Block Bad Bots with Blackhole Pro + Save 25% with code: CENTAURUS Get plugin »
Web Design
Category Archive

xy.css – Responsive Grid Design

For the past year or so, I’ve been heavy into responsive, grid-based design. In December, I “soft-launched” my new site, xyCSS with a simple tweet: Bringing it all together: As implied (and explained), xy.css is a lightweight CSS template for creating semantic HTML5 designs on a responsive liquid matrix. Read more »

5G Blacklist 2013

Update: Check out the new and improved 6G Firewall 2016! Following up on much feedback (and this post), here is an update for the 5G Blacklist for 2013. As explained in the 2012 article (and elsewhere), the 5G Blacklist helps reduce the number of malicious URL requests that hit your website. It’s one of many ways to improve the security of your site and protect against evil exploits, bad requests, and other nefarious garbage. If your site runs on Apache and you’re familiar with .htaccess, the 5G is an effective way to secure your site against malicious HTTP activity. Read more »

Protection for WordPress Pingback Vulnerability

It was recently reported about a WordPress Pingback Vulnerability, whereby an attacker has four potential ways to cause harm via xmlrpc.php, which is the file included in WordPress for XML-RPC Support (e.g., “pingbacks”). In this post, I offer a simple .htaccess technique to lock things down and protect against any meddling via the xmlrpc.php file. Note: this technique is only recommended if you aren’t using XML-RPC for anything (e.g., pingbacks, Blogger, MovableType, etc.). Update: Check out the alternate method to whitelist specific IPs while protecting against threats. Read more »

(Please) Stop Using Unsafe Characters in URLs

Just as there are specifications for designing with CSS, HTML, and JavaScript, there are specifications for working with URIs/URLs. The Internet Engineering Task Force (IETF) clearly defines these specifications in numerous documents, including the following: Read more »

Printed .htaccess books

After launching my new book .htaccess made easy back in September, I wanted to allow time to fix any errors or typos before sending the book to the printers. After a couple of months, I had updated the book three times with better code, new techniques, and design improvements. After a few final steps to optimize for print format, the books were ordered, printed and delivered fresh on Christmas Eve :) So to celebrate the event, all printed .htaccess books are on sale for $10 off, and all PDFs are on sale for $5 off. Read more »

CSS Hooks for User Submitted Posts

Here is a list of all CSS hooks available for the User Submitted Posts submission form. If you notice any errors or if I’ve missed anything, please let me know with a comment or by sending an email via my contact form. Thanks! Read more »

Blacklist Candidate 2012-11-13: Evil Scanner Edition

It’s been awhile since I’ve posted one of my Blacklist Candidate series articles. It’s always fun for me to talk (or write) about security related issues, especially when a quick slab of .htaccess can be used to take care of business. And that’s exactly what we have in this edition of the series, where I’m pleased to bring you Blacklist Candidate Number 2012-11-13: the “evil” scanner. Instead of scanning your site, collecting data, and moving on, Mr. 2012-11-13 continues to scan the same sites for the exact same set of files. And by “continues” I mean over and over and […] Read more »

BBQ: Protect Against Malicious URL Requests

Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available. The BBQ script is available as a plugin for WordPress or standalone script for any PHP-powered website. Read more »

SFS Open Tracking

In the Simple Feed Stats plugin, Open Tracking enables you to track any web page or feed anywhere on the Web. This is done by using the open-tracking URL as the src for any <img /> tag. The SFS plugin then collects and displays the data, and provides shortcodes and template tags to display your feed stats anywhere on your site. In this post, we’ll see how to implement Open Tracking, walk through some examples, and glean a few tips along the way. Read more »

expose_php, Easter Eggs, and .htaccess

A reader recently brought to my attention a reported vulnerability on servers running PHP (404 link removed 2016/02/22). It’s been known about for eons, but it’s new to me and it involves easter eggs in PHP so I thought it would be fun to share a quick post about what it is and how to prevent leakage of sensitive information about your server. Read more »

Protect Against Brute-force/Proxy Login Attacks

For the past week, I’ve been monitoring activity from a set of IP addresses involved with brute-force login attacks. Brute-force login attacks involve systematic guessing of passwords using various common usernames such as “admin” and “username”. So for example, an attack will target an array of sites, use “admin” as the username, and then make numerous attempts at “guessing” your password. And to obfuscate their malicious activity, the attack is executed from multiple IP addresses, either via proxy or possibly a botnet. Read more »

New Book!

I’m proud to announce the launch of my new book on .htaccess, titled .htaccess made easy. It’s a book I’ve been wanting to write for years, since first getting hooked on .htaccess way back in 2006. Since then, I’ve learned a lot about .htaccess, Apache, security, and web-design in general — with many articles on the topic published here at Perishable Press and elsewhere on the Web. Everyone kept inspiring me to bring it all together and write a book on the subject, and so WHOOOP here it is! Read more »

Prevent Duplicate Content in cPanel

In this guest-post, Jon Brown shares a solution to the age-old problem of preventing duplicate content from addon-domains in cPanel. Jon explains the issue and shares his methodology in crafting an elegant solution applied via .htaccess. If you’re using cPanel and want to improve your SEO, this will help. Here is the table of contents: Read more »

Tale of a Hacked Website

I love a good story. Almost as much as I enjoy securing websites. Put them together and you’ve got suspense, intrigue, and plenty of encoded gibberish. But no happy ending this time, in this case the smartest decision was to “pull it” and rebuild. The site was just wasted — completely riddled with malicious code. Without current backup data, it would’ve been “game over” for the site, and possibly the business. Read more »

3D Text with CSS3 text-shadow

Here’s a fun way to make text look 3D using CSS3. Using CSS whenever possible instead of images has several key advantages, including faster page-loads and better SEO I use the CSS text-shadow technique in a previous theme, and a few people had asked about it, so here it is: everything you need to create your own stunning 3D-text with CSS3.. Read more »

Encoding & Decoding PHP Code

There are many ways to encode and decode PHP code. From the perspective of site security, there are three PHP functions — str_rot13(), base64_encode(), and gzinflate — that are frequently used to obfuscate malicious strings of PHP code. For those involved in the securing of websites, understanding how these functions are used to encode and decode encrypted chunks of PHP data is critical to accurate monitoring and expedient attack recovery. Read more »

Latest Tweets Working on my next course for, plans to record in July :)