many popular plugins) frequently has security vulnerabilities that are found and exploited in a "zero day" fashion.

Mitigation:

Security vulnerabilities are found in many popular pieces of software, as their deployment makes them attractive targets. While there is currently limited options within the core of Wordpress, there are many security plugins that offer protection for Wordpress blogs.

Maintenance Vulnerability

Independents (quite tech smart and capable) who had their WordPress blog(s) hacked due to being unable to keep up with security updates / maintenance (too much of a hassle/chore/tax on their time).

  • Clay Shirky:
  • Dan Brickley
  • Michael.net:
    • WordPress seems to have a non trivial security hole every 6 months and I never have the time to tend to my WP install. The last major problem resulted in my blog being infested with malware and my site blacklisted by google. WordPress is like Windows. It's probably not really less secure than the alternatives but its popularity is such that it makes an attractive target. Most WordPress blogs are configured to ping an update service so hackers have no trouble finding targets. Any IndieWeb solution needs to think about automatic updates and defense in depth security. -- Michael.net
  • ...

Mitigation:

However, since Version 3.7, Wordpress supports background updates to alleviate this issue. By default, automatic updates for minor releases and translations are enabled. There are configurable settings to allow major release updates, and updates for specific plugins.

The Core Automatic Update functionality can also be used to push critical security updates to popular plugins. This was used in April of 2014 when the popular JetPack plugin was discovered to have a critical vulnerability and the developers requested the security update be pushed via the system to all users who had not expressly disabled all updates.

Fatal Error memory exhausted

WordPress seems to run out of memory on servers sometimes, and give a message like:

  • e.g. on http://yottabytes.info/?p=10497 (on 2014-06-08 15:28 EDT):
    Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 32 bytes) in /home/johnkrol/public_html/wp-includes/post.php on line 1961

Pages can not have numeric slugs

WordPress does not allow numeric page slugs, making it difficult to set up pages representing a year, such as /event/2014/. This is frustrating if you need to set up a series of annually recurring pages (not blog posts) without using a plugin. [1]

Switching away from

There has been a trend of folks switching away from WordPress for various reasons (e.g. problems noted above). They seem to switch to one of three options, one indieweb, and two silo.

  • static site generator or some other IndieWeb project
  • silo: WordPress.com hosting service (see below)
  • other silo: e.g. Tumblr (others?)

Switched to another project

(stub)

There are many folks with personal sites that have kept their personal site and webhost, but switched away from WordPress to another solution, e.g. typically a static site generator:

Many others have switched to Jekyll or are in the process of doing so, e.g.:

  • Crystal Beasley - per recent (2013-11) conversation on IRC
  • others beforehand ...

And a few have switched to their own IndieWeb project, e.g.

Switched to WordPress service

(stub)

I know there's folks that have done this but have trouble recalling offhand who in particular.

Switched to Tumblr

(stub)

Folks that were on WordPress that have moved to Tumblr

  • Micki Krimmel
  • ...

POSSE to WordPress

With WordPress's API it's possible to automatically POSSE posts to it, and there's at least one example of an indieweb community member doing so to the hosted service: POSSE to hosted

Tantek reply POSSE

Tantek Çelik has started experimenting with manually POSSEing reply posts to WordPress blogs to their comment sections. E.g.:

WordPress.com hosting service

WordPress.com is a blog hosting service with impressive importing and export features. See for details:

Hosted themes

WordPress.com provides themes to change the HTML/CSS/JS and general appearance of a user's site. While users can pay for a feature to write custom CSS, they can't change their theme markup. Which means amongst other things, a user cannot specify some markup in a post to show on a permanlink page and not in the post when it's a part of a feed. For example,

If you could detect "in the feed vs permalink page", you could use rel="canonical" on the attribution link from the syndicated copy on wordpress.com back to the original on iamshane.com. But because rel-canonical is page scoped, you shouldn't use it on a link in a post when that post is a part of the feed. To work around this, you can use class="u-url u-uid" on the attribution link.

POSSE to hosted

It is possible to manually POSSE articles to Wordpress.com.

IndieWeb POSSE Examples

Shane Becker

Shane Becker is manually POSSEing his articles to Wordpress.com.

webmention

WordPress.com doesn't have built in support for webmentions, but Bridgy can send, receive, and display webmentions for WordPress.com blogs. You can also receive webmentions with webmention.io and maybe webmention.herokuapp.com.

cURL Problem

On 2014-05-06 it was reported that http://indiewebify.me returned an empty result when attempting to check gabrielscheer.com. That domain is hosted on wordpress.com and it appears that wordpress.com is blocking some cURL requests based on the User-Agent. At a minimum, it appears that wordpress.com is blocking cURL requests with the Guzzle User-Agent.

This issue was previously reported on Github on 2013-05-19 [2]

Examples

See Also