WordPress 5.0 introduced a new content editor called Gutenberg (named after Johannes Gutenberg, who invented the printing press over 500 years ago) …
(WordPress 5.0 introduced Gutenberg – the new WordPress content editor)
The Gutenberg editor replaces the pre version 5.0 content editor (now referred to as the WordPress ‘Classic’ editor …
(WordPress ‘Classic’ Content Editor – pre WordPress 5.0)
If you have been using WordPress for a while and prefer to keep using the pre-WordPress 5.0 content editor (i.e. the WordPress ‘Classic’ editor), a ‘WordPress Classic Editor’ plugin has been developed by the WordPress community that restores the familiar editor to your WordPress site, replaces the new Gutenberg editor as the default content editor, and lets you keep working as you were previously.
The tutorial below shows you how to install, activate, and use the WordPress ‘Classic’ editor plugin.
If you’re new to WordPress, see these tutorials first:
WordPress Classic Editor Plugin is the free official plugin maintained by the WordPress team to restore the pre WordPress 5.0 (‘classic’) WordPress editor and the ‘Edit Post’ screen.
This plugin also makes it possible to use plugins that:
Extend the ‘Edit Post’ screen,
Add old-style meta boxes, or
Depend on the previous editor.
Once installed and activated, the plugin will hide all functionality available in the new Gutenberg Block Editor.
To install the WordPress Classic Editor Plugin plugin from your WordPress dashboard, go to Plugins > Add New …
(WordPress Dashboard Menu: Plugins > Add New)
If the plugin isn’t showing on the screen, type in “classic editor” into the Keyword search field …
(Add Plugins > Classic Editor)
Click on the ‘Install Now’ button …
(Install the plugin)
After installing the plugin, click ‘Activate’ …
(Activate the plugin)
The plugin is now installed and activated.
The Classic Editor plugin is ready to use as soon as it has been activated.
If you want to change the plugin’s settings, select Plugins > Installed Plugins from your dashboard menu, then locate the Classic Editor plugin and click on the ‘Settings’ link …
(Classic Editor > Settings)
This will take you to the ‘Writing Settings‘ screen, where a new section will be added, allowing you to specify the ‘Default editor fo all users (‘Classic’ or ‘Block’ editors) and whether or not to allow your site users to switch editors …
(WordPress Writing Settings – Editor Section)
Using The Plugin
Once the plugin has been installed and activated, you will see the familiar ‘Classic’ editor screen appear when you create or edit your posts or pages …
(Classic Editor Screen)
If you deactivate the Classic Editor plugin (go to ‘Plugins > Installed Plugins’and click on ‘Deactivate’ link) …
(Classic Editor plugin – Deactivate)
Your content editor will instantly revert to the new Gutenberg interface …
(Gutenberg Content Editor screen)
Congratulations! Now you know how to install, activate, and use the WordPress Classic Editor plugin.
If you need help understanding the Gutenberg content editor, we have created a comprehensive guide here:
WordPress is the world’s leading platform for building websites and for publishing and managing content online. Over 30% of all websites in the world are powered by WordPress, making the platform a huge target for hackers and malicious users looking for vulnerabilities that they can exploit and use to compromise a website.
According to security experts, 90,978 hack attempts are made on WordPress websites every minute!
Our own security reports and logs confirm this. We run a number of WordPress sites and these are constantly under attack …
(WordPress sites are constantly under attack!)
If you have created a website without proper security planning and the right WordPress security plugins installed, then it’s only a matter of time before you fall prey to hack attempts.
MalCare is regarded by many WordPress security experts and top WordPress plugin listicles as one of the best security solutions in the market.
(MalCare is one of the best security solutions for WordPress!)
MalCare was built by the same company that developed BlogVault, a popular WordPress backup plugin with over 200,000 users. While working on BlogVault, they saw the need for a good security plugin and decided to build a comprehensive security solution that can detect, remove, and prevent hacking attempts.
What makes MalCare a better WordPress security plugin? First of all, this is a multidimensional solution created for non-technical users that allows you to keep your WordPress site secure with just a few clicks.
