Spammers are a crafty bunch, using a variety of techniques to spread their unwanted junk. One way they do this is by submitting comments to the special pages WordPress creates for each image that has been uploaded. Spammers find these pages and submit spam. But there are ways to thwart their misdeeds!
7 Ways to Redirect WordPress Attachment Pages
Lately we’ve been using the Redirect Attachment Pages plugin, if the client does not have it available through an SEO plugin.
Today I had to add some retargeting code to a site, and my research revealed that I needed to add it to the functions.php of the theme. No problem.
function jr_add_floodlight_retargeting() { // Added 4/14/21 by EKB to put code on landing page for Floodlight campaignif ( isset( $_GET['utm_source'] ) ) { if($_GET['utm_source'] == "ww") { ?> ... javascript code here ... <?php } } } // end function jr_add_floodlight_retargeting add_action( 'wp_body_open', 'jr_add_floodlight_retargeting' );
But then, my code wasn’t firing properly, and I discovered that the child theme was old enough that it didn’t have the necessary code in header.php. I found out from this article:
WordPress 5.2 action that every theme should use
Added that code to the theme’s header file, and away I went! Yay.
One of our clients was getting spam comments on her media attachment pages, so I found this handy little plugin to make it so the attachment pages are no longer available for those kinds of shenanigans. It solves the problem nicely by redirecting each page to the media file itself.
A similar feature is available in Yoast SEO, so if you have that plugin, you can go to SEO -> Search Appearance -> Media tab and turn on the option to Redirect attachment URLs. Sweet!
Attackers quite frequently try to exploit xml-rpc.php, a built-in file for WordPress which provides access to external services, such as JetPack, marketing services, etc. Most sites don’t need this functionality, so it can be blocked. I found this article listing a couple of ways to do it, and it’s one of the services we’ll add to our site this year, as part of the security checkup.
Two Ways to Fully Disable WordPress XML-RPC
You have to be careful, sure that nothing is using it. I wonder if there’s a plugin already out there which helps determine if it’s being used on a site. Will check and update if I find something.
We recently created a new site and wanted a fancier font than what was available, and I found this page to help:
Use Google Fonts Locally With GeneratePress
That did the trick! I’m including a link to the helper page, in case the main article goes away.
Siteground support gave me a good resource today… a website previewer that can be used to see a site before you’re ready to switch the DNS.
Here’s a good article on how to diagnose and fix slow WordPress sites.
We recently had a client with a hacked site, and I discovered some interesting security tools that are freely available.
Top 13 Online Vulnerability Scanning Tools
And here are some more…
Website Vulnerability Scanners
I used some of them to make sure the site had been cleaned up, and all is well. This underscores the importance of keeping WordPress up-to-date!