Watermarking images in WordPress

WordPress website header - WP logo

Do you need to watermark images in your WordPress website? Read the RCC guide to your options for marking and protecting your images in WordPress.

There are quite a few reasons for wanting to watermark images on your website:

  • Protecting your product photography from being used without credit
  • Discouraging users searching with Google Image search from using your photography and images in their presentations, documents and on their own websites

If you’d like help to watermark images on your website, contact us about our WordPress development services.

What is a watermark?

A watermark is an image or text added to an image as a way to credit the original creator.

Watermarks originated in early paper manufacture, but in the modern age are used to credit the creator(s) of a specific photograph or image.

Pros and cons of watermarks on photographs

As with any feature on your WordPress website, there are pros and cons of adding watermarks to your images:

Advantages Disadvantages
Useful for dissuading people from using your images without credit Automatically applying watermarks can obscure required details in necessary images
If the image is uploaded elsewhere, you are still credited It’s hard to watermark the entire image without obscuring it.
Useful for sharing on social media too. It can be easy to crop or remove watermarks from images.

There is a good discussion on watermarking on the BH Photo website.

Watermark your website images without a plugin

One option for marking your website images is to use a free watermark service such as Watermarkly. a favourite of ours as it’s simple and easy to use.

This is fine for watermarking a very small number of images if you don’t want to install yet another WordPress plugin: it’s not very practical if you upload images to your website on a very regular basis (e.g., daily), though, so a a specific plugin which automatically watermarks images may be worthwhile.

Image Watermark plugin for WordPress

The Image Watermark plugin for WordPress contains quite a few useful features for those watermarking images on their website:

  • a bulk watermark facility
  • set location of watermark on original image
  • the ability to change the opacity of watermarks added to images

Caution: this plugin has not been updated in some time.

Easy Watermark plugin for WordPress

Easy Watermark is a fully featured watermark plugin, with the ability to restore images you no longer want a watermark on. Other features include:

  • add text watermarks
  • opacity of watermarks can be controlled
  • ability to restore images without watermark

Caution: this plugin has not been updated in some time.

There don’t appear to be any actively developed watermarking plugins for WordPress at the time of writing: do you have a recommendation? Let us know!


Should I enable Auto Updates in WordPress?

WordPress website header - WP logo

WordPress has recently introduced auto-updates (automatic updates) for its core and for WordPress plugins, too.

What is an automatic update?

An automatic update gives WordPress the ability to update your website’s code and plugins without you, the user, needing to manually log in and click buttons to run the updates. On the surface of things, this is a great leap forward for WordPress users, as it can cut down maintenance time on your website, and apply updates more quickly than you might be able to do it yourself, meaning that

In fact, WordPress automatic updates have been available for quite some time, but as of WordPress 5.5, launched in August 2020, it’s now available for you to enable via WordPress’ administration panel.

Should I enable automatic updates in WordPress?

The short answer is…maybe! Automatic updates are a helpful tool to WordPress website owners, but they can potentially also cause quite a few issues. Ask yourself these questions before enabling WordPress auto-updates for your own websites:

  • Do I have a sturdy and reliable back up and restore system, in case of error?
  • Do you trust the WordPress plugins you use? More popular, well-maintained plugins are likely to be more “update proof” than other plugins. (And, if you don’t trust your plugins, why have you installed it on your website?!)
  • Is your website “mission critical”? Can your business or organisation survive if your website is down for a few hours – or even days? If not, enabling auto-updates on your live site might not be a great idea (but testing it on your development website is!)

If you’re still not sure, talk to our WordPress developers who can help advise on website maintenance.

How to enable auto-updates for WordPress

As we said above, automatic updates have been available in WordPress for quite some time, but if you’re on WordPress version 5.5 or above, you should now see an “Automatic updates” field when you view your plugins in the Plugins > Installed Plugins screen. You can disable / enable automatic updates of plugins by changing the setting here (there is also a new “Enable / disable auto-updates” in the Bulk actions dropdown at the top of the plugins list.

Should I enable WordPress automatic updates?

Not sure what Auto Updates mean for you website? Check out blog posts on our sister website, Peacock Carter: what do WordPress auto-updates mean your website?


Disabling the Post content type in WordPress

WordPress website header - WP logo

Do you need to disable the Post content type in WordPress? Here’s our guide to removing Posts from your WordPress website.

The Post content type in WordPress is one of the defaults that comes with every installation of WordPress, with the other content type being Page.

