In general, redirecting URLs is a piece of cake with Apache’s .htaccess. The only trick is redirecting based on the URL’s query-string value. Doing so requires slightly different directives that many people are not aware of, so it’s common to see a questions like, “why isn’t my redirect working for query strings?” This quick tutorial aims to clear up any confusion and explains how to redirect any URL based on its query string. Continue reading »
When every byte counts, you can use the HTML <base /> tag to specify a default href and target attribute for all relative URLs on the page. Like a virtual shortcut. For smaller sites with a flat directory structure, this isn’t going to help much; but for sites with deeply nested directories, the <base /> tag can potentially shave a lot of extra weight from your web pages, and also help keep URLs cleaner and shorter. So if you’re micro-optimizing […] Continue reading »
Want to redirect a URL from one location to another? This simple guide shows you how to do it with Apache/.htaccess, PHP, JavaScript, HTML, and more. Each redirect technique is briefly explained and includes ready-to-go, copy-&-paste examples. Just grab the code you need and use it in good health. May the redirects be with you! Continue reading »
This tutorial explains how to detect and block security threats via .htaccess, and then pass that information to a PHP script for further processing. This is a powerful technique that combines the power of Apache with the flexibility of PHP. Enabling you to do things like log all unwanted traffic, send email reports for blocked requests, create a UI to display logged data, and just about anything else you can imagine. It’s an excellent way to keep a close eye […] Continue reading »
Email is sort of like the “glue” that holds the Internet together. But it’s the worst possible glue ever. It’s underlying technology is convoluted, complicated, insecure, tedious, sloppy, and archaic. In a nutshell: email sucks but it’s pretty much essential for working online. So what do you do if email is not working, like when you send an email but it never arrives? It can be very frustrating and difficult to figure out what went wrong. To help get you […] Continue reading »
Taking a quick break to watch cyber attacks happening in real time. Continue reading »
WordPress responsive images are awesome. But some people want to use their own methods to implement. This post explains how to disable WordPress responsive image functionality so that you can use your own methods. It makes things easier when you don’t have to wrestle with what WordPress is doing. Continue reading »
Redirecting stuff with .htaccess generally is pretty straightforward, but there can be a lot of confusion when it comes to targeting patterns that include numbers. I think this largely is due to the syntax used for matching numbers in regular expressions. It’s sort of unintuitive until you get the hang of it. So to help in that regard, this tutorial explains the basics of matching numbers with .htaccess, and then provides some useful examples that should get you there. Continue reading »
Typically malicious scans use some sort of encoding to obscure their payloads. For example, instead of injecting a literal script, the attacker will run it through a PHP encoding function such as base64_encode(), utf8_encode(), or urlencode(). So if and when you need to decode some discovered payload, you can use whichever decoding function will do the job. For example, base64_decode(), utf8_decode(), or urldecode(). Sounds straightforward, but let’s dig a little deeper.. Continue reading »
Whether you’re running WordPress or not, your site may be getting hit by endless scanning for your site’s uploaded files and similar nonexistent resources. Specifically, the “Greasy Uploads Scanner” endlessly scans sites for nonexistent resources in the /uploads/ directory, even if the directory itself doesn’t exist. Just mindless scanning for all sorts of weird files. It steals your server resources and threatens your site security. We hates them. And we wants to block them. Continue reading »
Suffering from spammers, content scrapers, bandwidth leeches, and other bad bots? Got some loser stalking your chat forum? Site getting scanned by endless malicious requests? In this tutorial, you’ll learn how to block bad bots and users with minimal effort. Keeping the trash away from your site is gonna free up valuable server resources, conserve bandwidth, and improve the overall security and quality of your site. Continue reading »
Sitemaps have been shown to help search engines and other visitors understand and navigate your website. This tutorial gives you a simple yet powerful .htaccess technique for ensuring that search engines and other visitors can easily find your sitemap files. So even if they are looking for your sitemap in the wrong location, they’ll always be redirected to the actual, existing sitemap for your site. This strategy helps to improve consistency, minimize 404 errors, and save server resources. So it’s […] Continue reading »
The WordPress core uses .htaccess for two things: Permalinks and Multisite. This means that .htaccess is only required if you have enabled either of these features. Otherwise, .htaccess is entirely optional for default WordPress installations. Beyond the WP core, many plugins also use the .htaccess file for custom directives involving rewrites, redirects, custom headers, file compression, and much more. In many cases, such plugins add their .htaccess rules to your .htaccess file automatically, behind the scenes. Continue reading »
I wrote recently about how to block proxy visits with WordPress. That article provides a simple, plug-&-play script that you can drop into WordPress-powered site. This article goes further with two effective techniques for blocking proxy visits to your site using only a few lines of PHP. These techniques work for any PHP-enabled site, including WordPress, Drupal, Joomla, and many others. And they’re both easy to implement. Just a few minutes and your site can be relatively free of most […] Continue reading »
A little late this year, but following tradition here is my list of the absolute worst IP addresses from 2016. All in nice numerical order for easy crunching. These IPs are associated with all sorts of malicious activity, including exploit scanning, email harvesting, brute-force login attacks, referrer spam, and everything in between. Really obnoxious stuff that degrades your site’s performance and potentially threatens security. Continue reading »
This tutorial explains numerous ways to get random items via PHP: numbers, strings, passwords, nonces, images, and more. I use these techniques in various projects, and want to round them all up in one place for easy reference. I’ll be updating this post with additional techniques as I get them. Continue reading »