Advanced firewall protection for WordPress! Get BBQ Pro for $15 »

New Book!

I’m proud to announce the launch of my new book on .htaccess, titled .htaccess made easy. It’s a book I’ve been wanting to write for years, since first getting hooked on .htaccess way back in 2006. Since then, I’ve learned a lot about .htaccess, Apache, security, and web-design in general — with many articles on the topic published here at Perishable Press and elsewhere on the Web. Everyone kept inspiring me to bring it all together and write a book on the subject, and so WHOOOP here it is! Read more »

Prevent Duplicate Content in cPanel

In this guest-post, Jon Brown shares a solution to the age-old problem of preventing duplicate content from addon-domains in cPanel. Jon explains the issue and shares his methodology in crafting an elegant solution applied via .htaccess. If you’re using cPanel and want to improve your SEO, this will help. Here is the table of contents: Read more »

6G Beta

Since releasing the 5G Blacklist earlier this year, malicious server scans and bad requests have surged with more novel attacks than I’ve seen since first getting into this stuff six years ago. In other words, now is the time to beef up security and lock things down. If you’re into monitoring your server and knowing your traffic, you may be observing the same recent spike in malicious activity. In response to these attacks, I’ve been secretly working on the next generation of G-series blacklist, the inevitable 6G Firewall. Read more »

Blank Space / Whitespace Character for .htaccess

Working on the next version of the G-Series Blacklist, I needed a way to match a wide variety of UTF-8-encoded (hex) character strings. Those familiar with their site’s traffic will recognize this particular type of URI request string, which is typically associated with malicious server scanning, exploits, and other malicious behavior. As I explain in this post, pattern-matching and blocking the blank-space, or whitespace character in URL-requests is an effective way to improve the security of your website. Read more »

Case-Insensitive RedirectMatch

Cool trick that you may not have known about.. it’s possible to get case-insensitive matching with the powerful RedirectMatch directive. Normally, you would just write your redirect as something like this: Read more »

WordPress Add-on for 5G Blacklist

Ill requests and malicious scans have been spiking recently, to the point where server performance was really taking a hit. One scan in particular hammered the server with thousands of bad requests in just a few minutes. There are people out there with strong scripts and small minds that are constantly scanning sites for vulnerabilities, and much of what I’ve seen is aimed primarily at WordPress. Read more »

Redirect WordPress Date Archives with .htaccess

Restructuring a WordPress website may involve removing the subdomain from URLs/permalinks. For example, I recently removed the original WP-install subdirectory from Perishable Press to simplify site structure and optimize WordPress permalinks. There are PHP scripts and WP plugins that might work for this, but in most cases .htaccess is optimal when changing URL structure and redirecting traffic. Here’s a quick example to help visualize the concept: Read more »

5G Blacklist 2012

Update: Check out the new and improved 5G Blacklist 2013! The 5G Blacklist helps reduce the number of malicious URL requests that hit your website. It’s one of many ways to improve the security of your site and protect against evil exploits, bad requests, and other nefarious garbage. After extensive beta testing, the 5G Blacklist/Firewall is solid and ready to help secure sites hosted on Apache servers. In addition to beta testing for the 5G, this is the 5th major update of my “G”-series blacklists. Here is a quick overview of its evolution: Read more »

Building the 5G Blacklist

Protecting your website is more important than ever. There are a million ways to do it, and this is one of them. In fact, it’s what I use to protect Perishable Press and other key sites. It’s called the 5G Blacklist, and it’s something I’ve been working on for a long time. The idea is simple enough: analyze bad requests and block them using a firewall/blacklist via .htaccess. Now in its 5th generation, the 5G Blacklist has evolved into a considerably solid method of keeping your site safe and secure. How does it work? I’m glad you asked.. Read more »

Optimizing WordPress Permalinks with htaccess

Okay, so Summer’s over, kids are back in school, and I’m finding all sorts of free time to continue writing and posting. One of my Summer projects involved updating & optimizing one of my old project sites, It was basically a huge clean-up session that included lots of content consolidation and permalink restructuring. So that’s the topic of this post, how to use htaccess to optimize WordPress permalinks. I’ll go through some htaccess techniques and explain how they can improve your WordPress-powered site. Read more »

Huge Collection of Code Snippets: HTAccess, PHP, WordPress, jQuery, HTML, CSS

Please excuse this self-serving, miscellaneous post, but I’ve just got to purge all of these code snippets and scraps collected over the years. Whenever I update this site, I place any removed/unused code snippets into a giant note file for future reference, just in case. There’s all sorts of different types of code and snippets that just keep growing and growing and.. and finally it gets to a point where I just need to dump everything and start fresh. That is the purpose of this post. Read more »

Block Tough Proxies

If you want to block tough proxies like, my previously posted .htaccess methods won’t work. Those methods will block quite a bit of proxy visits to your site, but won’t work on the stealthier proxies. Fortunately, we can use a bit of PHP to keep them out. Read more »

Upload Large Files or Die Trying

I recently spent some time wrestling with various e-commerce/shopping-cart/membership plugins. One of them was of course the popular WP e-Commerce plugin, which uses a directory named “downloadables” to store your precious goods. I had some large files that needed to go into this folder, but the server’s upload limit stopped me from using the plugin’s built-in file uploader to do so. Read more »


One thing I love about Twitter is the instant feedback. For the past few weeks I’ve been seeing lots of 404 requests like this: At first I thought it was some skript kiddie getting creative, you know as a play on the robots.txt file, which is also located in the root of many websites. So it seemed interesting enough to tweet about: Read more »

Clean Up Malicious Links with HTAccess

I recently spent some time analyzing Perishable Press pages as they appear in the search results for Google, Bing, et al. Google Webmaster Tools provides a wealth of information about crawl errors, as well as the URLs of any pages that link to missing content. Combined with your site’s access/error logs, you have everything needed to track down 404 errors and clean up your listings in the search engine results. Read more »

5G Firewall Beta

Update: Check out the new and improved 5G Blacklist 2013! (The beta version provided in this post is now for reference only.) Updating the 4G Blacklist, the new 5G Firewall is now open for beta testing. The new code is better than ever, providing wider protection with less code and fewer false positives. I’ve had much success with this new firewall, but more testing is needed to ensure maximum compatibility and minimal issues. Read more »

Latest Tweets New version of BBQ Pro WordPress Firewall now available, now featuring Strict Mode:… #security