The difference between WordPress Posts and Pages

The difference between the Post and Page content types boils down to time: content which is “evergreen” or “timeless” is best as a page (e.g., “About us”, “What we do”) – the content may change over time, but its purpose doesn’t, and this sort of content doesn’t have any time sensitivity – it doesn’t really matter if you created the page in 2006 or 2020! Posts, on the other hand, are time-sensitive, and are best used for news articles (e.g., “ABC Inc recognised in global awards”)

Why disable the Post content type?

There are a few scenarios in which removing, or disabling the default Post content type that comes with WordPress is of use. The most common reason is probably that you are building a simple “brochure” style website, and have no need to use Posts.

Of course, you could just ignore the Post content type entirely, but removing it from WordPress is a smoother way to achieve this – and could prevent your web design agency clients confusing where they need to add and edit content in their own website!

Hide Posts from WordPress administration

One way to remove Posts from WordPress is to hide any mention of it in the WordPress administration panel; this doesn’t remove or disable the functionality, but rather just hides the ability of logged in users to see it. You can achieve this by adding the following code to your WordPress theme’s functions.php file:

// Remove default Post content type from WordPress

add_action('admin_menu','remove_posts_type' );
add_action('admin_bar_menu','remove_posts_from_menu', 9999);
add_action('wp_dashboard_setup', 'remove_posts_quickdraft', 9999);

function remove_posts_type() { // Remove post type links
function remove_posts_quickdraft(){ // Remove "quick drafts" post from dashboard
  remove_meta_box('dashboard_quick_press', 'dashboard', 'side'); 
function remove_posts_from_menu( $wp_admin_bar ) { // Remove "New post" links

This removes links to Posts from your WordPress administration panel, as well as the “quick draft” block from the dashboard. There is also the possiblity you can remove the ability to add, edit or view posts from specific user roles (e.g., Editor, Subscriber, Administrator) by customising WordPress’ default roles and permissions.

You can also use WordPress’ remove_post_type_support function to disable particular features for content types in your website. For example, if you want to remove support for excerpts from your posts, you can add the following to your theme’s functions.php file in the wp-content/themes/ directory.

Finally, you may also find our guide to remove custom post types from Yoast’s SEO sitemap helpful.

Still need help with your WordPress website? Check out WordPress support from RCC, or our WordPress consultancy services.


Allow ZIP and 7ZIP files in WordPress uploads

If you have a WordPress website, you’ll know by know it’s relatively easy to upload images and documents to WordPress’ media directory.

Uploading images and other files here allow you to link to the files in your website’s page and post content – so it’s really handy.

Default file types WordPress allows you to upload

Not all file formats are allowed to be uploaded to WordPress by default (see a list of file types WordPress allows by default here).

  • Images
    • gif
    • jpg / jpeg
    • ico
    • png
  • Documents
    • .doc, .docx
    • pdf
    • odt
    • ppt, pptx, pps, ppsx
    • psd
    • xls, xlsx
  • Audio
    • mp3
    • m4a
    • ogg
    • wav
  • Video
    • 3gp
    • 3g2
    • avi
    • mov
    • mp4, m4v
    • mpg
    • ogv
    • wmv

It’s worth noting that some hosting companies will not permit the above file types, and may restrict the maximum file size you can upload. You may also find our guide on changing the default WordPress uploads directory useful.

Allowing ZIP and 7ZIP file archive file type for WordPress uploads

To allow you to upload additional file types as well as the default file types listed above, you can modify your WordPress installation’s allowed MIME types (MIME types are a way of describing different file types):

// Add new file types
function add_file_type_uploads( $mimeTypes ) {
        $mimeTypes['zip'] = 'application/zip';
        $mimeTypes['7zip'] = 'application/x-7z-compressed'; 
        $mimeTypes['7z'] = 'application/x-7z-compressed'; 

	return $mimeTypes;
add_filter( 'upload_mimes', 'add_file_type_uploads' );

You can also remove all restrictions to file upload types, though we strongly recommend against this for security reasons. If you insist on doing this, you can add the following line to your website’s wp-config.php file:


Still stuck? Our WordPress consultancy is designed to help you solve problems with your WordPress website.


Exporting all user email addresses in WordPress

By default, WordPress’ export tool (under Tools > Export in WordPress’ admin panel) doesn’t have an option to allow you to export all of your users’ email addresses. This guide shows you how to export all user email addresses in WordPress.

There are many reasons you as a website owner might want to do this, of course, but if you’re planning to add them to a mailing list, beware data protection laws in your local region.

