Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security
Year: 2012
41 posts

Protect Against Brute-force/Proxy Login Attacks

For the past week, I’ve been monitoring activity from a set of IP addresses involved with brute-force login attacks. Brute-force login attacks involve systematic guessing of passwords using various common usernames such as “admin” and “username”. So for example, an attack will target an array of sites, use “admin” as the username, and then make numerous attempts at “guessing” your password. And to obfuscate their malicious activity, the attack is executed from multiple IP addresses, either via proxy or possibly […] Continue reading »

New Book: .htaccess made easy

I’m proud to announce the launch of my new book on .htaccess, titled .htaccess made easy. It’s a book I’ve been wanting to write for years, since first getting hooked on .htaccess way back in 2006. Since then, I’ve learned a lot about .htaccess, Apache, security, and web-design in general — with many articles on the topic published here at Perishable Press and elsewhere on the Web. Everyone kept inspiring me to bring it all together and write a book […] Continue reading »

bbPress Theme Template Files

For those getting into bbPress for hosting your own forum, customizing your bbPress theme files can be difficult if you don’t know which page to load. Many of the bbPress theme template files contain enough clues to figure things out, but not every template file is used by default, or even at all depending on how you’ve configured bbPress. Themes may contain different template files, but the default “bbPress (Twenty Ten)” theme (included with version 2.1.1) may be considered a […] Continue reading »

Prevent Duplicate Content in cPanel

In this guest-post, Jon Brown shares a solution to the age-old problem of preventing duplicate content from addon-domains in cPanel. Jon explains the issue and shares his methodology in crafting an elegant solution applied via .htaccess. If you’re using cPanel and want to improve your SEO, this will help. Here is the table of contents: Continue reading »

Clean Markup Widget for WordPress

Squeaky clean. When adding content to your sidebar, it’s nice to be able to output clean, well-formatted markup. There are several ways to do this, including adding HTML directly in the theme template, installing a plugin, or simply using a widget. Widgets provide a great way of customizing sidebars and other widgetized areas, but as you may have seen in the source-code, the HTML is treated with all sorts of additional attributes, elements, and classes. Sometimes, you just need a […] Continue reading »

Tale of a Hacked Website

I love a good story. Almost as much as I enjoy securing websites. Put them together and you’ve got suspense, intrigue, and plenty of encoded gibberish. But no happy ending this time, in this case the smartest decision was to “pull it” and rebuild. The site was just wasted — completely riddled with malicious code. Without current backup data, it would’ve been “game over” for the site, and possibly the business. Continue reading »

3D Text with CSS3 text-shadow

Here’s a fun way to make text look 3D using CSS3. Using CSS whenever possible instead of images has several key advantages, including faster page-loads and better SEO I use the CSS text-shadow technique in a previous theme, and a few people had asked about it, so here it is: everything you need to create your own stunning 3D-text with CSS3.. Continue reading »

Encoding & Decoding PHP Code

There are many ways to encode and decode PHP code. From the perspective of site security, there are three PHP functions — str_rot13(), base64_encode(), and gzinflate — that are frequently used to obfuscate malicious strings of PHP code. For those involved in the securing of websites, understanding how these functions are used to encode and decode encrypted chunks of PHP data is critical to accurate monitoring and expedient attack recovery. Continue reading »

Ron Paul 2012 WordPress Plugin

I wanted to show support for Ron Paul on my WordPress website with a simple badge or button. Surprised at not finding any plugins for Ron Paul in the Directory, I decided to be the first. You can learn more in the following post, or download and install via the WordPress Plugin Directory. Or if you prefer, you can install direct via the comfort of the WP Admin Area, via Plugins > Add New. Just search for “Ron Paul 2012” […] Continue reading »

Media Temple (dv) 4.0 Migration & Optimization

About a month ago, I received an email letting me know that my host, Media Temple, is discontinuing their (dv) Dedicated Virtual 3.0-3.5 servers. Everyone hosted on the old servers must migrate to the new (dv) 4.0 servers. The friendly (mt) email says: The migration is a fairly simple process and you’ll have until early summer to complete it. Having now performed the migration, I can assure you that solid preparation is required to make it a smooth and “fairly […] Continue reading »

10 Collections of Minimalist Web Design

I always enjoy looking at good minimalist web design. Here are my top favorite collections of articles featuring minimalist design, comprising nearly 500 examples for your inspiration and amusement ;) Continue reading »

6G Firewall Beta

Since releasing the 5G Blacklist earlier this year, malicious server scans and bad requests have surged with more novel attacks than I’ve seen since first getting into this stuff six years ago. In other words, now is the time to beef up security and lock things down. If you’re into monitoring your server and knowing your traffic, you may be observing the same recent spike in malicious activity. In response to these attacks, I’ve been secretly working on the next […] Continue reading »

Add Google+ Share Button to Any Site

g+ Share button Word on the streets is that the new Google+ Share button is the best way yet to benefit from Google’s myriad social-media services and all-important search-engine. And Google makes it SO easy to add the new Share button to your website. This article explains what it is, where it fits in with all the other social-Google stuff, and of course how to add the g+ Share button to any site. Continue reading »

Blank Space / Whitespace Character for .htaccess

Working on the next version of the G-Series Blacklist, I needed a way to match a wide variety of UTF-8-encoded (hex) character strings. Those familiar with their site’s traffic will recognize this particular type of URI request string, which is typically associated with malicious server scanning, exploits, and other malicious behavior. As I explain in this post, pattern-matching and blocking the blank-space, or whitespace character in URL-requests is an effective way to improve the security of your website. Continue reading »

Case-Insensitive RedirectMatch

Cool trick that you may not have known about.. it’s possible to get case-insensitive matching with the powerful RedirectMatch directive. Normally, you would just write your redirect as something like this: Continue reading »

WordPress Add-on for 5G Blacklist

Ill requests and malicious scans have been spiking recently, to the point where server performance was really taking a hit. One scan in particular hammered the server with thousands of bad requests in just a few minutes. There are people out there with strong scripts and small minds that are constantly scanning sites for vulnerabilities, and much of what I’ve seen is aimed primarily at WordPress. Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Wizard’s SQL for WordPress: Over 300+ recipes! Check the Demo »
Thoughts
Enjoy my 7-year hand-curated collection of free online tools for web dev and design.
Weapons required to rule the world: the weather, common cold, plenty of idiots.
Finally time to launch my latest pro WordPress plugin, SAC Pro »
Finally feeling better and back on track to launch SAC Pro this June or July.
All plugins updated for WordPress 6.0 (drops tomorrow)!
Coding never ends. Bring a snack.
Not posting anything online usually means I’m busy working on my next project.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.