Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security
Author: Jeff Starr
857 Posts
Jeff StarrJeff Starr is a web developer, author, and teacher specializing in web security and building awesome things with WordPress. His favorite online projects include Plugin Planet, DigWP.com, and WP-Mix.com. Jeff writes books, runs his own business, writes about web development, and makes video tutorials at Lynda.com/LinkedIn. More »

How to Disable Chrome Scroll to Text Fragment

It is debatable whether or not Chrome’s new scrolltotextfragment feature is a significant security concern. When in doubt, play it safe. This quick post explains how to disable (or enable) Chrome’s scroll-to-text-fragment functionality. Continue reading »

All the little .txt files you can put in the root directory of your website

The ones I know of: ads.txt humans.txt robots.txt security.txt This site makes use of robots.txt and humans.txt. I don’t need ads.txt because 3rd-party ads aren’t currently running on the site, and security.txt seems not necessary as the site’s contact form is easy enough for anyone to find. Continue reading »

Why Facebook is Not Worth It

Recently I found myself listening to someone who was trying to convince me that I should be doing more on Facebook. For reasons like attracting new customers and making more money. It was pretty sad listening to the spiel, but I do care about people and their opinions, even when they are wrong. Continue reading »

Weird Bug with Highlight.js

Working on adding syntax highlighting to my code snippets here at Perishable Press. To do it, I use my free WordPress plugin Prismatic. Basically all the plugin does is load up either the Highlight.js scripts and styles, or it loads up the Prism.js scripts and styles. So I can rule out the plugin itself for this “weird” little bug. The issue is with Highlight.js specifically. Continue reading »

Redesign #25: Performance Over Perfection

Welcome to the 2020 (25th!) redesign for Perishable Press. Like many of the previous designs, the new design is super minimal and organic. The #1 goal this time around was to find an optimal balance between performance and aesthetics. Or put another way.. Continue reading »

7G Out of Beta

The 7G Firewall was released about a year ago as beta, and has had time now to mature/develop into a stable release. So this is just a heads up that 7G is now officially out of beta and ready for use in live/production environments. Continue reading »

The Plan for 2020

I like sharing my plans with those who will listen. For example, last year I said what I was going to do in 2019, and as far as I can tell it is mission accomplished. Now my goals for 2020 are a little more structured and ambitious.. Continue reading »

7G Addon: Stop Aggressive Scanning for Uploads-Related Targets

Around the end of December 2019 and then now well into January of 2020, I’m seeing a massive spike in aggressive malicious scanning for uploads-related targets. In particular, there are massive numbers of requests for URL targets involving uploadify, plupload, and similar. Typical scans hitting upwards of 30K–50K requests per attack. Just relentless exploit scanning on steroids. Continue reading »

How to Modify GET and POST Requests with WordPress

I’ve written before about protecting against malicious POST requests using Apache/.htaccess. In this tutorial, we’ll look at how to modify GET and POST requests using PHP and some core WordPress functionality (with no .htaccess required). Normally you would want to manipulate URI requests at the server level, but that’s not always possible (like on shared hosting). So in those cases where you want to modify GET, POST, or other types of requests on a WordPress site, check out the following […] Continue reading »

How to Disable WordPress Automatically Generated Images – Complete Guide

As you may know, WordPress creates numerous copies of all images uploaded via the WP Media Library. These additional images are generated in various sizes, depending on your settings and other factors. This may be totally fine in general, but if you are working with lots of images on your site, the extra files can really eat up your disk space. This can be wasteful, specially if your site does not make use of all the extra images. So to […] Continue reading »

Case of the Invisible CSS ::selection

Recently I noticed a weird bug in my free WordPress security plugin, Banhammer. For some reason, I could not select any text on the page. Usually when you click and move the mouse cursor over some text, it becomes highlighted and displayed in some other color. But this wasn’t happening on the Banhammer settings screen. No matter which HTML/text I tried to select, it just wasn’t working. T’was a real mystery.. Continue reading »

WordPress Plugin: Override Comment Options

Want to keep comments open on a few old posts? This plugin is for you. It does one thing and does it well: it overrides the WordPress setting, “Automatically close comments on articles older than x days”. So you can leave comments open for any individual posts that may have passed the deadline. I actually wrote this plugin for use here at Perishable Press. Normally comments are closed after 90 days, but there are a few old posts for which […] Continue reading »

PHP Code Not Displayed in Browser

Recently a reader sent in a bug report about this post on bbPress. For some reason the PHP code snippets were not displaying properly in the browser. Basically, instead of looking neat and tidy as always, the code looked like a garbled mess of spaced-out nonsense. And by “spaced out” I don’t mean in a good way: there was literally like 100px of vertical space breaking up the jumbled lines of code. It was definitely a mess, so I began […] Continue reading »

Stop WordPress from Changing .htaccess

In a recent tutorial, I explain how to Stop WordPress from modifying .htaccess. That post explains several ways to prevent WordPress from making changes to .htaccess. This post explains an even better way that is safe, effective, non-invasive, re-usable, and super simple. I’ve been using it on my own sites now for a few years and it works flawlessly. Continue reading »

When, Where, and How to Ask for Help: The Three Golden Rules

When working online or offline in the real world, it’s inevitable that you will encounter issues and problems with products, services, and everything else. This quick post explains when, where, and how to ask for help: The Three Golden Rules. It’s a general guide, aimed at those who may be unfamiliar. Continue reading »

How to Monitor the WordPress Login Page

There are all sorts of plugins that you can use to monitor and protect the WordPress Login Page. That’s not what this post is about. This post is aimed at developers and DIY site admins, who like to keep a close eye on site activity. Talking hands-on with code. How familiar are you with the traffic hitting your WP Login Page? Do you know the difference between a brute-force attack and legitimate login requests? The WP Login Page (wp-login.php) is […] Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Thoughts
Never force your users to type out a password (or any long string of characters) by blocking the paste function. Typing long strings leads to MORE errors than simple copy/paste.
Checking in to anyone listening. Stay safe. Pay attention. Don't get lazy.
What's up with Plesk UI lately? Especially on Chrome it looks just awful, all kinds of broken. Come on Plesk devs get it together.
Things get stressful, I try to pray. Not always easy, but always helps to relax and regain focus.
Nice new speed checker at fastorslow.com.
Easy way to exclude certain tests from WP Site Health: Site Health Tool Manager
Excellent (and free) tool for getting tons of site SSL infos: whynopadlock.com