Web Design
Category Archive

Coda 2 Lessons Learned

I recently switched over to Panic’s Coda 2 for code editing and SFTP functionality. After using my previous editor/FTP software for over 10 years, I was surprised that learning Coda 2 happened so easily. It literally took me like two days of using it before I was back up to full development speed. In the process of learning, I discovered numerous questions and concerns that weren’t covered in the Coda 2 documentation or anywhere online. This post rounds up these issues and provides solutions or answers for each of them. For experienced Coda users, most of this article may seem […] Read more »

Analyzing Weird 404 Search Engine Requests

Lately I’ve been getting a significant number of really weird 404 requests for one of my sites. At first I ignored them. Then upon closer inspection, I realized that the requests were reporting user agents like Googlebot, Bingbot, and other top search engines. So there was cause for concern. You don’t want legitimate search engines tripping over endless 404 requests that are completely unrelated to your site content. That gets into “negative SEO” territory, and should be investigated and resolved asap. This article explains what I was dealing with, how I investigated, and what I did to resolve the issue. Read more »

Block D-Bag Database Exploits

Some douchebag has been scanning my sites for a variety of potential database exploits. My sites are secure, so there is no real security threat, but the scans are extremely annoying and waste my server resources. Resources like bandwidth and memory that I would rather use for legitimate visitors. So after collecting some data and experimenting a bit, I wrote a simple .htaccess snippet to block a vast majority of these pathetic database-exploit scans. Read more »

New Plugin: Blackhole for Bad Bots

Image Courtesy NASA/JPL-Caltech. Finally translated my Blackhole Spider Trap into a FREE WordPress plugin. It’s fun, fast, flexible, and works silently behind the scenes to protect your WordPress-powered site from malicious bots. Here are some of the features: Easy to set up Squeaky clean code Built with the WordPress API Easy to reset the list of bad bots Easy to delete any bot from the list Works silently behind the scenes to protect your site Optionally receive an email alert with WHOIS lookup for blocked bots All major search engine bots are whitelisted so they will never get blocked Customize […] Read more »

List of All User Agents for Top Search Engines

Here is a working list of all user agents for the top search engines. I use this information frequently for my plugins such as Blackhole for Bad Bots and BBQ Pro, so I figured it would be useful to post the information online for the benefit of others. Having the user agents for these popular bots all in one place helps to streamline my development process. Each search engine includes references and a regex pattern to match all known user agents. Read more »

6G Firewall 2016

After three years of development, testing, and feedback, I’m pleased to announce the official launch version of the 6G Firewall (aka the 6G Blacklist). This version of the nG Firewall is greatly refined, heavily tested, and better than ever. Fine-tuned to minimize false positives, the 6G Firewall protects your site against a wide variety of malicious URI requests, bad bots, spam referrers, and other attacks. Blocking bad traffic improves site security, reduces server load, and conserves precious resources. The 6G Firewall is entirely plug-n-play with no configuration required. It’s also open source, easy to use, and completely free, providing strong […] Read more »

Protect Against WordPress Brute Force Amplification Attack

It seems the WordPress xmlrpc.php file is the target of another type of attack. Before, it was the XML-RPC Pingback Vulnerability. Now, it is the Brute Force Amplification Attack. This post explains what you need to know and then cuts to the chase with several ways to protect your site against this new malicious exploit, as well as all other related threats. Read more »

What to do when your site gets hacked

Over the years, my sites have been hacked numerous times. Each hacking event was somewhat of a miserable experience at first, but ultimately educational and even enlightening. I’m not going to say that getting hacked was the best thing that ever happened to me, but it certainly wasn’t the end of the world. In this post, I want to share some important steps to take and things to keep in mind if and when you discover that your site has been hacked. Read more »

Free and Open

In response to the nonsense reported here and here. The Web Belongs to Everyone The Web is a beautiful, incredible thing. It enables anyone with a connection to access an entire universe of human knowledge. The Web is like this because it is free and open. We the people built the Internet and it belongs to everyone. Each person may claim their own piece of the Internet, but no one person or group may claim ownership of its entirety. If you feel the need to control or regulate something, do so with your own computers on your own network. Please […] Read more »

WordPress Enable PHP Strict Error Reporting

When developing WordPress themes and plugins, I like to enable PHP’s strict error reporting. That way all errors and notices can be recognized and dealt with accordingly. Plus, enabling PHP strict error reporting is pretty easy to do using a simple must-use plugin. Here’s how to do it.. Read more »

Redirecting Hash Fragments with .htaccess

During this year’s site redesigns, I noticed in the server logs some 404 errors for various WordPress comments. These 404 requests each involved a fragment identifier (i.e., character string beginning with a pound sign, #) being interpreted as its HTML entity hex equivalent, %23. It may not seem like a big deal, but these days every detail counts, so it’s wise to clean up as many 404 errors as possible. Thus, here is a simple .htaccess technique for redirecting hash-fragment requests to their proper destination. Read more »

Block revslider Scans

One of the most annoying, persistent scans I’ve seen in a long time are those hunting for the revslider vulnerability. In the five or so months since the exploit was discovered, many sites have been compromised. And based on what I’ve been seeing in my traffic logs, the risk is far from over. Apparently every 2-bit script kiddie and their pet hamster wants a piece of the “revslider action”. Read more »

Updates Galore

Just a quick post to let people know about the updates now available for my various books and plugins. Basically the entire month of May was spent on plugin and book updates, so here is a quick summary of what’s new. Read more »

xyCSS moved to Perishable Press

Recently I’ve been implementing SSL on my domains and have been streamlining and updating some projects along the way. Consolidating properties is a great way to simplify workflow and boost productivity, so I’ve went ahead and moved xyCSS from its own domain, xycss.com, to its new home here at Perishable Press. Read more »

Whitelist & Blacklist Plugins for BBQ

BBQ (Block Bad Queries) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval( and base64_. The plugin is ultra minimal, so there are no options to configure which strings are blocked or allowed — it’s basically a “set-it-and-forget-it” type plugin. To give the plugin more flexibility, here are two plugins that enable you to whitelist or blacklist your own custom strings. Read more »

Clever Popup Ad? No Thanks.

So these days, I’m seeing more “clever” popups when visiting various websites. For example, do a search, see a result, click to visit.. and then before any content is shown, I’m hit with some annoying popup ad for whatever thing the site is trying to push. Read more »

Latest Tweets Plugin launch! Theme switching done right with Theme Switcha: wordpress.org/plugins/theme-sw… #WordPress #plugins pic.twitter.com/7LidbkFHPy