Fall Sale! Save 25% on WordPress books with coupon code: FALL2017 Shop Books »
Jeff Starr
Author Archive

How to Block Bad Bots

Suffering from spammers, content scrapers, bandwidth leeches, and other bad bots? Got some loser stalking your chat forum? Site getting scanned by endless malicious requests? In this tutorial, you’ll learn how to block bad bots and users with minimal effort. Keeping the trash away from your site is gonna free up valuable server resources, conserve bandwidth, and improve the overall security and quality of your site. Read more »

Bulletproof Sitemap Redirects via .htaccess

Sitemaps have been shown to help search engines and other visitors understand and navigate your website. This tutorial gives you a simple yet powerful .htaccess technique for ensuring that search engines and other visitors can easily find your sitemap files. So even if they are looking for your sitemap in the wrong location, they’ll always be redirected to the actual, existing sitemap for your site. This strategy helps to improve consistency, minimize 404 errors, and save server resources. So it’s good for performance and SEO. Read more »

WordPress .htaccess file

The WordPress core uses .htaccess for two things: Permalinks and Multisite. This means that .htaccess is only required if you have enabled either of these features. Otherwise, .htaccess is entirely optional for default WordPress installations. Beyond the WP core, many plugins also use the .htaccess file for custom directives involving rewrites, redirects, custom headers, file compression, and much more. In many cases, such plugins add their .htaccess rules to your .htaccess file automatically, behind the scenes. Read more »

Block Proxy Visits with PHP

I wrote recently about how to block proxy visits with WordPress. That article provides a simple, plug-&-play script that you can drop into WordPress-powered site. This article goes further with two effective techniques for blocking proxy visits to your site using only PHP. These techniques work for any PHP-enabled site, including WordPress, Drupal, Joomla, and many others. And they’re both easy to implement. Just a few minutes and your site can be relatively free of most proxy visits. Read more »

Worst IPs: 2016 Edition

A little late this year, but following tradition here is my list of the absolute worst IP addresses from 2016. All in nice numerical order for easy crunching. These IPs are associated with all sorts of malicious activity, including exploit scanning, email harvesting, brute-force login attacks, referrer spam, and everything in between. Really obnoxious stuff that degrades your site’s performance and potentially threatens security. Read more »

Get Random with PHP

This tutorial explains numerous ways to get random items via PHP: numbers, strings, passwords, nonces, images, and more. I use these techniques in various projects, and want to round them all up in one place for easy reference. I’ll be updating this post with additional techniques as I get them. Read more »

.htaccess Cleanup

Once again I am cleaning up my sites’ .htaccess files. I do this from time to time to remove old redirects, refresh blacklists, and update security and SEO-related directives. It’s tedious work, but the performance and security benefits make it all worthwhile. This post shares some of the techniques that were added, removed, or replaced from .htaccess, and explains the reasoning behind each decision. I do this for the sake of reference, and hopefully it will give you some ideas for your own .htaccess cleanups. Read more »

WordPress Block Proxy Visits

I’ve covered a lot of techniques for controlling proxy access. And I’m not done yet. This post expands on the block tough proxies technique by making it plug-&-play with WordPress. Read more »

Tools to check your site’s health

Perishable Press is now over 12 years old. It is a lot of work keeping everything updated, maintained, and well-secured. Fortunately there are a gazillion free online tools for checking your site’s health. Everyone has their favorites. In this quick article, I share mine. Read more »

WordPress Plugin: Blackhole Pro

Announcing the Pro version of my WordPress security plugin, Blackhole for Bad Bots. Like the free version, Blackhole Pro protects your site against bad bots, spammers, scrapers, scanners, and other automated threats. This increases site security and saves precious server resources for your legit visitors. It’s time to say “bye bye” to bad bots. Read more »

WordPress Plugin: Prismatic

I’ve been using other plugins to display my code at Perishable Press, Plugin Planet, DigWP, and WP-Mix for years now. The other plugins have done the job, but there are things that I’ve always wanted to change. For example, syntax highlighting. I use syntax highlighting for code snippets at WP-Mix, but not on any of my other sites. So I wanted to combine clean, time-tested code escaping with stylish syntax highlighting. After sharing well over 1,000 code snippets online, I figure it’s finally time to make it happen.. Read more »

Stop WordPress from modifying .htaccess

By default, depending on file permissions, WordPress automatically will modify the contents of your site’s .htaccess file. It does this on several occasions, adding and/or updating the rewrite rules required for WP’s permalink functionality. This post explains how this works, why it can be dangerous, and how to stop it from happening. Read more »

WordPress Plugin: Theme Switcha

Announcing my latest WordPress plugin, Theme Switcha! There are many theme-switch plugins but none of them provide the simplicity, performance, and reliability that I require for my own sites. So I wrote my own plugin using the WP API and kept the code as focused and solid as possible. Only essential theme-switching features have been added, along with a simple yet informative UI. Theme Switcha gives you a consistent, quality theme-switching experience that you can optionally share with your visitors. Read more »

Get featured in my new CSS book

I am working on some new books and one of them focuses on CSS techniques. I can’t share any specifics at this point, but I am inviting CSS experts and enthusiasts to be featured in the book by contributing their favorite CSS snippet. Read more »

Lynda.com Course: Developing Secure WordPress Sites

After months of preparation and production, my new video course on developing secure WordPress sites is now available at Lynda.com. This is my second video course on securing WordPress; the first one was originally launched in 2011 and remained in Lynda’s library for over five years. I received a lot of great feedback on the course, and so I jumped on the opportunity to do another one. If there is one thing that I enjoy doing, it’s helping people with WordPress and security. Overview This new Lynda.com course features over 30 video tutorials (over 2.5 hours!), and is jam-packed with […] Read more »

Block nuisance requests for .well-known, apple-app, etc.

Anyone who is paying attention to their server access and error logs has probably noticed that Google and other bots have been making endless requests for .well-known, apple-app-site-association, and various related files. This quick post explains how to save some server bandwidth and resources by blocking such repetitive requests, and also looks at a related problem with certain search engines <cough> not respecting a standard “410 Gone” server response. Read more »

Latest Tweets Fall Sale! Save 25% on any book: Tao of WP, DigWP, WordPress Themes In Depth, & .htaccess made easy. Code: FALL2017… twitter.com/i/web/status/90414…