1. Use an export plugin for WordPress

There are plenty of WordPress plugins which can help you export data from your website, including user email addresses. We’ve used the Import Export WordPress Users plugin with success before, and it is still (as of May 2020) actively maintained.

The Import Export WordPress Users plugin allows you to download all of your WordPress website’s users, including their email addresses, in CSV (comma-separated value) format. You can then open this in spreadsheet software such as  OpenOffice Calc, Microsoft’s Excel, or Google’s Sheets tool, and capture the email addresses.

2. Export from the database directly

This method to export your users’ email addresses from WordPress will only apply if you have direct access to the database of your website – this might be accessible through a range of tools in your website hosting’s cPanel or Plesk control panel, or via a tool called phpMyAdmin.

No matter which database tool you are using, navigate to the users table in your WordPress website’s database. The name of this table may have a prefix if you have one set in your website’s wp-config.php file, so it may look something like wp_users or yoursite_users.

Export this database table in CSV format, which you can then open in any spreadsheet software such as those listed above.

3. Use MySQL to list all user email addresses

Finally, you can also use the following MySQL query (which we’ve adapted below) on your database to return all WordPress user’s email addresses. You may need to adapt this query to match the name of your WordPress users’ table.

SELECT user_email FROM wp_users;

Still need some help exporting data from your WordPress website? Our talented WordPress developers are available for hire!


One simple change to improve spam filtering on WordPress websites

WordPress website header - WP logo

Here’s a great quick tip to improve the spam filtering on your WordPress website.

If you have a WordPress website, the likelihood is that you’ve seen spam comments appearing on your website in the “comments” section, unless you’ve disabled all ability for website visitors to add comments to your posts.

These are a magnet for spam comments to totally unrelated websites, and can harm your website’s search engine optimisation efforts, so it’s important to reduce and remove spam wherever it appears.

Using WordPress’ built-in blocklist feature for spam

Log in to your WordPress website’s administration panel, and navigate to the Settings > Discussion screen:

Improve spam filtering with WordPress

Scroll down the page to find the Comment Blocklist field:

WordPress' Comment Blocklist feature for reducing spam

As described in WordPress, the Comment Blocklist field:

When a comment contains any of these words in its content, name, URL, email, or IP address, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.

Here, you can list one word per line which will automatically filter comments to the “trash” (or “bin”, if you have the British English version of WordPress installed!), bypassing them being published.

Careful – the words in the list will do complete and partial matches, meaning any words on the list which appear as part of another word (e.g., ‘

A list of useful words to use in WordPress’ Comment Blocklist feature

To help make a start on your own blocklist words, we’ve included some common words found in spam comments which you might want to add to your own comment blocklist. It is important to note that phrases that appear in other words (e.g., like “ink” is found in the word “sink”).


Please check these before you add them to your own website’s blocklist – as we mentioned above, this has the chance for some “false positives” to be made, meaning genuine comments could be removed. And, of course, what we would consider a spam word on this blog could be relevant to your own blog – e.g., if it was about cryptocurrencies like Bitcoin, you probably don’t want to block comments about Bitcoin!

Other ways to block spam on your WordPress website

You can also use WordPress’ Comment Moderation field in Settings > Discussions to flag comments for moderation – rather than sending them straight to “trash”.

As we mentioned before, this isn’t a fool-proof way of stopping spam comments appearing on your WordPress website. Here are a few other ways to improve your website’s spam filtering abilities:

  • Using the Akismet plugin – this can improve your WordPress website’s ability to filter spam comments
  • Enabling Recaptcha or other captcha services on your form entries – this

Any, of course, if you’d like any help with your WordPress website, please do get in touch with us.


RCC web consultancy still open for business during COVID-19 lockdown

Just a short announcement from us following a recent update from the U.K. Government yesterday on new lockdown rules, and we would like to reassure our clients.

Richard Carter Consultancy will continue to operate for the duration of the lockdown. We are working from home, so post delivered to our Proto office address will be significantly slower to reach us.

Web consultancy services

Our services are affected as follows:

We wish all of our clients the very best for lockdown, and look forward to seeing you on “the other side”. If you are experiencing financial difficulties, please contact us to discuss payment plans and arrangements – we aim to help support our clients wherever possible.

Last updated 12 May 2020.


Popular WordPress plugins and what they do

There are tens of thousands of WordPress plugins available to use, but some are more popular than others.

