IndieWebCamp is a 2-day creator camp focused on growing the independent web


WordPress is an open source blog software as well as a blog hosting service.

WordPress software

One of many IndieWeb Projects, WordPress is web software you can use to create a beautiful website or blog. Estimates are that Wordpress powers 20% of sites for which the content management server is identifiable.

If you're interested in jumping into the IndieWeb, and you've chosen WordPress as your tool of choice, great! Here are instructions that follow the step by step, ground up approach of IndieMark.

As you complete each step, try plugging your site into It will give you instant feedback, confirming that it's working or helping you fix it if not.


Getting Help

If you need help getting your WordPress site set up for the Indieweb, try the WordPress Outreach Club.

Getting started with Wordpress

We'll assume you already have your own personal-domain. After that, you'll need web-hosting. There are plenty of good options. WPEngine is one of the best for both beginners and advanced hackers. hosting service is solid and easy to use, but limits you to pre-approved plugins and themes.

Security and Spam Protection

One of the most important things for new users to do is to properly secure their Wordpress installation.


Account names like "admin" or "administrator" are popular targets for brute-force login attempts, and should not be used as a username.

Default Settings

Disable registration of new users.

Login Security Plugins

There are many options in this area...

  • WP Fail2Ban logs all login attempts, whether successful or not, to the syslog of the server using LOG_AUTH. If you have server level access, you can act on these logs using Fail2Ban or other software to block IP addresses.
  • IndieAuth for Wordpress allows users to sign in with their domain instead of a username and password. (See more complete details below.)

Spam/Comment Protection

Some individuals may prefer to disable local commenting in favor of only allowing commenting through webmentions. If local commenting is enabled, there should be some form of protection installed.

  • Akismet is a spam protection service by Automattic, the company that runs and is thus a major contributor/sponsor of the Wordpress open source project. It is free for personal use.
  • Combined together, the webmention and semantic-linkbacks plugins let you accept comments as webmentions from other web sites. They also let you backfeed comments, likes, etc. from social networks by using Bridgy (see further notes below).
    Warning: Don't use the pre 2.0 version indieweb plugin! That is an old, outdated bundle of the webmention and semantic-linkbacks plugins together, nothing more.

Adding Indieweb Support/Elements to a Wordpress Site

Here are steps to add IndieWeb support to a WordPress site.

See also individual articles bloggers have written about setting up their sites with indieweb support:


Once you have WordPress up and running, you'll want to set up IndieAuth. If you haven't already done so (above) install IndieAuth for Wordpress which allows users to sign in with their domain instead of a username and password. Next, you'll need to add the appropriate rel-me link(s) to your homepage. TheIndieAuth-Links plugin makes this easy, but you can also use Social Media Buttons or a Text Widget to add the needed rel-me link(s). Detail can be found at Once you've done that, head over to and sign in to test that you've set things up appropriately!

  • FIXME: This section conflates adding rel-me links to satisfy (e.g. for logging into the wiki) with the IndieAuth for Wordpress plugin that lets you authenticate on your own site with indieauth. The latter is a much more advanced step and should be moved to another section (and the distinction probably needs to be clarified) 15:52, 12 September 2014 (PDT)

You can also add rel-me links to a custom menu by enabling the Link Relationships under Screen Options on the custom menu page.


Next, you'll want to add microformats support. Try out the SemPress theme, it's the best way to do it. If you don't want to give up your current theme, try the wordpress-uf2 plugin (requires FTP).


Along with personal-domains, POSSE is one of the cornerstones of the IndieWeb. In short, instead of posting to social network silos, you post to your own site and then copy to the silos.

You can POSSE manually, but most people automate it. WordPress has many plugins that do this. A few of the most popular are:

Other plugins that can be used to POSSE:

If you POSSE, it's good practice to include rel-syndication links on your WordPress posts. Try the rel-syndication plugin for that(Currently only supports the Social plugin, the GitHub mainline has minimal support of Tumblr, Twitter and Facebook for NextScripts SNAP ).

Also, if you are writing status updates that will be duplicated in the content share boxes in your edit post screen, there is some handy code here to autofill those share fields to save copy/pasting them from the content WYSIWYG.

If you also want to go the other direction and pull your social network posts and data back to WordPress, there are PESOS plugins too. To start, try Lifestream.


Once you're POSSEing, you may want to pull comments and likes on the social network posts back to your site. This is called backfeed. Many of the POSSE plugins above can do this; see backfeed#WordPress_Plugins for details.

Another option is Bridgy, a service that automatically sends webmentions for activity on your POSSEd posts inside silos (before starting to use Bridgy, make sure you first install the webmention and semantic-linkbacks plugins described below).

Which brings us to...



Webmentions are also part of the core IndieWeb building-blocks. They let you send and receive replies, likes, etc. directly from your site.

Try combining the webmention (video available) and semantic-linkbacks plugins, which support comments (including the reply-context), likes, reposts, favorites, RSVPs and classic mentions.

(Warning: Don't use pre 2.0 version of the indieweb plugin! It's an old, outdated bundle of the webmention and semantic-linkbacks plugins together, nothing more.)

For the webmention plugin to work, go to the Settings => Discussion page in your WordPress admin, and check the "Allow link notifications from other blogs (pingbacks and trackbacks)" and "Allow people to post comments on new articles" checkboxes.

Also install the webmentions forms plugin (requires FTP) to receive webmentions directly from the comments section of your blog or the "Webmentions for Comments" plugin to enable webmentions support for threaded comments.