In this post, we are going to cover the following areas of using MalCare:
Installation and Setup
Installing and setting up MalCare requires no external help or technical assistance from experts.
Setting up MalCare and ensuring that your security plugin is running and keeping your site protected is a simple two-step process:
After logging into the MalCare dashboard, add your site(s) to the MalCare dashboard by selecting the Add New Site button …
(Add new site)
A field will display asking for the address of your website. Enter the URL of your site into the field and select the Next Step button …
(Add a site)
Step 2 – Install The Plugin
You will be asked to enter your site’s admin login details. Type in the credentials to your site and MalCare will do the rest for you and begin securing your site.
Exploring The Dashboard
The MalCare dashboard provides a clean and intuitive interface that makes it easy to navigate to the various plugin sections and features.
The left-hand side of the dashboard provides one-click navigation links to help you access all the main features quickly. The dashboard is neatly divided into five sections: Security, Management, Backup, Reporting, and White-Labelling. Below this, you will find everything you need to keep your site secure.
After performing an initial scan, your site will be marked with a security rating ranging from A to D (A is best and D is worst). The score is determined by an internal algorithm that tells you the health of your site.
Don’t be alarmed if your scan doesn’t result in an “A”. MalCare will tell you what you can do to improve the score.
There are four main features available in MalCare that you need to know about. Let’s take a deeper look at each of these features:
An impressive fact worth knowing is that MalCare was built after collecting data from over 240,000 websites. The scanner uses artificial intelligence to detect hard-to-find malware. MalCare scans sites at a scheduled time every day.
Apart from the scheduled scans, there is also a Scan Now option that lets you instantly run a scan and display the results.
(Select the ‘Scan Site’ option)
MalCare doesn’t just search for strings in the code to find malware. This technique is not sufficient to detect complex malware. It has a sophisticated algorithm along with AI that learns and discovers new and complex malware in your system with ease.
Another reason why MalCare is impressive is that the scanning does not slow down your site. Instead, MalCare transfers your website data to its own server and runs the scan on the server.
After the scanning is done, if malware is found, the next step is to clean it.
Cleaning malware is normally a time-consuming task. MalCare, however, makes this easy. The Auto Clean option is present in the Scanner section and the malware clean happens at the click of a button.
If you are informed that your site has been hacked, all you need to do is press the button, and your website will be malware free! You will be informed of this by email and receive a notification alert on the dashboard.
No Technical Expertise Required
You don’t need technical experts to use the MalCare Cleaner. The entire cleaning process is simple and easy to follow and can be done by a non-technical person.
Thorough Malware Removal
The nature of malware programs is that even after being removed, many will try to make a comeback by finding a backdoor. MalCare was built to prevent these kinds of issues. After running the cleaner, most malware issues should be permanently resolved.
The MalCare cleaner works in a way that does not affect any part of your site while removing malware. It takes care of the files that were hacked and leaves your clean files untouched.
Many people will recommend performing a manual clean up after your site has been hacked. This kind of cleanup, however, is considered outdated. MalCare employs the latest technologies to clean a site with the click of a button!
(Your site is now clean!)
While removing existing malware is essential, the next important step is preventing malware from infiltrating your website again.
WordPress recommends certain website hardening measures to improve website security. To perform those measures, however, requires some technical knowledge. MalCare makes it easy to perform these measures. Based on the level of security required, MalCare offers three types of protection.
(MalCare website hardening)
Block PHP Execution in Untrusted Folders
Change Database Prefix
Disable Files Editor
Block Plugin/Theme Installation
Reset all Passwords
Change Security Keys
MalCare performs these actions when the above security levels are enabled. Here are a few technical aspects of the website hardening feature.
These are stored by default on the database of the site. However, it can be dangerous as it is an easy target for hackers. With MalCare, these keys can be replaced with a new set of keys that are stronger. They are also placed in a more secure location.
Attacks caused due to the execution of PHP files in the uploads folder are frequent, but MalCare efficiently takes care of this too!
Prevents Plugin Installations
Rogue plugins and themes are an easy way for hackers to get into your site. MalCare detects them at the initial scan itself. It will disable these installations and reduce the risk factor.
