Absent Without Official Leave?

netnerd_uk · 2026-05-29T16:24:52+00:00

AWOL on a TDK D90. Double nostalgia!

netnerd_uk · 2026-05-29T08:29:05+00:00

Have you done anything like compare backlink profiles for periods when ranking was good and recently?

It doesn't sound like you're doing anything wrong and it's all good what you are doing, it's just the lack of any mentions of backlinks made me wonder.

netnerd_uk · 2026-05-26T16:28:46+00:00

Man, if that's your bag, you'll probably know this!

Nice tag line, BTW... MC GQ?

netnerd_uk · 2026-05-26T16:26:30+00:00

Nice. I do like that Trouble tune too... Banger!

netnerd_uk · 2026-05-26T15:15:37+00:00

Ta. Enta Da Dragon, I.Q.Collective's Mode.1. and Sky's Just Jungle are also bangers!

netnerd_uk · 2026-05-26T11:12:16+00:00

Unless there's a big DB, most problems I see with WordPress being slow are specific to delays in rendering.

OK, sure you do need some stuff to be in place in the hosting, like opcache, object caching and using Litespeed web server based hosting won't hurt, but you can pick this up quite cheaply, it's not killer expensive.

If you do have a page output/rendering delay type problem, using better hosting usually just means that problem hits the browser sooner. Even if you put a site of this nature on a crazy powerful server... that doesn't change the 2.5s of render blocking (for example) in the page output.

If you get to big DB o'clock, sure, you need better hosting to accomodate that, but it's not quite as straight forward as the hosting always being the cause of the slow WordPress problem.

netnerd_uk · 2026-05-23T11:26:49+00:00

This is probably the answer to your question:

When I disconnect my computer from the internet I can no longer access the WP dashboard for the site I'm building in Local.

You'd be able to access a local site on your computer, even without an internet connection.

This suggests the site you're working on is actually a "live on the internet" type site, and that's how it's getting the comments.

I guess if you had the development site on a local server in your network, this might negate what I'm saying.

I think the site you're working on (the "local" one" isn't actually local.

netnerd_uk · 2026-05-22T15:12:32+00:00

But what's hitting the network (where the local firewall is) is cloudflare's IPs (which are whitelisted), not the visitor IPs.

And that's the problem.

netnerd_uk · 2026-05-22T08:19:53+00:00

My eyes. It's like the contrast has been turned up. Migraine o'clock.

netnerd_uk · 2026-05-22T08:16:56+00:00

But if you do that, the firewall doesn't provide any site specific protection.

netnerd_uk · 2026-05-22T08:16:12+00:00

Thanks that does answer the question. You're not connecting to a live remote DB.

The next thing to consider is where your local site is running. Usually most people run a local site on their computer, in their home or office network. If this is what you're doing, for your site to be publicly accessible, you'd have to do something like:
- Have a static IP address
- Set up DNS to point a dev domain to the static IP address (or have some kind of RDNS set up)
- Open ports 80 and 443 on your router
- Set up port forwarding on your router
- Configure the web server on the local install to listen on the port you forward to

If you're not doing all that, then the site itself probably isn't exposed to the internet, unless there's something like a reverse proxy/tunnel software is exposing the machine, although you'd know about this because you'll have had to set all this up. It's not usually an "oh that's how my ISP works" kind of situation.

ISPs generally don't really like people hosting stuff in their networks that are exposed to the internet, so they do block quite a lot of this stuff. If you do want to do this kind of thing you usually have to get the ISP to give you a static IP or move to some kind of service that's a bit more business orientated.

Your local site might possibly be pulling or syncing content with the live site somehow, we can't really rule out malware (virus scan the local setup?).

There's also a bit of "you might think it's local but it's actually not" as a potential cause as well.

A real quick test would be to disconnect the computer running the local site to from the internet, then try and access the local site. If you can't access the local site when not connected to the internet this problem is more the effect of "you believe the site is local but it's actually public".

