Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security
Category: WordPress
280 posts

WordPress Plugin: Theme Switcha

Announcing my latest WordPress plugin, Theme Switcha! There are many theme-switch plugins but none of them provide the simplicity, performance, and reliability that I require for my own sites. So I wrote my own plugin using the WP API and kept the code as focused and solid as possible. Only essential theme-switching features have been added, along with a simple yet informative UI. Theme Switcha gives you a consistent, quality theme-switching experience that you can optionally share with your visitors. Continue reading »

Lynda.com Course: Developing Secure WordPress Sites

After months of preparation and production, my new video course on developing secure WordPress sites is now available at Lynda.com. This is my second video course on securing WordPress; the first one was originally launched in 2011 and remained in Lynda’s library for over five years. I received a lot of great feedback on the course, and so I jumped on the opportunity to do another one. If there is one thing that I enjoy doing, it’s helping people with […] Continue reading »

Some Q & A

Gonna start posting or deleting all of my old drafts just to clean things up back here in the Admin Area. For example, here is a post that I wanted to flesh out with specific examples and all sorts of references, but it’s just been sitting and waiting for too long, so now I’m just gonna post it as-is. Enjoy or not, here it is.. Continue reading »

Stop User Enumeration in WordPress

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. Continue reading »

WordPress Performance Issue Revisited

Following up on my recent performance report with essentially some conclusive results. Turns out that the reported issue is related more directly to the version of PHP than to the version of WordPress. So in other words, WordPress runs a bit faster on newer versions of PHP. As explained previously, after I upgraded my sites to WordPress 4.4, Googlebot reported slightly longer load times for my pages. The slower loading average was seen across numerous sites, and it looked like […] Continue reading »

WordPress Plugin: Dashboard Widgets Suite

1 Plugin. 9 Widgets. Awesome Dashboard. Over the years, I’ve assembled a collection of Dashboard widgets that I use frequently on various sites. I find the WordPress Dashboard to be a convenient location for posting notes, viewing debug and error logs, and displaying social media icons, RSS feeds, and other useful information. I find these widgets essential, but I was spending way too much time installing and managing them on all of my sites. Continue reading »

Use Strong Usernames for Better Security

Image courtesy of eChunks.com Here is a quick security tip for people using popular apps on the Web. That is, apps like WordPress that may be widely used and targeted by bad actors and/or automated scripts. It’s all about adding another layer of security by hardening admin-level usernames.. Every now and then, I get an email letting me know that someone has requested a password reset for one of my admin-level WordPress accounts. Usually, the email notifications are sent directly […] Continue reading »

WordPress Performance Issue?

Just wanted to share a mysterious trend reported for my sites by Google Webmaster Tools, and ask if anyone else is seeing the same pattern. It looks like it’s related to the WordPress 4.4 update, but I’m not 100% sure, so putting the data out there in hopes that others can help shed some light on the issue.. Continue reading »

WordPress Plugin: Blackhole for Bad Bots

Image Courtesy NASA/JPL-Caltech. Update: Pro version now available! Check out Blackhole Pro » Finally translated my Blackhole Spider Trap into a FREE WordPress plugin. It’s fun, fast, flexible, and works silently behind the scenes to protect your WordPress-powered site from malicious bots. Here are some of the features: Continue reading »

Protect Against WordPress Brute Force Amplification Attack

It seems the WordPress xmlrpc.php file is the target of another type of attack. Before, it was the XML-RPC Pingback Vulnerability. Now, it is the Brute Force Amplification Attack. This post explains what you need to know and then cuts to the chase with several ways to protect your site against this new malicious exploit, as well as all other related threats. Continue reading »

WordPress Plugin: Enable WP Database Tools

Here is a lightweight WordPress plugin that enables you to optimize and repair InnoDB and MyISAM database tables. It uses WordPress’ built-in database optimization tools to get the job done. There are lots of great database optimization plugins out there, but this one is aimed specifically at easily optimizing and repairing InnoDB tables. Although it also works on other types of tables, such as MyISAM. Continue reading »

s2Member vs. Easy Digital Downloads

s2Member (s2) and Easy Digital Downloads (EDD) are two of the top eCommerce plugins for WordPress. I’ve been using both plugins for quite awhile now and would like to explain some of their main differences. Both plugins are awesome in their own right, but there are some clear distinctions that could make one or the other an ideal choice depending on the scope and goals of your project. Hopefully the following comparison will help anyone out there arrive at the […] Continue reading »

The Art of Troubleshooting WordPress

If you are new to WordPress, or even if you have some experience, it may seem impossible to figure out why something isn’t working as expected. It would be nice if we could just wave a magic wand and have everything “fixed” automatically, but reality requires a bit more effort to diagnose and resolve issues. It would be impossible to describe troubleshooting steps for every possible issue, so this post stays focused on troubleshooting things in general. The goal here […] Continue reading »

Action & Filter Hooks for User Submitted Posts

The free version of my WordPress plugin User Submitted Posts is better than ever, with a wealth of new action and filter hooks, enabling developers to customize everything from shortcode output to post data, alert messages and more. Drop in for a quick summary of all new USP hooks. Continue reading »

WordPress Enable PHP Strict Error Reporting

When developing WordPress themes and plugins, I like to enable PHP’s strict error reporting. That way all errors and notices can be recognized and dealt with accordingly. Plus, enabling PHP strict error reporting is pretty easy to do using a simple must-use plugin. Here’s how to do it.. Continue reading »

s2member notes

I use s2member (free version) and s2member Pro on a few of my sites. Have been for several years now. Over the course of time, I have amassed a healthy collection of notes, code snippets and techniques for customizing default functionality, adding features, and so forth. Gonna post the collection online for the benefit of any others who may be seeking for similar modifications and/or related information. Continue reading »

Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Blackhole Pro: Trap bad bots in a virtual black hole.
Thoughts
Never force your users to type out a password (or any long string of characters) by blocking the paste function. Typing long strings leads to MORE errors than simple copy/paste.
Checking in to anyone listening. Stay safe. Pay attention. Don't get lazy.
What's up with Plesk UI lately? Especially on Chrome it looks just awful, all kinds of broken. Come on Plesk devs get it together.
Things get stressful, I try to pray. Not always easy, but always helps to relax and regain focus.
Nice new speed checker at fastorslow.com.
Easy way to exclude certain tests from WP Site Health: Site Health Tool Manager
Excellent (and free) tool for getting tons of site SSL infos: whynopadlock.com