You can select your preferred security level and choose the actions to take when you navigate to the website hardening feature. The hardening feature is highly recommended even if you have not experienced hacking issues.
MalCare Firewall is a feature enabled to fortify your website and protect it from hackers. This feature is automatically activated when a site is added to MalCare.
However, you can disable if you wish. MalCare filters the traffic coming from the outside world in two ways:
MalCare scans more than 100,000 websites in search for bad IPs. These are the ones that are known to harm your website when they visit it. So whenever one of these IP addresses try to gain access from your site, the firewall blocks it!
(MalCare traffic log)
Some hackers continuously try to gain access to your site by trying different combinations of passwords. MalCare blocks them after a few unsuccessful attempts by deploying a CAPTCHA.
This feature will make you feel a lot safer, so ensure that the firewall remains enabled all the time.
(MalCare login logs)
Backups are an essential part of website security. They are your safety net if a hacker gains access to your site and wipes out your files and data. With MalCare’s powerful backup service, your sites will remain protected and you always have access to your backups.
MalCare has a website Management section where you can manage your dashboard, update plugins, themes, and a lot more. The site also has a feature that alerts you if your plugins are outdated!
Additionally, you can change passwords, user roles or even delete users who have access to your WordPress site.
(MalCare website management)
If you need support or have any questions or concerns about the features or the technology behind MalCare, you will find that the MalCare support team is very responsive and eager to share their knowledge with you.
Recommendation: Install The MalCare Plugin
The features in MalCare are simple and easy-to-use. If you own or manage multiple WordPress sites, adding these to the dashboard is just a simple ‘rinse and repeat’ process. MalCare is a robust WordPress security solution backed by a solid support team and extensive help documentation.
With MalCare’s Scanner actively looking after your WordPress sites on a daily basis, you will have peace of mind knowing that your sites will be safer.
Using the Cleaner is easy and the procedure takes only a few minutes. Use the Website Hardening feature to lock down the backend of your site(s). Malcare also provides two additional useful features for agencies, web developers, or anyone managing client websites: White-Labelling and Client Reporting.
MalCare is very reasonably priced and offers a range of options to suit your needs, depending on how many sites you need to protect and manage.
If you are a WordPress site owner, we recommend installing the MalCare security plugin and using the service as part of your regular website management and security maintenance process.
Learn how to prevent spammers posting comments on your WordPress media file attachment pages …
How To Stop Comment Spam On Your WordPress Media Attachment Pages
Are you getting comment spam on your WordPress media attachment pages?
This step-by-step tutorial will show you how to delete comment spam from your media attachments and how to prevent this from happening in the future.
Spammers can be quite devious when it comes to finding new ways to spam your site. Recently, while doing some administration work, I received an automated email notification message from one of my sites that a spam comment had been posted on a media file attachment page …
(WordPress comment notification email)
My first thought was “How did spammers get to my media files?”
After logging into the site, clicking on the ‘Comments’ menu and verifying that the spam comment had indeed been posted on a media file attachment page, my second thought was … “Oh no! I’ve uploaded a bunch of media files to this site, so I need to shut down hundreds of pages that spammers can target!” …
(WordPress Comments section)
I then checked some of the media file attachments pages on the site and saw that the “comments” section was enabled …
(Media file attachment page – Comments enabled)
This was a new site that I had quickly set up and hadn’t finished fully configuring. To prevent further comment spam from being posted on the site through its media attachment pages, I now had to disable the ‘Discussions’ feature for all existing media items.
The tutorial below will show you how to delete comment spam posted to existing media file attachment pages and how to prevent new comment spam from being posted to these pages in the future
How To Delete Comment Spam On Existing Media File Attachment Pages
Normally, the best way to prevent comment spam is to configure your discussion settings as shown in the tutorial below:
Also, unless certain plugins or features installed on your site require you to upload and use images from the WordPress Media Library, we recommend storing and serving all media used on your website from a media storage and delivery service like Amazon S3.
How To Delete Comment Spam On Existing Media File Attachment Pages Manually
To delete comment spam from existing media file attachment pages, log into your WordPress admin, go to the main menu in your dashboard and select Media > Library …
(WordPress Menu: Media > Library)
This brings you to the Media Library screen.