More building blocks

If you've made it this far, congrats! You're a fully functioning member of the IndieWeb! Here are a few more plugins you might want to try. Many require FTP or other more technical setup.

Optional plugins

Past or old tech plugins


Some themes that support microformats or other semantics.

  • SemPress supports microformats, microformats2 and (theme)
  • P2 is a microblog theme for WordPress that might be adaptable for indiewebsters.

Rather than a theme uf2 is a plugin that attempts to add microformats2 data to an existing theme though as the author admits it is very limited and recommends using a theme that supports microformats natively.

People using WordPress

People using WordPress on their primary or other sites.

IndieWeb Examples

In particular, (semi-)active IndieWeb community members using WordPress on their own sites, thus you might find them on IRC to ask about their experience (or for help).

Other independents using it on their primary site

Using on one of their sites

People using WordPress on a secondary site.

Past Examples

Independents that used to use WordPress on their own site but have switched away (or site stopped working)


Several projects are actively under development for use in Wordpress. Plugins/themes considered complete enough for widespread use will appear on this page.

For brainstorming on development of Indieweb themes/plugins for Wordpress and discussion of common conventions to ensure interoperability, see WordPress Development.


Problems with and criticism of using WordPress software from an IndieWeb perspective.

Security Issues

WordPress (and often many popular plugins) frequently has security vulnerabilities that are found and exploited in a "zero day" fashion.


Security vulnerabilities are found in many popular pieces of software, as their deployment makes them attractive targets. While there is currently limited options within the core of Wordpress, there are many security plugins that offer protection for Wordpress blogs.

Maintenance Vulnerability

Independents (quite tech smart and capable) who had their WordPress blog(s) hacked due to being unable to keep up with security updates / maintenance (too much of a hassle/chore/tax on their time).

  • Clay Shirky:
  • Dan Brickley
    • WordPress seems to have a non trivial security hole every 6 months and I never have the time to tend to my WP install. The last major problem resulted in my blog being infested with malware and my site blacklisted by google. WordPress is like Windows. It's probably not really less secure than the alternatives but its popularity is such that it makes an attractive target. Most WordPress blogs are configured to ping an update service so hackers have no trouble finding targets. Any IndieWeb solution needs to think about automatic updates and defense in depth security. --
  • ...


However, since Version 3.7, Wordpress supports background updates to alleviate this issue. By default, automatic updates for minor releases and translations are enabled. There are configurable settings to allow major release updates, and updates for specific plugins.

The Core Automatic Update functionality can also be used to push critical security updates to popular plugins. This was used in April of 2014 when the popular JetPack plugin was discovered to have a critical vulnerability and the developers requested the security update be pushed via the system to all users who had not expressly disabled all updates.

Fatal Error memory exhausted

WordPress seems to run out of memory on servers sometimes, and give a message like:

  • e.g. on (on 2014-06-08 15:28 EDT):
    Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 32 bytes) in /home/johnkrol/public_html/wp-includes/post.php on line 1961

Pages can not have numeric slugs

WordPress does not allow numeric page slugs, making it difficult to set up pages representing a year, such as /event/2014/. This is frustrating if you need to set up a series of annually recurring pages (not blog posts) without using a plugin. [1]

Switching away from

There has been a trend of folks switching away from WordPress for various reasons (e.g. problems noted above). They seem to switch to one of three options, one indieweb, and two silo.

  • static site generator or some other IndieWeb project
  • silo: hosting service (see below)
  • other silo: e.g. Tumblr (others?)

Switched to another project


There are many folks with personal sites that have kept their personal site and webhost, but switched away from WordPress to another solution, e.g. typically a static site generator:

Many others have switched to Jekyll or are in the process of doing so, e.g.:

  • Crystal Beasley - per recent (2013-11) conversation on IRC
  • others beforehand ...

And a few have switched to their own IndieWeb project, e.g.

Switched to WordPress service


I know there's folks that have done this but have trouble recalling offhand who in particular.

Switched to Tumblr


Folks that were on WordPress that have moved to Tumblr

  • Micki Krimmel
  • ...

POSSE to WordPress

With WordPress's API it's possible to automatically POSSE posts to it, and there's at least one example of an indieweb community member doing so to the hosted service: POSSE to hosted

Tantek reply POSSE

Tantek Çelik has started experimenting with manually POSSEing reply posts to WordPress blogs to their comment sections. E.g.: hosting service is a blog hosting service with impressive importing and export features. See for details:

  • --> this should probably be moved to it's own page:

Hosted themes provides themes to change the HTML/CSS/JS and general appearance of a user's site. While users can pay for a feature to write custom CSS, they can't change their theme markup. Which means amongst other things, a user cannot specify some markup in a post to show on a permanlink page and not in the post when it's a part of a feed. For example,

If you could detect "in the feed vs permalink page", you could use rel="canonical" on the attribution link from the syndicated copy on back to the original on But because rel-canonical is page scoped, you shouldn't use it on a link in a post when that post is a part of the feed. To work around this, you can use class="u-url u-uid" on the attribution link.

POSSE to hosted

It is possible to manually POSSE articles to

IndieWeb POSSE Examples

Shane Becker

Shane Becker is manually POSSEing his articles to

webmention doesn't have built in support for webmentions, but Bridgy can send, receive, and display webmentions for blogs. You can also receive webmentions with and maybe

cURL Problem

On 2014-05-06 it was reported that returned an empty result when attempting to check That domain is hosted on and it appears that is blocking some cURL requests based on the User-Agent. At a minimum, it appears that is blocking cURL requests with the Guzzle User-Agent.

This issue was previously reported on Github on 2013-05-19 [2]


See Also