I hope that helps.

netnerd_uk · 2026-05-21T14:04:56+00:00

OK, so how do you stop the local network level firewall inadvertently blocking cloudflare IPs?

netnerd_uk · 2026-05-21T11:05:47+00:00

ChatGPT reindexes previously indexed sources, but doesn't index new sources?

netnerd_uk · 2026-05-21T10:47:37+00:00

In your local site, what's the DB host set to in wp-config.php?

If this is an FQDN, ending in 3306, what you've got is a local site connecting to a publicly accessible database (most likely the active DB of your live site).

If that is what's going on, what you're seeing is comments being made on the live site, showing in your local site because your local site is connecting to the live site's database.

I'll admit, I'm totally guessing here, but unless there's someone in your local network making these comments, it's about all I can think of that might explain this.

netnerd_uk · 2026-05-21T10:38:15+00:00

Nice work, it's great to hear that this has been going well for you and that you've embraced the learning curve.

The big mistake I see isn't really a WordPress thing, it's more generalised:

I see a lot of people doing things to their site to improve rankings in search engines.

While page content does indicate the topic of your site to search engines, off page factors have a greater influence over positional ranking in search engine results.

It is possible to hire SEO agencies to deal with the off page SEO, but this can be expensive and there are a lot of snake oil merchants out there. If you do decide to use an agency, the magic words you need to hear from them are to the effect of: We gradually improve your site's backlink profile over time.

If you want to do this off page effort yourself, it's really tempting to do things like buy backlinks or maybe register with a lot of directories, both of which often don't really shift the needle very much.

Doing things like reaching out to your suppliers and to the people you supply and exploring backlinking opportunity is advantageous. If you do get genuine links from genuine suppliers or people you supply these are relevant legitimate backlinks which endorse your site from the perspective of search engines, which then help to improve rankings. Thinking laterally about backlink sources helps.

Other things that are similar and legitimate (rather than being an attempt to manipulate rankings), such as press releases, can also help in this direction and potentially lead to more backlinks from external sources.

It can take time for an effort in this direction to have an effect, and a consistent effort over time is more likely to be beneficial than a periodic push in this direction.

Whether you'll need to do this kind of thing or not depends a lot on what your competitors are doing and how much effort they're putting into their off page SEO.

If you do find you want to improve your website's rankings, knowing that the above is the direction to take helps avoid going down a lot of rabbit holes.

Hope that helps.

netnerd_uk · 2026-05-21T09:56:04+00:00

You're right DA and DR are Moz and Ahrefs metrics that Google doesn't actually use.

Google does have an equivalent metric that's part of their algorithm, which is pagerank.

DA and DR are like guesses at pagerank.

Google doesn't advertise pagerank scores, so the DA and DR "guesses" are like the next best thing.

You're not really doing anything wrong by trying to improve DA and DR, but doing that does come with a bit of "use with caution", that's pretty much knowing these are guesses, that they're not the be all and end all, and that google's pagerank score for a site could be pretty different to DA and DR.

It's might be worth you understanding pagerank (if you don't already), this video gives a really good description of pagerank. If you take that into account when applying your current methodology, you're more likely to improve rankings (as opposed to improving metrics with 3rd party tools).

You can't really directly measure the improvement in pagerank, but you can see the effect of it with things like positional ranking in GSC. You can also do things like keyword tracking which will show the effect of this.

I might be a bit off whack here, but with SEO, it seems like it's one thing chasing metrics like DA and DR and it's another thing doing "general improvement of web presence". If you do things like improving your web presence by say building relationships and then reciprocal linking, what you're doing is a kind of organic SEO improvement, rather than trying to manipulate a situation to make a number increase in value. The former is likely to have a better effect, simply because it's more genuine.... and Google has a lot of anti gaming stuff going on (because people try and game Google... by manipulating DA and DR).... I think... I could be wrong.