The WordPress experts at RCC take a look at a few of the most well known and well used plugins, and what they can do to improve your website. There are tens of thousands of WordPress plugins available to use, but some are more popular than others. The WordPress experts at RCC take a look at a few of the most well known and well used plugins, and what they can do to improve your website.

What is a WordPress plugin?

A plug-in is a bit of code added to WordPress to add a new feature to your website. WordPress plugins therefore change the behaviour of your website in some way – they might add a contact form, or change how you can edit content in your website somehow. lists tens of thousands of plugins you can add to your website, but the sheer number available can be baffling. Here, we review commonly used and popular WordPress plugins for your website.

Contact Form 7 plugin

Contact Form 7 is one of the most popular plugins for adding a contact form to your WordPress website.

It comes with a built-in contact form to get you started easily, but we recommended customising that to your own needs – the “subject” field is unnecessary and just gives your customers more work to do. You can customise your contact form with text fields, text areas, telephone fields, URL (web address fields), and dates.

Using a WordPress shortcode, you can create and embed forms in your website easily in pages, posts and widgets:

Shortcodes in Contact Form 7 plugin for WordPress

The plugin also allows you to customise the email that is sent to you when someone completes it.

Read our guide on creating better contact forms for WordPress websites too for hints and tips on making forms easier to use – and more likely to be completed – on your own website.

Contact Form 7 is free to download and use on your website. Other popular contact forms include Gravity Forms and Ninja Forms.

Yoast SEO plugin

Yoast SEO is a popular WordPress plugin to help improve your website’s search engine friendliness. Features include the ability to change your post and page titles separately from what appears in the page itself, which can be helpful for fine-tuning your search engine optimisation.

Yoast also allows you to add structured data to your website to help improve search engine’s understanding of the content and structure of the website. This includes:

  • breadcrumbs – ideal for helping to define the hierarchy of your website’s content
  • Open Graph information – this provides information on your web page’s content which is used in social media networks such as Facebook, Twitter and LinkedIn, as well as key business information such as your business name, contact details and business address. These contact details can then be used in Google and other search engine listings

Yoast SEO is available with basic features for free, or has a “professional” version with a greater range of features. Other SEO plugins for WordPress websites include.

You may find <our guide to improving your WordPress website’s SEO> useful too!

Wordfence security plugin

Wordfence is a WordPress security plugin. Its features include firewalls and the ability to restrict IPs from accessing your website.

WordPress is open source software, meaning that it is free to use and download the code which makes it work. A team of web developers from around the world work to keep it secure, but there may occassionally be security issues that can be abused by hackers if you don’t update your website in a timely manner. Plugins like Wordfence are designed to prevent this by tightening the default security settings on the website

Wordfence is available for free. A professional, paid version of the plugin with additional features is also available.


How to exclude WordPress custom post types from Yoast’s HTML sitemap

WordPress website header - WP logo

If you have a WordPress website and have looked at improving its search engine friendliness, you will now doubt have come across the Yoast SEO plugin. One of the additional tasks you can do to improve your WordPress website’s SEO is to add a HTML sitemap to list all of the pages, posts and custom post types for search engines to find more readily.

Yoast has a handy guide to creating a HTML sitemap for WordPress already, but you may find that it needs adapting if you don’t want to list certain custom post types in your website’s sitemap.

A good example of this was a recent change for a WordPress SEO audit client of ours, who had a custom post type which recorded information from a quote system, and which was not required to be found by search engines (of course, we also hid the content another way!).

So, here’s our guide to excluding specific custom post types from the Yoast HTML sitemap:

1. Create a sitemap page template for your WordPress theme

The first step is to create a sitemap page template for your WordPress theme. Create a file called page-sitemap.php in your WordPress theme’s directory (e.g., wp-content/themes/your-theme/page-sitemap.php) and add the following:

/* Template name: Sitemap */

<h2 id="pages">Pages</h2>
wp_list_pages( array( 'exclude' => '', 'title_li' => '' ) );
foreach( get_post_types( array('public' => true) ) as $post_type ) {
if ( in_array( $post_type, array('post','page','attachment') ) )
$pt = get_post_type_object( $post_type );
if ( $post_type != 'custom-post-type' ) {
echo '<h2>'.$pt->labels->name.'</h2>';
echo '<ul>';
while( have_posts() ) {
echo '<li><a href="'.get_permalink().'"">'.get_the_title().'</a></li>';
echo '</ul>';


You will find that you need to adapt the HTML to ensure that the new sitemap page displays like other pages in your WordPress website. Depending on the theme you have enabled, you may not need the get_footer() and get_header() statements in this file.