Media Library Grid View
The screenshot below shows items uploaded to your media library displayed as a grid.
To disable comments on media files in the grid view, click on a media element …
(WordPress Media Library – Grid Layout)
This brings you to the Attachment Details screen. Click on the ‘View attachment page’ link …
In the Edit Media screen, scroll down to the ‘Discussion’ section and untick the ‘Allow comments’ checkbox to disable comments for that media element’s page …
(Edit Media – Discussions)
If you can’t see the Discussion section, scroll to the top of your page and click on the Screen Options tab …
(Screen Options tab)
Make sure that the ‘Discussion’ checkbox is enabled in the ‘Boxes’ section …
(Screen Options – Boxes > Discussion)
After disabling the ‘Allow comments’ checkbox, click Update to save your new settings …
(Comments disabled. Update to save your settings)
Make sure that your media file has been updated. Comments are now disabled for your media attachment page.
(Media file updated)
Note: If you have sharing features enabled for your media files through a plugin, you may also want to consider disabling sharing options on you media attachments pages (unless you need to leave these turned on) …
(Consider disabling sharing features on media attachment pages)
If using a plugin like Jetpack, for example, you can configure your sharing options to make sure that buttons don’t appear in places where they are not useful or required …
(Jetpack Sharing Options)
Media Library List View
A quicker way to edit your media files attachment pages is to display your media library in ‘List’ view. This way, you can go to the Edit Media screen directly by clicking on the ‘Edit’ link in the Quick Edit menu …
(Media Library – Quick Edit > Edit)
In the Edit Media screen, disable the ‘Allow comments’ checkbox in the Discussion section to disable comments, then resave the page to update your settings …
(Edit Media screen – Disable comments in Discussion section)
What If You Have Too Many Media Elements In Your Media Library … ?
If you have too many media elements uploaded to the WordPress Media Library, then disabling comments for each item manually can become a long and painful task …
(What if you have too many media elements to update manually?)
In this case, we recommend using a plugin.
There are a number of plugins available for WordPress that allow you to disable comments on your site. Let’s take a look at one of these …
Disable Comments is a free WordPress plugin that allows site administrators to disable comments globally on any post type (posts, pages, media attachments, etc.)
It also removes all comment-related fields from edit and quick-edit screens, the WordPress Dashboard, Widgets, the Admin Menu, and the Admin Bar. On multisite installations, it can be used to disable comments on your entire network.
Note: Don’t use this plugin if you want to selectively disable comments on individual posts. This plugin should be used if you don’t want comments at all on your site (or on certain post types), as the plugin settings cannot be overridden for individual posts.
To install the plugin, go to Plugins > Add Plugins and type in “disable comments” in the ‘Keyword’ field …
(Plugins > Add Plugins)
To use the ‘Disable Comments’ plugin, locate the item and click on the ‘Install Now’ button …
(Add Plugins > Install Now)
Click on ‘Activate’ …
(Add Plugins > Activate)
After the plugin has been installed and activated, visit the configuration page to configure the plugin’s settings …
You can also access the plugin settings screen by going to Settings > Disable Comments.
Select the option that best suits your needs (e.g. disable comments throughout your site or only on selected post types – in this case ‘Media’) and click ‘Save Changes’ to update your settings …
(Disable Comments screen)
After configuring and saving your settings, it’s time to check that everything is working as it should.
Go back to your Media Library section by selecting Media > Library from the main menu …
(WordPress Menu – Media > Library)
Select a media element that has not been updated yet, and right-click on ‘Edit’ to open the attachment page in a new browser tab …
(Media Library – Edit)
The ‘Discussion’ and ‘Comments’ features should be disabled on the page …
(Discussion feature disabled in media attachment page)
These features should also have been disabled in the Screen Options tab …
(Discussion feature disabled in Screen Options tab)
And if you visit the media attachment page itself, you should not see the Comments field displayed (No Comments field = No Comment Spam!) …
Hopefully, this tutorial has helped you with stopping or preventing comment spam from being posted on your WordPress media attachment pages.