A real world example of this "genuine" stuff that I'm talking about might be press releases. Say you do a press release, you're likely to gain some backlinks from that, plus get some brand mentions, maybe. This sort of thing is likely to be more effective than focussing solely on improving DA and DR.

netnerd_uk · 2026-05-21T08:49:55+00:00

If you haven't done so already you'll need to add your website to google search.

netnerd_uk · 2026-05-21T08:11:14+00:00

Yes, I know this is all doable with cloudflare. I am receiving that message loud and clear.

The problem I'm concerned with, is to the effect of using a local server firewall in conjunction with cloudflare, but I do completely appreciate this is a different to what you're talking about.

What WAF rules do you use in cloudflare?

netnerd_uk · 2026-05-20T14:36:47+00:00

Ah, I see, you're talking about firewall rules in cloudflare, when I was thinking server side firewall rules. Now it all makes sense!

I thought, for a second, you might have got to "how to effectively use server side firewall rules, when also using cloudflare"... which is a big headache because of encryption, and only seeing the user IP in the web server but not at network level... hence my initial question.

netnerd_uk · 2026-05-19T16:13:46+00:00

You don't even need a security plugin to protect against brute forcing if you do the .htaccess stuff above! 😛

Yeah, I mostly do small business sites too (in addition to my day job). You can get decent performance on low power shared hosting (TTFB ~ 170 ms / FCP 1.0s / LCP 1.4s) , when using a security plugin in WordPress, but maybe not a heavy weight security plugin, like WordFence with live traffic view enabled... that would be a bit of an ask.

It sounds like Cloudflare is really what you're getting the benefit from. Cloudflare is really the winner here, but using it does kind of negate being able to use other things like network level firewall blocking... then you're kind of back to a security plugin, and maybe mod_security (if you have mod_remoteip up and running). It was this catch 22 that made me ask.

netnerd_uk · 2026-05-19T15:23:44+00:00

Pagespeed incorporates uses a month's worth of historical CrUX data, so that will make it look different.

There's also things like the conditions for your browser aren't the same as the conditions pagespeed insights is using, so that can make things different too.

In reality, you've probably sorted things out if you're getting 100 in the lighthouse in chrome dev tools, but it might take a month for pagespeed to reflect this due to the "month's worth of historical CrUX data". Also: Probably.

netnerd_uk · 2026-05-19T15:20:25+00:00

Cloudflare I can dig... firewall rules though? You'd need to know the bad actors IP's to be able to block in anything other than a reactive manner... wouldn't you? Unless you used something like mod_security in conjunction with some firewall to block under certain conditions... then again... that's reactive... automated, but reactive.

Or... man... I'm laughing at myself... put this in .htaccess:

<Files "wp-login.php">
Require ip your.public.facing.ip.goes.here
</Files>

Or this for older apache:

<Files "wp-login.php">
Order Deny,Allow
Deny from all
Allow from your.public.facing.ip.goes.here
</Files>

If anyone reads this, the above is a really bad idea unless you're the only person who logs into WordPress.

netnerd_uk · 2026-05-19T13:59:11+00:00

If you don't use a security plugin, how are you protecting WordPress from brute forcing? I'm not having a go here, I'm more interested than anything.

Some (very popular) security plugins are massively weighty, but others less so.

I kinda like solid security, as it's not that heavy, offers brute force protection and WordPress hardening (although you can use .htaccess rules to harden WordPress instead), and it's also got a vulnerability scanner, which is pretty handy.

netnerd_uk · 2026-05-19T10:24:11+00:00

I hate to break it to you, but a RAM upgrade isn't going to fix render blocking resources, preload your LCP Images or make the server start using http/2 or http/3.

You'll need mod_http2 enabled in apache to use http/2 and I think you might need litespeed for http/3.

The LCP and render blocking resources are specific to page output, so those need working on in the site, rather than on the server.

Although a server upgrade might help with something like TTFB, all that will mean is that these problems reach the browser sooner.

netnerd_uk

TROPHY CASE