2. Exclude the custom post types you don’t want appearing in search engines

For each custom post type you don’t want to appear in your HTML sitemap, you can adapt the line above:

foreach( get_post_types( array('public' => true) ) as $post_type ) {
if ( in_array( $post_type, array('post','page','attachment') ) )
$pt = get_post_type_object( $post_type );
if ( $post_type != 'custom-post-type' && $post_type != 'another-custom-post-type' ) {
echo '<h2>'.$pt->labels->name.'</h2>';
echo '<ul>';
while( have_posts() ) {
echo '<li><a href="'.get_permalink().'"">'.get_the_title().'</a></li>';
echo '</ul>';

This snippet would ensure that the custom post types with machine names “custom-post-type” and “another-custom-post-type” are omitted from the Yoast HTML sitemap. If you’re not sure that this value is for your post types, try using the get_post_type() function within the loop above.

3. Assign the sitemap page template to a sitemap page

Next, you will need to create a page called “Sitemap” within your WordPress website. Once that’s done, assign your new Sitemap template using the “Page template” dropdown in the Attributes block (usually displayed in the right-hand column of the screen on larger screens).

4. Link to your sitemap page

Finally, now that you’ve created your custom HTML sitemap page for your WordPress website, be sure to link it from the footer of your website. Depending on the WordPress theme you have enabled, you may be able to do this via the Appearance > Menus screen in the backend when logged in as a site administrator, or by editing your theme’s footer.php file.

If you need any help implementing this on your own website, contact us at and talk to us about our WordPress consultancy services.


Updating your WordPress site URL to HTTPS in the database

If you’re a WordPress developer, you’ve probably had the need to update an old website’s URL to use HTTPS recently.

This guide will help you to change your WordPress website’s settings to accommodate the move to HTTPS for your website, including the options in the database and all mentions of your website’s HTTP domain within your existing website’s content.

You’ll need database access to complete these tasks fully please back up your website and database before making any changes (or, even better – use a test version of your website!).

Before following these guides, you’ll need to install an SSL certificate for your domain. offers free SSL certificates which can renew automatically, depending on your website hosting company’s settings.

Why update your WordPress website to use HTTPs?

If you’ve been running a website for a few years, you may have your website accessible via HTTP – this is a simple protocol which means web traffic between a website visitor and your server isn’t encrypted. Potentially, this means that anyone could, with the right knowledge, intercept this traffic for malicious purposes.

Using HTTPS for access to your website enhances its security by encrypting the traffic between the website’s server and your visitors.

Search engines, such as Google, have recommended for some time now that all websites use HTTPS to provide content to visitorsChrome browser even flags your site with an error message if it doesn’t use HTTPS now.

How to change your WordPress site’s siteurl and homeurl settings in the database

  1. Back up your WordPress website and database before attempting these changes!
  2. To change your WordPress website’s basic URL settings to use HTTPS rather than HTTP, the first step after installing your SSL certificate is to log in to your database management tool (such as phpMyAdmin, used in this tutorial).
  3. Navigate to the options database table. This may be called just options, or something like wp_options, or something_options (if you’re really stuck, look in your WordPress website’s wp-config.php file and see if the database prefix setting is set here using the $table_prefix.
  4. Updating the siteurl setting in your WordPress website database
    Locate the siteurl and homeurl settings
    in this database table. You’ll see they are set to something like – see image above.
  5. Change the values of these settings to Don’t forget to update the table with your changes.

How to change your WordPress website URL in content

If you’ve done that in WordPress’ wp_options database table for the siteurl and homeurl settings, that won’t be enough to tie off your change to HTTPS entirely – as your existing WordPress pages and posts will still link to other pages and images using your HTTP domain. Follow these steps to update your website URLs in WordPress’ content as well, via the database:

  1. Back up your WordPress website and database before attempting these changes!
  2. Log in to the database tool you use (this guide uses the popular phpMyAdmin application).
  3. Navigate to the wp_posts table (the name of this table may vary depending on your database prefix – please see notes above).
  4. Click the SQL tab to run SQL queries on the database.
  5. Run this SQL query, replacing with your own website’s domain name. Be sure that wp_posts is the name of your WordPress posts table:
    update wp_posts set post_content = replace(post_content,'','');
    Change your website domain to HTTPS in WordPress content database

Of course, if you’re stuck and would like our help to install your SSL certificate to your WordPress website’s domain and do all of the tidy up we suggest above, get in touch with our WordPress development experts.