A collection of simple addons that provide every day functionality with privacy and speed. There’s very few options, and no unnecessary filler. It does exactly what it needs to do and nothing else.
Toolbelt takes a privacy first approach to adding features. Everything happens on your server. No data is sent to third party servers without your explicit consent. No data is loaded from third parties (for example social sharing scripts).
Taking inspiration from Jetpack I want to rebuild the features I use the most and make them as simple and fast as possible.
Toolbelt has been featured on The WordPress Tavern in an interview with me. You can read more about the creation of the plugin and my desire for a more private internet.
Some of the Toolbelt modules include blocks to make working with the generated content easier. The available blocks are:
- Contact Form – The simplest way to have people get in touch. Works with the spam module.
- Post Categories – A category content list for magazine and newspaper themes.
- Projects Grid – to list a collection of projects. These can be filtered by project category.
- Testimonials Grid – to list a group of testimonials. Great for showing off! 🙂
- Markdown – for those who like a simpler writing experience.
- Sitemap – Easily list all posts, pages, Categories and Projects.
- Star Rating – Rate things with a simple visual interface.
- Breadcrumbs – for full site editing.
- Related posts – for full site editing.
Toolbelt has a lot of features. The complete list is below.
- Admin Interface Tweaks – Small CSS changes to make the interface nicer to use.
- Avatars – Algorithmicly generated private avatars that are consistent across websites.
- Contact Form – Gutenberg compatible & private. Supports the spam blocker module.
- Cookie Banner
- CSP Header
- Disable Comment Urls – Removes comments urls from your site.
- Fast 404 – Stops WordPress from loading the full 404 page for images and other content. Reduces server usage.
- Get Image – Find a featured image for posts that do not have one assigned.
- Heading Anchors – Add anchor names to headings so that they can be linked to.
- Iframe Privacy Shield – Remove iframes and add a clickable screen so that they load when the user wants to see them.
- Infinite Scroll
- Jetpack Dev Mode – Disable Jetpacks connection so that only local functions are enabled.
- Lazy Loading
- Layout Grid – A nicer columns block.
- Monetization – Enable Coil Web Monetization.
- OEmbed – Add additional OEmbed providers.
- Optimization – Remove WordPress features that are rarely used.
- Portfolio – Portfolio custom post type and blocks.
- Post Category – A post category block.
- Random Redirection – Randomly redirect to a blog post.
- Related Posts
- Remove IP Addresses – Remove IP addresses from comments for user privacy (spam protection still works).
- Responsive Videos
- Search Redirect – If there’s a single search result redirect to it instead of displaying the restuls.
- Sitemap – Sitemap block.
- Social Menu – Replace social links with icons in navigation blocks.
- Spam Blocker – Privacy focused spam blocker.
- Static Social Sharing – Link to social sharing pages, and don’t load social network content on your site.
- Stats – Enable privacy focused analytics providers like Fathom.
- Testimonials – Testimonials Custom post types and blocks.
- Tidy Notifications – Move plugin and theme notifications to a sidebar.
- Typographic Widows – Remove widows in post titles.
- Widget Display – Set rules for widget visibility.
Toolbelt is Private
Every week there’s a new story about Facebook (or Google, or Amazon, or whoever) tracking people inappropriately, or selling user details. Or some security breach that leaks users passwords or credit card info. Privacy is a big topic and frankly, it’s scary how much big corporations like Google, Facebook, and Twitter know.
To ensure Toolbelt is as privacy focused as possible it:
- Does not phone out. No data is shared with third parties.
- Does not track your usage of the plugin.
- Does not add generator comments, or secret promotional comments to your site html.
Toolbelt is Fast
Slow websites make me sad. I don’t want to add anything to Toolbelt that will impact site load speed. My Google Pagespeed score should not move from 100.
Why? Faster sites are shown to increase conversions and time on site. Google loves fast sites and improves their search rankings. In addition fast sites are great for people with slower internet access, or on mobile data, and use less resources to generate the page. So many benefits!
To be fast Toolbelt:
- Minifies all assets (JS and CSS).
- Loads all assets inline. They are already small, and loading them directly on the page means there are no server requests.
- Only loads things when they are needed. JS and CSS are only loaded for activated modules.
- Very few options. There’s one main database option, an array that stores what modules are active. And another that stores settings for some modules.
- All options are disabled by default. You enable only the ones you need.
Built for developers
Toolbelt is built with developers in mind. It has a collection of hooks and filters to enable you to make the modules work the way you want. If you’re intersted to jump in the project, there are opportunities for developers at all levels to help out. Contribute to Toolbelt on GitHub and join the party. 🎉
- TB Breadcumbs
- TB Sitemap
- TB Related Posts
- TB Post Category
- TB Markdown
- TB Gist
- TB Column
- TB Layout Grid
- TB Portfolio
- TB Slide
- TB Slider
- TB Testimonials
- TB Star Rating
- Install and Activate the plugin through the plugins page.
- Go to the Toolbelt Admin page and activate the modules you wish to use.
- Done. Everything else is setup automatically.
For more information check the individual module documentation.
Why does WordFence (and other WAF’s) flag this file as a vulnerability?
/wp-toolbelt/modules/spam-blocker/blocklist.txtis used by the spam blocker to check comments for spam phrases. It is regularly updated.
As such it contains lots of spammy words, and constantly changes. Both things that could trigger a vulnerability warning.
The best thing to do is mark this file (and only this file) as ‘Ignore Always’. This will stop you from getting warnings for this one file whilst monitoring the rest of the plugin for suspicious changes.
Why one plugin and not separate plugins?
I am making this because it’s something I want to use. I like the simplicity of installing Jetpack and letting it do it’s thing. But Jetpack is not designed for speed or elegance, so I am trying to address that with my own plugin.
I am making the plugin as developer friendly as I can. Things can be tweaked using WordPress filters, and I will add more of these as I go.
Do you have any documentation?
The docs are on Github. They are a constant work in progress.
Can I contribute/ report a problem?
Yes please! You can submit issues on Github or add questions to the support forum. I’d be happy to accept pull requests as well.
What features will you add next?
I don’t know. I’m open to suggestions (ping me on Twitter), but mostly I’ll add things as I need them.
3.5.2 – 4th March 2023
- Fix PHP 8.2.0 error.
3.5.1 – 19th April 2022
- Improve cookie consent button style.
3.5.0 – 16th April 2022
- Tidy HTML formatting.
- Add aria-hidden to thumbnail images that have links duplicated by headings. Simplifies things for screen-reader users.
- Improve sanitization checks in contact form.
3.4.0 – 27th January 2022
- Add module to Enable the Customizer in all themes. Great for using the Additional CSS module in block themes.
3.3.1 – 18th June 2021
- Update deprecated
3.3.0 – 11th June 2021
- Add Notification Tidy module.
- Fix adminbar avatar display on mobile.
- Fix Jetpack disable code.
- Remove Featured Attachment module since it’s a duplicate of Get Image module.
3.2.7 – 7th June 2021
- Ensure CSS custom properties are loaded for all modules that need them.
3.2.6 – 13th April 2021
- Fix possible undefined property error in social icons module.
3.2.5 – 9th April 2021
- Add avatar shortcode
toolbelt-avatarfor displaying a users avatar on a post/ page.
3.2.4 – 24th February 2021
- Set min height for iframe privacy shield to ensure it displays nicely.
3.2.3 – 27th January 2021
- Ensure posts with empty content don’t cause errors with the header anchors module.
3.2.2 – 7th January 2021
- Correct Privacy Shield description.
- Improve backwards compatability for spam blocklist changes.
3.2.1 – 29th December 2020
- Add ‘Jetpack Dev Mode’ module.
- More spam blocker improvements.
3.2 – 16th December 2020
- New: Iframe Privacy Shield. Prevents iframes from post content, from being loaded without user consent.
- Fix: Don’t force responsive video size on videos that have an aspect ratio.
- Fix: Social share description so that social sharing works better on mobile.
- Add: Heading anchors now include h5 & h6.
- Add styles to footnotes to ensure scrolled links are readable and not hidden by the WP admin bar.
- Change: Disable autolinking urls in Markdown blocks. Normal markdown links still work.
- Fix: Correct spam blocking to make it use the custom block list properly.
3.1 – 21st November 2020
- Add support for search and 404 redirect filter.
3.0 – 11th October 2020
- New: Layout Grid block.
- New: Star Rating block.
- New: Slider block.
- New: OEmbed providers module.
- New: Sitemap block.
- New: Fallback Featured Images module. Attempts to find featured images when there aren’t any assigned.
- New: Make use of social sharing API in supported browsers.
- New: Predefined contact form variants. A feedback form and a net promoter score form.
- Add Featured Image global styles for some consistent featured images.
- Add New horizontal multi-element contact form component layout to allow for more space efficient layout of forms.
- Add Related Posts block.
- Add TB prefix to all blocks. Inspired by: https://wptavern.com/wordpress-plugin-authors-should-avoid-confusing-users-when-naming-blocks
- Add icon to breadcrumbs block.
- Add additional social icons.
- Add relatedLink schema to Related Posts.
- Add individual project categories to portfolio block output.
- Remove Noto Serif editor font from being loaded. It’s a potential privacy issue and is loaded everywhere.
- Remove links from server rendered blocks so they can’t be clicked by accident when editing content.
- Fix: Improve Infinite Scroll behaviour when a static page is used.
- Update Related Posts html to be more semantic & accessible. May require some tweaks to custom styles applied to the module.
- Update Avatars css so that it loads earlier to avoid flashes of unstyled content. Also compressed avatars admin CSS.
- Update Only output social sharing links on the_content and not on the_excerpt.
- Change CSS colours to use custom properties for simpler, and more consistent, changes.